Although traffic is unlimited or not a problem nowadays due to various site optimizations and the possibility of increased traffic, it can still be an issue for a website. One of the main problems, even though it is unlimited, is quite simple: it means that something is not working or that someone is abusing your site in some way.
The most common abuses in this case are, for example, if you have a photo or video on your site and another site simply puts a link to your image or video instead of uploading it to their site. This means that when a visitor visits their site, they normally see the image/video even though it is not on their hosting but yours. Additionally, Google Photos can increase traffic. If you have many images and anyone opens google.com, clicks on images, types in keywords, and your images appear there, they can download and consume your traffic just by viewing those images on Google’s side, as well as burdening your account.
Of course, this is not that significant when the number is small, but when it comes to thousands of views, gigabytes can easily accumulate.
This was an example of a client who has a nutrition website and has a relatively small target group. He had about 200 visits daily for several years consistently. However, suddenly every month, the number of visits and gigabytes of traffic increased by 500% or even more. From 1GB of monthly traffic when the site was operating regularly, it has now reached 200 GB, sometimes even 70GB daily. This caused his site to slow down because resources were being consumed for image theft even without visits.
Below is a guide on how to perform control and prevent image theft.
Hotlink protection is an example of when someone posts an image on their site without actually uploading it, using your account to load the image.
Log in to cPanel and then find the Hotlink Protection option.
When you open this option, a configuration page will appear.
In the blue square, we have the option to enable and disable this option. Here we see that it is enabled.
In the second part, we set which domains can use our images directly. The panel has already filled in our domain with variations with and without www and with http and https.
If you have another site of yours that uses images from this account, you need to enter that domain and its variations in the first square.
In the third square, we see “jpg,jpeg,gif,png,bmp” where we enter what we are blocking. If you have other image extensions such as webp, add a comma and webp. These are the file extensions we block.
The checkbox means that if someone right-clicks and selects “Open image in new tab” to see your direct image, if you check this option, you allow it; if it remains unchecked, it means you have blocked it. My recommendation is not to check it.
The last field is a redirect if someone “violates” your rules, they will be sent to that page. You can set it to your homepage if you want to generate visits that way. This is useful if you have ads on your site, so every visit matters; if not, you can redirect to google.com so that such visits, which don’t really matter to you, don’t consume your resources at all.
After this, save our settings by clicking on Submit.
When hotlink protection doesn’t help, the only option left is IP address blocking. Hotlink protection is not effective when, instead of linking to the image itself, a direct link to the page containing your image is used. This is possible in WordPress because every uploaded media file has its own page. For example, in this case: domain.tld/2018/01/31/peanut-butter-avocado-smoothie/, where your site is opened, but only the image is displayed without the page it was posted on. This generates a large number of visits from people directly downloading your image/video from that page.
First, to find out who is abusing our content, we go to the Awstat option.
After that, two options will open for us, with and without SSL. You need to click on the magnifying glass where your site is; usually, everything is on SSL (https) now, so we click on the magnifying glass where SSL is marked. Then a huge statistic opens, as shown in the image below.
As you can see, there are many options and a vast amount of statistics. What we need is the Hosts (Top 25) table.
In this table, on the left side, we see the IP addresses that visited our site, and on the right side, how many pages each IP address opened and how much bandwidth was consumed on our site.
In this case, the top 25 IPs are listed, with links to Full List and Last Visit. When there is such a large amount of traffic from a single IP address, it’s evident that your site is being abused, and you need to review that IP. If you can/want to investigate, you will see that these IP addresses generating the most traffic on your site are actually websites stealing your bandwidth and images.
To block an IP address, find the IP Blocker option in cPanel.
Now, in those statistics, we need to find the IP addresses that are abusing our bandwidth, copy that IP address into the IP Address Or Domain field, and click the Add button. This will block that IP address from accessing our site any longer.
On the right side marked with squares is the bandwidth consumed, as you can see, these are huge amounts of megabytes and gigabytes. A visitor usually consumes only a few megabytes of bandwidth during a visit. When looking at the list, anything more than 50 MB is likely some form of abuse. Therefore, mark that IP address on the left side, right-click and copy it, then paste it into the IP Blocker and add it to the block list.