|
|
Posted by Alan J. Flavell on 09/19/05 20:50
On Mon, 19 Sep 2005, Morgan wrote:
> >How about the fact that he is using their bandwidth as his own? Even these
> >days, bandwidth still costs money.
>
> Excellent point. The site owners are unlikely to be happy about this
> if they are paying for their brandwidth.
Check past discussion for "bandwidth leeches". I've only felt the need to
do this once, and that was for an image that was being called out many
thousands of times by a page in the far east - so much so that this one
URL showed up as a peak in the entire server statistics!
But I surmise it can work for frames too.
There are measures that the victim can take, based on the Referer(sic)
header. While of course there's no guarantee that the Referer header will
be present (so, the victim has to allow the item to be served out if it's
missing), if that header is present then it'll mostly be the truth, so if
it doesn't match one's own site then something else can be served out in
its place (an HTTP error[1], or a rude picture, whatever - it's limited
only by one's imagination). Once this is in place, there's little point
in the offender continuing to call it out - a few of their visitors will
see the right thing, but most of them will get the error (or the rude
picture, whatever). The victim's own pages, of course, still work just
fine.
[1] 410 if you want to be protocol-correct ;-)
Navigation:
[Reply to this message]
|