I've been so alone....so alone....

couldn't get my fix...


ahhhhhhhhhh :runaway: :runaway: :runaway: :runaway: :runaway:

welcome back :dj_smiley

i haven't been on since wednesday morning? did the forum get taken down today or something?

heh when I posted that earlier, it went down again right after. It's been down since wednesday afternoon/night

Ok...after a TON of dialog between the data center and I, we are back up. I wrote the owner of the webhosting company we use, explained our situation and the reason for the slow reply is because he's in South America on vacation and just now checked his email.

He contacted the data center, told them to raise our bandwidth allocation and after a few more contacts through the trouble ticket system - we're back up again.

Here's some of the dialog between myself and the datacenter regarding what's happened to the website:

Guys,

I received your last follow up, about the heavy usage from some specific IP addresses. I appreciate you informing me that those IPs and their usage are the reason for the heavy bandwidth draw.

Unfortunately, on my end...here in California, I'm still getting a "bandwidth exceeded" message, as are a few people that I've talked to online via MSN. The www.celicasupra.com site is still offline. I have someone online right now from Toronto, Canada who is getting the same message. Also, four users in California are getting the same message.

My current IP is: 67.182.110.83 so I know it's not me that's causing the heavy usage on the site. You say that www.celicasupra.com is UP on your end, but for me it's still down and I'm in California.

Ideas?

Stephen Sidman
Internet Media Studio


============================

Support Staff has responded to your help desk request.

-----------------------------------------------
(Support Staff) [Submitted 29-4-2005-01:02 ]
-----------------------------------------------


Hello,

We have unsuspended the account http://celicasupra.com

The high bandwidth usage was caused due to large number of repeated seemingly automated hits from a few specific IPs. We have blocked the IPs 66.177.36.71, 67.71.88.77 and 69.165.23.189.

You can check then bandwidth usage as well as the users who consume band width from the AW stats. You may also block those IPs which consumes more band width using the IP deny manager in your cPanel. Also make sure that the hot link prevention is enabed for your domain.

I hope the information helps. Please feel free to contact us if you require any further assistance. Thank you.

Regards,
Support Team

Thanks for using the help desk, if you have any further difficulties or are required to respond to your request, please login to the help desk.
So now I'm going to look at the logs and see if I can identify these IP addresses, based on user traffic on the forum, and the IP logs for the domain. If I find out that any of the IP addresses mentioned above are CS.com members - I'm going to ban WHOEVER has been hammering the site, and they will not be allowed access again. :mad:

According to a followup email I just received, it was a repeated almost "automated" download of various files on the server - and they are convinced it was done with malicious intent to force the site to exceed its bandwidth quota. Either that or it was a very lame attempt at a Denial of Service attack on the website.

Another email just received from the data center:

Hello Stephen,

It seems your bandwidth used exceeded the limit we had set. We have now incresaed your Bandwidth limit to 65GB. You are currently using 93% of your total bandwidth. Your bandwidth usage can be viewed using the Bandwidth option in cpanel. You can also check what is consuming this much bandwidth using the Awstats option in cpanel. Hotlink protection is currently disabled for this account. Please do enable it, or else other domain owners can steal your bandwidth by hotlinking to your site.

I hope the information helps. If there is any further issue, please do let us know. We would be glad to be of any help.
Thank you.

Regards,
Support Team

Thanks for using the help desk, if you have any further difficulties or are required to respond to your request, please login to the help desk
I am seriously pissed off, and taking their advice...enabling hotlink protection. This may screw up Malloy's ablility to pull files from this site to other forums etc...but I've gotta do something.

Stephen

PS: Out of the 3 IP addressed idenfied, I've connected one to a forum member, and this guy has pulled SEVERAL GIGS of data from the website. Apparently over and over and over again. I'm not naming names...but I'm giving the info to Malloy and letting him deal with it.

The other two IP addresses = unregistered guests, who likely know the forum member (I'm only assuming).

Dude...are you KIDDING ME? If you're reading this, you know who you are. I know who you are too, and you're a pretty stupid guy if you thought I wasn't going to catch you.

I've been so alone....so alone....

couldn't get my fix...


ahhhhhhhhhh :runaway: :runaway: :runaway: :runaway: :runaway:

welcome back :dj_smiley

ditto today at work I actually had to do.... work....

That is a lot! I hope the person that leached the site suffers the consequences!

Cheers.

That is a lot! I hope the person that leached the site suffers the consequences!

Cheers.
Agreed!

uh oh.
one is from Canada
one from Connecticut
one from Utah

WE should repo their Supras if they have any:mm_twak:

i'm no computer geeg but would it take a lot of knowledge of computers set up to do this
maliously or could it be a computer glitch (benifit of the doubt 1st) my feeling if it was done on purpose names should be give out i just hate hackers and virus sending assholes as it has messed up my system at work too many times and costs a fortune

brendan

Anyone want the exact Latitude and Longiturde (down to the second) of the addresses? :)

this should be "an excutive decesion" or a vote by the members or just move onnnn

brendan

"Dude...are you KIDDING ME? If you're reading this, you know who you are. I know who you are too, and you're a pretty stupid guy if you thought I wasn't going to catch you."

With "Princess Bride"-ish accent - "My Name is Steven Sidman. You killed my Bandwidth. Prepare to die!"

-Aaron

could this same guy(s) (gals) be the ones who once in a while send those fake emails with lil presents attached to them or links to places we all so love, marked from being from cs.com site?

uh oh.
one is from Canada
one from Connecticut
one from UtahWondering the source of that info. Here's a summary of what I got:
66.177.36.71 is in the Beauclerc suburb South of Jacksonville, FL (provider hsd1.fl.comcast.net) [99% likely accurate]
67.71.88.77 is in Toronto, ON (provider Bell Sympatico) [93% likely accurate]
69.165.23.189 is Just North of Newark, OH off Hwy 79 (provider cvdoh.adelphia.net) [99% likely accurate]
I'd say somebody get a name or street adress and post it up. These things take care of themselves :mad:

I've identified 1 out of the 3 IP addresses, and it belongs to a relatively new forum member. And yes, you are right on about his location.

Malloy has all the info now. I'm gonna let him deal with it.

-Stephen

uh, i linked a couple smilies and shit to some pages where it would be downloaded a lot i suppose. please dont ban me lol im sorry.

Names.... we need names or at least let us view the log file!

I got dibs on the Toronto car!

No names will be given, sorry guys. I don't want to deal with it like that.

best call i agree... this will all go away.................
lets get back to our passion

brendan

We should all take turns beating them with a stick!

Couldn't you Malloy and Speedracer report these people to their ISP? We have a thing in Australia called AusCert *I think* which is an electronics watchdog especially for the Internet which broardcast security updates to critical systems and also in some sence a group in which we can report illegal or extreme activities which should not be done, they will contact the ISP and give them grief which in turn will go to the actual user as the ISP will check their records for who dialed in and who used that IP Address provided...

Cheers.

Thanks for your work again on getting the site up. I wouldnt mind kicking the shit out of them, no big deal but just make sure they can't get on the site so nobody makes any deals with them. Really wouldnt mind kicking there ass, really the pussies they are. Thanks for your time in these matters

George .....you've got alot of explaining to do!!!!!.HAHAHAHAHAHA.

I've had a brain fart...cause I have no idea what we are talking about except 4 the bandwidth being exceeded.