<<>> Please do not place the files linked on my site into an auto-download program or assign them as part of a class assignment for school! Do not perform a continuous download on any file! On 12/12/01 someone at thompson.rtp.epa.gov linked to the treelab downloadable pdf zip file and drove the usage up in a sustained burst download that made the bandwidth of the site skyrocket to the point that I and the administrator of the server were contacted about this bandwidth draw. The identity of this server at thompson.rtp.epa.gov, user and IP is being tracked. I can not allow this to continue or repeat as it can be extremely expensive! If this happens again, I will have to remove all downloads from the site! if you need this file, the file has now been deleted from the server and will not be replaced. I apologize for this, but it only takes one person to screw it up for everyone!

It shouldn't be necessary to remove the file. When I worked for an ISP we routinely denied access to bandwidth thieves for our customers by adding rules to deny traffic from the offending host to our server configuration files. Perhaps your ISP would be willing to do the same, at least temporarily, until the bandwidth hogging settles down.

I was fine with the entire message expt for the last line. Get with the program. This is the internet and it spans the globe with pretty much unrestricted access. You had to know this going into this. So the snyde closing remark only belittles the entire message above. Sorry but if you need this file TOUGH! What did you intend that line to convey except discontent. If you or your admins can not get a handle on your server connections. Or are unwilling to or are not prepared to host a WWW site then close up shop or remove your downloadable content. But beating uninvolved readers over the head after the fact gais nothing.

I suppose BT was hoping to get a message through to the person responsible. A while back I ran into a problem with renderosity whereby all the images were replaced with some 'bandwidth theft alert' image. I asked about it and never got a reply. Clearing the cache, history, cookies, etc helped only for the first few views of osity, then back to that. Tonight I may have found the problem. Ditching Black Ice firewall seems to have relieved the problem and there's an update I'm getting. Whatever is going on, its frustrating, expensive, and inappropriate. I don't blame BT a bit. Glad he was able to at least identify the server. That's better than I've been able so far.

It's a continual problem as long as the host is charged for bandwidth instead of the user. It's like a houseowner being charged every time someone drives down his street. He can't control that! The system is wrong.

Uh, what are you talking about Phantast? By paying my ISP every month, I am paying for the use of their services, including bandwidth. Reasonably clueful ISPs know how to handle denial of service attacks, which is what bandwidth theft essentially is. If you put up a web site, it is your and your ISP's responsibility to pay for the bandwidth use. The ISP pays for its bandwidth through fees they charge their users. Are you suggesting that I should write over 200 checks to each individual web site I visit on a monthly basis? Somehow I think that model would fail and the Internet would come crashing down. Anyway, as I said originally--a clueful ISP can get rid of the bandwidth hog and contact the site admin of the offending host to resolve the situation. Usually these sorts of things are a mistake; people don't usually understand the consequences of linking from a popular site to another one.

pnevai its very clear you have no idea what kind of attack this was...and to be honest, we had no idea until today. It was a dos attack. IF the main line had not broken the attack, it would have been rediculously expensive. My site is a hobby site...and the day that site costs 700 in one month is the last day it is online. we have blocked the server...and legal actions are ensuing. But, if I want to remove a file..I can. its my site. I can also delete every pdf there if I want. Its my site. PDF are there for convenience...but they can be abused in zip format. And it does take a bit of time to determine if its an attack or if its a new download for the servers to block it automatically. the armor I posted recently ran the bandwidth up very high in the 1st 3 days...so the server can not just kick in and block an increase. but in sum from 3000 bytes per sec average..it went to >1000000 per sec and lasted a duration of 2.5 hours before it was blocked. I and the admin of the server are deciding whether or not the zips should just be removed anyhow because my site draws >70 percent of the bandwidth from the server out of ~40 sites. this one step would save lotsa cash for everyone... BT

kieraw - I'm not suggesting you should write 200 cheques. But bandwidth is not something like coal that costs so much per ton to dig out of the ground. The current situation is that someone running a web site can be charged for something over which they have no control, which to me is just not morally right. I've seen plenty of popular sites that got burned just because they were popular, and the hobbyist owner suddenly found he had a huge debt. brycetech and others are in the position of someone going into a bar and saying "the drinks are on me" without knowing how many customers there are. Not good. I don't what the ideal model is. But this ain't it.

First, there are several things you can do to limit bandwidth use on your web site. Brycetech has already done many of these (frames, for example). PDFs are huge and if bandwidth usage is a problem removing those would be the fist thing on my list. The use of tables is a huge bandwidth suck due to the number of tags involved--perhaps switching to CSS is something that would help. Stuff like that. Secondly, I don't know about other ISPs, but the ones I worked for never charged the user for something out of their control, like a DOS attack. If your ISP does this, it is time for a new ISP. Current pricing models make no distinction between commercial use and independent publishing. However, sponsorships can be extremely helpful to assuage costs. For example, in Brycetech's case, everyone who does Bryce and is involved in the community knows about the Brycetech site. Perhaps Corel would be willing to place a small ad on the site, given its popularity, or even host the tutorials at their own web site. Of course it is totally up to BT to decide what to do. I am just offering some suggestions based on my experience with the web.

You know, I gotta agree with Kieraw on the charging policy. When its out of the ordinary and the result of abusiveness, the ISP should work to resolve it and not pass it along to the site owner. (Granted, there are sites out there that beg for attacks, BT's is not one of them). Commerce and expanding technology is a funny thing. Charge the surfer and you don't have any surfers any more. Charge the site owner for abuse and you don't have any site owners any more. The isp is the last line of defense to help identify and stop the abuse. Let the ISP absorbe this or find one that will.

sigh, some people think they can hide and wont be identified when they do such silly things as this...its just flippin' stupid! A person with the knowledge of this ought to be frickin' smart enough to know their identity is just a few phone calls away! We are currently determining which way to go with potential charges and prosecution...federal or inter-state. It can be a federal matter because the owner of the server is actually an individual in Ireland. And attacks like this can be considered terrorism via the vagueness of the current laws--just like viruses. federal carries larger fines and mandatory jail terms and can reach internationally if necessary. state would most likely be fines alone...and restricted to the US. either way, the person will lose their job most likely. all for something as stupid as this not sure what to do...or even if I should push it further. I guess its gonna depend on all the info that is gathered. This attack really didnt cost any money as far as the server is concerned..it just was a pita at the time. So do I push it to prove a point and teach a lesson or what? Last week, I was all for it..this week shrug do I post the names? do I do anything? sigh dont you hate when that happens BT