12x the normal bandwidth for the leased feeds or your own bandwidth?

ok, turns out it was a " : " in the middle of the htaccess file that was indeed allowing anyone who entered blank u/p twice in.. so they never showed up as a user and it was all different IP's getting in not a proxy so it looked like legit traffic.

No the " : " wasn't there before in my htaccess, and I hadn't touched that file in months, the file had proper permissions, was like the server or someone else stuck it in there..

Sometimes I hate this biz, then again, it turns out to be something this simple that causes hours of frustration. crazy

Thanks to "PHP-CODER-FOR-HIRE" for trouble shooting this for me for like 5 hours too!

Glad you got it all firgured out.

actually it was a " : " user inserted into my htpasswd file by paycom back before June 23rd since it created a backup of my htpasswd file automatically and that was the time stamp of the backup.

my brain is gonna explode...

hlad you got it going... I was going to suggest the last ditch effor of manually looking though your log files to see if you can spot something strange.
If I have a problem, thats where I go...

but now that all those people no longer have access you should keep that traffic by sending them to your join page, set your 401 error to go to a page, I made this one for people who do not have a valid password
http://www.landofvenus.com/401.html .. converts great for me.

I don't mean to downplay anyone's efforts here; and I'm glad to hear this was taken care of however this should've taken your host or sysadmin much less than a half an hour to figgure out.

A couple of people have come to me this week and it turned out to be the same thing... I'm wondering if someone has figured out how to exploit paycoms postback system to add these.

Paycom completely denies it was their fault, says it was "corrupted file or failure to completely delete"

If it was an exploit someone figured out they did it to my file back in June, cause at the end of June I switched to SQL auth system and haven't used their postback since, 6/23 was the date that file was updated. guess I left the htpasswd file active cause it had a few members on it that were still active.

anyways, if you have a "bandwidth ghost" in your members area and you can't pin it to any one login or IP address, look for user " : " in your htpasswd file!:warning

Actually, there was more to it than just that username/password problem. I also implemented bandwidth/traffic restrictions, banned abusers manually by sifting through the logs, etc.

On top of that, this was a server I had never logged into before, so going into someone else's territory isn't quite the same as if I'd been using the system for months and knew the workings of the entire thing.

Thanks for the insult, though.

50 drama points....

what s you link brother ?