Well guys, I have bad news. One of my directories got attacked by someone or something. Not too sure how it works but they did leeched about 28GB of bandwidth this month. I have checked my weblog and discovered that it all goes to 404 pages, which are the error pages. So apparently someone or something is hitting on a page which doesn’t exist at all on my directory and they are doing it pretty frequently. The bandwidth transfer goes to 1Mbps from 10am to 12am Singapore time and for my website, that’s just amazing. I have ruled out normal visitor usage as nobody would hit the 404 page so often (that is using 1GB of bandwidth per day!) and exactly around the same time everyday.

I didn’t discover this problem till my webhost complained that I have been using too much bandwidth. So I checked my weblog and told them the problem. Luckily they did check and later told me that it could very likely be a DOS attack on my site. And I have to agree. My human visitors didn’t increase so much till the bandwidth jumps 28GB for this month as well as the previous month. Those are the 2 months that hit such a high peak. The rest of the time, I barely clock up 10GB per month in total. Plus the search engine bots used up about only 500MB in bandwidth total. So, that scenario of search engine bots hammering my site is not very likely. One of the forumers suggested that it could be due to the fact that my site is too slow (like server overload) and that users kept on “refreshing” my site and thus there are tons of wasted bandwidth. Again, I doubt that to be the case. From my end, the site loads fine during the peak periods. I have tested it myself. It doesn’t seem to be the server load issue. More of a bandwidth issue. Plus, the majority of the bandwidth still goes to the 404 error pages. In my opinion, I think this is also another very unlikely scenario.

I think the most likely reason and as stated by my webhost is DOS attack. However, I am at a lost at what I should do. Other than asking my webhost to deny the attackers IP addresses, there don’t seem to be anything I can do. Is there anything I can do to help prevent such attacks in the future? Or is my webhost not having the proper firewall at their site in the first place? I have been using their service for over 2 years now and I am sure that I didn’t face such problems in the past.