Make Free Money Online at Incanaby


We're Ranked #1 on MSN & YAHOO!



Manage Free Image Hosts

HostGeekZ Having a problem managing your free image host? Well i'm sorry but so many new free image hosts are poping up now adays, and then closing because they are not setup to handle abuse properly.

If you plan on running one, you have to plan FOR abuse. The main way I am solving this now is by ACTIVE moderation, but in this little "guide" I will explain how to find and solve an abuse problem.

So lets get started.

First login to your server and check the load and so on.

uptime
16:22:15 up 67 days, 5:13, 1 user, load average: 1.30, 2.38, 2.70

As you see this server is having a high load, if you have 2 processors then this should not worry you, but in this case it does not. So lets check out whats causing such a high load.

top

18340 root 15 0 4332 4088 3056 S 20.3 0.4 0:28 0 httpd
16347 root 20 0 1316 1316 856 R 1.9 0.1 0:00 0 top
1 root 15 0 112 84 56 S 0.0 0.0 0:04 0 init

As we see, httpd is causing a very high load. On image hosting, it is a different way from any other host, as you know its going to be an abuse image. So just go straight and find out why, check your netstat output for ips with multiple connections, also understand this will only find forum posts with multiple images. In my experience its these boards that cause the main problem.

netstat -an | grep :80 | sort | awk '{print $5}'

You should see lots of ips, if you are unable to view them all at the same time you can either save to a file or use the | more command.

netstat -an | grep :80 | sort | awk '{print $5}' >> file.txt
netstat -an | grep :80 | sort | awk '{print $5}' | more

Just for easy viewing, now its up to you to decide ips with lots of connections.

In this example I will pick

81.57.149.78:24225
81.57.149.78:24226
81.57.149.78:24229
81.57.149.78:24232
81.57.149.78:24236
81.57.149.78:24237
81.57.149.78:24241
81.57.149.78:24265
81.57.149.78:24238
81.57.149.78:24224
81.57.149.78:24231

Now we want to see what this ip is viewing, this is on a cPanel server so it logs to /usr/local/apache/domlogs , yours may be different.

Now ls -al, and get your sites name log, most commonly this will be your sites name. For our example we will use HostGeekZ.com , so lets view it for that ip.

cat HostGeekZ.com | grep 81.57.149.78

Your output will obviously be different, but I just picked 1 entry out of the entire things they accessed.

69.241.239.147 - - [11/Jun/2005:16:28:05 -0500] "GET /Uploads/Images/DDS1.jpg HTTP/1.1" 200 3677 "http://www.fmforums.co.uk/forums/index.php?showtopic=30783" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Now this tells us they where on http://www.fmforums.co.uk/forums/index.php?showtopic=30783
viewing /Uploads/Images/DDS1.jpg , which just so happens to be a R-Rated pictures, so we will go ahead and block the ip, remove the picture(s), and block this board from hosting pictures.

So lets ban the ip first.

iptables -I INPUT -s 81.57.149.78 -j DROP

Please read more about iptables by typing `man iptables`, you can block them in your firewall and so on, I just prefer to use iptables.

Now we want to remove the offending images, commonly they use names that are offensive, or they use similar names for each, ie if it was called
HostGeekZ1.jpg the next one will be
HostGeekZ2.jpg and so on.

So go to your images directory, in this case /Uploads/Images , and type ls -al | grep partofimage

