Page 1 of 1

detecting bandwith thiefs

Posted: Wed Oct 04, 2006 8:25 pm
by julian_lp
I'm setting up a site which will have a couple of forms and surveys, it will have a "vote this article" feature as well, an all the stuff which nowadays is required...

Given that I use captcha, and session data that only let users to vote once, there is no problem with the above

My main concern right now, is to keep far away some bad guy who could do something like that:


for i= 0 to 100000^100000{
-connect to my site and download all the content
}

this of course, would left me out of bandwidht in no time (there are a lot of images to serve)...


What is, in your opinion, the best approach to deal with this threat?

I'm unsure whether I should do it through php, or if it is an Apache thing....

Posted: Thu Oct 05, 2006 8:05 pm
by s.dot
You could log a timestamp of their last download. Set a timeout limit (once per minute maybe?). If they are downloading to quickly, the script should die().

You could store the time() stamp in a db, but a session variable would seem more practical if the users are required to be logged in.