Script causing bandwidth problems
One of my client's websites came under attack last week. From what I've been able to work out, it appears that they were using a script to bombard the bookings page on an accommodation website. This meant a load of fake bookings and emails generated by the form. I've put a few extra measures in place including a stronger captcha which seems to have stopped the problem.
However, the bandwidth figures for the site have gone through the roof since the attack started and are causing me major problems to keep the site up without running out of what I'm allowed by my hosting account. I'm assuming that their script is still calling the page every 5 mins or so, as the logs showed, and even though they're not causing the same levels of problems as last week, I'd really like to know what I can do to stop them from eating up my bandwidth. There's a lot of photography on the site so any page call is going to use up quite a lot of bandwidth.
I do know that they are changing IP address after every 5 or so calls. There is no sign of them on Analytics so am assuming that they are accessing by script rather than actually visiting the site.
Not 100% my area of expertise and any thoughts or suggestions would be hugely appreciated.
Really appreciate the feedback
Firstly apologies for the slow reply.
Some very useful suggestions above. Since posting, the problem has not surprisingly continued and I have had to upgrade my hosting account to ensure I have enough bandwidth to keep this and my other sites up.
IP blocking isn't going to work as the error logs I have suggest they only use the same IP about 5 times then move on so they appear to be using proxy servers.
I like the idea of using jquery to add the photos. The other idea I've had is to encrypt some kind of hash key with the current day's date and pop that in some obscurely name session variable. I'd do this on all the legitimate pages of the site but not on the problem page. On that page, I'd check for the legitimate session item and only show the page if that is there and correct. I'm guessing this might mean losing this page from the Google Index but think I'd prefer this than to continue as is.
Any thoughts on this as a possible solution to throw in?