Site performance last few days

Submitted: Thursday, Jun 03, 2004 at 19:37
ThreadID: 13432 Views:1251 Replies:6 FollowUps:5
This Thread has been Archived
Hi all,

The issue of performance over the last few days seems to be an attempt by someone to steal our shop content in an effort to launch there own shop using our product set (lol own - lets steal someone else work and call it our own). It appears that someone using the IP address of 144.137.241.106 (A bigpond WA internet account) has written a program to open hundreds of sessions on our site and extract the contents for whatever reasons. It is this process that has been causing our server to go slow for periods and report thousands of sessions.

Unfortunatley I cannot trace the owner yet. I have blocked the IP address for now so that should stop it for now however I would expect that this person will start up using a different IP if they have not already stolen the information.

Please be on the look out for a new online shop that boosts our product range and let me know if you find any of our images, artwork or digital coverage maps on another site.
David (DM) & Michelle (MM)
---------------------------------
Always working not enough travelling!

Lifetime Member
My Profile  My Blog  My Position  Send Message
Moderator

Back Expand Un-Read 0 Moderator

Reply By: Rick Blaine - Thursday, Jun 03, 2004 at 19:43

Thursday, Jun 03, 2004 at 19:43
Its a shame people with such creative minds can't put them to use for the betterment of us all...same as the minds who swamp us with spam & viruses....
AnswerID: 61551

Reply By: Member - Toonfish - Thursday, Jun 03, 2004 at 20:03

Thursday, Jun 03, 2004 at 20:03
ah technology
love or loathe it?????

i reckon we would be better off wothout it but i would never have met so many grouse aussies (and others).

have had some hassles in the hack area here too

too much time on their hands!
AnswerID: 61558

Reply By: Lone Wolf - Thursday, Jun 03, 2004 at 20:03

Thursday, Jun 03, 2004 at 20:03
My son, a Computer Science student tells me that this had happened at his uni on their forum, was a grudge or something. The Uni Admin simply installed a couple of extra gig of ram, seemed to temporally fix the problem.
AnswerID: 61560

Reply By: Member - Mike H (VIC) - Thursday, Jun 03, 2004 at 20:35

Thursday, Jun 03, 2004 at 20:35
Bloody Terrorist ...

David I hope you can track them down soon.
Is bigpond any help in tracking down the mongrel?
Will keep my eyes open.

Cheers,
Mike
AnswerID: 61570

Follow Up By: ExplorOz Team - David - Thursday, Jun 03, 2004 at 20:49

Thursday, Jun 03, 2004 at 20:49
Telstra do have an abuse reporting function. So I filled out the details and will wait to see what happens. In the mean time I now know what to look for and will sort it out a lot quicker next time. I think now I will also have to make a mod to count the number of sessions per IP address. Just more crap that I have to install to stop the one or two people out there whilst making it harder for the rest of us.

Anyway I will think about the best way to stop this in the future and implement it.
David (DM) & Michelle (MM)
---------------------------------
Always working not enough travelling!

Lifetime Member
My Profile  My Blog  My Position  Send Message
Moderator

0
FollowupID: 323051

Follow Up By: srowlandson - Friday, Jun 04, 2004 at 08:43

Friday, Jun 04, 2004 at 08:43
Unfortunately, I doubt telstra will treat it as abuse.

They are technically 'browsing' your website', some cache servers such as MS ISA Server can cache a whole website in the cache on a predetermined date time to avoid link saturation in peak times,

They are technically doing nothing wrong, until they use those images / content on a site somewhere. Then.. It is abuse.

We had the same issue a few years ago when discountnewcars.com.au's content and images were cloned into a new site (i forget the url) and the turkey even had discountnewcars text in his site (he failed to edit our company name from the text) he was soon shut down.

I also had a turkey in Holland rip off a lot of Offroader Articles, he had the cheek to link back to my own images on my server, so got a rude shock when i edited my page and replaced the old images with a kind not informing his reads the article was stolen ;)

FWIW, I did a Server Scan through all my Web Servers Logs etc, nothing comes up form that IP :(

Steve
0
FollowupID: 323099

Follow Up By: ExplorOz Team - David - Friday, Jun 04, 2004 at 10:32

Friday, Jun 04, 2004 at 10:32
Did you meet Mr PacificIslandTravel - he had all our treknotes published on his site. Yeah I know about the issue of content usage etc and that it is not up to Telstra however I pitched the abuse request at DOS as he was hitting the system with around 10 requests per second upto whatever his server would deliver in terms of browser threads I counted over 5000 gets in less than 2 mins. In any case I have canned his IP. If he had written the process to take page by page we would not have known and really we would not care however it was the DOS style of attack that was more the problem.

I suspect I will find the site appearing on the net soon enough.

Anyway take it easy Steve speak to you later.
David (DM) & Michelle (MM)
---------------------------------
Always working not enough travelling!

Lifetime Member
My Profile  My Blog  My Position  Send Message
Moderator

0
FollowupID: 323122

Reply By: Mad Dog (Victoria) - Friday, Jun 04, 2004 at 01:03

Friday, Jun 04, 2004 at 01:03
I tried connecting to the address but comes up with a password box and then this.

Protected Object
This object on the RT311 is protected.

I could hack into them but I've given that stuff up for a sheltered life and I'm off to bed shortly anyway :)

Good luck with the hunt

AnswerID: 61601

Reply By: Member - Melissa - Friday, Jun 04, 2004 at 12:07

Friday, Jun 04, 2004 at 12:07
Sorry to hear about your troubles David, but I am pleased that ExplorOz is performing well again after a couple of trying days. You said the thief was chasing your product info and content. Can we assume that our personal and credit card details are safe?

:o) Melissa
AnswerID: 61658

Follow Up By: Michelle from ExplorOz - Friday, Jun 04, 2004 at 12:27

Friday, Jun 04, 2004 at 12:27
Hi - I'll answer this as its an important question to answer and David is at a client site all day today so cannot respond. I would like to ally any fears you or others may have...

This intrusion is only on published content - they basically have written a program to extract the page information from the list of shop products that you view - just the images and text that the world can see. Just an automated way to extract the data rather than a manual cut and paste in fact. They are not actually getting into our backend database as that is totally protected - this is not a hack, but just extraction of publicly viewable data.

Further - we do not store credit card details at all as we delete these details the moment they come through. This is why regular repeat purchasers must enter their card details for each order as we do not keep them.

Hope this clears it up.
It does not affect us really - just that the site was slow because they opened multiple sessions (thousands of them) to copy the data off - ie. for each item they copied, they opened another session and their program must have gone haywire because it ook something like 40,000 attempts to extract a few hundred items. The site is good enough to handle a large volume of users at any time but certainly not good enough to cope with thousands of shop page views at the same time!

Must go back to the crying baby!!
ExplorOz

Business Member
My Profile  My Blog  Send Message

0
FollowupID: 323135

Follow Up By: Member - Melissa - Friday, Jun 04, 2004 at 13:03

Friday, Jun 04, 2004 at 13:03
Thanks Michelle. A good explanation for the non-technically computer minded people among us.

Hope Chardae isn't giving you too hard a time ;-)

:o) Melissa

0
FollowupID: 323139

Sponsored Links

Popular Products (13)