Why is my website generating hundreds of Temporary Internet files?

Hi there,

My ISP has temporarily shut down one of my websites because it says that "the site was generating hundreds of Temporary Internet Files causing other sites on the shared server to run slowly".

Unfortunately they have given me no particular reasons as to why this has happened and I don't know where to start trying to trace what is causing this. One of their Tech chaps said it could very well be a scripting issue but couldn't be anymore specific than that!

The site in question runs on a Windows 2003 server, ASP and Javascript are present in the site and there is a MySQL database backend. There is also a login area which generates a cookie for the duration of the User's browser session - this gets trashed when they log out or close the browser.

Can anyone tell me what there may be in a website which could be causing these Temporary Internet Files to pile up like this. It is the first time anything like this has happened on a site of mine in the 8 years + I've been designing/developing. The site does use Javascript which I didn't develop myself... so this could be a culprit I guess.

My understanding was that Temporary Internet Files were generated when browsing rather than by the actual website itself - but it seems this is not the case.

Any advice on what sort of things I should be looking at, or whether there are any tools which could help me identify the problem would be hugely appreciated.

Many thanks,

Who is Participating?
Again it sounds like your server was generating massive amounts of sessions (although I don't know how ASP works.)  From my experience with PHP, I can tell you that PHP creates sessions in a folder on your hard drive that is specified in the PHP.INI file, so they wouldn't be in the domains folder. On Linux it stores them in /tmp by default, but you said it's a Windows 2003 server so the host very well could have configured them to be stores in the Windows/Temp/ folder.  Like I said though, I don't even know if ASP does indeed create files to keep track of sessions or open sockets. As for somebody accessing the server from your site - very unlikely. Unless you have a very poor host, Windows Server 2003 is setup so that file permissions are very specific. Anybody gaining access to your site would be operating on the server under your username, and your username shouldn't have access to any directories other than those used by your website.
Joel MillerDevOps EngineerCommented:
I don't have an answer for you but if they are shutting you down because of hundreds of temp files being created they better be able to provide you samples. With samples of the 'files' you can better determine the cause and solution. I would bug them a lot for them. They really can/t shut you down and say it is your fault without providing you any information.

Wish I could have been more help...

javascript can create files, thus I would do an search within the JS files for any lines containing ".writeline" or ".close" as those would be good indicators of file creation.  I would start with that if the JS is new to the site and another party solution.  Make sure these files are not being used for any tracking, or user data collection.  If they are and you remove them you will render that part useless.

For the ASP side you can do a search for "CreateObject("Scripting.FileSystemObject")" or ".WriteLine", which is used to create files in ASP.

One of those should provide results if the issue is in the code source you have, also ensure that any off domain code called does not generate files as well using the same method after viewing the off site source.

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Does the site use sessions to keep track of login data, perhaps?  Each session created gets a file which stores all of the session data.  Many websites use sessions to keep track of data and a cookie which stores the session ID.  If the sessions are remaining open and don't get removed, it could end up creating thousands of files which are just sitting there and are a security risk in addition to a waste of resources.

As a sidenote, don't bother with searching JavaScript.  It can't create files either server-side or client-side.  .WriteLine is used to output text to the browser, and .close is used to close the browser window.
Fapiko is correct, thanks, the .writeline and .close are also used to control the browser window, but when objects are assigned in trusted and properly configured security settings using ActiveXObject they also can create files and is not a common practice by any means. My mistake is that would create on the local machine not the hosting server.

As per sessions, they are always created for any web browser as it is used to establish the connection with the hosting server.  Sessions are automaticly terminated by the web server after a defined period of inativity. Not sure why one would create a file to track sessions as it would introduce greater overhead to file systems space and access time.

I think the bottom line here is we just don't have enough information to truely provide answers.  I would get in touch with your hosting provider and have them provide you with file information, thus you can see what content is being writen to the files and possibly determine the source of the files.

HairJamAuthor Commented:
Hmm - thanks very much for all your comments thus far. I have since spoken to my ISP and they are unable to send me samples of these Temp File because they have deleted them. I'm trying to ascertain from them whether the "scripting server" they have moved the site to is continuing to generate the amount of files.

They did mention that the amount of files being generated was huge and that they had to keep clearing them out every 10 minutes and that the files were being generated outside of the domain's folder (i.e. in the Windows/Temp folder on the actual server). This to me indicates that perhaps the security of the server in question had been compromised.

How likely is it that someone could have accessed the server via my site?.. i.e. I'm guessing that they would either have to have FTP access directly or via some other means (although I'm not sure how). The MySQL database resides on a completely separate server so I doubt they'd have got in via this.... there is an Access database used in the site as well but this is not stored in the web root folder but instead inside a secure directory outside of the main file root... but I do know that it is possible to get into that if someone really wanted to.

The odd thing is that I have loads of other sites running the main application with no problems, and no actual files have been changed (by me) on the domain in question for over a month - yet suddenly this problem has just happened.

Could I be looking at a potential hack by someone trying to take the server down?

HairJamAuthor Commented:
Thanks Fapiko - this information was handy. As it happens the ISP in question aren't able to provide me any further information, nor can they say whether it is still happening. Go figure!

I appreciate all your help everyone.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.