Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Why is my website generating hundreds of Temporary Internet files?

Posted on 2006-11-25
Medium Priority
Last Modified: 2008-03-04
Hi there,

My ISP has temporarily shut down one of my websites because it says that "the site was generating hundreds of Temporary Internet Files causing other sites on the shared server to run slowly".

Unfortunately they have given me no particular reasons as to why this has happened and I don't know where to start trying to trace what is causing this. One of their Tech chaps said it could very well be a scripting issue but couldn't be anymore specific than that!

The site in question runs on a Windows 2003 server, ASP and Javascript are present in the site and there is a MySQL database backend. There is also a login area which generates a cookie for the duration of the User's browser session - this gets trashed when they log out or close the browser.

Can anyone tell me what there may be in a website which could be causing these Temporary Internet Files to pile up like this. It is the first time anything like this has happened on a site of mine in the 8 years + I've been designing/developing. The site does use Javascript which I didn't develop myself... so this could be a culprit I guess.

My understanding was that Temporary Internet Files were generated when browsing rather than by the actual website itself - but it seems this is not the case.

Any advice on what sort of things I should be looking at, or whether there are any tools which could help me identify the problem would be hugely appreciated.

Many thanks,

Question by:HairJam
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1

Assisted Solution

jmiller47 earned 90 total points
ID: 18012669
I don't have an answer for you but if they are shutting you down because of hundreds of temp files being created they better be able to provide you samples. With samples of the 'files' you can better determine the cause and solution. I would bug them a lot for them. They really can/t shut you down and say it is your fault without providing you any information.

Wish I could have been more help...


Assisted Solution

csandersii earned 90 total points
ID: 18012684
javascript can create files, thus I would do an search within the JS files for any lines containing ".writeline" or ".close" as those would be good indicators of file creation.  I would start with that if the JS is new to the site and another party solution.  Make sure these files are not being used for any tracking, or user data collection.  If they are and you remove them you will render that part useless.

For the ASP side you can do a search for "CreateObject("Scripting.FileSystemObject")" or ".WriteLine", which is used to create files in ASP.

One of those should provide results if the issue is in the code source you have, also ensure that any off domain code called does not generate files as well using the same method after viewing the off site source.


Expert Comment

ID: 18012820
Does the site use sessions to keep track of login data, perhaps?  Each session created gets a file which stores all of the session data.  Many websites use sessions to keep track of data and a cookie which stores the session ID.  If the sessions are remaining open and don't get removed, it could end up creating thousands of files which are just sitting there and are a security risk in addition to a waste of resources.

As a sidenote, don't bother with searching JavaScript.  It can't create files either server-side or client-side.  .WriteLine is used to output text to the browser, and .close is used to close the browser window.
Implementing Azure Infrastructure Exam 70-533

This course is designed to familiarize and instruct students in the content that is covered by Microsoft Exam 70-533, Implementing Microsoft Azure Solutions. It focuses on all the November 2016 objective domain topics.


Expert Comment

ID: 18014601
Fapiko is correct, thanks, the .writeline and .close are also used to control the browser window, but when objects are assigned in trusted and properly configured security settings using ActiveXObject they also can create files and is not a common practice by any means. My mistake is that would create on the local machine not the hosting server.

As per sessions, they are always created for any web browser as it is used to establish the connection with the hosting server.  Sessions are automaticly terminated by the web server after a defined period of inativity. Not sure why one would create a file to track sessions as it would introduce greater overhead to file systems space and access time.

I think the bottom line here is we just don't have enough information to truely provide answers.  I would get in touch with your hosting provider and have them provide you with file information, thus you can see what content is being writen to the files and possibly determine the source of the files.


Author Comment

ID: 18020564
Hmm - thanks very much for all your comments thus far. I have since spoken to my ISP and they are unable to send me samples of these Temp File because they have deleted them. I'm trying to ascertain from them whether the "scripting server" they have moved the site to is continuing to generate the amount of files.

They did mention that the amount of files being generated was huge and that they had to keep clearing them out every 10 minutes and that the files were being generated outside of the domain's folder (i.e. in the Windows/Temp folder on the actual server). This to me indicates that perhaps the security of the server in question had been compromised.

How likely is it that someone could have accessed the server via my site?.. i.e. I'm guessing that they would either have to have FTP access directly or via some other means (although I'm not sure how). The MySQL database resides on a completely separate server so I doubt they'd have got in via this.... there is an Access database used in the site as well but this is not stored in the web root folder but instead inside a secure directory outside of the main file root... but I do know that it is possible to get into that if someone really wanted to.

The odd thing is that I have loads of other sites running the main application with no problems, and no actual files have been changed (by me) on the domain in question for over a month - yet suddenly this problem has just happened.

Could I be looking at a potential hack by someone trying to take the server down?


Accepted Solution

Fapiko earned 180 total points
ID: 18024187
Again it sounds like your server was generating massive amounts of sessions (although I don't know how ASP works.)  From my experience with PHP, I can tell you that PHP creates sessions in a folder on your hard drive that is specified in the PHP.INI file, so they wouldn't be in the domains folder. On Linux it stores them in /tmp by default, but you said it's a Windows 2003 server so the host very well could have configured them to be stores in the Windows/Temp/ folder.  Like I said though, I don't even know if ASP does indeed create files to keep track of sessions or open sockets. As for somebody accessing the server from your site - very unlikely. Unless you have a very poor host, Windows Server 2003 is setup so that file permissions are very specific. Anybody gaining access to your site would be operating on the server under your username, and your username shouldn't have access to any directories other than those used by your website.

Author Comment

ID: 18059871
Thanks Fapiko - this information was handy. As it happens the ISP in question aren't able to provide me any further information, nor can they say whether it is still happening. Go figure!

I appreciate all your help everyone.


Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question