detecting bandwith thiefs

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
julian_lp
Forum Contributor
Posts: 121
Joined: Sun Jul 09, 2006 1:00 am
Location: la plata - argentina

detecting bandwith thiefs

Post by julian_lp »

I'm setting up a site which will have a couple of forms and surveys, it will have a "vote this article" feature as well, an all the stuff which nowadays is required...

Given that I use captcha, and session data that only let users to vote once, there is no problem with the above

My main concern right now, is to keep far away some bad guy who could do something like that:


for i= 0 to 100000^100000{
-connect to my site and download all the content
}

this of course, would left me out of bandwidht in no time (there are a lot of images to serve)...


What is, in your opinion, the best approach to deal with this threat?

I'm unsure whether I should do it through php, or if it is an Apache thing....
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

You could log a timestamp of their last download. Set a timeout limit (once per minute maybe?). If they are downloading to quickly, the script should die().

You could store the time() stamp in a db, but a session variable would seem more practical if the users are required to be logged in.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Post Reply