Why does the free plan have inf bandwidth and all the other plans except the most costly have 250gb?
I guess because free hosting has very limited resources, like 50K hits per day. So with those limited resources, most users won’t be able to use a huge amount of bandwidth.
12 Likes
That would make since, does that mean a free hosting plan can easily ddos attacked withh the 50k hits?
If the user’s using a protection service like Cloudflare, there’s a higher chance of being protected against DDOS. But keep in mind that a crafty attacker can always find a way to sneak through.
6 Likes
Just curious, if a website can self identify ddos, does returning 403 count against one of the 50k hits? (As far as I assume it still counts)
3 Likes
The hit counter counts web requests
9 Likes
Yes. Every hit is a hit. Even a “blocked” hit is considered a hit. Only hits that never reach your website code, like those that are blocked by filters on our end, or the browser validation system, are not counted as hits for your site.
8 Likes
So if I use cURL to enter an InfinityFree website and it returns the security system code, does that count as a hit?
1 Like
Yes, since you are using a request to that specific domain. The security system is checking the request on the fly, which means what you see as the security system code is rendering on your domain name.
1 Like
I am not so sure it does count:
Hits that get rejected by the browser validation system and get its code returned instead, are:
8 Likes
MMM really? I tested using CURL and after a few hours, I saw hits count.
1 Like
There are probably bots hitting your site.
5 Likes
Can’t be because I’ve blocked some known bots.
1 Like
yes, a few days ago i was looking through github and saw a few apps that could “bypass” it. Not sure if they do… but i would not be surprised.
Mmm, I am not sure about apps, but if you want to make a CURL request, you can add headers to it, so it’ll act as a browser. This is how I sent the request to my site. Although CURL doesn’t support JS, in that case you need to add the website’s cookie to the header, or you can set the --cookie flag to the request. (If you are using this request on a https request, then you need to modify a bit since CURL is not responding well to https requests.)
curl -o output.html -H ":authority: johnherbert.rf.gd" \
-H ":method: GET" \
-H ":path: /" \
-H ":scheme: http" \
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8" \
-H "Accept-Language: en-US,en;q=0.8" \
-H "Cache-Control: max-age=0" \
-H "Cookie: __test=2224e3a768359b612c15bc36f6fda2c5" \
-H "Sec-Ch-Ua: \"Brave\";v=\"119\", \"Chromium\";v=\"119\", \"Not?A_Brand\";v=\"24\"" \
-H "Sec-Ch-Ua-Platform: \"Linux\"" \
-H "Sec-Fetch-Site: cross-site" \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" \
http://johnherbert.rf.gd/
Output
1 Like
And that’s how you make cURL think it’s Chrome, so one of the motives of how you were getting hits!
Anyway, without a custom user agent and other headers, what @ChrisPAR said is still valid. Even worse, for cURL the server will deny the request, returning a status code 444 (so the connection closes without replying).
8 Likes
I tried this out and it didn’t work.
Here if you wanna test it: https://reqbin.com/c-bssubfqe
5 Likes
You need to get the website’s cookie, that was mine
2 Likes
Yeah true, I just showed that you can access with headers on CURL.
3 Likes
Oh. Does it change for every client or does it stay the same?