All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Need Storage (+Help with Data Transfer) After BunnyCDN DMCA Issues
Howdy,
I run a Chevereto site with my storage hosted on BunnyCDN (currently 53.58 GB), but I'm facing an issue. I’ve received two IWF DMCA takedown notices, and BunnyCDN has given me 48 hours to transfer my data elsewhere.
I’ve complied with every DMCA notice by removing the content within 20-60 minutes, blocking the abusive domains, and deleting the content they hot-linked. However, they caused a huge traffic spike—3TB in 24 hours—which forced me to top-up $120 in 24hrs. This is a massive jump from the usual $10 a month.
Just to clarify, I don’t allow the content they uploaded. It would’ve been removed anyway; I just didn’t act fast enough, I guess?
BunnyCDN is now saying that due to receiving two IWF DMCA notices within a short period (one in October, one today), they are terminating my account, as per their ToS.
I’m also unsure how to transfer my data from BunnyCDN to another host. I’ve heard of rclone, but I keep encountering errors.
If anyone has experience with this or can guide me on transferring data from BunnyCDN (or a better method to avoid this issue in the future), I’d really appreciate the help!
Thanks in advance.
Comments
I recall you can connect to your main storage zone through FTP; so just pull your files and migrate.
You should be able to use rclone's sftp storage type, then rclone sync from BunnyCDN storage to your new one.
However, you may want to reconsider the idea if you're allowing free public uploads. That's likely to lead to more problems than you're ready to handle.
Hey! That's what I tried onto Amazon S3. However, certain files get stuck and just sit hanging.
I have made some kind of progress using rclone onto S3.
However, It's throwing a lot of "Entry doesn't belong in directory "YYYY/MM/DD/" (too short) - ignoring" and "Failed to read last modified" so a LOT of data is missing.
I've confirmed Bunny's side the folders aren't empty. It's a lot of media in folders YYYY > MM > DD.
and yes, I agree. I'm not going to allow guest uploads anymore (register required).
What's a IWF DMCA?
International Weightlifting Federation? XD
i suggest adapt your script to use a vps as a cdn
most of providers do NOT like CSAM complaints and you will face the same soon or later, is better to have a cdn down than the entire website
https://en.wikipedia.org/wiki/Internet_Watch_Foundation
Child sexual abuse material aka child porn. Not actually a DMCA.
calling a CP report "DMCA" is wild.
Or configure the cdn to block all traffic from tor, otherwise OP will have to keep moving between providers after the problem inevitably happens again.
"Internet Watch Foundation (IWF) does not operate under the Digital Millennium Copyright Act (DMCA), which is a U.S. copyright law. Instead, the IWF is a UK-based non-profit organization that works to remove and block access to online criminal content, specifically child sexual abuse material (CSAM) and, when hosted in the UK, criminally obscene adult content."
To be clear I don't agree with it; it's vile/gross and would be removed regardless of IWF.
I've also disabled guest API uploads (that seems to be how the content was uploaded).
I wish! I'd MUCH prefer that.
I can indeed use a VPS as storage. I'm just trying to find a provider that'd. A lot of people that use Chevereto (which still have CSAM on for months some years) have BuyVM storage pools and suggested me to try them but heard they've closed/merged and no stock.
BuyVM TOS says they don't allow it, but guess it's just never been reported? Another suggestion was alexhost (as long as I act fast to delete).
Correct, it's not actually a DMCA as that's a US law. It's just what BunnyCDN call it, issue it as and so do IWF themselves ref it to a "DMCA take down notice served".
For a noob, I understood 0% of that, ha! Are you saying IWF find content via tor or am I understanding that totally wrong? Apologies for my lack of knowledge.
It looks like it happened before (my guess anyway @wangyuidl ?): https://lowendtalk.com/discussion/206062/greenclouds-zero-tolerance-for-child-pornography/p1
I don't want that content on my site (vile).
No, I'm saying that the vast majority of child porn is uploaded from tor exit nodes because of the anonymity tor provides, so blocking tor would also mean blocking 99.9% of that from being uploaded.
Ah, gotcha! According to Bunny support the images were uploaded via the Chevereto API then hot-linked on a forum which worryingly sent 3TB of traffic to my CDN which normally gets about 5-10GB a month to 3 TB in 72 hours @ $120.
Crazy that a forum that is designed for sharing that is getting that traffic (unless they just botted me?)
Not going to share the link here obviously (likely not allowed anyway) but it's got crazy traffic for a CP only forum (CRAZY world). Not visited it personally just what IWF said in the "DMCA" and that it's domain is blocked by UK ISPs court order, anyways.
I have now also disabled hot-linking globally in general and legitimate sites can be whitelisted upon request + approval.
I will look into blocking TOR, especially if it will help keep it out.
You got played. 3TB in 24 hours is a lot. Those images must've been downloaded a hundred thousand times.
The jump..
Jfc. How many files? Looks like some type of scheme.
Anyways in this day and age you simply cannot allow public uploading of media, especially anonymously. The few places that allow it (4chan, imgur and social media networks) are both heavily monitored and employ a lot of automated tools to review stuff before it is public.
5 .jpeg and 1 gif LOL.
Looks like I'm going to give @HOSTCAY a shot, they've said it's okay as long as I delete any CSAM content within a convenient timeframe then it’s fine. Not sure what the convenient timeframe is but I've deleted within an hour.
Media is all on S3 currently (at $7) being held until I switch.
Current steps have been:
I've also since taken further steps to combat it being uploaded such as:
For context: I have only had 2 CSAM reports in 9 years (one last month; October and one 3rd November) both from same forum (two different TLDs). I'm hoping the new measurements I have put in place helps. I know it's "impossible" even if I had all the tools and AI.
Can't reply to HOSTCAY's ticket though as don't have an account and it's a noreply email so guess each response has to be a new ticket (until I signup). Assuming I need the
Offshore Storage VPSfor this use case.