I posted my weird HTTP-requests-from China query on a Drupal mailing list (since the queries were coming in through a site I run that's built on Drupal).
Consensus: I was being used to suck money out of pay-per-click ad networks (through a "clickfarm" that automates the clicking of ads from certain ad-serving companies that specialize in pay-per-click ads).
Best advice: Make sure the server only serves up pages to sites I control (see the whole thread). A quick Google search on "hotlinking" (the practice of using somebody else's images on your site) brought me to this handy anti-hotlinking code generator for building the .htaccess code to stop the requests.
That approach makes a lot more sense than my previous effort - just putting in "deny from {IP ranges}" statements in .htaccess, since every time I did that, the guy found a new IP range from which to suck up my banner file. Seems the guy (or group) is either really good at cracking into Web sites, or ISPs and government agencies in the Beijing area have incredibly poor security. So far, so good: Yesterday's bandwidth report showed bandwidth usage back down to levels of a week ago.
See this discussion about similar possible attacks against Google AdSense and this article about click fraud in general. Also see: India's secret army of online ad 'clickers'.
Post a comment
