tags:

views:

75

answers:

2

There is one IP (from China) which is trying to download my entire website. It downloads all my pages and loads the server significantly (I have more than 500 000 pages). Looking at the access logs I can tell it's definitely not a Google bot or any other search engine bot.

Temporarily I've banned it (using iptables rules), but it's not a solution for me, because some of my real users also have the same IP, so they are also banned and cannot acces the website.

Is there any way to prevent such kind of "user activity"? Maybe a mechanism which implements captcha if you try to request more than 5 requests a second or something?

P.S. I'm using Yii framework (PHP).

Any suggestions are greatly appreciated.

thank you!

+4  A: 

You have answered your own question!

Make captcha appear if the request exceeds certain number per second or per minute!

You should use CCaptchaAction to implement, like this.

pavanlimo
I meant how should I implement that? :D User sessions?
Mensch
See my edit above.
pavanlimo
A: 

I guess the best way to monitor for suspicious user activity is really user session, CWebUser's getState()/setState(). Store current request time in user session, compare it to several previous values, show captcha if user makes requests too often.

Create new component, preload it via CWebApplication::$preload and check user activity in components init() function. This way you'll be able to turn bot check on and off easily.

Grey Teardrop