Site performance last few days
Submitted: Thursday, Jun 03, 2004 at 19:37
ThreadID:
13432
Views:
1511
Replies:
6
FollowUps:
5
This Thread has been Archived
ExplorOz Team - David
Hi all,
The issue of performance over the last few days seems to be an attempt by someone to steal our
shop content in an effort to launch there own
shop using our product set (lol own - lets steal someone else work and call it our own). It appears that someone using the IP address of 144.137.241.106 (A bigpond WA internet account) has written a program to open hundreds of sessions on our site and extract the contents for whatever reasons. It is this process that has been causing our server to go slow for periods and report thousands of sessions.
Unfortunatley I cannot trace the owner yet. I have blocked the IP address for now so that should stop it for now however I would expect that this person will start up using a different IP if they have not already stolen the information.
Please be on the look out for a new online
shop that boosts our product range and let me know if you find any of our images, artwork or digital coverage maps on another site.
Reply By: Rick Blaine - Thursday, Jun 03, 2004 at 19:43
Thursday, Jun 03, 2004 at 19:43
Its a shame people with such creative minds can't put them to use for the betterment of us all...same as the minds who swamp us with spam & viruses....
AnswerID:
61551
Reply By: Member - Toonfish - Thursday, Jun 03, 2004 at 20:03
Thursday, Jun 03, 2004 at 20:03
ah technology
love or loathe it?????
i reckon we would be better off wothout it but i would never have met so many grouse aussies (and others).
have had some hassles in the hack area here too
too much time on their hands!
AnswerID:
61558
Reply By: Lone Wolf - Thursday, Jun 03, 2004 at 20:03
Thursday, Jun 03, 2004 at 20:03
My son, a Computer Science student tells me that this had happened at his uni on their
forum, was a grudge or something. The Uni Admin simply installed a couple of extra gig of ram, seemed to temporally fix the problem.
AnswerID:
61560
Reply By: Member - Mike H (VIC) - Thursday, Jun 03, 2004 at 20:35
Thursday, Jun 03, 2004 at 20:35
Bloody Terrorist ...
David I hope you can track them down soon.
Is bigpond any help in tracking down the mongrel?
Will keep my eyes open.
Cheers,
Mike
AnswerID:
61570
Follow Up By: ExplorOz Team - David - Thursday, Jun 03, 2004 at 20:49
Thursday, Jun 03, 2004 at 20:49
Telstra do have an abuse reporting function. So I filled out the details and will wait to see what happens. In the mean time I now know what to look for and will sort it out a lot quicker next time. I think now I will also have to make a mod to count the number of sessions per IP address. Just more crap that I have to install to stop the one or two people out there whilst making it harder for the rest of us.
Anyway I will think about the best way to stop this in the future and implement it.
FollowupID:
323051
Follow Up By: srowlandson - Friday, Jun 04, 2004 at 08:43
Friday, Jun 04, 2004 at 08:43
Unfortunately, I doubt telstra will treat it as abuse.
They are technically 'browsing' your website', some cache servers such as MS ISA Server can cache a whole website in the cache on a predetermined date time to avoid link saturation in peak times,
They are technically doing nothing wrong, until they use those images / content on a site somewhere. Then.. It is abuse.
We had the same issue a few years ago when discountnewcars.com.au's content and images were cloned into a new site (i forget the url) and the turkey even had discountnewcars text in his site (he failed to edit our company name from the text) he was soon shut down.
I also had a turkey in Holland rip off a lot of Offroader Articles, he had the cheek to link back to my own images on my server, so got a rude shock when i edited my page and replaced the old images with a kind not informing his reads the article was stolen ;)
FWIW, I did a Server Scan through all my Web Servers Logs etc, nothing comes up form that IP :(
Steve
FollowupID:
323099
Follow Up By: ExplorOz Team - David - Friday, Jun 04, 2004 at 10:32
Friday, Jun 04, 2004 at 10:32
Did you meet Mr PacificIslandTravel - he had all our treknotes published on his site. Yeah I know about the issue of content usage etc and that it is not up to Telstra however I pitched the abuse request at DOS as he was hitting the system with around 10 requests per second upto whatever his server would deliver in terms of browser threads I counted over 5000 gets in less than 2 mins. In any case I have canned his IP. If he had written the process to take page by page we would not have known and really we would not care however it was the DOS style of attack that was more the problem.
I suspect I will find the site appearing on the net soon enough.
Anyway take it easy Steve speak to you later.
FollowupID:
323122
Reply By: Mad Dog (Victoria) - Friday, Jun 04, 2004 at 01:03
Friday, Jun 04, 2004 at 01:03
I tried connecting to the address but comes up with a password box and then this.
Protected Object
This object on the RT311 is protected.
I could hack into them but I've given that stuff up for a sheltered life and I'm off to bed shortly anyway :)
Good luck with the hunt
AnswerID:
61601
Reply By: Member - Melissa - Friday, Jun 04, 2004 at 12:07
Friday, Jun 04, 2004 at 12:07
Sorry to hear about your troubles David, but I am pleased that ExplorOz is performing
well again after a couple of trying days. You said the thief was chasing your product info and content. Can we assume that our personal and credit card details are safe?
:o) Melissa
AnswerID:
61658
Follow Up By: Michelle from ExplorOz - Friday, Jun 04, 2004 at 12:27
Friday, Jun 04, 2004 at 12:27
Hi - I'll answer this as its an important question to answer and David is at a client site all day today so cannot respond. I would like to ally any fears you or others may have...
This intrusion is only on published content - they basically have written a program to extract the page information from the list of
shop products that you view - just the images and text that the world can see. Just an automated way to extract the data rather than a manual cut and paste in fact. They are not actually getting into our backend database as that is totally protected - this is not a hack, but just extraction of publicly viewable data.
Further - we do not store credit card details at all as we delete these details the moment they come through. This is why regular repeat purchasers must enter their card details for each order as we do not keep them.
Hope this clears it up.
It does not affect us really - just that the site was slow because they opened multiple sessions (thousands of them) to copy the data off - ie. for each item they copied, they opened another session and their program must have gone haywire because it ook something like 40,000 attempts to extract a few hundred items. The site is good enough to handle a large volume of users at any time but certainly not good enough to cope with thousands of
shop page
views at the same time!
Must go back to the crying baby!!
FollowupID:
323135
Follow Up By: Member - Melissa - Friday, Jun 04, 2004 at 13:03
Friday, Jun 04, 2004 at 13:03
Thanks Michelle. A good explanation for the non-technically computer minded people among us.
Hope Chardae isn't giving you too hard a time ;-)
:o) Melissa
FollowupID:
323139