I have a system with the download.php page. The page takes id and downloads the file based on the DB record, and then serves it. I noticed a couple of cases when files are requested several times in a short time (20 ms). Times that are too fast for human input. There are many cases where the bootloader works fine. However, on closer inspection of the use of bootloaders, I saw an interesting behavior.
For example, the IP address xxx.xxx.xxx.xxx (which falls into the range belonging to xxxxxx.de in Germany) appeared on the site via Google. They looked and then came to the page http://site.com/xxxx/press+125.phpThere they wrote out the request /download.php?id=/ZZ/n+aH55Y = (a PDF) at 9:04:23 AM. This in itself is not very important. However, the interesting thing is that the server seems to have been very concerned about serving this request. In the logs, the request first ends between 9:09:48 and 9:10:00. It appears that the user should have been tired of waiting during this time and requested the document two more times. Between 09:14:47 and 09:15:00 the same request appears again, except that it is from 9:04:43 in the morning, 20 ms after the first request. He then appears for the third time with a query that started at 09:05:06, ending between 09:19:55 and 09:19:58!
I am suspicious of this document. When viewing the logs, I see other cases where the server takes a little time to process this particular file. Browse this list of requests from zzz.zzz.zzz.zzz [differs from above] for the file /download.php?id=/ZZ/n+aH55Y= (the same document as before):
Request time Completion time 04:32:43 04:33:36 04:32:50 04:33:36 04:32:51 04:33:38 04:33:05 04:33:38 04:33:34 04 : 33: 42 04:33:05 04:33:42
So, something is definitely happening. Regardless of whether this is related to this particular document arranged on the server, the code of the download.php page, or if they just saw evidence of some overload at the server level, as it plays in real time, I'm not sure yet.
, , /download.php?id=/ZZ/n+aH55Y= ( PDF) . , , , http://site.com/press+125.php, , - , , .
, + 125.php , .
? . Apache ? .
$file = new files();
$file->comparison_filter("id", "=", $id);
if ($file->load()) {
$file->serve();
}
function serve() {
if ($this->is_loaded) {
if (file_exists($this->get_value("filename"))) {
if ($this->get_value("content_type") != "") {
header("Content-Type: " . $this->get_value("content_type"));
}
header("Content-Length: " . filesize($this->get_value("filename")));
if ($this->get_value("flag_image") == 0 || $this->get_value("flag_image") == false) {
header("Cache-Control: private");
header("Content-Disposition: attachment; filename=" . urlencode($this->get_value("original_filename")));
}
set_time_limit(0);
@readfile($this->get_value("filename"));
exit;
}
}
}