File Uploading for web

[Carterhost]

I thought this may come in handy for those who don't have their own webspace, and wanted to post pictures or mp3's in web forums or myspace (I know, I know).

Could some of you test it and let me know what you think?

It is still in development, and I'd like some expert advice on what else it needs, or what I need to be careful of.

Here it is: [url=http://transfer.carterhost.co.uk]transfer.carterhost.co.uk[/url]

[steviewdr]

Is there a test acc?

-steve

[Carterhost]

Try:
username: testone
password: test

Cheers.

[AXiSS]

Everything looks great except the logo, with the stone texture and whatever. I would replace that with something that looks more aesthetic.

[steviewdr]

Its ok. I wonder do you prevent against DOS attacks? I.E. multiple simultaneous download of files - killing your server.

Its not very user friendly. E.g. no confirmation on delete! How hard is it to put an alert javascript box at the very least in place??? Its them things that you need to work on for usability. Also - I would like to see better error and information notices. If I cannot upload a certain file type - Id like to see red. If I uploaded correctly I would like to see green.

Why also have the photos and files seperate? I would have all the files together. In the listing then - I would show a thumbnail of the graphics, or an icon for pdf, doc etc. etc.

Other than that its ok.

-steve

[Carterhost]

How would I prevent DOS attacks?, and how could I distinguish DOS from extremely high normal usage?

JS confirm boxes implemented (I guess I was just putting off researching the code).

The files and images are separated because I thought it would be easier to navigate.

Oh, Green/Red for Success/Error now in, too.

[steviewdr]

[quote]How would I prevent DOS attacks?, and how could I distinguish DOS from extremely high normal usage?[/quote]

Apache can implement mod_throttle which can throttle how much each person can download when there is excessive bandwidth usage.
I.e. if your server has a 1megabyte line, and a spammer kicks off 20 downloads from their server which has a 10megabyte line, they will DOS your server. Apache mod_thottle can throttle back connections.

You can distinguish DOS bot attacks from genuine ppl with captchas etc.
The problem is that you provide a direct link, which spammers can get and start attacking. Granted your files are limited to 10MB - so thats not so bad.

Im just saying to be aware of this. I had a recent experience of it.

Rgds,
Steve

[Carterhost]

Thanks Steve, I'll read up on that, because 'superusers' have filesize limits of 100Mb!

They can also leech files server-server, and I'm modifying a script to unzip zip files, while checking filetype(image/file/disallowed) and adding each file to the database.