I want to create a download script that users can download a file via it and the script updates the counter in db. e,g. download.php?id=xx etc.
This is a public download and anybody can download just by visiting that link, but to prevent bots abuse to consume bandwidth and pomp the counter, how can I prevent this kind of abuse?
Same way you protect any form submission. Anti-bot procedures such as CAPTCHA and honeypotting.
Have the download link generated by javascript, not static html. Make the javascript sufficiently complex so most bots wont be able to parse the link. Include a referrer check in your download script. If it’s not the same domain, exit;
What is honeypotting?
The link looks like ?id=xx and that id comes from db. So if i want to go with js as you suggested i have to use a jquery lib that i can pass id to it. Is there a ready jquery lib for downloads or to make hard to read links for bots that i can use it?
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.