Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

unzip.exe traffic spikes

Am I an unwitting worm accomplice?

6:08 am on Jan 18, 2004 (gmt 0)

New User

10+ Year Member

joined:Dec 30, 2003
votes: 0

I have a page where I've posted a freeware version of unzip.exe. This past week, this file received huge traffic spikes from a large number of unique hosts. What normally receives 1-3 unique hits per day, received 225 on 1/13/2003 at 5:15 PST and 615 on 1/17/2003 at 17:30 PST. All of the hits are from user agent "Mozilla/4.0", and they appear to be coming from mostly dialup, cable, and DSL hosts. It looks very much like someone programmed a worm or virus that relies on this file. It could also be one of those website load testing programs like CapCal that I posted about just now. The problem is the file is 150KB, and the last spike used up almost 100 Megs of my bandwidth quota. I'm going to contact my hosting provider about this, but I just thought I'd post it here for your information.


9:16 pm on Jan 20, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 25, 2002
votes: 0

Why not just move the program somewhere else and redirect the old location to the download instructions page (I presume there is one) which includes the new location?

This stops the bandwidth spike, doesn't hurt existing users and foils anything which is trying to automatically download that file.

- Tony

10:39 pm on Jan 20, 2004 (gmt 0)

New User

10+ Year Member

joined:Dec 30, 2003
votes: 0

Thanks for the reply. That is exactly what my hosting provider suggested. But since I'm well below my quota of 50GB/month, and I haven't seen more activity since, I'm no longer too concerned. It just throws off my unique visitor statistics. I wish whoever was doing it would put a real user agent instead of generic "Mozilla/4.0", so I could filter it out of my statistics.

FYI, the stats of the last spike:

total requests to unzip.exe: 611
full, successful transfers: 598

transfer each full request: 159,744 bytes
total full transfer: 95,526,912 bytes

start time: 17/Jan/2004:17:32:33 -0800
end time: 17/Jan/2004:17:46:25 -0800

total time: 13 minutes 8 seconds or 788 seconds

transfer per second: 121,227 bytes per second
full transfer per second: 0.78

Not bad for a shared hosting plan at [nyip.net...]



Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members