Networking & Wireless

General discussion

Can you help me stop the bandwidth leeches at my pub's free Wi-Fi hot spot?

by Lee Koo (ADMIN) CNET staff/forum admin / March 16, 2012 8:58 AM PDT
Question: Can you help me stop the bandwidth leeches at my pub's free Wi-Fi hot spot?

I wonder if your contributors can help? We provide a free Wi-Fi
connection for customers in our pub; it is meant so they can get their
e-mail and find local attractions and maps, and look up the sports results
or weather. It is not meant for "serial downloading" or watching online
TV, as this will just hammer my bandwidth and my ISP will
hit me with increased costs.

My router will allow me to block ports or specific Web sites, but which
and how many do I have to block?

Are there ways to dissuade users from taking advantage of what is
meant to be a service for the "honest Joe's," not a resource for the
bad guys.?

The router does also give each user an isolated IP so they cannot see
each other, but are there other security issues I should consider?

--Submitted by: Andrew
Post a reply
Discussion is locked
You are posting a reply to: Can you help me stop the bandwidth leeches at my pub's free Wi-Fi hot spot?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Can you help me stop the bandwidth leeches at my pub's free Wi-Fi hot spot?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Some ideas, but more info is needed

Hi, Andrew:

If you provide some information on your current router, you may get more specific help. You didn't mention if you felt that the bandwidth usage was coming strictly from your customers, but my first recommendation would be to make sure your WiFi is password protected with WPA2 security. You or your employees can happily give out the password when a customer asks. This will avoid nearby customers (say from that business next door) from using your internet connection.

Another option you may have available in your router is to set a maximum bandwidth usage (usually, in Kbps). This might allow you to set a limit that still allows casual web browsing but deters video watching because of the hiccups and buffering it would cause.

To really attack the problem, you'll need to invest in a firewall. The least-expensive option would be some basic (even older) PC running Linux with free firewall software. There are a number of options that would allow blocking video/audio streaming, and they probably already have the settings ready-to-go, just needing to be enabled. The only downside is that you'll either need someone who is reasonably tech-savvy or you'll need to learn enough to install Linux and configure the firewall software.

There are, of course, stand-alone firewall appliances, but they cost somewhat more than the DIY Linux solution.

Once we know more about your specific setup, we may be able to help with settings your router may provide.

Collapse -
I REALLY THINK HIS BEST BET IS:
by webserf / March 24, 2012 2:51 AM PDT

To look into buying an unlimited internet plan, so that he can get back to building his business.
IF you take away the worry that leaches cause, you can focus on making your business the best it can be.

This might cause an increase in internet cost, but I can just about assure you that many (or at least some) customers come because of the free internet. This results in INCREASED REVENUE. Increased revenue allows for the additional overhead of internet costs, and hopefully creates a profit that you'd otherwise not have.

Consider an unlimited plan and get back to work in/on marketing your pub!

Of course locking down your router at night by turning off the wifi radio and changing the login every day is also a help.

A lot of this depends on willingness to spend time and a bit of money to set up a "walled garden" and/or other "roadblocks" to leeches.

Collapse -
Astaro makes a free home...
by fairlane32 / March 24, 2012 4:58 AM PDT

If you have a PC or laptop you can use that, as Tim points out, to be used as your stand alone physical firewall that you can put Astaro's home firewall on. The machine is used only for the firewall as the image takes up the whole hard drive, but you can configure it to do what Tim mentioned, throttle bandwidth, and provide some monitoring of traffic, etc, and its free.

http://www.astaro.com/landingpages/en-worldwide-homeuse

HTH,

Good luck Andrew! Wink

Collapse -
Rather than trying to close ports to block undesired usage,

you might want to look at blocking everything, then opening up ports for services you wish to allow.

I don't believe this is an exhaustive list by any means, but it's a starting point.
To allow the following, unblock the associated port:
General Web Browsing: Ports 80, 8080 and 443
General Email Usage, Various Devices/Clients: Ports 25, 26, 110, 143, 465, 587, 993, 995
Network Time Services: Port 123
Instant Messaging: Ports 1863, 5050, 5061, 5190, 6667, 7001

See if you can find out what the regulars use, then you can find out those program requirements and add them to the white list if you approve.

Plan B is similar, but involves a proxy or Hot Spot Gateway to manage all that for you.
The computer doesn't have to that powerful, just nimble - an ITX sized computer with a Fusion APU at its core would capable and cost effective.
Set it up right, and it won't even need any moving parts.
This should ideally be sitting between the access point and your internet connection so it monitors everything from the access point, which will mean dual network ports.

Best of luck, Flirkann

Collapse -
Port Blocking is NOT the Solution
by Flatworm / March 17, 2012 1:23 AM PDT

The problem with leeches is that they can do nearly everything they need to do through the Web ports, which you will need to leave open in any event. Blocking those ports will prevent other abuses, so it's still a good, albeit partial, solution. (Port 8080 is generally used for websites under development, though, where they are usually only to be viewed by the developers themselves, so you may not need to unblock it).

