Manage Free Image Hosts

Having a problem managing your free image host? Well i'm sorry but so many new free image hosts are poping up now adays, and then closing because they are not setup to handle abuse properly. If you plan on running one, you have to plan FOR abuse. The main way I am solving this now is by ACTIVE moderation, but in this little "guide" I will explain how to find and solve an abuse problem. So lets get started. First login to your server and check the load and so on. uptime 16:22:15 up 67 days, 5:13, 1 user, load average: 1.30, 2.38, 2.70 As you see this server is having a high load, if you have 2 processors then this should not worry you, but in this case it does not. So lets check out whats causing such a high load. top 18340 root 15 0 4332 4088 3056 S 20.3 0.4 0:28 0 httpd 16347 root 20 0 1316 1316 856 R 1.9 0.1 0:00 0 top 1 root 15 0 112 84 56 S 0.0 0.0 0:04 0 init As we see, httpd is causing a very high load. On image hosting, it is a different way from any other host, as you know its going to be an abuse image. So just go straight and find out why, check your netstat output for ips with multiple connections, also understand this will only find forum posts with multiple images. In my experience its these boards that cause the main problem. netstat -an | grep :80 | sort | awk '{print $5}' You should see lots of ips, if you are unable to view them all at the same time you can either save to a file or use the | more command. netstat -an | grep :80 | sort | awk '{print $5}' >> file.txt netstat -an | grep :80 | sort | awk '{print $5}' | more Just for easy viewing, now its up to you to decide ips with lots of connections. In this example I will pick 81.57.149.78:24225 81.57.149.78:24226 81.57.149.78:24229 81.57.149.78:24232 81.57.149.78:24236 81.57.149.78:24237 81.57.149.78:24241 81.57.149.78:24265 81.57.149.78:24238 81.57.149.78:24224 81.57.149.78:24231 Now we want to see what this ip is viewing, this is on a cPanel server so it logs to /usr/local/apache/domlogs , yours may be different. Now ls -al, and get your sites name log, most commonly this will be your sites name. For our example we will use HostGeekZ.com , so lets view it for that ip. cat HostGeekZ.com | grep 81.57.149.78 Your output will obviously be different, but I just picked 1 entry out of the entire things they accessed. 69.241.239.147 - - [11/Jun/2005:16:28:05 -0500] "GET /Uploads/Images/DDS1.jpg HTTP/1.1" 200 3677 "http://www.fmforums.co.uk/forums/index.php?showtopic=30783" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" Now this tells us they where on http://www.fmforums.co.uk/forums/index.php?showtopic=30783 viewing /Uploads/Images/DDS1.jpg , which just so happens to be a R-Rated pictures, so we will go ahead and block the ip, remove the picture(s), and block this board from hosting pictures. So lets ban the ip first. iptables -I INPUT -s 81.57.149.78 -j DROP Please read more about iptables by typing `man iptables`, you can block them in your firewall and so on, I just prefer to use iptables. Now we want to remove the offending images, commonly they use names that are offensive, or they use similar names for each, ie if it was called HostGeekZ1.jpg the next one will be HostGeekZ2.jpg and so on. So go to your images directory, in this case /Uploads/Images , and type ls -al | grep partofimage Again in this case DDS So we type cd /Uploads/Images root@server [Uploads/Images]# ls -al | grep DDS -rw-rw-rw- 1 nobody nobody 79379 Jun 9 13:51 DDS10.jpg -rw-rw-rw- 1 nobody nobody 77263 Jun 9 13:12 DDS11.jpg -rw-rw-rw- 1 nobody nobody 86064 Jun 9 13:55 DDS12.jpg -rw-rw-rw- 1 nobody nobody 92410 Jun 9 13:14 DDS13.jpg -rw-rw-rw- 1 nobody nobody 78852 Jun 8 11:04 DDS14.jpg -rw-rw-rw- 1 nobody nobody 151096 Jun 8 11:57 DDS15.jpg -rw-rw-rw- 1 nobody nobody 74239 Jun 8 11:06 DDS16.jpg -rw-rw-rw- 1 nobody nobody 88448 Jun 9 13:45 DDS17.jpg -rw-rw-rw- 1 nobody nobody 26334 Jun 9 13:47 DDS18.jpg -rw-rw-rw- 1 nobody nobody 23386 Jun 9 13:08 DDS19.jpg -rw-rw-rw- 1 nobody nobody 94533 Jun 8 10:58 DDS1.jpg -rw-rw-rw- 1 nobody nobody 