Flagging Users That Uses Macros/Auto Refreshers

We are starting to have a big problem with our site. Some of our users are using auto-refreshers and macro programs to take advantage of certain parts of our site, and now it's beginning to take some serious effect. Our site lags most of the day due to this and we need to find out which of our users are performing these tasks so that we can punish them directly. We are using PHP with this project.

I can use any help with this开发者_StackOverflow社区 problem. The site lags so badly at times, it's difficult to keep it running.

Parse your web server daemon's access log and calculate the interval between requests for each visitor IP. If they are very regular (i.e. every five seconds +/- 0.25 seconds), flag them.

It is very difficult to stop this type of behaviour if your users are determined, but you can curb the problem. Firstly look for automated user behaviour in your logs, refreshes/actions/requests within a fixed intervals, often these patterns are very obvious because a human could not behave in such a manner, due to speed or activity period.

Use caching or forward proxy like Squid or Varnish.

1. Caching the costly parts of page generation will make the site run faster. You don't need to display real time information?
2. Add cache headers (e.g. "Cache-Control: public,max-age=60") and set up a forward proxy like Squid or Varnish. This will make the site run faster most of the time without you having to add caching or optimize your code.

I'd say the real problem is not your users, but your code. The two methods above will help you deal with the situation in the short run. For long-term solution, you should refactor and optimize your code. Reloaders are invisible for properly designed sites. They're so rare that you can't be having many clients.

Here's a simple way to test that your site is up to bar with "reloaders". Open your site in a browser like Firefox. Press and hold F5 for a minute (or less). Release F5; if the site shows up immediately, you've fine; if you need to reboot your server to make it responsive again, you're vulnerable to reload DOS. If you can't handle multiple concurrent requests, your site can be taken down by anyone, not just hardcore users with reload applications.