Secure it with WPA2 and use a passkey. Provide your customers with the passkey on request. Of course, this won't address the issue of a person who has in the past been a customer becoming a leech, but you can deal with this by creating a new passkey each morning or so.

Collapse -
A couple Ideas to add to those already suggested...
by webserf / March 23, 2012 12:12 PM PDT

Turn off (schedule) the wireless radio at night so that people cannot tap in when the place is closed.
Remind your customers, with signs and other means that the connection is NOT meant for extensive video streaming or large file downloads.
Change your pass phrase every day, (this will become a PITA most likely).
Consider charging a nominal fee OR a minimum purchase for use of the "Free" internet.

Look into the Ad-served "Free" wifi service similar to those offered at McDonalds.

Most importantly: Look into an unlimited data plan so that you can rest easy regarding anyone who abuses the service. IF you need to pay more for an unlimited plan, you can make adjustments to your prices to cover the costs.

Collapse -
One thing I wanted to add:
by webserf / March 23, 2012 12:17 PM PDT

When I consider places to eat or drink, especially during the daytime, I gravitate toward places with free internet. Usually the connections are slow, but fast enough to get emails, and do some light browsing, including occasional youtube etc..

In short, having free internet is very likely adding revenue because people remember that you have it and will come back to enjoy your pub, AND some social networking etc..
I realize it's a cost, but I can virtually assure you that offering the service is Adding To Your Bottom Line!

All you need to do is work out a balance of profitability and cost, and then rest easy that offering the service is adding to your profits!

Good Luck!

Collapse -
As Someone Already Suggested

First, take a look at what bandwidth you have natively. Are you using cable for your internet access? What bandwidth do they give you? Do you have DSL? Same question! Maybe it might be more beneficial to get more bandwidth but you'll have to ask your Iinternet Provider (ISP) about what is available for at what cost. The other suggestion is very important too. Even though you may not want to put any security on your router so it would be easy for your customers to use, there are TWO issues with this. First, as the signal for the WiFi is not contained within your pub, others may be stealing your bandwidth using it for downloads, movies, and streaming music. What I would do is apply WPA2 wireless security. You can post the "Password" (Password-of-the-Day or Password-of-the-week) somewhere in the pub where your customers can see it. Make sure that your next-door neighbors are not also your customers or you may need to change the password more often. You may be able to control the signal strenth in the WiFi to try and keep the signal contained within the pub instead of leaking out to the neighbors. By the way, even if the "neighbors" are businesses, it would be a LOT cheaper for them to have Internet access by using YOUR wifi then paying for their own so I would definitely use WPA2 security and change the passphrase every so often. There are also firewalls and packetshapers that would let you fine-tune what you will allow and what you will not allow. These could be pricey but maybe not. You can always do some research and see what the costs would be and what features you really need.

Collapse -
What "bad guys"?

Do you have signs posted in your pub that explain your expectations, or limits, on usage of your pub's Wi-Fi hot spot? If not, that is the first place to start. If you do have usage limits posted and some of your customers ignore them, that's one thing. On the other hand, if you do not have limits posted, I don't think you are being fair to the customers you are calling "bad guys." Most people expect that a free Wi-Fi hot spot is just that, and that use is unrestricted.

A very large percentage of customers at Starbucks, and other establishments that feature Wi-Fi, appear to use it constantly, the entire time they are there. I've asked managers if they have a problem with freeloaders and whether having Wi-Fi is profitable, because I am curious about business practices. They all say that it draws a lot of business and is very profitable overall. You are in a business that typically has a high profit margin. You may want to analyze your numbers before you make changes that could alienate customers.

Collapse -
Stopping leeches.

I'm assuming you use an industrial-strength router in your pub. If you don't, then get one. Don't be shy of the cost, as it will last much, much longer, and give you many more features -- like a good firewall, targeted bandwidth control and operational stability. You should be paying Aus$500-1000 for this equipment.

I'm also assuming your customers supply their own computers. If you supply the machines, then have all USB ports, CD/DVD drives and floppy drives removed. Then remove all software you don't want used, and make sure user accounts do not permit installing software.

One of the nice bits on decent routers is targeted bandwidth control. You can set limits here, for example give all users individual quotas, say 1 or 2 MB. OK, that sounds restrictive, but in practice it's plenty for quick browsing and casual email checks. If necessary, you can reduce that to, say, 500KB, but that's starting to get ugly. Once the quota is used, block that IP for 10 or 15 minutes.

Hforman has suggested signal strength control -- if your router does not permit that (some don't, it's "automatic") then a cheap solution is to cover the interior walls and ceiling of your WiFi room with chicken wire under a fresh wall-paper. This will greate a "Faraday cage", which will effectively stop external leeches.

