Script to help stop people using bandwidth

[Hoops]

Does anyone have a good java script that I can add to my page so that
the same user doesn't pound my site and use all of my bandwidth?


Any help would be appreciated..

 

[Fabian]

Hoops hu kiteb:

Does anyone have a good java script that I can add to my page so that
the same user doesn't pound my site and use all of my bandwidth?

Javascript cant do that.

 

[Randy Webb]

Does anyone have a good java script that I can add to my page so that
the same user doesn't pound my site and use all of my bandwidth?

And if the user has javascript disabled?

 

[Dr John Stockton]

JRS: In article <[email protected]>, dated
Sat, 18 Sep 2004 20:20:17, seen in Hoops

Does anyone have a good java script that I can add to my page so that
the same user doesn't pound my site and use all of my bandwidth?

If the user is not both malicious and intelligent, it is likely that he
will have javascript and cookies enabled.

If so, maybe get each page to set a cookie early on, with usage count
and short expiry. If the count is too high, redirect with script
location.href=<elsewhere>

If the user may be trying to defeat caching, check to see if there is a
? in the URL, and if so redirect.

Redirect to a page of minuscule bandwidth; I use an empty file.


If, however, you wish to protect against one who knows as much as Jim &
others, your only hope is to delete all your files from the server.

 

[kaeli]

Does anyone have a good java script that I can add to my page so that
the same user doesn't pound my site and use all of my bandwidth?


Any help would be appreciated..

You can't use javascript for this.

Get a good server, either Apache or IIS (if you're stuck and can't get Apache
*g*).
Assuming Apache, learn how to look at your log files. Get the IP address of
the person(s) doing this. Put that in a .htaccess file to deny them access at
all.
Learn a decent server-side scripting language, such as Perl, that can parse
your log file. Set that up to look daily at your log files, get the IP
address(es) of anyone using too much bandwidth (you'd have to decide how much
is too much), and have it edit the htaccess file accordingly.

Anyway, that's what I'd do.

This assumes you have the ability to set cron jobs and look at log files,
which my host does allow. If yours doesn't, move hosts if you can. My host
isn't pricey or anything.

--

 

[kaeli]

Does anyone have a good java script that I can add to my page so that
the same user doesn't pound my site and use all of my bandwidth?


Any help would be appreciated..

I forgot to add that I think that search spiders do use your bandwidth, so if
you have heavy pages, you may want to add code in there to stop the nicer
ones from indexing the heavy pages. Note that this will decrease your ratings
in some engines, though.

--

 

[Randy Webb]

You can't use javascript for this.

Get a good server, either Apache or IIS (if you're stuck and can't get Apache
*g*).
Assuming Apache, learn how to look at your log files. Get the IP address of
the person(s) doing this. Put that in a .htaccess file to deny them access at
all.
Learn a decent server-side scripting language, such as Perl, that can parse
your log file. Set that up to look daily at your log files, get the IP
address(es) of anyone using too much bandwidth (you'd have to decide how much
is too much), and have it edit the htaccess file accordingly.

That works good and predictably with static IP addresses. What about
Dynamic IP Addresses? I can connect to a site with AOL, reboot, go back
to the same site and have a different IP Address.

 

[Grant Wagner]

That works good and predictably with static IP addresses. What about
Dynamic IP Addresses? I can connect to a site with AOL, reboot, go back
to the same site and have a different IP Address.

Another problem with the technique of simply denying access to the IP Address of a
host that is making an excessive number of requests is that a lot of ISPs offer
proxy servers to their customers. As a result, a Web site may see a lot of traffic
from a specific IP address (the proxy server). Denying access to your site from
that proxy's IP Address could potentially reduce your audience by several thousand
people.

 

[kaeli]

That works good and predictably with static IP addresses. What about
Dynamic IP Addresses? I can connect to a site with AOL, reboot, go back
to the same site and have a different IP Address.

That's why the cron runs and changes the htaccess file daily.
Access is only blocked for a day. If they stop it, they get access again
tomorrow. If they keep pushing it, well, they're banned again.

--
--
~kaeli~
Profanity: the single language in which all programmers are
expert.
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

 

[kaeli]

Another problem with the technique of simply denying access to the IP Address of a
host that is making an excessive number of requests is that a lot of ISPs offer
proxy servers to their customers. As a result, a Web site may see a lot of traffic
from a specific IP address (the proxy server). Denying access to your site from
that proxy's IP Address could potentially reduce your audience by several thousand
people.

That's one I didn't think of, and it would be a concern if my site were a
commercial one.

Since it isn't, it's not.

But, great point.

Of course, if you knew, or suspected, such a thing, you could alway allow
traffic from the proxies, but then you leave yourself open to the abusers
using those proxies.

I was kind of under the impression that the OP's site was not a commercial
one and he rather knew, or had a good idea, of who the abuser was, if not
personally, then by the IP addy.

I do wonder, though, b/c I use a proxy here at work, but when sites get my
IP, it's really my IP, not my proxy server. I've checked. Is this a setting
on the proxy?

--
--
~kaeli~
Profanity: the single language in which all programmers are
expert.
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

 

[Randy Webb]

That's one I didn't think of, and it would be a concern if my site were a
commercial one.

Since it isn't, it's not.

But, great point.

Of course, if you knew, or suspected, such a thing, you could alway allow
traffic from the proxies, but then you leave yourself open to the abusers
using those proxies.

I was kind of under the impression that the OP's site was not a commercial
one and he rather knew, or had a good idea, of who the abuser was, if not
personally, then by the IP addy.

I guess I am in a small group, as I have both a dynamic and static IP
address available to me at any given time (AOL and my Cable).

I do wonder, though, b/c I use a proxy here at work, but when sites get my
IP, it's really my IP, not my proxy server. I've checked. Is this a setting
on the proxy?

Yes.