Hey guys, I currently present my mp3s by referencing their file location into a flash mp3 player for the users. Is is possible for users/bots to go onto your site and somehow execute an mp3 continuously and drain bandwidth? If so how can you prevent this? (I program in php). Thanks in advance for any advice.
This is a very high-level answer as I'm not familiar with the specifics of what you're doing, but there really isn't anything stopping a bot from continuously requesting a file if it can somehow determine where it is stored on the server (the url). As Ignacio suggests, there are some things you can do in the swf source to make sure that it won't continuously request the file, but if they can find the location of the file on the server, they can bypass the swf all together. What I would suggest, is creating some sort of gateway page (in php) that does some sort of check to see if a requested file has been requested by the client (perhaps, IP address*) in the last X minutes. If the check is ok, then the php script could handle the data stream to the client, if not, then it would deny the request and not grant access to the data. That said, you are still vulnerable in the event that they can determine the actual location of the file. You would probably want to configure some server rule to forward all requests that end in .mp3 to the gateway file to prevent direct access.
*It should be noted that if you're going to implement some sort of rate checking, you need to be very careful about how you do it. IP alone is not really good enough because what if you have a bunch of users behind the same NAT gateway (at a corporation for instance) and despite there being, in fact, 20 unique users requesting the same file, the requests are actually only coming from one IP address. Ideally you might use some combination of user-agent data along with an IP address or perhaps some session information.
Hope this helps!