| unzip.exe traffic spikes
Am I an unwitting worm accomplice? |
humbads
msg:347361 | 6:08 am on Jan 18, 2004 (gmt 0) |
I have a page where I've posted a freeware version of unzip.exe. This past week, this file received huge traffic spikes from a large number of unique hosts. What normally receives 1-3 unique hits per day, received 225 on 1/13/2003 at 5:15 PST and 615 on 1/17/2003 at 17:30 PST. All of the hits are from user agent "Mozilla/4.0", and they appear to be coming from mostly dialup, cable, and DSL hosts. It looks very much like someone programmed a worm or virus that relies on this file. It could also be one of those website load testing programs like CapCal that I posted about just now. The problem is the file is 150KB, and the last spike used up almost 100 Megs of my bandwidth quota. I'm going to contact my hosting provider about this, but I just thought I'd post it here for your information. Cheers,
Shailesh
|
Dreamquick
msg:347362 | 9:16 pm on Jan 20, 2004 (gmt 0) |
Why not just move the program somewhere else and redirect the old location to the download instructions page (I presume there is one) which includes the new location? This stops the bandwidth spike, doesn't hurt existing users and foils anything which is trying to automatically download that file. - Tony
|
humbads
msg:347363 | 10:39 pm on Jan 20, 2004 (gmt 0) |
Thanks for the reply. That is exactly what my hosting provider suggested. But since I'm well below my quota of 50GB/month, and I haven't seen more activity since, I'm no longer too concerned. It just throws off my unique visitor statistics. I wish whoever was doing it would put a real user agent instead of generic "Mozilla/4.0", so I could filter it out of my statistics. FYI, the stats of the last spike: total requests to unzip.exe: 611
full, successful transfers: 598 transfer each full request: 159,744 bytes
total full transfer: 95,526,912 bytes start time: 17/Jan/2004:17:32:33 -0800
end time: 17/Jan/2004:17:46:25 -0800 total time: 13 minutes 8 seconds or 788 seconds transfer per second: 121,227 bytes per second
full transfer per second: 0.78 Not bad for a shared hosting plan at [nyip.net...] Shailesh
|
|
|
