Manage Free Image Hosts
Having a problem managing your free image host? Well i'm sorry
but so many new free image hosts are poping up now adays, and
then closing because they are not setup to handle abuse properly.
If you plan on running one, you have to plan FOR abuse. The main
way I am solving this now is by ACTIVE moderation, but in this
little "guide" I will explain how to find and solve an abuse
problem.
So lets get started.
First login to your server and check the load and so on.
uptime 16:22:15 up 67 days, 5:13, 1 user, load average: 1.30,
2.38, 2.70
As you see this server is having a high load, if you have 2
processors then this should not worry you, but in this case it
does not. So lets check out whats causing such a high load.
top
18340 root 15 0 4332 4088 3056 S 20.3 0.4 0:28 0 httpd 16347
root 20 0 1316 1316 856 R 1.9 0.1 0:00 0 top 1 root 15 0 112 84
56 S 0.0 0.0 0:04 0 init
As we see, httpd is causing a very high load. On image hosting,
it is a different way from any other host, as you know its going
to be an abuse image. So just go straight and find out why,
check your netstat output for ips with multiple connections,
also understand this will only find forum posts with multiple
images. In my experience its these boards that cause the main
problem.
netstat -an | grep :80 | sort | awk '{print $5}'
You should see lots of ips, if you are unable to view them all
at the same time you can either save to a file or use the | more
command.
netstat -an | grep :80 | sort | awk '{print $5}' >> file.txt
netstat -an | grep :80 | sort | awk '{print $5}' | more
Just for easy viewing, now its up to you to decide ips with lots
of connections.
In this example I will pick
81.57.149.78:24225 81.57.149.78:24226 81.57.149.78:24229
81.57.149.78:24232 81.57.149.78:24236 81.57.149.78:24237
81.57.149.78:24241 81.57.149.78:24265 81.57.149.78:24238
81.57.149.78:24224 81.57.149.78:24231
Now we want to see what this ip is viewing, this is on a cPanel
server so it logs to /usr/local/apache/domlogs , yours may be
different.
Now ls -al, and get your sites name log, most commonly this will
be your sites name. For our example we will use HostGeekZ.com ,
so lets view it for that ip.
cat HostGeekZ.com | grep 81.57.149.78
Your output will obviously be different, but I just picked 1
entry out of the entire things they accessed.
69.241.239.147 - - [11/Jun/2005:16:28:05 -0500] "GET
/Uploads/Images/DDS1.jpg HTTP/1.1" 200 3677
"http://www.fmforums.co.uk/forums/index.php?showtopic=30783"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
Now this tells us they where on
http://www.fmforums.co.uk/forums/index.php?showtopic=30783
viewing /Uploads/Images/DDS1.jpg , which just so happens to be a
R-Rated pictures, so we will go ahead and block the ip, remove
the picture(s), and block this board from hosting pictures.
So lets ban the ip first.
iptables -I INPUT -s 81.57.149.78 -j DROP
Please read more about iptables by typing `man iptables`, you
can block them in your firewall and so on, I just prefer to use
iptables.
Now we want to remove the offending images, commonly they use
names that are offensive, or they use similar names for each, ie
if it was called HostGeekZ1.jpg the next one will be
HostGeekZ2.jpg and so on.
