delaying script to slow leechers

views:

answers:

delaying script to slow leechers

I am developing an image bank site that will hold royalty-free images for download. I want to slow down anyone using a bot or who is downloading too often, so I have a daily file limit and have incorporated a variable sleep into the script that delivers the files. I do that by writing the completion time of the last download to a database, then checking the elapsed time when the next download begins. If that is less that N seconds then I delay the download by M seconds, doubling M on successive infractions. That works fine until the script hits the server's execution time limit.

My hosting company confirms that sleep time counts towards execution time.

Am I being over-cautious at the development stage?

Any suggestions about how to detect and slow down users who are abusing the site without using php sleep?

Use a div with a time counter and implement this time mechanism in javascript.example: (www.rapidshare.com) If sleep time is counted as execution time, that means that you have a pretty high chance of crossing the execution time limit.

Aviral Dasgupta 2009-10-08 08:05:15

Also, doing it on server side is considered bad usability, as the user will probably think that your site is not working.

Aviral Dasgupta 2009-10-08 08:07:13

good suggestion, I'll add this as a warning after the first infraction, that will serve as a warning

Alan C 2009-10-09 11:04:59

If any one delay is much longer than the script execution timeout, you might want to block that user entirely for some period of time (24 hours?).

How are you deciding exactly who is aggressively downloading? The IP address is not 100% reliable, as you might have a number of people behind NAT that all appear to come from the same IP address.

Eric J. 2009-10-08 08:05:27

I'm now logging download details to db against user id, that lets me examine a users' record in detail

Alan C 2009-10-09 11:03:08

Given that you have a user ID, I 100% agree with the accepted answer (+1 for it).

Eric J. 2009-10-09 16:52:00

+2 A:

Why don't you simply make the user aware of what he/she is doing "wrong" and display an error?

This way, the user will know what is going on and might decide to correct the behavior. With random delays, I would suspect something wrong with your server and maybe just look for a competing offering that works more stable.

HS 2009-10-08 08:06:30

+3 A:

I don't think you're being over-cautious, but I do think that this is a bad way to be cautious. If sleep time counts toward execution time, aren't you paying for that? It probably also counts toward CPU usage and a bunch of other cost factors too. Additionally, slowly choking off service doesn't give your user any indication that they are doing something wrong, it just makes your service seem slow.

You'd probably be better off serving a friendly message-image letting the person know what's going on so they can modify their behavior (this is particularly good given that some people might trigger it by accident while performing completely innocent activities). If they insist on serving your message-image more than five or ten times, then it's definitely a script, so just stop answering their requests entirely.

Imagist 2009-10-08 08:12:13

only logged-in users can download, so I'm going with your suggestion. I log time since previous download to db table, so I can issue a warning, then count infractions in past 24 hours and stop their downloads if more than N infractions. No sleep needed :-)

Alan C 2009-10-09 11:01:35

Glad to hear I could help! :)

Imagist 2009-10-10 07:57:29

feedback: this after being live for a while this seems to be working well, so far the shortest time between downloads is 20 seconds and the average around 50 seconds, I guess people are browsing around and picking what they want to download.

Alan C 2010-01-18 16:42:34

ansaurus

tags:

views:

answers:

delaying script to slow leechers

related questions