5quidhost and IMAP bandwidth

UKworkshop.co.uk

Help Support UKworkshop.co.uk:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
R

RogerS

Established Member
Joined
20 Feb 2004
Messages
17,921
Reaction score
276
Location
In the eternally wet North
Real oddball, this one. Feb 4th I get an automated email from them telling me that my monthly bandwidth quota (500MB) has been used by 80%. Feb 5th my site is down. Not even any cpanel access. OK - quickly resolved by 5quidhost as they doubled my bandwidth quota.

But I could not see why. On looking into the bandwidth logs for Feb 3rd and 4th, it shows that IMAP used 200MB on the 3rd and 300MB on the 4th.

Yet I have received no emails in February nor have I sent any.

So how/what/why can rack up that amount of bandwidth?

There is nothing in the webmail logs for February either and so it's not a question of me missing something on my Mac mail program.

Bizarre.

Does anyone have any ideas?
 
Does the bandwidth include the general public viewing your webpages ?
Have you got a phone or tablet or something checking for messages every minute ?
 
mseries":12x2zeh6 said:
Does the bandwidth include the general public viewing your webpages ?
Click to expand...

No...this figure was just IMAP

mseries":12x2zeh6 said:
Have you got a phone or tablet or something checking for messages every minute ?
Click to expand...

No but I like your lateral thinking.

These were two massive spikes on just those two days. Normal IMAP might be 10MB for the whole month!
 