So go to your images directory, in this case /Uploads/Images ,
and type ls -al | grep partofimage
Again in this case DDS
So we type
cd /Uploads/Images root@server [Uploads/Images]# ls -al | grep
DDS -rw-rw-rw- 1 nobody nobody 79379 Jun 9 13:51 DDS10.jpg
-rw-rw-rw- 1 nobody nobody 77263 Jun 9 13:12 DDS11.jpg
-rw-rw-rw- 1 nobody nobody 86064 Jun 9 13:55 DDS12.jpg
-rw-rw-rw- 1 nobody nobody 92410 Jun 9 13:14 DDS13.jpg
-rw-rw-rw- 1 nobody nobody 78852 Jun 8 11:04 DDS14.jpg
-rw-rw-rw- 1 nobody nobody 151096 Jun 8 11:57 DDS15.jpg
-rw-rw-rw- 1 nobody nobody 74239 Jun 8 11:06 DDS16.jpg
-rw-rw-rw- 1 nobody nobody 88448 Jun 9 13:45 DDS17.jpg
-rw-rw-rw- 1 nobody nobody 26334 Jun 9 13:47 DDS18.jpg
-rw-rw-rw- 1 nobody nobody 23386 Jun 9 13:08 DDS19.jpg
-rw-rw-rw- 1 nobody nobody 94533 Jun 8 10:58 DDS1.jpg -rw-rw-rw-
1 nobody nobody 71576 Jun 8 11:49 DDS20.jpg -rw-rw-rw- 1 nobody
nobody 113142 Jun 8 11:49 DDS21.jpg -rw-rw-rw- 1 nobody nobody
115694 Jun 8 11:32 DDS22.jpg -rw-rw-rw- 1 nobody nobody 73786
Jun 8 11:35 DDS23.jpg -rw-rw-rw- 1 nobody nobody 90019 Jun 8
11:07 DDS24.jpg -rw-rw-rw- 1 nobody nobody 85559 Jun 8 11:08
DDS25.jpg -rw-rw-rw- 1 nobody nobody 90267 Jun 8 11:09 DDS26.jpg
-rw-rw-rw- 1 nobody nobody 62937 Jun 8 11:10 DDS27.jpg
-rw-rw-rw- 1 nobody nobody 110897 Jun 9 13:09 DDS28.jpg
-rw-rw-rw- 1 nobody nobody 100796 Jun 9 13:56 DDS29.jpg
-rw-rw-rw- 1 nobody nobody 117650 Jun 9 13:13 DDS2.jpg
-rw-rw-rw- 1 nobody nobody 112640 Jun 8 11:48 DDS30.jpg
-rw-rw-rw- 1 nobody nobody 83262 Jun 8 11:11 DDS31.jpg
-rw-rw-rw- 1 nobody nobody 75244 Jun 8 11:38 DDS32.jpg
-rw-rw-rw- 1 nobody nobody 59799 Jun 8 11:12 DDS33.jpg
-rw-rw-rw- 1 nobody nobody 74584 Jun 9 13:11 DDS34.jpg
-rw-rw-rw- 1 nobody nobody 69370 Jun 8 11:39 DDS35.jpg
-rw-rw-rw- 1 nobody nobody 59303 Jun 9 13:53 DDS36.jpg
-rw-rw-rw- 1 nobody nobody 59579 Jun 8 11:40 DDS37.jpg
-rw-rw-rw- 1 nobody nobody 62455 Jun 8 11:13 DDS38.jpg
-rw-rw-rw- 1 nobody nobody 73577 Jun 8 11:14 DDS39.jpg
-rw-rw-rw- 1 nobody nobody 131005 Jun 8 11:00 DDS3.jpg
-rw-rw-rw- 1 nobody nobody 58353 Jun 9 13:54 DDS40.jpg
-rw-rw-rw- 1 nobody nobody 59911 Jun 8 11:37 DDS41.jpg
-rw-rw-rw- 1 nobody nobody 97460 Jun 8 11:47 DDS42.jpg
-rw-rw-rw- 1 nobody nobody 79794 Jun 8 11:36 DDS43.jpg
-rw-rw-rw- 1 nobody nobody 59581 Jun 8 11:15 DDS44.jpg
-rw-rw-rw- 1 nobody nobody 62545 Jun 8 11:56 DDS45.jpg
-rw-rw-rw- 1 nobody nobody 65845 Jun 8 11:16 DDS46.jpg
-rw-rw-rw- 1 nobody nobody 79255 Jun 8 11:17 DDS47.jpg
