Arachnaphobic ? ?

[Fizzy]

Here's a real gem of a problem that is threatening to kill my board.

My bandwidth has rocketed recently, so I turned on Error Log (was switched off to save bandwidth).

In the error log I see that from 8pm to 4 am the board is constantly rejecting requests as follows:

Guest : 127.0.0.1 : Yesterday at 08:39:37pm
/yabbse/index.php?board=1;action=postpoll
This option is only available to registered members.

Guest : 127.0.0.1 : Yesterday at 09:02:27pm
/yabbse/index.php?board=2;action=post;title=Start%2Bnew%2Bthread
To post you must be logged in.

Guest : 127.0.0.1 : Yesterday at 11:03:43pm
/yabbse/index.php?board=10
You are not allowed to access this section

Guest : 127.0.0.1 : Today at 01:42:47am
/yabbse/index.php?action=mlall
Sorry, you must register before using this feature.

So, it looks like a Guest with IP 127.0.0.1 is trying continuously to gain acces to board 10 (an admin only board), post new messages and polls etc.
As I thought IP 127.0.0.1 was localhost I spoke to my host and they swear it isn't them.

That made me start thinking "a trapped search engine spider ? ?"

I have now inserted a robot.txt file with a disallow for the yabbse/ drectory just in case.

Has anyone come across this sort of problem or can you recommend anything to try to stop this from happening?
It's using us 34% of my bandwidth and my board may get booted off the server if it carries on much longer  

Any help or advice greatly appreciated.

[Angel Skin]

Are you sure it is that and not just a person who is pushing their luck?

A lot of guests on my board try and access as much as possible without registering.

Have you tried banning the IP?

[Chantal]

Hey, it seems I have  the same problem !  

The IP adresse 127.0.0.1 have tried to access on my board 5 times between the 9th and 10th april

[Angel Skin]

Not a guest then.

Must be spam or something.

[Fizzy]

Blimey ! That was quick

If it's a real person then they sat there clicking away at the same links for a total of 10 hours continuously.

If the error logs reflect only the errors that occured when they tried gaining access to restricted *member) sections then it's logical to assume that it accessed every category and  board, maybe every message hence why the bandwidth is up by 34%.

I'm convinced it's automated but I cannot ban 127.0.0.1
If I do that then the server cannot access the forum at all and according to the host that will stop the MySQL from responding too  

The problem is that error.log will not tell me if it's a spider or not.

[[Unknown]]

Blimey ! That was quick

If it's a real person then they sat there clicking away at the same links for a total of 10 hours continuously.

If the error logs reflect only the errors that occured when they tried gaining access to restricted *member) sections then it's logical to assume that it accessed every category and  board, maybe every message hence why the bandwidth is up by 34%.

I'm convinced it's automated but I cannot ban 127.0.0.1
If I do that then the server cannot access the forum at all and according to the host that will stop the MySQL from responding too  

The problem is that error.log will not tell me if it's a spider or not.

Your host is wrong.  You can try banning 127.0.0.1.

But, so be ready to fix the banned table with phpMyAdmin.

-[Unknown]

[Fizzy]

Nicely, Unknown.  

I tried it, the forum's still rocking along nicely.
Stupid blinkin' host !

Thanks for the tio

[Fizzy]

It's not working !

I am under attack as we speak.

Guest : 127.0.0.1 : Today at 06:40:46pm
/yabbse/index.php?board=12;action=register
Sorry, you are banned from using this forum!

Guest : 127.0.0.1 : Today at 06:42:09pm
/yabbse/index.php?board=12;action=search
Sorry, you are banned from using this forum!

The IP is banned but tripping up all these errors as it goes. There are hundreds of these errors. They are all on the main menu.

Is there a script I can put in template  that can help divert this ?

[David]

There is something really funny on your server.  You could modify fatal_error to check the ip and not log it if it is 127.0.0.1

[Fizzy]

Any suggestions on how I could do that?

Please remeber I'm a newbie  

[David]

If using Apache make a .htaccess in the YSE folder and add

DENY FROM 127.0.0.1

[Fizzy]

I added

Code Select Expand



AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName DenyViaWeb
AuthType Basic


<Limit GET>
order allow,deny
deny from 127.0.0.1
allow from all
</Limit>



In an htaccess file and uploaded it to all my directories - still no good.
I'm starting to this this is a hacker.

[David]

Firstly you don't need all that.

I would just add the
DENY FROM 127.0.0.1

and ignore the allow from line since it is implied.

[Fizzy]

OK, will do David.
Thanks.

I hope this works because my bandwidth is all burnt out now. It seems odd that it's coming from 127.0.0.1 though.

Is there a line of code I can add to try to get the proper IP address?

[David]

I would really contact your host and explain all the requests and added bandwidth.  If I may ask, who is your host?