|unzip.exe traffic spikes|
Am I an unwitting worm accomplice?
| 6:08 am on Jan 18, 2004 (gmt 0)|
I have a page where I've posted a freeware version of unzip.exe. This past week, this file received huge traffic spikes from a large number of unique hosts. What normally receives 1-3 unique hits per day, received 225 on 1/13/2003 at 5:15 PST and 615 on 1/17/2003 at 17:30 PST. All of the hits are from user agent "Mozilla/4.0", and they appear to be coming from mostly dialup, cable, and DSL hosts. It looks very much like someone programmed a worm or virus that relies on this file. It could also be one of those website load testing programs like CapCal that I posted about just now. The problem is the file is 150KB, and the last spike used up almost 100 Megs of my bandwidth quota. I'm going to contact my hosting provider about this, but I just thought I'd post it here for your information.
| 9:16 pm on Jan 20, 2004 (gmt 0)|
Why not just move the program somewhere else and redirect the old location to the download instructions page (I presume there is one) which includes the new location?
This stops the bandwidth spike, doesn't hurt existing users and foils anything which is trying to automatically download that file.
| 10:39 pm on Jan 20, 2004 (gmt 0)|
Thanks for the reply. That is exactly what my hosting provider suggested. But since I'm well below my quota of 50GB/month, and I haven't seen more activity since, I'm no longer too concerned. It just throws off my unique visitor statistics. I wish whoever was doing it would put a real user agent instead of generic "Mozilla/4.0", so I could filter it out of my statistics.
FYI, the stats of the last spike:
total requests to unzip.exe: 611
full, successful transfers: 598
transfer each full request: 159,744 bytes
total full transfer: 95,526,912 bytes
start time: 17/Jan/2004:17:32:33 -0800
end time: 17/Jan/2004:17:46:25 -0800
total time: 13 minutes 8 seconds or 788 seconds
transfer per second: 121,227 bytes per second
full transfer per second: 0.78
Not bad for a shared hosting plan at [nyip.net...]