Had an interesting scenario last week where I noticed my site had become a little bit sluggish, and noticed that the download counter for my PHP Installer application was incrementing by around a dozen every time I refreshed the page. I checked my network traffic statistics and I found that something or someone was hitting my site hard. The first thing that went through my mind was I was being hit with a denial of service attack. Was I though?

First thing I did was block the IP that was hitting my site which stopped my download counter from spinning, and returned my site to normal operation. It was then time for the postmortem where I spent a good hour or two buried in my server logs tracking the progress of this visitor across my site. It seemed innocent enough, they entered my site via Google using a search term relevant to the file they ended up downloading. I then noticed the user agent string.

When this user first entered the site the user agent was reported as being Firefox. However, when they came to download the file it changed to "FDM+2.x". After a quick search I found this user agent belonged to a download manager called FDM, or Free Download Manager. For some reason FDM was not downloading the file completely, but would rather get almost to the end and then start again. Where the real problem came about was that this user must have set FDM to infinity retires and gone out for the weekend.

The outcome of this was FDM tried to download this file from my site over 6900 times, totally 24.5GB of data in 2 days. I don't use that amount of data in 2 months let alone 2 days, and as a result I decided to block access to my site for the FDM user agent to prevent any similar instances happening in the future. Just goes to show the danger of download managers.