Preventing Mass downloads with PHP

[fracjidol]

Hello

 

Is there a way to detect a mass download attempt of a website using php. I need this in php becouse i would like to write a script to ban IPs the attempts come from.

 

Thanks for your help.

[RussellReal]

in a world of proxies and non-static ips.. your ip banning logic will most likely not get rid of the problem, just temporarily stop it.

 

you can detect such a thing though, by having every request point to a landing php file, then that landing file will push out the other file if the request meets the requirements. however, detecting such a thing will be hard because when a user goes to lets say index.php, index.php will count as the first download, then the images inside on index.php will count as other downloads, and according to the log those requests will occur very very close together..

 

you can check for referers and if the second request doesn't carry over a referer value, of a page on your website you can deny the request, but then there is users who will have their browser to not send the referer, then they're gonna get denied all the time..

 

also, if someone is serious about getting all your stuff they'd just set it up via curl and send a referer with every request..

 

this is a hard thing to do

[fracjidol]

Ok i know if someone with advanced knowledge would like to do it, they could. But is there a not to complicated solution to prevent an average user that doesnt have advanced knowledge and uses some free program or something simillar?

 

Thanx

[JonnoTheDev]

Is there a way to detect a mass download attempt of a website

Just block using your .htaccess file

i.e.

# Block WGET attempts
SetEnvIfNoCase User-Agent "^Wget" bad_bot
<Limit GET POST PUT HEAD> 
order allow,deny 
allow from all 
deny from env=bad_bot
</Limit>