Too much bandwidth being used??

[Lyte]

Howdy!

I'm not sure I completely understand this whole bandwidth thing but I'm looking at something unusual... or at least unusual to me. Please tell me what y'all think!

Some of the numbers just look awfully high for such few visitors. I've bolded the ones that seem odd to me. This is for chargecards.cc and the info come from awstats...

Day -- Number of visits -- Pages -- Hits -- Bandwidth

01 Jun 2005 -- 6 -- 8 -- 40 -- 833.54 KB
02 Jun 2005 --9 -- 42 -- 55 -- 2.31 MB
03 Jun 2005 --5 -- 9 -- 62 -- 977.35 KB
04 Jun 2005 --8 -- 91 -- 119 -- 5.37 MB
05 Jun 2005 --3 -- 80 -- 88 -- 4.56 MB
06 Jun 2005 --4 -- 4 -- 33 -- 497.55 KB

How/Why is it so few visits are using up so much bandwidth?? Or... is this not even a lot and I should stop wondering?!

Thanks!

Lyte

 

[Killmur]

You have people leeching from your site. Also people are probably linking to your files from their sites. Both of which can rape your bandwidth pretty fast. You can go into cPanel and setup the Leech Protect and Hotlink Protection options however I know very little about doing that. There should be instructions in cPanel telling you how to.

 

[Lyte]

Thanks for responding!

Can someone give me some direction where on cpanel to add this protection??

I think I have the hotlink protection on but I'm not sure.

As for this "leeching" thing... I'm clueless!

Please advise!

Thanks!

Lyte

 

[Kodeking]

leeching is hotlinking. I don't see an increase in file hits so I don't think its hotlinking/leeching. Awstats gives a listing of most requested files in the stats. See which files are using up the most bandwidth.

 

[Lyte]

There does appear to be an increase in hits on those dates where the highest bandwidth is used...

Day -- Number of visits -- Pages -- Hits -- Bandwidth

01 Jun 2005 -- 6 -- 8 -- 40 -- 833.54 KB
02 Jun 2005 --9 -- 42 -- 55 -- 2.31 MB
03 Jun 2005 --5 -- 9 -- 62 -- 977.35 KB
04 Jun 2005 --8 -- 91 -- 119 -- 5.37 MB
05 Jun 2005 --3 -- 80 -- 88 -- 4.56 MB
06 Jun 2005 --4 -- 4 -- 33 -- 497.55 KB

I'm not seeing the most requested "file" but I do see this IP addy on the 2nd and the 5th which seem to biggest bandwidth users. Here's what it says..

Visitor -- Pages -- Hits -- Bandwidth -- Last visit
85.65.162.240 -- 78 -- 78 -- 4.39 MB -- 04 Jun 2005 - 21:55
85.65.166.156 -- 78 -- 78 -- 4.39 MB -- 05 Jun 2005 - 08:35

The most "viewed" page is the homepage.

Thoughts??

Thanks!

Lyte

 

[Killmur]

Did you hookup with the various internet 'bots that Google and the other search engines send out? That might be your answer right there. Would explain why your getting a big hit like that.

 

[AsclepiusZ]

cpanel should have an icon on the main page called 'Hotlink Protection' if you dont see it, your provider hasent giving you the ability to stop it

 

[Lyte]

Thanks guys.

"Did you hookup with the various internet 'bots that Google and the other search engines send out?" I'm not sure what that means. I've submitted the site to several search engines... so doesn't that cause the bots to come and crawl the site??

I do have hot link blocking enabled but I'm not sure about that box on the same page. You can add URLs in it but I'm not sure that's for URLs that I want to have access or those I want to block.

I did also add those two IP addys to my block list! :tu:

EDIT: I did a reverse IP look up and here's what I got...

Reverse DNS Lookup IP Address 85.65.166.156 resolves to:
85-65-166-156.barak-online.net

What the heck is www.barak-online.net?! I went to the addy and it's some foreign site!

 

[Killmur]

Yes that is what I meant. Sorry if I confused you at all. Technicly when you submit your site to a search engine your hooking up a line from your site to their 'bots giving them the chance to crawl your site.

"Did you hookup with the various internet 'bots that Google and the other search engines send out?" I'm not sure what that means. I've submitted the site to several search engines... so doesn't that cause the bots to come and crawl the site??

 

[dweeb]

personally i don't think that is alot of bandwidth being used up. but, like u said, u have few visitors, so that might be kind of scary. hope u solve the problem soon.

 

[Darkfire001]

Lyte,

In our Cpanel there will be a section that says Hotlink protection make sure to enable it and in the protected formats part put .JPG and .GIF, also make sure you allow http:// and www. extensions of your domain access

If you need help email me at [email protected] and I can set it up for you.

 

[dabb]

EDIT: I did a reverse IP look up and here's what I got...

Reverse DNS Lookup IP Address 85.65.166.156 resolves to:
85-65-166-156.barak-online.net

What the heck is www.barak-online.net?! I went to the addy and it's some foreign site!

This address appears in the SORBS database as an exploitable server, so it's probably an open relay. Suspicious...

 

[Lyte]

This address appears in the SORBS database as an exploitable server, so it's probably an open relay. Suspicious...

Sorry... what's all that mean??

 

[nomis135]

bandwidth usage all depends on content.
If you have a 50kb image and 2 people view it. 100kb bandwidth will be taken.
If you understand what i mean?

 

[whyme953]

apparantly its an israeli telecommunications company. you could go to www.barak-online.net/eng for a english version of their site.

i also would like to know what that SORBS database, exploitable server business al means

 

[dabb]

Sorry... what's all that mean??

There are a lot of sites on the internet that keep track of open/insecure proxies for the purposes of spam blocking. Anybody that surfs thru a proxy is either really paranoid about being anonymous or is up to no good since they don't want to reveal their real IP address. Open proxies are most often used to send spam thru. I administer our mail server at work and we get tons of spam from open proxies, hosts in *.barak-online.net being an almost daily entry in the spam log. This isn't a guarantee that somebody visiting your site through an open proxy is up to no good, but it's worth keeping your eyes on.

A great site is http://openrbl.org/ You can go to this site, enter an IP address and it will check various different RBLs (Realtime Blackhole Lists) to see if it is in any of them.

 

[Izo]

You could also try to edit your .htacces file if your host is allowing you to do this.
This would effectivly stop hotlinking. Unfortunately I'm not aware of how to hack your .htaccess but google is your friend