Somebody eating all our bandwidth, what should I do?

hacking web-server bandwidth denial-of-service

Don't block the robot completely, but slow it down with QoS rules (in linux, check out the "tc" command). Also, read this. This is how the people running this very website solved the problems using Haproxy.


I would like to suggest PHREL. Very small and simple tool that makes dynamically blocking abusive IPs a breeze. I deployed it on some caching nameservers with immediate results. Test it out a bit and figure out what your thresholds should be and let it rip!

http://www.digitalgenesis.com/software/phrel/


Playing whack-a-mole is usually a fruitless effort, but it may be the only option here.

You could possibly automate the identification of your bandwidth hogs. I would look at monitoring the web logs and identifying anomalous behavior such as the same IP looking at the same page more than once a second over a defined period of time, or some other similar metric. You don't mention which platform this is, but it would be a bit easier to implement in Linux than Windows.

Related

why was the ubuntu server rebooted
How are DNS PTR records managed?
"<handler> scriptProcessor could not be found in <fastCGI> application configuration" when accessing PHP script in subfolder [duplicate]
How are large websites served to millions of users? (e.g. Google)
PUT request results in 403 Forbidden - Need Apache to allow PUT requests
Rescue disk is unable to see the lvm physical volumes
nginx restrict directory access by ip
Best way of integrating Mac OS X clients with Active Directory
Why would an .htaccess file result in 403 Forbidden when the only line is "Allow from all"?
Linux hardlink confusion
Impossible to stop raid device
IIS7 URL Rewrite breaks for URLs containing + characters