Why is my website generating hundreds of Temporary Internet files?

Posted on 2006-11-25
Last Modified: 2008-03-04
Hi there,

My ISP has temporarily shut down one of my websites because it says that "the site was generating hundreds of Temporary Internet Files causing other sites on the shared server to run slowly".

Unfortunately they have given me no particular reasons as to why this has happened and I don't know where to start trying to trace what is causing this. One of their Tech chaps said it could very well be a scripting issue but couldn't be anymore specific than that!

The site in question runs on a Windows 2003 server, ASP and Javascript are present in the site and there is a MySQL database backend. There is also a login area which generates a cookie for the duration of the User's browser session - this gets trashed when they log out or close the browser.

Can anyone tell me what there may be in a website which could be causing these Temporary Internet Files to pile up like this. It is the first time anything like this has happened on a site of mine in the 8 years + I've been designing/developing. The site does use Javascript which I didn't develop myself... so this could be a culprit I guess.

My understanding was that Temporary Internet Files were generated when browsing rather than by the actual website itself - but it seems this is not the case.

Any advice on what sort of things I should be looking at, or whether there are any tools which could help me identify the problem would be hugely appreciated.

Many thanks,

Question by:HairJam
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1

Assisted Solution

jmiller47 earned 30 total points
ID: 18012669
I don't have an answer for you but if they are shutting you down because of hundreds of temp files being created they better be able to provide you samples. With samples of the 'files' you can better determine the cause and solution. I would bug them a lot for them. They really can/t shut you down and say it is your fault without providing you any information.

Wish I could have been more help...


Assisted Solution

csandersii earned 30 total points
ID: 18012684
javascript can create files, thus I would do an search within the JS files for any lines containing ".writeline" or ".close" as those would be good indicators of file creation.  I would start with that if the JS is new to the site and another party solution.  Make sure these files are not being used for any tracking, or user data collection.  If they are and you remove them you will render that part useless.

For the ASP side you can do a search for "CreateObject("Scripting.FileSystemObject")" or ".WriteLine", which is used to create files in ASP.

One of those should provide results if the issue is in the code source you have, also ensure that any off domain code called does not generate files as well using the same method after viewing the off site source.


Expert Comment

ID: 18012820
Does the site use sessions to keep track of login data, perhaps?  Each session created gets a file which stores all of the session data.  Many websites use sessions to keep track of data and a cookie which stores the session ID.  If the sessions are remaining open and don't get removed, it could end up creating thousands of files which are just sitting there and are a security risk in addition to a waste of resources.

As a sidenote, don't bother with searching JavaScript.  It can't create files either server-side or client-side.  .WriteLine is used to output text to the browser, and .close is used to close the browser window.
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.


Expert Comment

ID: 18014601
Fapiko is correct, thanks, the .writeline and .close are also used to control the browser window, but when objects are assigned in trusted and properly configured security settings using ActiveXObject they also can create files and is not a common practice by any means. My mistake is that would create on the local machine not the hosting server.

As per sessions, they are always created for any web browser as it is used to establish the connection with the hosting server.  Sessions are automaticly terminated by the web server after a defined period of inativity. Not sure why one would create a file to track sessions as it would introduce greater overhead to file systems space and access time.

I think the bottom line here is we just don't have enough information to truely provide answers.  I would get in touch with your hosting provider and have them provide you with file information, thus you can see what content is being writen to the files and possibly determine the source of the files.


Author Comment

ID: 18020564
Hmm - thanks very much for all your comments thus far. I have since spoken to my ISP and they are unable to send me samples of these Temp File because they have deleted them. I'm trying to ascertain from them whether the "scripting server" they have moved the site to is continuing to generate the amount of files.

They did mention that the amount of files being generated was huge and that they had to keep clearing them out every 10 minutes and that the files were being generated outside of the domain's folder (i.e. in the Windows/Temp folder on the actual server). This to me indicates that perhaps the security of the server in question had been compromised.

How likely is it that someone could have accessed the server via my site?.. i.e. I'm guessing that they would either have to have FTP access directly or via some other means (although I'm not sure how). The MySQL database resides on a completely separate server so I doubt they'd have got in via this.... there is an Access database used in the site as well but this is not stored in the web root folder but instead inside a secure directory outside of the main file root... but I do know that it is possible to get into that if someone really wanted to.

The odd thing is that I have loads of other sites running the main application with no problems, and no actual files have been changed (by me) on the domain in question for over a month - yet suddenly this problem has just happened.

Could I be looking at a potential hack by someone trying to take the server down?


Accepted Solution

Fapiko earned 60 total points
ID: 18024187
Again it sounds like your server was generating massive amounts of sessions (although I don't know how ASP works.)  From my experience with PHP, I can tell you that PHP creates sessions in a folder on your hard drive that is specified in the PHP.INI file, so they wouldn't be in the domains folder. On Linux it stores them in /tmp by default, but you said it's a Windows 2003 server so the host very well could have configured them to be stores in the Windows/Temp/ folder.  Like I said though, I don't even know if ASP does indeed create files to keep track of sessions or open sockets. As for somebody accessing the server from your site - very unlikely. Unless you have a very poor host, Windows Server 2003 is setup so that file permissions are very specific. Anybody gaining access to your site would be operating on the server under your username, and your username shouldn't have access to any directories other than those used by your website.

Author Comment

ID: 18059871
Thanks Fapiko - this information was handy. As it happens the ISP in question aren't able to provide me any further information, nor can they say whether it is still happening. Go figure!

I appreciate all your help everyone.


Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is the optimum percentage to save images for webs. 4 31
Adding items to a C# list incrementally 5 58
Adding a countdown to HTA 12 95
CSS - Centering an image 2 23
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question