ComputersGeneralIT SecurityLinuxWeb Site

PenguinTutor.com – DOS due to attempt to break in to website – Read the fineprint when signing up for a hosting deal

The PenguinTutor.com website was taken offline for a short time between the 23 and 24 January. Apologies to any inconvenience caused. This was caused by the monthly permitted bandwidth being consumed during one day by an attempted cracker (most people would refer to them as a hacker, although that is not the real meaning of a hacker).

The site, which normally runs at only a few hundred MB of downloads a month suddenly hit almost 3GB in the one day.

Attempted Hack

It appears that someone was attempting to get into the forum by using a brute force attack. A brute force attack is where someone tries multiple combinations of the password in an attempt to find the correct one.

Normally this is prevented by a remote login only allowing a set number of attempts, before locking the account for a period of time. I’m not sure if the forum implements this, but I’ll be taking a look, although the forum is disabled anyway – with no write access to the database, so there is not much they could actually do even if they do succeed.

However in the time that they were only they were only able to run about 100,000 attempts. However assuming upper and lower-case characters, and digits are used then there are 3,521,614,606,208 possible permutations (for a 7 character password), so it’s unlikely they will have got far. Often they use dictionary guesses to reduce the number of attempts needed, but that only works if the password is a dictionary word, which mine aren’t.

I have reported this individual to the relevant groups for them to investigate this attempt.

Hosting Company – Compila’s Response

Unfortunately the response from my hosting company was not very helpful. In fact they appeared to be using a clause in the small print to leave my site down. They tried asking for £60 + vat for an increase in my bandwidth on a so called unmetered bandwidth account.

Reading the sales information on their website they say:
Unmetered Bandwidth:
Bandwidth is the amount of data that is allowed to pass to or from your web space in a monthly period, measured in MB or GB. If we are unable to host your website due to excessive bandwidth use we will refund the entire hosting fee remaining.”

Which sounds fine, but then in their fine print T&Cs there is a comment about not having files more than 1MB in size. I couldn’t find this on the website, although they did point out where by sending an email:
“10.) Multimedia file types, limited in size to 1Mb, including but not limited to .mov, .avi, .mp3, .wav, .rm, .ram, .wmp, .zip, rar are permissible but sites using these file types will be monitored, and if Compila deems necessary 4 and 7 above will apply. Any files over 1MB in size are not allowed on our servers. Failure to adhere to this may result to suspension of your site with no prior warning.”

Now five to ten years ago 1MB was a large file size, but it’s now common for files to be over 1MB.
I only actually had 5 files over that size, and of those only 2 were download-able by users, and were not responsible for the high bandwidth utilisation.

  1. An XML file used in the Google Sitemap (a little over 1MB) see: Improve Your Search Engine Ranking with Google Sitemaps and PHPBB.
    The file in question was used in the building of the sitemap but didn’t need to be on the website anyway as google uses a compressed file which is much smaller
  2. An OpenOffice document in the cgi-bin folder (a little over 1MB).
    This file couldn’t be accessed by visitors as it breaks the rule of downloading a file rather than running a CGI, so gave an error if you tried to download it.
  3. A temporary file that has since been deleted (a little over 1MB)
  4. Finally 2 compressed files (one .gz the other .zip) so that you can download the source code to my web based quiz program. These files were about 2MB. I have now had to move these to another server and used rewrite to serve them from the PenguinTutor website.
    This now means that the download may not be as reliable as it is running on a non-production machine rather than a proper hosted server.

I have since removed these and they have increased my bandwidth to allow the site to continue running. It did seam a little petty them pulling me up for such minor things.

Although I’ve had a few problems with the web hosting: Compila forgetting to renew my domain; a few outages etc. I’ve accepted these because of how cheap the offering is. It now seams that it is more restrictive than they originally led me to believe and I am now going to consider whether it may be better to move my sites to another provider. It’s a shame when it’s over these few files especially if you consider my normal bandwidth usage is only a very small amount.

Other Hosting Problems

Also see: