Solved

Why is my website generating hundreds of Temporary Internet files?

Posted on 2006-11-25
7
421 Views
Last Modified: 2008-03-04
Hi there,

My ISP has temporarily shut down one of my websites because it says that "the site was generating hundreds of Temporary Internet Files causing other sites on the shared server to run slowly".

Unfortunately they have given me no particular reasons as to why this has happened and I don't know where to start trying to trace what is causing this. One of their Tech chaps said it could very well be a scripting issue but couldn't be anymore specific than that!

The site in question runs on a Windows 2003 server, ASP and Javascript are present in the site and there is a MySQL database backend. There is also a login area which generates a cookie for the duration of the User's browser session - this gets trashed when they log out or close the browser.

Can anyone tell me what there may be in a website which could be causing these Temporary Internet Files to pile up like this. It is the first time anything like this has happened on a site of mine in the 8 years + I've been designing/developing. The site does use Javascript which I didn't develop myself... so this could be a culprit I guess.

My understanding was that Temporary Internet Files were generated when browsing rather than by the actual website itself - but it seems this is not the case.

Any advice on what sort of things I should be looking at, or whether there are any tools which could help me identify the problem would be hugely appreciated.

Many thanks,
Mike.

0
Comment
Question by:HairJam
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 7

Assisted Solution

by:jmiller47
jmiller47 earned 30 total points
Comment Utility
I don't have an answer for you but if they are shutting you down because of hundreds of temp files being created they better be able to provide you samples. With samples of the 'files' you can better determine the cause and solution. I would bug them a lot for them. They really can/t shut you down and say it is your fault without providing you any information.

Wish I could have been more help...

Thanks
0
 
LVL 1

Assisted Solution

by:csandersii
csandersii earned 30 total points
Comment Utility
javascript can create files, thus I would do an search within the JS files for any lines containing ".writeline" or ".close" as those would be good indicators of file creation.  I would start with that if the JS is new to the site and another party solution.  Make sure these files are not being used for any tracking, or user data collection.  If they are and you remove them you will render that part useless.

For the ASP side you can do a search for "CreateObject("Scripting.FileSystemObject")" or ".WriteLine", which is used to create files in ASP.

One of those should provide results if the issue is in the code source you have, also ensure that any off domain code called does not generate files as well using the same method after viewing the off site source.

0
 
LVL 3

Expert Comment

by:Fapiko
Comment Utility
Does the site use sessions to keep track of login data, perhaps?  Each session created gets a file which stores all of the session data.  Many websites use sessions to keep track of data and a cookie which stores the session ID.  If the sessions are remaining open and don't get removed, it could end up creating thousands of files which are just sitting there and are a security risk in addition to a waste of resources.

As a sidenote, don't bother with searching JavaScript.  It can't create files either server-side or client-side.  .WriteLine is used to output text to the browser, and .close is used to close the browser window.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Expert Comment

by:csandersii
Comment Utility
Fapiko is correct, thanks, the .writeline and .close are also used to control the browser window, but when objects are assigned in trusted and properly configured security settings using ActiveXObject they also can create files and is not a common practice by any means. My mistake is that would create on the local machine not the hosting server.

As per sessions, they are always created for any web browser as it is used to establish the connection with the hosting server.  Sessions are automaticly terminated by the web server after a defined period of inativity. Not sure why one would create a file to track sessions as it would introduce greater overhead to file systems space and access time.

I think the bottom line here is we just don't have enough information to truely provide answers.  I would get in touch with your hosting provider and have them provide you with file information, thus you can see what content is being writen to the files and possibly determine the source of the files.

Cheers
0
 

Author Comment

by:HairJam
Comment Utility
Hmm - thanks very much for all your comments thus far. I have since spoken to my ISP and they are unable to send me samples of these Temp File because they have deleted them. I'm trying to ascertain from them whether the "scripting server" they have moved the site to is continuing to generate the amount of files.

They did mention that the amount of files being generated was huge and that they had to keep clearing them out every 10 minutes and that the files were being generated outside of the domain's folder (i.e. in the Windows/Temp folder on the actual server). This to me indicates that perhaps the security of the server in question had been compromised.

How likely is it that someone could have accessed the server via my site?.. i.e. I'm guessing that they would either have to have FTP access directly or via some other means (although I'm not sure how). The MySQL database resides on a completely separate server so I doubt they'd have got in via this.... there is an Access database used in the site as well but this is not stored in the web root folder but instead inside a secure directory outside of the main file root... but I do know that it is possible to get into that if someone really wanted to.

The odd thing is that I have loads of other sites running the main application with no problems, and no actual files have been changed (by me) on the domain in question for over a month - yet suddenly this problem has just happened.

Could I be looking at a potential hack by someone trying to take the server down?

0
 
LVL 3

Accepted Solution

by:
Fapiko earned 60 total points
Comment Utility
Again it sounds like your server was generating massive amounts of sessions (although I don't know how ASP works.)  From my experience with PHP, I can tell you that PHP creates sessions in a folder on your hard drive that is specified in the PHP.INI file, so they wouldn't be in the domains folder. On Linux it stores them in /tmp by default, but you said it's a Windows 2003 server so the host very well could have configured them to be stores in the Windows/Temp/ folder.  Like I said though, I don't even know if ASP does indeed create files to keep track of sessions or open sockets. As for somebody accessing the server from your site - very unlikely. Unless you have a very poor host, Windows Server 2003 is setup so that file permissions are very specific. Anybody gaining access to your site would be operating on the server under your username, and your username shouldn't have access to any directories other than those used by your website.
0
 

Author Comment

by:HairJam
Comment Utility
Thanks Fapiko - this information was handy. As it happens the ISP in question aren't able to provide me any further information, nor can they say whether it is still happening. Go figure!

I appreciate all your help everyone.

Thanks,
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to dynamically set the form action using jQuery.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now