ArtisanShow High Precision Aluminum Dovetail Jig Tenon Caliper Metric and Imperial Scale Card Measuring Carpentry Router Saw Measuring Ruler Table Machine Tool for Woodworking
£18.89
ArtisanShow High Precision Aluminum Dovetail Jig Tenon Caliper Metric and Imperial Scale Card Measuring Carpentry Router Saw Measuring Ruler Table Machine Tool for Woodworking ArtisanShow Direct
Trend CDJ300 Craft Dovetail Jig for Woodwork and Carpentry, 300mm & GAUGE/D60 Digital Depth Gauge with 60mm Jaw Opening for Setting Rebates and Grooves, Black, 240V
-30%
£156.83 £225.06
Trend CDJ300 Craft Dovetail Jig for Woodwork and Carpentry, 300mm & GAUGE/D60 Digital Depth Gauge with 60mm Jaw Opening for Setting Rebates and Grooves, Black, 240V Amazon.co.uk
Trend Airshield Pro Full Faceshield, Dust Protector, Battery Powered Air Circulating Mask for Woodworking, AIR/PRO, Black and Grey
£359.95
Trend Airshield Pro Full Faceshield, Dust Protector, Battery Powered Air Circulating Mask for Woodworking, AIR/PRO, Black and Grey Amazon.co.uk
VonHaus Chisel Set - 10pcs Woodworking Tools Set - Wood Carving Tools, Wood Chisel Sets with Sharpening Stone, Honing Guide and Storage Case
£34.99 (£3.50 / count)
VonHaus Chisel Set - 10pcs Woodworking Tools Set - Wood Carving Tools, Wood Chisel Sets with Sharpening Stone, Honing Guide and Storage Case VonHaus UK
JSP M632 FFP3moulded Disposable Dustmask (Box of 10) One Size suitable for Construction, DIY, Industrial, Sanding, dust protection 99 Percent particle filtration Conforms and Complies to EN 149
-13%
£12.50 (£1,250.00 / kg) £14.45 (£1,445.00 / kg)
JSP M632 FFP3moulded Disposable Dustmask (Box of 10) One Size suitable for Construction, DIY, Industrial, Sanding, dust protection 99 Percent particle filtration Conforms and Complies to EN 149 Amazon.co.uk
LUMBER JACK 330mm Bench Top Thicknesser Portable Woodworking Machine with Folding Tables, Easy Blade Height Adjustment and Multi Size Dust Port
£349.99
LUMBER JACK 330mm Bench Top Thicknesser Portable Woodworking Machine with Folding Tables, Easy Blade Height Adjustment and Multi Size Dust Port Toolsave
Set of 4 Woodworking Carpentry Jigs, Cabinet Panel Scribing Jig Clamp with 16-18mm Opening Range, Woodworking Tool Set with Pencils and Round Pieces for Carpenters
£9.49
Set of 4 Woodworking Carpentry Jigs, Cabinet Panel Scribing Jig Clamp with 16-18mm Opening Range, Woodworking Tool Set with Pencils and Round Pieces for Carpenters Depisuta
Woodworking: The Complete Step-by-Step Manual
£9.99
Woodworking: The Complete Step-by-Step Manual Amazon Media EU S.à r.l.
Router Tool, 220V Wood Palm Router Tool, 30000R/MIN Electric Hand Trimmer, Min Electric Wood Hand Trimmer Laminator DIY Carving Machine Woodworking Power Tool
£15.00
Router Tool, 220V Wood Palm Router Tool, 30000R/MIN Electric Hand Trimmer, Min Electric Wood Hand Trimmer Laminator DIY Carving Machine Woodworking Power Tool BigJunBaoTrade
One-Plank Woodworking Projects
-23%
£13.05 £16.99
One-Plank Woodworking Projects Amazon.co.uk
Small Japanese Hand Saw for Fine Cutting Wood, Heatigo Double Edged 11/17 TPI Flush Cut Saw, Wooden Handle Fine Tooth Pull Saw for Trimming Pruning Woodworking Tool
-30%
£13.99 £19.99
Small Japanese Hand Saw for Fine Cutting Wood, Heatigo Double Edged 11/17 TPI Flush Cut Saw, Wooden Handle Fine Tooth Pull Saw for Trimming Pruning Woodworking Tool Jingmo-UK
Stealth Lite Pro FFP3 Face Masks UK Certified Dust Mask. 99.99% particle filtration, air filter reusable face mask. FFP3 Mask -7 day use per Construction, Woodworking, DIY and Welding Mask
£19.53 (£3.91 / count)
Stealth Lite Pro FFP3 Face Masks UK Certified Dust Mask. 99.99% particle filtration, air filter reusable face mask. FFP3 Mask -7 day use per Construction, Woodworking, DIY and Welding Mask Amazon.co.uk
Simple Japanese Furniture: 24 Classic Step-By-Step Projects
-30%
£11.94 £16.99
Simple Japanese Furniture: 24 Classic Step-By-Step Projects Amazon.co.uk
Trend Portable Benchtop Router Table with Robust Construction for Workshop & Site Use, 240V, CRT/MK3
-34%
£238.91 £360.17
Trend Portable Benchtop Router Table with Robust Construction for Workshop & Site Use, 240V, CRT/MK3 Amazon.co.uk
Facemoon Reusable Masks,Safety Masks,Dual Filter Masks, Paint, Dust, Epoxy Resin, Construction, Welding, Sanding, Woodworking, Chemical Reusable Gas Masks
£24.99
Facemoon Reusable Masks,Safety Masks,Dual Filter Masks, Paint, Dust, Epoxy Resin, Construction, Welding, Sanding, Woodworking, Chemical Reusable Gas Masks ShenZHEN CIRY MINGYANG LITIAN ELECTRONIC ECOMMERCE
