The site went down - as you might've noticed. A couple of truly excellent people emailed me about this, for which thanks!

For some reason I'm still not wholly clear about, the site's bandwidth consumption suddenly multiplied itself by about 5, and I ran out of my monthly allowance. This seems to have happened from visits to the forum, though not from a registered user. And 50% of the bandwidth used for the past 50 days turns out to be by one IP address, 64.93.93.4 , which I've just blocked from accessing the site. My guess is that it must be some automated process run wild, not a real human being.

I just hope that in the process of banning this mad bot, I haven't excluded any actual people - but I can't afford to keep pouring money into a giant bandwidth-pit. I also hope the problem will now go away nicely, and not re-occur with different IPs. But if the site does go belly-up again, blame it on the attack of the mad bot.

Unable to find anything solid on them (I'm not really a networking guru). But I can tell you it was coming from Los Angeles, CA, and is shut down now (see below for last set of items in trail). I generated that with WinMTR.exe, which you may want to Google and download. It also gives you timings along the way to a target so you can determine where bottlenecks are happening.

ae-24-56.car4.LosAngeles1.Level3.net
4.71.128.2
LAX4-CR02-1-1-to-LAX4-Select02-1-1.net2ez.com
64.93.95.14
No response from host

This is quite a long way over my head, but thanks! Ewald's also sent me some advice and a list of things to block if need be. When I last looked, bandwidth usage was back down to pre-MadBot levels. Fingers crossed.

The IP (http://www.arin.net/whois/) is from a company called Language Weaver (http://www.languageweaver.com/). They deal in translation software.
(http://en.wikipedia.org/wiki/Language_Weaver) I can think of several things that happened (just speculating):

1. They got hacked, and the hacker used the IP to access onlineclarity.co.uk for who knows what reason (might be a DOS attack of a simple kind).
2. They want to use the text on the forum to do statistical analyses (http://www.languageweaver.com/page.asp?LSM=&intNodeID=886&intPageID=856) to develop grammatical rules.
3. Some (http://www.languageweaver.com/page.asp?intNodeID=891&intPageID=864)translation software they use.
4. An experiment with automated internet access gone wild.

Hmmm, maybe the bot tried to translate lightofreason's posts into Swedish and went mad... :D

How do you mean, translate into Swedish?

(Sorry, Chris. Blame poor impulse control and relief at seeing my website's still here today.)

Without see the webserver logs along with other system messages it is difficult, from this end, to make a guess what happened.



it could be they were trying to hack in and own the system.
and once they own it do a similar thing from this machine to another one.
if it is going for 50 days or so

maybe their intention was something else
they might be succesful



If you are not the expert to have a look into the system generated logs and other data I would recommed to ask help from the serving hosting company as although your server ip is used by you they still have the registration for the ip to a higher network.

Best wishes

Togan