I have a situation in which some high resolution images on a linux server (gallery-1) were hotlinked and spread all over the internet thorugh Yahoo mail & groups,gmail and hotmail.
So i was having trafic from all around the world, and server was dead to real users.
Will it be considered a DoS attatck?
Will flood guard will detect it to be a DoS and stop it?
Full Version: hotlinking in email ! is it a DoS
QUOTE (maze)
Will it be considered a DoS attatck?
Did it deny service to your users? If so, it was a Denial of Service (ie Dos). Was it an attack? Highly unlikely if it was not malicious.
Most Dos attacks send thousands of packets to the victim every second, and I doubt your images were being viewed at that rate. On that basis, the anti-Dos tools at TP probably wouldn't have stopped it (as indeed it didn't).
So it was a DoS, but not attack. It makes me all clear.
The requests very certainly over 100 per second, as if there were 15 images hotlinked, and every second 10 users are openingup the mail, it will make 150.
Is there a way to detect hotlinking in apache/ plesk 7.1. I have seen in plesk 7.5 hotlinking protection is builtin.
The requests very certainly over 100 per second, as if there were 15 images hotlinked, and every second 10 users are openingup the mail, it will make 150.
Is there a way to detect hotlinking in apache/ plesk 7.1. I have seen in plesk 7.5 hotlinking protection is builtin.
I can imagine why that brought your server to a standstill!!!
The linux gurus here will tell you how to disable this when they wake up
The linux gurus here will tell you how to disable this when they wake up
Easiest it to just remove the images or change their location
QUOTE (maze)
The requests very certainly over 100 per second, ...
It's easy to DoS you server then. Even my celeron can handle that kind of load on static images -- and that's 1000+ concurrent connections at low load. The trick is to use lighttpd instead of apache, especially for static content. Then again... while it's great that you could easily saturate 100mbit/s, you probably wouldn't like the bandwidth bill.
What you need is mod_rewrite, either directly in apache or in a .htaccess file. I have the following in my config:
CODE
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/images/pub/
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mydomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com.* [NC]
RewriteRule ^/images/pub/(.*) http://slow.mydomain.com/pub/$1 [L]
RewriteCond %{REQUEST_URI} ^/images/pub/
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mydomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com.* [NC]
RewriteRule ^/images/pub/(.*) http://slow.mydomain.com/pub/$1 [L]
What I do is to reroute the people to an unmetered server that's going to throttle them. You could disable it entirely with [F] or better yet, point them to a nice flashy .gif file that says "hotlinking is for losahs!"... or a nice big ad for your website, so you may get more visitors out of it.
Note that I do give requests without referer the benefit of the doubt (line with !^$). Whether you do that too depends on whether the malicious views have a referer set or not.
[quote="Serhat"]What you need is mod_rewrite, either directly in apache or in a .htaccess file. I have the following in my config:
Thanks for the valued sugessions, My default action was to move the contents to some other folder, but that is definatly not the best thing to do.
Is lighttpd compatible with any hosting pannels? Just starting a search on that.
Thanks again.
CODE
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/images/pub/
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mydomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com.* [NC]
RewriteRule ^/images/pub/(.*) http://slow.mydomain.com/pub/$1 [L]
RewriteCond %{REQUEST_URI} ^/images/pub/
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mydomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com.* [NC]
RewriteRule ^/images/pub/(.*) http://slow.mydomain.com/pub/$1 [L]
Thanks for the valued sugessions, My default action was to move the contents to some other folder, but that is definatly not the best thing to do.
Is lighttpd compatible with any hosting pannels? Just starting a search on that.
Thanks again.
QUOTE (maze)
My default action was to move the contents to some other folder, but that is definatly not the best thing to do.
That may still be a wise move in this case, but a rewrite rule will most likely be best if you want to demotivate future hotlinkers. Otherwise you end up moving things around all the time.
QUOTE (maze)
Is lighttpd compatible with any hosting pannels? Just starting a search on that.
No idea, I just install it all from source. I wouldn't replace apache with it right away, but you can consider using it for static content.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.