My entire site is an HTTP 500 Internal Error.

I already put in a ticket, just wonderiing if I am the only one.

All my sites are up and running, but I'm probably not on the same server you are. Which server is it?

Nevermind, support ticket came back that I am over on BW usage. I looked and they were right. I went from 20GB last night to 157GB this morning. Logs show a single IP bombardning me...so the ISP is now working with me.

Still waiting on support to see if they can help me out since it was a maliciious attack.

That seems to be the most common reason for a suspended site, some kind of attack to jack up your bandwidth. You and hostrocket are both victims. Hope you resolve it soon, why people do that stuff is beyond me.

Originally posted by georgelb
Nevermind, support ticket came back that I am over on BW usage. I looked and they were right. I went from 20GB last night to 157GB this morning. Logs show a single IP bombardning me...so the ISP is now working with me.

Still waiting on support to see if they can help me out since it was a maliciious attack.

Wow! That really sucks..
Good thing it all came from one IP. Easier to block, and track down and report it.

Its kinda annoying ppl can get u in trouble like that

Im sure i can build a script to prevent such a thing in some way by returning a blank page or something and sending me a mail with the hammering IP so i can block it. Alltho i dont need it atm for my site

Here's my IP blocking script:

$IPString = '208.2.222.101|0.0.0.0|127.0.0.1|208.2.220';
if (eregi("($IPString)",$REMOTE_ADDR)):
$MailTo = $ADMIN_EMAIL;
$MailSubject = 'Blackhole Attempt';
$MailText = "The following IP from your black hole list ";
$MailText .= "attempted to access $SCRIPT_NAME - $REMOTE_ADDR";
mail($MailTo, $MailSubject, $MailText, "From: $MailTo");
header("Location: " . $DOC_ROOT . "gone.html");
endif;

Just set $IPString to a pipe delimited set of IPs. It will block single IPs or a whole bloc

Originally posted by y6y6y6
Here's my IP blocking script:

$IPString = '208.2.222.101|0.0.0.0|127.0.0.1|208.2.220';
if (eregi("($IPString)",$REMOTE_ADDR)):
$MailTo = $ADMIN_EMAIL;
$MailSubject = 'Blackhole Attempt';
$MailText = "The following IP from your black hole list ";
$MailText .= "attempted to access $SCRIPT_NAME - $REMOTE_ADDR";
mail($MailTo, $MailSubject, $MailText, "From: $MailTo");
header("Location: " . $DOC_ROOT . "gone.html");
endif;

Just set $IPString to a pipe delimited set of IPs. It will block single IPs or a whole bloc

Thanks, a few questions though.

Do I just enclose it in php tags and define the $ADMIN_EMAIL and $DOC_ROOT?

If so, what would I name it and where would I place it and how would I call it?

"Do I just enclose it in php tags and define the $ADMIN_EMAIL and $DOC_ROOT?"

Yep. and make sure you have a gone.html if you want to. Mine just gives them the idea that I've pulled the site, rather than they've been blocked. I've also thought about setting a cookie so that I could still block them if they switched IPs.

"If so, what would I name it and where would I place it and how would I call it?"

I put this in an include file that goes into every page. It's actually a function that gets called right at the top. This implimentation wouldn't work as well for a DOS attack, since it would flood you with email, but that could be accounted for as well.

well then this would not work, as they were requesting an image file.

I have added a deny to my htaccess that is giving them a 403, but my 403 page is pretty graphic so that would be just as bad. I guess I need to add more to the .htaccess to send that IP to a blank page.


Thanks Anyway :)

Yep. .htaccess is the best way to go at that point. Or Hostrocket could try and block them at the firewall. But you don't have any control over that.

Another option would be to rename the file so they'd get a 404. Probably the same problem as the 403 though.

Wish they'd put the "Bandwidth Exceeded" page back up. The past couple months when I've run over I got that page, but now, as is you did, all I get is a 500. :(

hmmm i wonder if you can make a script that will limit the bandwith from any ip, day by day