posted Saturday, 05 July 2008, 12:40 (+0800), by Martin
While not specifically photography-related, I thought I'd post this information,
as all webmasters and people running websites should be aware of it,
as AVG LinkScanner could be causing additional bandwidth usage on your websites, and falsely
inflating your website hit counts.
Also, anyone with AVG Anti-Virus Free 8.0 needs to be aware of this behaviour, that it will consume additional download quota as LinkScanner queries every result on a search engine results page, and that it is having a negative impact on websites.
In December 2007, AVG purchased Exploit Prevention Labs, and then in April 2008, AVG Anti-Virus Free 8.0 was released, incorporating the LinkScanner module.
According to info on AVG's website about LinkScanner, "AVG's patent pending technology stops threats before they get onto your PC by scanning Web sites and downloads in real time before you open them". In other words, the LinkScanner Search-Shield component will query all results returned by a search engine, before you click on those links.
This is resulting in a lot of additional website hits for many websites, and is resulting in additional bandwidth utilisation for many websites.
According to Simon Wright, the guy who runs Whirlpool, AVG's LinkScanner is causing about 700 hits per minute. Simon maintains that this is equivalent to a de-facto DDOS, and is resulting in significant load on the servers hosting Whirlpool.
There's been quite a bit of publicity about this issue:
However, various people have identified a method to detect LinkScanner hits, and many people have now configured their websites to redirect LinkScanner hits back to AVG's website. This serves two purposes - to reduce unnecessary traffic on their own website, and to send the traffic to AVG's website.
Based on info on pixelbeat, I've added the following to the .htaccess files on my websites. However, I found the code provided on pixelbeat was working on one of my webhosts, but not on the other webhost. This was because the pixelhost code had the first two rewrite lines as "Rewritecond", but changing them to "RewriteCond" caused the redirect to start working on my second webhost.
Here's the resulting .htaccess code I'm using:
The wget output should show the query being redirected to the grisoft.com website, and this will confirm that your .htaccess redirect is working as intended.
Peter Cameron, MD of AVG Australia/NZ, posted a response on whirlpool indicating that AVG were listening to the significant backlash, and have been passing the message on to the AVG development teams in USA and Europe.
This was followed by a post from Lloyd Borrett, Marketing Manager for AVG Australia/NZ, indicating that on 9 July, AVG will update their product so that "Search-Shield no longer scans each search result online for new exploits, which was causing the spikes that web masters addressed with us.
It's good to see that AVG have responded to this issue relatively quickly.
Also, anyone with AVG Anti-Virus Free 8.0 needs to be aware of this behaviour, that it will consume additional download quota as LinkScanner queries every result on a search engine results page, and that it is having a negative impact on websites.
In December 2007, AVG purchased Exploit Prevention Labs, and then in April 2008, AVG Anti-Virus Free 8.0 was released, incorporating the LinkScanner module.
According to info on AVG's website about LinkScanner, "AVG's patent pending technology stops threats before they get onto your PC by scanning Web sites and downloads in real time before you open them". In other words, the LinkScanner Search-Shield component will query all results returned by a search engine, before you click on those links.
This is resulting in a lot of additional website hits for many websites, and is resulting in additional bandwidth utilisation for many websites.
According to Simon Wright, the guy who runs Whirlpool, AVG's LinkScanner is causing about 700 hits per minute. Simon maintains that this is equivalent to a de-facto DDOS, and is resulting in significant load on the servers hosting Whirlpool.
There's been quite a bit of publicity about this issue:
- Slashdot: AVG Fakes User Agent, Floods the Internet
- The Register: AVG scanner blasts internet with fake traffic
- The Register: AVG disguises fake traffic as IE6
- The Register: How to beat AVG's fake traffic spew
- Digg: AVG Disguises Fake Traffic as IE6, Causes Web Headaches
- Whirlpool: AVG anti-virus attacking Whirlpool with DDOS
- pixelbeat: Using AVG linkscanner against itself
- AVG LinkScanner Watch
However, various people have identified a method to detect LinkScanner hits, and many people have now configured their websites to redirect LinkScanner hits back to AVG's website. This serves two purposes - to reduce unnecessary traffic on their own website, and to send the traffic to AVG's website.
Based on info on pixelbeat, I've added the following to the .htaccess files on my websites. However, I found the code provided on pixelbeat was working on one of my webhosts, but not on the other webhost. This was because the pixelhost code had the first two rewrite lines as "Rewritecond", but changing them to "RewriteCond" caused the redirect to start working on my second webhost.
Here's the resulting .htaccess code I'm using:
RewriteEngine On
# check for avg linkscanner
# check if user agent matches specified strings
RewriteCond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1.$" [OR]
RewriteCond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813.$"
# check for blank referrer string
RewriteCond %{HTTP_REFERER} ^$
# check for blank "Accept-Encoding" header
RewriteCond %{HTTP:Accept-Encoding} ^$
# and then redirect to AVG using a 307 redirect
RewriteRule ^.* http://www.grisoft.com/?LinkScannerSucks [R=307,L]
To test the redirect, I use the following wget syntax:
wget --referer= --no-cache http://yourwebsite.com --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"This wget query uses one of the user-agents being used by LinkScanner, has a blank referrer. As the version of wget I'm using doesn't set an Accept-Encoding header, it means that it's emulating a website hit as if it came from LinkScanner.
The wget output should show the query being redirected to the grisoft.com website, and this will confirm that your .htaccess redirect is working as intended.
Peter Cameron, MD of AVG Australia/NZ, posted a response on whirlpool indicating that AVG were listening to the significant backlash, and have been passing the message on to the AVG development teams in USA and Europe.
This was followed by a post from Lloyd Borrett, Marketing Manager for AVG Australia/NZ, indicating that on 9 July, AVG will update their product so that "Search-Shield no longer scans each search result online for new exploits, which was causing the spikes that web masters addressed with us.
It's good to see that AVG have responded to this issue relatively quickly.
Wow, that's really good and interesting information to know. I don't even mind that you didn't post a picture :)
I don't think I'm going to worry too much about it though because July 9 is only 4 days away! I probably wouldn't have time to look into it until then anyway :D