Respirator Mask,Safety Dust Face Cover,Dust Face Cover Paint Face Cover,Gas Mask With Filter,For Paint,Dust And Formaldehyde,Sanding,Polishing,Spraying And Other Work
£19.99
Respirator Mask,Safety Dust Face Cover,Dust Face Cover Paint Face Cover,Gas Mask With Filter,For Paint,Dust And Formaldehyde,Sanding,Polishing,Spraying And Other Work ShenZHEN CIRY MINGYANG LITIAN ELECTRONIC ECOMMERCE
TEENO Compact Wood Router Tool, Electric Hand Wood Trimmer 650W 15000-32000 RPM with 12PCS 1/4" Shank Router Bits, 6 Variable Speeds, Includes Trimmer Base 6.35mm with Carrying Case
£45.99
TEENO Compact Wood Router Tool, Electric Hand Wood Trimmer 650W 15000-32000 RPM with 12PCS 1/4" Shank Router Bits, 6 Variable Speeds, Includes Trimmer Base 6.35mm with Carrying Case VOEKSOW
Woodworking Joinery by Hand: Innovative Techniques Using Japanese Saws and Jigs
-34%
£16.59 £25.00
Woodworking Joinery by Hand: Innovative Techniques Using Japanese Saws and Jigs Amazon.co.uk
Trend Air Stealth P3 Dust Mask Respirator, Small/Medium, Replaceable HEPAC Filters, Comfortable Design for All-Day Use, 99.99% Filtration Efficiency, STEALTH/SM
£18.59
Trend Air Stealth P3 Dust Mask Respirator, Small/Medium, Replaceable HEPAC Filters, Comfortable Design for All-Day Use, 99.99% Filtration Efficiency, STEALTH/SM Amazon.co.uk
MAYLINE 1/4 Inch Shank Router Bits Sets 41 PCS, Woodwork Milling Groving Cabinet Cutter Router Bit Set, Wood Miter Cutting Tool for Doors Table Shelves DIY (1/4-MN)
£54.33
MAYLINE 1/4 Inch Shank Router Bits Sets 41 PCS, Woodwork Milling Groving Cabinet Cutter Router Bit Set, Wood Miter Cutting Tool for Doors Table Shelves DIY (1/4-MN) MAYLINE Brand
Trend Air Stealth P3 Dust Mask Respirator, Medium/Large, Replaceable HEPAC Filters, Comfortable Design for All-Day Use, 99.99% Filtration Efficiency, STEALTH/ML
-43%
£18.50 £32.34
Trend Air Stealth P3 Dust Mask Respirator, Medium/Large, Replaceable HEPAC Filters, Comfortable Design for All-Day Use, 99.99% Filtration Efficiency, STEALTH/ML A Lucre Musket
Saker Router Milling Groove Bracket | Cabinet Hardware Jig | Adjustable Cabinet Template Tool | Router Jigs for Woodworking(1pcs)
£35.99
Saker Router Milling Groove Bracket | Cabinet Hardware Jig | Adjustable Cabinet Template Tool | Router Jigs for Woodworking(1pcs) Saker LTD
Stealth Mask P3 M/L Dust Mask Respirator with HEPAC Replaceable Filters for Ultimate Safety Respirator Mask with 99.99% Particle Filtration Construction & Dust Masks for Building Work, Welding Mask.
-14%
£14.00 £16.35
Stealth Mask P3 M/L Dust Mask Respirator with HEPAC Replaceable Filters for Ultimate Safety Respirator Mask with 99.99% Particle Filtration Construction & Dust Masks for Building Work, Welding Mask. A Lucre Musket
inBovoga 8 Pcs Set Radius Jig Router Templates, Radius Quick Jig for Woodworking, High Hardness ABS+CNC Jig Radius Corners R5 R10 R15 R20 R25 R30 R35 R40
£21.99
inBovoga 8 Pcs Set Radius Jig Router Templates, Radius Quick Jig for Woodworking, High Hardness ABS+CNC Jig Radius Corners R5 R10 R15 R20 R25 R30 R35 R40 LIBO-UK
3M 8822 Disposable-fine dust mask FFP2 (10-pack)
-34%
£17.99 (£1.80 / count) £27.44 (£2.74 / count)
3M 8822 Disposable-fine dust mask FFP2 (10-pack) Amazon.co.uk
BDHI 1pc Dovetail Marker Stainless Steel Dovetail Guide Tool with Scale Woodworking Dovetail Template Jigs Hand Cut Wood Joints Gauge Size1:5-1:6 and 1:7-1:8 for Woodworking(Y33-1)
£16.00
BDHI 1pc Dovetail Marker Stainless Steel Dovetail Guide Tool with Scale Woodworking Dovetail Template Jigs Hand Cut Wood Joints Gauge Size1:5-1:6 and 1:7-1:8 for Woodworking(Y33-1) CW Tyzack
Woodworking Project Book: A Woodworking Log Book: Tracker & Record Book For Woodworking Plan or Project, DIY Gift ... Woodworking Lovers | Vintage Brown Cover
£7.51
Woodworking Project Book: A Woodworking Log Book: Tracker & Record Book For Woodworking Plan or Project, DIY Gift ... Woodworking Lovers | Vintage Brown Cover Amazon.co.uk
GVS SPR501 Elipse Mask with P3 filters, M/L
-21%
£20.42 £25.94
GVS SPR501 Elipse Mask with P3 filters, M/L Low-Cost Experts ⭐⭐⭐⭐⭐
Woodworking from Offcuts: 20 Projects to Create from the Scrap Pile
-30%
£11.94 £16.99
Woodworking from Offcuts: 20 Projects to Create from the Scrap Pile Amazon.co.uk
Complete Guide to Joint-Making, The
-23%
£13.05 £16.99
Complete Guide to Joint-Making, The Amazon.co.uk
OK...looking at the available Raw Access Logs available to me, I see two identical listings on Feb 1 and Feb 3 which IIRC coincide with the dates of the two spikes. Looks to me very much a brute force attack. Or at least an attempt at trying to get in.