-rw-rw-rw- 1 nobody nobody 63742 Jun 8 11:19 DDS48.jpg
-rw-rw-rw- 1 nobody nobody 58574 Jun 8 11:46 DDS49.jpg
-rw-rw-rw- 1 nobody nobody 91315 Jun 8 11:28 DDS4.jpg -rw-rw-rw-
1 nobody nobody 54508 Jun 8 11:41 DDS50.jpg -rw-rw-rw- 1 nobody
nobody 69161 Jun 9 13:49 DDS51.jpg -rw-rw-rw- 1 nobody nobody
55934 Jun 9 13:53 DDS52.jpg -rw-rw-rw- 1 nobody nobody 65362 Jun
8 11:42 DDS53.jpg -rw-rw-rw- 1 nobody nobody 63869 Jun 8 11:44
DDS54.jpg -rw-rw-rw- 1 nobody nobody 55224 Jun 9 13:11 DDS55.jpg
-rw-rw-rw- 1 nobody nobody 57968 Jun 9 13:46 DDS56.jpg
-rw-rw-rw- 1 nobody nobody 64196 Jun 9 13:52 DDS57.jpg
-rw-rw-rw- 1 nobody nobody 60958 Jun 9 13:10 DDS58.jpg
-rw-rw-rw- 1 nobody nobody 72166 Jun 9 13:50 DDS59.jpg
-rw-rw-rw- 1 nobody nobody 70411 Jun 8 11:58 DDS5.jpg -rw-rw-rw-
1 nobody nobody 67154 Jun 9 13:48 DDS60.jpg -rw-rw-rw- 1 nobody
nobody 61261 Jun 8 11:20 DDS61.jpg -rw-rw-rw- 1 nobody nobody
70026 Jun 8 11:45 DDS62.jpg -rw-rw-rw- 1 nobody nobody 61694 Jun
8 11:55 DDS63.jpg -rw-rw-rw- 1 nobody nobody 56991 Jun 8 11:46
DDS64.jpg -rw-rw-rw- 1 nobody nobody 81813 Jun 8 11:21 DDS65.jpg
-rw-rw-rw- 1 nobody nobody 69012 Jun 8 11:26 DDS66.jpg
-rw-rw-rw- 1 nobody nobody 67735 Jun 9 13:44 DDS67.jpg
-rw-rw-rw- 1 nobody nobody 100698 Jun 8 11:01 DDS6.jpg
-rw-rw-rw- 1 nobody nobody 62545 Jun 9 13:03 DDS71.jpg
-rw-rw-rw- 1 nobody nobody 151096 Jun 9 13:05 DDS72.jpg
-rw-rw-rw- 1 nobody nobody 79372 Jun 8 11:30 DDS7.jpg -rw-rw-rw-
1 nobody nobody 99982 Jun 9 13:08 DDS8.jpg -rw-rw-rw- 1 nobody
nobody 74809 Jun 8 11:03 DDS9.jpg
As you see there are lots of offending images, lets just go
ahead and remove them all.
rm -rf DDS*.jpg
They should now all be gone.
root@server [/Uploads/Images]# rm -rf DDS*.jpg root@server
[/Uploads/Images]# ls -al | grep DDS
As you see it returns nothing. Now time to add this forum to our
"block list", I personally use mod_rewrite.
So in our .htaccess we just add RewriteEngine on RewriteCond
%{HTTP_REFERER} ^http://(.*)fmforums.co.uk(.*) RewriteRule ^.*$
- [L,F]
--
To add multiple urls, ie to ban 6park.com which causes alot of
problems we just add [OR]
RewriteEngine on RewriteCond %{HTTP_REFERER}
^http://(.*)fmforums.co.uk(.*) [OR] RewriteCond %{HTTP_REFERER}
^http://(.*)6park.com(.*) RewriteRule ^.*$ - [L,F]
----------------------
Well I hope this helps, you will just have to repeat the process
for all offending images. This will mainly find adult boards,
because this is the format they post in.