71576 Jun 8 11:49 DDS20.jpg -rw-rw-rw- 1 nobody nobody 113142 Jun 8 11:49 DDS21.jpg -rw-rw-rw- 1 nobody nobody 115694 Jun 8 11:32 DDS22.jpg -rw-rw-rw- 1 nobody nobody 73786 Jun 8 11:35 DDS23.jpg -rw-rw-rw- 1 nobody nobody 90019 Jun 8 11:07 DDS24.jpg -rw-rw-rw- 1 nobody nobody 85559 Jun 8 11:08 DDS25.jpg -rw-rw-rw- 1 nobody nobody 90267 Jun 8 11:09 DDS26.jpg -rw-rw-rw- 1 nobody nobody 62937 Jun 8 11:10 DDS27.jpg -rw-rw-rw- 1 nobody nobody 110897 Jun 9 13:09 DDS28.jpg -rw-rw-rw- 1 nobody nobody 100796 Jun 9 13:56 DDS29.jpg -rw-rw-rw- 1 nobody nobody 117650 Jun 9 13:13 DDS2.jpg -rw-rw-rw- 1 nobody nobody 112640 Jun 8 11:48 DDS30.jpg -rw-rw-rw- 1 nobody nobody 83262 Jun 8 11:11 DDS31.jpg -rw-rw-rw- 1 nobody nobody 75244 Jun 8 11:38 DDS32.jpg -rw-rw-rw- 1 nobody nobody 59799 Jun 8 11:12 DDS33.jpg -rw-rw-rw- 1 nobody nobody 74584 Jun 9 13:11 DDS34.jpg -rw-rw-rw- 1 nobody nobody 69370 Jun 8 11:39 DDS35.jpg -rw-rw-rw- 1 nobody nobody 59303 Jun 9 13:53 DDS36.jpg -rw-rw-rw- 1 nobody nobody 59579 Jun 8 11:40 DDS37.jpg -rw-rw-rw- 1 nobody nobody 62455 Jun 8 11:13 DDS38.jpg -rw-rw-rw- 1 nobody nobody 73577 Jun 8 11:14 DDS39.jpg -rw-rw-rw- 1 nobody nobody 131005 Jun 8 11:00 DDS3.jpg -rw-rw-rw- 1 nobody nobody 58353 Jun 9 13:54 DDS40.jpg -rw-rw-rw- 1 nobody nobody 59911 Jun 8 11:37 DDS41.jpg -rw-rw-rw- 1 nobody nobody 97460 Jun 8 11:47 DDS42.jpg -rw-rw-rw- 1 nobody nobody 79794 Jun 8 11:36 DDS43.jpg -rw-rw-rw- 1 nobody nobody 59581 Jun 8 11:15 DDS44.jpg -rw-rw-rw- 1 nobody nobody 62545 Jun 8 11:56 DDS45.jpg -rw-rw-rw- 1 nobody nobody 65845 Jun 8 11:16 DDS46.jpg -rw-rw-rw- 1 nobody nobody 79255 Jun 8 11:17 DDS47.jpg -rw-rw-rw- 1 nobody nobody 63742 Jun 8 11:19 DDS48.jpg -rw-rw-rw- 1 nobody nobody 58574 Jun 8 11:46 DDS49.jpg -rw-rw-rw- 1 nobody nobody 91315 Jun 8 11:28 DDS4.jpg -rw-rw-rw- 1 nobody nobody 54508 Jun 8 11:41 DDS50.jpg -rw-rw-rw- 1 nobody nobody 69161 Jun 9 13:49 DDS51.jpg -rw-rw-rw- 1 nobody nobody 55934 Jun 9 13:53 DDS52.jpg -rw-rw-rw- 1 nobody nobody 65362 Jun 8 11:42 DDS53.jpg -rw-rw-rw- 1 nobody nobody 63869 Jun 8 11:44 DDS54.jpg -rw-rw-rw- 1 nobody nobody 55224 Jun 9 13:11 DDS55.jpg -rw-rw-rw- 1 nobody nobody 57968 Jun 9 13:46 DDS56.jpg -rw-rw-rw- 1 nobody nobody 64196 Jun 9 13:52 DDS57.jpg -rw-rw-rw- 1 nobody nobody 60958 Jun 9 13:10 DDS58.jpg -rw-rw-rw- 1 nobody nobody 72166 Jun 9 13:50 DDS59.jpg -rw-rw-rw- 1 nobody nobody 70411 Jun 8 11:58 DDS5.jpg -rw-rw-rw- 1 nobody nobody 67154 Jun 9 13:48 DDS60.jpg -rw-rw-rw- 1 nobody nobody 61261 Jun 8 11:20 DDS61.jpg -rw-rw-rw- 1 nobody nobody 70026 Jun 8 11:45 DDS62.jpg -rw-rw-rw- 1 nobody nobody 61694 Jun 8 11:55 DDS63.jpg -rw-rw-rw- 1 nobody nobody 56991 Jun 8 11:46 DDS64.jpg -rw-rw-rw- 1 nobody nobody 81813 Jun 8 11:21 DDS65.jpg -rw-rw-rw- 1 nobody nobody 69012 Jun 8 11:26 DDS66.jpg -rw-rw-rw- 1 nobody nobody 67735 Jun 9 13:44 DDS67.jpg -rw-rw-rw- 1 nobody nobody 100698 Jun 8 11:01 DDS6.jpg -rw-rw-rw- 1 nobody nobody 62545 Jun 9 13:03 DDS71.jpg -rw-rw-rw- 1 nobody nobody 151096 Jun 9 13:05 DDS72.jpg -rw-rw-rw- 1 nobody nobody 79372 Jun 8 11:30 DDS7.jpg -rw-rw-rw- 1 nobody nobody 99982 Jun 9 13:08 DDS8.jpg -rw-rw-rw- 1 nobody nobody 74809 Jun 8 11:03 DDS9.jpg As you see there are lots of offending images, lets just go ahead and remove them all. rm -rf DDS*.jpg They should now all be gone. root@server [/Uploads/Images]# rm -rf DDS*.jpg root@server [/Uploads/Images]# ls -al | grep DDS As you see it returns nothing. Now time to add this forum to our "block list", I personally use mod_rewrite. So in our .htaccess we just add RewriteEngine on RewriteCond %{HTTP_REFERER} ^http://(.*)fmforums.co.uk(.*) RewriteRule ^.*$ - [L,F] -- To add multiple urls, ie to ban 6park.com which causes alot of problems we just add [OR] RewriteEngine on RewriteCond %{HTTP_REFERER} ^http://(.*)fmforums.co.uk(.*) [OR] RewriteCond %{HTTP_REFERER} ^http://(.*)6park.com(.*) RewriteRule ^.*$ - [L,F] ---------------------- Well I hope this helps, you will just have to repeat the process for all offending images. This will mainly find adult boards, because this is the format they post in.