5.189.166.34 - - [01/Feb/2016:17:34:01 +0000] "GET /wp-login.php HTTP/1.1" 403 13 "-" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
5.189.166.34 - - [01/Feb/2016:17:34:01 +0000] "GET /administrator/index.php HTTP/1.1" 403 13 "-" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
5.189.166.34 - - [01/Feb/2016:17:34:01 +0000] "GET /admin.php HTTP/1.1" 403 13 "-" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
5.189.166.34 - - [01/Feb/2016:17:34:01 +0000] "GET /bitrix/admin/index.php?lang=en HTTP/1.1" 403 13 "-" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
5.189.166.34 - - [01/Feb/2016:17:34:01 +0000] "GET /admin/login.php HTTP/1.1" 403 13 "-" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
5.189.166.34 - - [01/Feb/2016:17:34:01 +0000] "GET /admin/ HTTP/1.1" 403 13 "-" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
5.189.166.34 - - [01/Feb/2016:17:34:01 +0000] "GET /user/ HTTP/1.1" 403 13 "-" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"

Comments welcome

EDIT: Yup. This block of code goes back to at least 2011 and is an attempt to guess what system is behind the website...Joomla, Wordpress etc.

Have blocked the IP address.

EDIT EDIT : yup, and that IP address has already been picked up. https://www.blocklist.de/en/view.html?i ... .34&page=1

So now all they need to do is go and get the PC of the user with that IP address and confiscate it as the owner is clearly too lazy/stupid/ignorant to run proper anti-malware.
 
Mmmm.....misinterpretaion on my part.

These logs show http traffic and not IMAP traffic. So no further forward but perhaps reasonable to assume that the IMAP peaks were part of a brute force attack.
 
Two different sorts of attack: the http stuff was trying to get admin control of your web site (to embed nasties in your web pages). The IMAP stuff was (probably) trying to use your email capability as a mail relay so as to forward nasty emails with links to viruses, etc.

To achieve the bandwidth use claimed on IMAP port(s), it would have included graphics probably - at a guess the same message send would have been attempted using a raft of logins and ip addresses hoping to get lucky.
 
Eric The Viking":49y9o598 said:
.....The IMAP stuff was (probably) trying to use your email capability as a mail relay so as to forward nasty emails with links to viruses, etc.

To achieve the bandwidth use claimed on IMAP port(s), it would have included graphics probably - at a guess the same message send would have been attempted using a raft of logins and ip addresses hoping to get lucky.
Click to expand...

How would it do that ...use my email as a mail relay? They'd have to be able to log into my email address there and then forward the incoming emails. They would then be seen in the logs. Unless they then went ahead and deleted just those emails that they forwarded...which seems a lot of effort. Why not just delete the whole inbox.
 
SORTED !!!!

After a bit of Googling, it would seem that some IMAP clients can get their knickers in a twist. So I went into the iMac system logs to see if they could shed any light. Over a hundred of them, all looping round in Apple Mail trying or actually accessing the email account in question. Constantly. Every second.

And because there is no new mail to report, nothing of note appears in the Inbox.

Now to find out how to stop that. The other IMAP client on Apple Mail I have is behaving perfectly.
 
RogerS":38vlesjw said:
SORTED !!!!

After a bit of Googling, it would seem that some IMAP clients can get their knickers in a twist. So I went into the iMac system logs to see if they could shed any light. Over a hundred of them, all looping round in Apple Mail trying or actually accessing the email account in question. Constantly. Every second.

And because there is no new mail to report, nothing of note appears in the Inbox.

Now to find out how to stop that. The other IMAP client on Apple Mail I have is behaving perfectly.
Click to expand...

So was I on the right track when I asked about email clients checking very frequently ?
 
mseries":3dktptdo said:
RogerS":3dktptdo said:
SORTED !!!!

After a bit of Googling, it would seem that some IMAP clients can get their knickers in a twist. So I went into the iMac system logs to see if they could shed any light. Over a hundred of them, all looping round in Apple Mail trying or actually accessing the email account in question. Constantly. Every second.

And because there is no new mail to report, nothing of note appears in the Inbox.

Now to find out how to stop that. The other IMAP client on Apple Mail I have is behaving perfectly.
Click to expand...

So was I on the right track when I asked about email clients checking very frequently ?
Click to expand...

You certainly were. Or in this case constantly!!
 

Similar threads

D
Getting a Website, etc.
2 3 4
Replies
78
Views
8K
Louise-Paisley
L
Adam
Adams Workshop (finished!) very very long post with photos..
2
Replies
26
Views
6K
Escudo
Escudo

Latest posts

Back
Top