Again in this case DDS

So we type

cd /Uploads/Images
root@server [Uploads/Images]# ls -al | grep DDS
-rw-rw-rw- 1 nobody nobody 79379 Jun 9 13:51 DDS10.jpg
-rw-rw-rw- 1 nobody nobody 77263 Jun 9 13:12 DDS11.jpg
-rw-rw-rw- 1 nobody nobody 86064 Jun 9 13:55 DDS12.jpg
-rw-rw-rw- 1 nobody nobody 92410 Jun 9 13:14 DDS13.jpg
-rw-rw-rw- 1 nobody nobody 78852 Jun 8 11:04 DDS14.jpg
-rw-rw-rw- 1 nobody nobody 151096 Jun 8 11:57 DDS15.jpg
-rw-rw-rw- 1 nobody nobody 74239 Jun 8 11:06 DDS16.jpg
-rw-rw-rw- 1 nobody nobody 88448 Jun 9 13:45 DDS17.jpg
-rw-rw-rw- 1 nobody nobody 26334 Jun 9 13:47 DDS18.jpg
-rw-rw-rw- 1 nobody nobody 23386 Jun 9 13:08 DDS19.jpg
-rw-rw-rw- 1 nobody nobody 94533 Jun 8 10:58 DDS1.jpg
-rw-rw-rw- 1 nobody nobody 71576 Jun 8 11:49 DDS20.jpg
-rw-rw-rw- 1 nobody nobody 113142 Jun 8 11:49 DDS21.jpg
-rw-rw-rw- 1 nobody nobody 115694 Jun 8 11:32 DDS22.jpg
-rw-rw-rw- 1 nobody nobody 73786 Jun 8 11:35 DDS23.jpg
-rw-rw-rw- 1 nobody nobody 90019 Jun 8 11:07 DDS24.jpg
-rw-rw-rw- 1 nobody nobody 85559 Jun 8 11:08 DDS25.jpg
-rw-rw-rw- 1 nobody nobody 90267 Jun 8 11:09 DDS26.jpg
-rw-rw-rw- 1 nobody nobody 62937 Jun 8 11:10 DDS27.jpg
-rw-rw-rw- 1 nobody nobody 110897 Jun 9 13:09 DDS28.jpg
-rw-rw-rw- 1 nobody nobody 100796 Jun 9 13:56 DDS29.jpg
-rw-rw-rw- 1 nobody nobody 117650 Jun 9 13:13 DDS2.jpg
-rw-rw-rw- 1 nobody nobody 112640 Jun 8 11:48 DDS30.jpg
-rw-rw-rw- 1 nobody nobody 83262 Jun 8 11:11 DDS31.jpg
-rw-rw-rw- 1 nobody nobody 75244 Jun 8 11:38 DDS32.jpg
-rw-rw-rw- 1 nobody nobody 59799 Jun 8 11:12 DDS33.jpg
-rw-rw-rw- 1 nobody nobody 74584 Jun 9 13:11 DDS34.jpg
-rw-rw-rw- 1 nobody nobody 69370 Jun 8 11:39 DDS35.jpg
-rw-rw-rw- 1 nobody nobody 59303 Jun 9 13:53 DDS36.jpg
-rw-rw-rw- 1 nobody nobody 59579 Jun 8 11:40 DDS37.jpg
-rw-rw-rw- 1 nobody nobody 62455 Jun 8 11:13 DDS38.jpg
-rw-rw-rw- 1 nobody nobody 73577 Jun 8 11:14 DDS39.jpg
-rw-rw-rw- 1 nobody nobody 131005 Jun 8 11:00 DDS3.jpg
-rw-rw-rw- 1 nobody nobody 58353 Jun 9 13:54 DDS40.jpg
-rw-rw-rw- 1 nobody nobody 59911 Jun 8 11:37 DDS41.jpg
-rw-rw-rw- 1 nobody nobody 97460 Jun 8 11:47 DDS42.jpg
-rw-rw-rw- 1 nobody nobody 79794 Jun 8 11:36 DDS43.jpg
-rw-rw-rw- 1 nobody nobody 59581 Jun 8 11:15 DDS44.jpg
-rw-rw-rw- 1 nobody nobody 62545 Jun 8 11:56 DDS45.jpg
-rw-rw-rw- 1 nobody nobody 65845 Jun 8 11:16 DDS46.jpg
-rw-rw-rw- 1 nobody nobody 79255 Jun 8 11:17 DDS47.jpg
-rw-rw-rw- 1 nobody nobody 63742 Jun 8 11:19 DDS48.jpg
-rw-rw-rw- 1 nobody nobody 58574 Jun 8 11:46 DDS49.jpg
