Thanks for the replies, I'll definitely check out the ISP route once I get some stats up and running. Unfortunately my hosting provider (Servage.net) doesn't have detailed statistics built into the control panel, so I'm going to have to install some sort of stats solution (which I'm still wondering how I'm going to do, since it's clustered webhosting and therefore no log file) and wait until the next attack before I can find out who it is.

Filefront, or any other file hosting service for that matter, is unfortunately not an option, as I host hundreds of files on nineLegends.com, not to mention the website itself. I have no idea if the attacks are because of the hackpack, it's probably more likely that I've pissed someone off at some point or another, and now they've decided to get revenge, if there even is a reason.


If such a script would work for everything on the site, I would be very interested. I host too many files for it to be useful otherwise, and pretty much anything could be used to shut the site down (even a small .jpg could be used, provided the attacker has some sort of program or script that refreshes it fast enough for it to keep a steady stream of traffic going).

Glad to see you guys making an effort, kudos! :]

Well, yeah anything can bring it down. The PHP script would only be targetted for download files as they have to be processed through the script itself (ie., instead of linking to the file you link to the php script with a few params). I can write one to support any downloads but again, you're right, it won't fix the issue at hand. Honestly, I don't think there is a fix for it other than banning the IP of the user.

As far as the log, your provider should be able to give you some sort of log if you request them. Have you tried contacting them about the issue?

I've contacted them, and they said that they don't have logs because of the clustered server structure. According to them I have to install a third party statistics solution of some sort, but I don't know of any that work without logs. I've asked them to give me some suggestions, but I guess I won't get an answer until tomorrow.

From the basic stats I have in the CP though, it's difficult not to get the impression that something funky is going on. The below example lists an average day (Wednesday this week) and a "spammed" day (Today)

Wednesday
Unique: 50
Pageviews: 778
Hits: 1131
Transfer: 1.35 GB

Today
Unique: 43
Pageviews: 124809
Hits: 163698
Transfer: 201.75 GB

43 people viewing the site 124809 times in a single day? That's interesting. I'm actually starting to suspect it's a robot gone mad, since the visitors pages of the statistics don't reflect the pageviews by a very, very, very long shot. In that case it's ignoring my robots.txt. I've changed it from disallowing all the folders to disallowing / (everything), which might help if they're actually looking at robots.txt and not outright ignoring it. Unfortunately the basic stats don't show robot hits, so I can't prove my current guesstimation of what's going on.

You won't get anything useful without the Apache log. The only other way to log hits is by running a script on every page load, which doesn't help you at all because you can't attach a script to a file unless using a script to download the file. Also, your host is just lazy. You CAN get logs on a cluster env. They just don't split the logs or didn't write their VirtualHost generator/script to do it. Either way, if they can't give them to you, you are pretty screwed in that sense.

I see you already have a script for all your downloads in /files/. If you want I can modify the script so that it limits 1 connection per IP, and makes you wait XX seconds/minutes between downloads on the same IP. It wouldn't be too hard.

Message me if you want me to help out in that way
AIM: v104b
Gmail/Gtalk: jfanaian at gmail with no spam dot com
(Obviously take out the with no spam part)
IRC: beta @ irc.gamesurge.net

I don't understand how having a "clustered" server means they don't have logs. I wonder if you were speaking with some know-nothing rep. Did you mention your site was being DoS'ed and you needed some logs. If they say they don't have any, feel free to complain since you're paying for the service and you should have access to your logs. *dumbfounded*

You have at least two options:
Upload a .php script which will allow you to access to your logs. This is what I would do because I am young, brash and full of myself. The chances of them noticing are very small, especially if they can't even find your logs.

Modify /files/index.php to log everything. This is the safest way and you can log everything you need (mostly just the IP). If you would like help with this just let me know. This would also be the file where download limiting would be handled. Do you have access to a database server of some sort? If not, you may be able to just use sessions to store download counts.

Either option isn't too much code.

Thanks for the input dudes, I think I've got things moving in the right direction now however. Found this neat statistics program called crawltrack, which specializes in tracking robots (without using logs). While, like you say, I won't be able to see specific file downloads, I don't think that'll matter if it's a bot, since bots pretty much get everything. I'm also pretty sure the bots haven't been downloading any big files (160000 hits resulting in only 190gb bandwidth being the clue). I've already started .htaccess banning, Alexa bot being the first "victim". I haven't seen yesterday's kind of crazy traffic so far today, but that might be down to me having changed robots.txt, Alexa bot being banned (I've read about it going Rambo on other sites as well), or simply this being an "off day" for the abusive bots. It's going to take a while until I can be sure, obviously.

I feel a bit bad since I don't have any use for your input if this pans out. I'll be sure to reload this thread if things go down the crapper again though!

I feel I should give my host, Servage, a little backup though. The no logs thing is pretty stupid, but apart from that and a certain 120gb/day limit (which admittedly may have saved my ass from serious bandwidth rape, although it's doubtful it would've gotten over 3000gb without me noticing), they're by far the best website hosting service I've been involved with.

Back on more thread relevant issues: Version 1.4 of the nLpack will be out sometime next week, hopefully. No massive changes, but still worthy of an update (not to mention I need bigger version numbers to make it look like I'm still following my original statement of "many small and frequent updates"!). If anyone has any suggestions for stuff that can be included (I don't think there's anything, but I don't play NS anymore so you never know...) let me know!

A more simple Motiontracking sprite. Just a (smaller, 32x32?) ring would do. No fancy effects and stuff - just a blue ring.

Made one for myself back in 1.04. That was 2 HDD crashes ago, though. I secured it somewhere, gotta search it.

I made a ######load of things like that (imrpoving "playability") in the past. Models* / Sprites / Sounds* (even *.bat files to change from league / nonleague / vanilla - with different grades of 'unfairness'). Gonna search through it, there may be some stuff you'd like.

Fana, what you can do is add a robots.txt to stop search bots from indexing certain directories (ie., downloads/images). Like tek said, there is a possibility of accessing the logs with PHP. The http daemon user has to have read/write access to the log files, and I doubt they disabled logging altogether (I'm not even sure if that can be done with Apache, assuming they use Apache) but a script could try to read the log files wherever they are.

robots.txt was the first thing I sorted when I realized it could be a nasty infection of crazy crawlers, actually. Unfortunately there's no Internet police to punish robots who don't follow the rules.

The website is going to be postponed because of delays with the flash menu (outside of my control) and as a result v. 1.4 of the pack will take a bit longer. I'll look into the motion tracking thing, I think someone mentioned it earlier in this thread as well.

Two big uni handins on the 10th and the 15th, so I won't be able to finish 1.4 until after that.



Hey, at least the new site is up.

yeah the sites nice gj, are the nav bar hover images preloaded with the webpage or just when the mouse hovers?

It's not a hover image, really, it's just a 5x100px .gif with repeat-x. It's not preloaded with the site, but the size of the .gif is so small that you barely notice the delay when you hover for the first time. The menu is temporary though, there's a cool flash one in the works, but unfortunately I don't know flash and the dude who's making it is pretty busy (and just as lazy as myself), so it will probably be a while before it's on the site.

The download link is broken. I tried downloading it. Is it just me?

There was a bug sometime yesterday, but that was fixed ages ago. It should work now, if it doesn't the problem is on your end.

I was banned from nl.com once apon a time... lol

Not by me.

*bump* Version 1.4 is out!

POINTLESS crap just play what the game is set as
all these lil things are waste of time stuff's up the gameplay of what the game should really be like
UNINSTALL AND PLAY default FTW

Thank you for your valuable contribution to the Natural Selection community, Sir.