0

I used my own server to host an example file (an image) when I posted an answer to a question at StackOverflow. Now someone has copied the code I used, including the URL to the file on my server. The site they are using it on is relatively high volume, so this is causing unnecessary strain on my measly virtual server, and above all it's eating severely off my monthly DNS query limit.

enter image description here

I have no problem with the hotlinking per se, I'm just worried I'll end up paying more for something I'm not responsible of and it distorts the actual usage so I cannot monitor what I actually use. What measures can I take to prevent the site from generating so much hits on the services I have paid for? What I have tried so far:

  • Contacting the company where the requests originate - no reply.
  • Replacing the hosted file with another obnoxious one - but they don't actually use the image anywhere, just link to it in their CSS so this method is not effective as it's not visible anywhere on their page.
  • Blocking certain IPs with iptables: this prevents the requests from reaching Apache but they still hit the DNS.

Am I defenseless to this kind of abuse? Do I just have to hope that they'll remove the image eventually? At least I've learned never to use my own server to host anything that others can directly incorporate into their own works..

Tatu Ulmanen
  • 161
  • 1
  • 7
  • 3
    Option 4. Name and Shame. Identify the company and complain about it publicly on twitter, blogs, etc. – Zoredache Dec 13 '12 at 17:37
  • I've thought about that, but ultimately it's not the company's fault but rather the web designer's... Which I haven't identified yet. – Tatu Ulmanen Dec 13 '12 at 17:40
  • @Zoredache, that's only really useful if you're sure that this is the correct company indeed. The question seem to be quite specifically about DNS requests here. It's hard to say whether the DNS client coming to that server is indeed the ultimate client, or event if it has anything to do with the hot-linker. – Bruno Dec 13 '12 at 17:40
  • Not sure if it would help, but perhaps CloudFlare could be of assistance. It caches your website contents which should result in fewer lookups. – DKNUCKLES Dec 13 '12 at 17:42
  • 2
    Have you considered hosting your DNS server (or using a DNS provider) somewhere where there's no request number limit? It doesn't have to be on the same machine or hosting company as your web server. – Bruno Dec 13 '12 at 17:43
  • `ultimately it's not the company's fault but rather the web designer` - If a company is using resources without consent from the owner, it certainly is the companies problem. If polite attempts to get them to change are being ignored, then your only choice may be to either go to the town square, or to to the court room. – Zoredache Dec 13 '12 at 17:45
  • @Zoredache, the problem is that the DNS queries may come from somewhere completely different from (a) the browser's IP address and (b) the site that's hot-linking. – Bruno Dec 13 '12 at 17:49
  • Have you considered changing the hot-linked URL to an image that's ill-suited for the site and just updating the link in your SO answer to a new copy of the correct image? Hot-linking is a faux pas. It would serve them right if the image suddenly changed to, say, my little pony. – MDMarra Dec 13 '12 at 17:56
  • I noted in my answer that I have already tried that - the company links to the image but doesn't show it anywhere. Therefore changing the image to one about dicks won't do any good. – Tatu Ulmanen Dec 13 '12 at 17:58
  • Ah, sorry. I skimmed over that line. Too bad. – MDMarra Dec 13 '12 at 17:59
  • 5
    Dude, move DNS to somewhere there isn't a limit. This is the year 2012 for gods sake. It's not like they are hosting their DNS servers on 56k modem lines. – pauska Dec 13 '12 at 18:05
  • Are the DNS Entries already on a long TTL? If not, some of the unwelcome traffic could be redistributed to ISP caches by setting it far higher... – rackandboneman Dec 14 '12 at 01:23
  • What's your TTL? As mentioned above, intermediate DNS servers should be returning cached results for these queries. Perhaps you have a very small TTL. –  Sep 09 '13 at 22:31

2 Answers2

1

I would address this issue by:

  1. Contact the company of course. (I know you've already done this, just including it here for completeness).
  2. Move your DNS to a host in the year 2013. Limiting DNS queries by quantity is ridiculous these days. For US$20/month you can load as many authoritative and/or slave zones into Linode's DNS panel and they'll serve it up all month for you without question.
  3. Check your TTL's to ensure RR's are being cached properly by downstream resolvers.
  4. Create a htaccess rule to examine the Referrer header and serve up a 403 for anyone requesting the image via that site.
fukawi2
  • 5,396
  • 3
  • 32
  • 51
0

For the most part, yes you are defenseless. More accurately, you've already taken one of the most effective steps to resolving it that you are able to - blocking the IPs. Another step would be to remove the image entirely, resulting in a 404. You might also be able to write an .htaccess "rule" to disallow hotlinking, but ultimately, you can't do anything about a third party pointing an image link at your server.

John
  • 9,070
  • 1
  • 29
  • 34
  • 3
    I don't think removing the image will work - the server will still need to issue the DNS query to get the 404 error – DKNUCKLES Dec 13 '12 at 17:52
  • The question still left to me is, why is his nameserver queried so often and not ISP caches? – rackandboneman Dec 14 '12 at 09:59
  • It's the web clients making the requests, not the web server. There could be thousands of disparate clients, all using a different DNS resolver, and each of those resolvers needs to make at least 1 query before being able to cache it. – fukawi2 Sep 09 '13 at 23:13