-rw-rw-rw- 1 nobody nobody 91315 Jun 8 11:28 DDS4.jpg
-rw-rw-rw- 1 nobody nobody 54508 Jun 8 11:41 DDS50.jpg
-rw-rw-rw- 1 nobody nobody 69161 Jun 9 13:49 DDS51.jpg
-rw-rw-rw- 1 nobody nobody 55934 Jun 9 13:53 DDS52.jpg
-rw-rw-rw- 1 nobody nobody 65362 Jun 8 11:42 DDS53.jpg
-rw-rw-rw- 1 nobody nobody 63869 Jun 8 11:44 DDS54.jpg
-rw-rw-rw- 1 nobody nobody 55224 Jun 9 13:11 DDS55.jpg
-rw-rw-rw- 1 nobody nobody 57968 Jun 9 13:46 DDS56.jpg
-rw-rw-rw- 1 nobody nobody 64196 Jun 9 13:52 DDS57.jpg
-rw-rw-rw- 1 nobody nobody 60958 Jun 9 13:10 DDS58.jpg
-rw-rw-rw- 1 nobody nobody 72166 Jun 9 13:50 DDS59.jpg
-rw-rw-rw- 1 nobody nobody 70411 Jun 8 11:58 DDS5.jpg
-rw-rw-rw- 1 nobody nobody 67154 Jun 9 13:48 DDS60.jpg
-rw-rw-rw- 1 nobody nobody 61261 Jun 8 11:20 DDS61.jpg
-rw-rw-rw- 1 nobody nobody 70026 Jun 8 11:45 DDS62.jpg
-rw-rw-rw- 1 nobody nobody 61694 Jun 8 11:55 DDS63.jpg
-rw-rw-rw- 1 nobody nobody 56991 Jun 8 11:46 DDS64.jpg
-rw-rw-rw- 1 nobody nobody 81813 Jun 8 11:21 DDS65.jpg
-rw-rw-rw- 1 nobody nobody 69012 Jun 8 11:26 DDS66.jpg
-rw-rw-rw- 1 nobody nobody 67735 Jun 9 13:44 DDS67.jpg
-rw-rw-rw- 1 nobody nobody 100698 Jun 8 11:01 DDS6.jpg
-rw-rw-rw- 1 nobody nobody 62545 Jun 9 13:03 DDS71.jpg
-rw-rw-rw- 1 nobody nobody 151096 Jun 9 13:05 DDS72.jpg
-rw-rw-rw- 1 nobody nobody 79372 Jun 8 11:30 DDS7.jpg
-rw-rw-rw- 1 nobody nobody 99982 Jun 9 13:08 DDS8.jpg
-rw-rw-rw- 1 nobody nobody 74809 Jun 8 11:03 DDS9.jpg

As you see there are lots of offending images, lets just go ahead and remove them all.

rm -rf DDS*.jpg

They should now all be gone.

root@server [/Uploads/Images]# rm -rf DDS*.jpg
root@server [/Uploads/Images]# ls -al | grep DDS

As you see it returns nothing. Now time to add this forum to our "block list", I personally use mod_rewrite.

So in our .htaccess we just add
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://(.*)fmforums.co.uk(.*)
RewriteRule ^.*$ - [L,F]

--

To add multiple urls, ie to ban 6park.com which causes alot of problems we just add [OR]

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://(.*)fmforums.co.uk(.*) [OR]
RewriteCond %{HTTP_REFERER} ^http://(.*)6park.com(.*)
RewriteRule ^.*$ - [L,F]

----------------------

Well I hope this helps, you will just have to repeat the process for all offending images. This will mainly find adult boards, because this is the format they post in.

About the Author

www.hostgeekz.com - cPanel Tutorials, webhosting made easy, security guides, webhosting forums,webhosting chat,webhosting news, webhosting guides.