24 January 2008
The PenguinTutor.com website was taken offline for a short time between the 23 and 24 January. Apologies to any inconvenience caused. This was caused by the monthly permitted bandwidth being consumed during one day by an attempted cracker (most people would refer to them as a hacker, although that is not the real meaning of a hacker).
The site, which normally runs at only a few hundred MB of downloads a month suddenly hit almost 3GB in the one day.
It appears that someone was attempting to get into the forum by using a brute force attack. A brute force attack is where someone tries multiple combinations of the password in an attempt to find the correct one.
Normally this is prevented by a remote login only allowing a set number of attempts, before locking the account for a period of time. I'm not sure if the forum implements this, but I'll be taking a look, although the forum is disabled anyway - with no write access to the database, so there is not much they could actually do even if they do succeed.
However in the time that they were only they were only able to run about 100,000 attempts. However assuming upper and lower-case characters, and digits are used then there are 3,521,614,606,208 possible permutations (for a 7 character password), so it's unlikely they will have got far. Often they use dictionary guesses to reduce the number of attempts needed, but that only works if the password is a dictionary word, which mine aren't.
I have reported this individual to the relevant groups for them to investigate this attempt.
Unfortunately the response from my hosting company was not very helpful. In fact they appeared to be using a clause in the small print to leave my site down. They tried asking for Â£60 + vat for an increase in my bandwidth on a so called unmetered bandwidth account.
Reading the sales information on their website they say:
Bandwidth is the amount of data that is allowed to pass to or from your web space in a monthly period, measured in MB or GB. If we are unable to host your website due to excessive bandwidth use we will refund the entire hosting fee remaining."
Which sounds fine, but then in their fine print T&Cs there is a comment about not having files more than 1MB in size. I couldn't find this on the website, although they did point out where by sending an email:
"10.) Multimedia file types, limited in size to 1Mb, including but not limited to .mov, .avi, .mp3, .wav, .rm, .ram, .wmp, .zip, rar are permissible but sites using these file types will be monitored, and if Compila deems necessary 4 and 7 above will apply. Any files over 1MB in size are not allowed on our servers. Failure to adhere to this may result to suspension of your site with no prior warning."
Now five to ten years ago 1MB was a large file size, but it's now common for files to be over 1MB.
I only actually had 5 files over that size, and of those only 2 were download-able by users, and were not responsible for the high bandwidth utilisation.
I have since removed these and they have increased my bandwidth to allow the site to continue running. It did seam a little petty them pulling me up for such minor things.
Although I've had a few problems with the web hosting: Compila forgetting to renew my domain; a few outages etc. I've accepted these because of how cheap the offering is. It now seams that it is more restrictive than they originally led me to believe and I am now going to consider whether it may be better to move my sites to another provider. It's a shame when it's over these few files especially if you consider my normal bandwidth usage is only a very small amount.