I wouldn't bother with other security issues. WiFi "hotspots" are public access by definition, so WPA etc will only hinder and annoy your customers. People understand they use hotspots at their own risk. However, don't use this router for your personal and business machines -- get a separate account from your ISP, as the WiFi account will be comromised as soon as you set it up.

Gordon.

Collapse -
@gordon451
by bdg2 / March 23, 2012 10:02 AM PDT
In reply to: Stopping leeches.

gordon451 said:
> block that IP for 10 or 15 minutes
You mean MAC address.

Collapse -
Free routers work better!!!
by tek-ed / March 23, 2012 10:10 AM PDT
In reply to: Stopping leeches.

No.. you *DON'T* need to spend lots of money on a router.
Just grab an old computer...and I do mean old...I am using an old repurposed Pentium Pro...
Pop in a WiFi card (you can get these for like $15 online). Download Monowall (free) and burn it to a CD.
Pop the CD into your ancient computer and boot off of the CD. Configure Monowall, set up Captive Portal, redirect all WiFi traffic to a login webpage where you control the password. Hand out the password to anyone who asks...change the password every week...leaches gone!!!

Collapse -
Pub, WiFi, Beer, Darts....

Sounds like all the ingredients for a legion of drunken phoolisness to descend upon local emergency room after needle tipped darts fly over locale to amuse citizenry or show off warbirds. No, wait, that is from a TV show.

OR

Buy encryped dongles to give customer(s) so they may utilize freebie.

Further OR

Become one with your router? ISP? Customers lappies?

FINALE

You can't. U lock, 'they' break. Very simple, too true.

Collapse -
Stop the bandwidth hogs

If you really want to stop MOST of the leeches, you will need to create a secured AP that only trusted customers can access with a password. Most routers are capable of multiple connections, so you can isolate your own network from the publicly accessed one with little problems.
The real task will be in managing who you give the password to, and watching your usage to see if you get an out of proportion increase, indicating someone you gave the password to is one of the culprits.
If that happens, change the password. Your trusted users will understand. You could keep a list of users if you care to.

Collapse -
Re: stop bandwidth hogs
by exocetuk / March 23, 2012 11:53 AM PDT

I would change the password or string every day or weekly depending on how quickly the leeching starts.

Collapse -
PotD

THE easiest way to allow customer access, and dissuade leeches in the neighborhood is a PotD! (Password of the Day!)

It can be posted in a place that is not visible from the outside (through a window for example) but easy to see for customers. Or it can be a card attached to the menu, the say as the "Special of the Day" {SotD} there are apps (like MsDonalds and other places, that do not allow access to their free WiFi until you agree to play by the rules. and I suspect those should be easy to find if your router cannot be setup to ask for a password.

This will not stop leeches within the restaurant, but if Bandwidth IS the issue, Many routers can be set with a bandwidth limit per connection. Email and the like will usually be quite fine at 50 to 100K bandwidth (although some emails can get stuffed with lotsa of graphics) but to keep VIDEO feeds to a minimum, 100k bandwidth limits will make most video (especially MOVIES) quite unwatchable, but even graphics happy webpages load relatively quickly.

Collapse -
did you answer the question about bandwidth throttling?
by TheRadMan / March 23, 2012 10:14 AM PDT
In reply to: PotD
did you answer the question?
how does PotD help here?
it wont throttle nor facilitate throttle.
look at the standard 802.1p please
and throttle the whole pipe - PERIOD

dont worry about equality: you are paying the toll for the comms pipe

I was on the "Internet" in 1994 and I have "some" experience
I am astounded at the poor CNET answers claiming to be fixes
Collapse -
Did you read...
by raydreamr / March 23, 2012 11:11 AM PDT

Did you read the entire message? The opening and the 2 paragraphs. I covered both situations.

Collapse -
A quality configurable router may be required
by Macron / March 23, 2012 10:43 AM PDT
In reply to: PotD

In a nut shell the router needs to be locked down and restricked in traffice. You can always try to use the firewall and on the other persons machine, block everything other than ports 80,443,25,110,143,993,465, 995 in the router. However Http download likely go through port 80 as well as browsing so you cannot block that. But various establishment do it somehow. Pop in and as the manager as to what they using for internet filter restrictions.

Open WiFI is a big NO NO. You'll want WPA/WPA2 security for sure and change the password as often as required to keep roadside thieft and connections. Power off the router at the end of the day. Maybe a proxi server will be required to handle the restrictions as well with commercial software to control users. Google for other ideas.

Collapse -
You may have misunderstood
by majikthise / March 23, 2012 10:31 PM PDT
In reply to: PotD

I think the problem Andrew has is with genuine customers (who would know the password of the day) using his wi-fi for bandwidth intensive things like downloading and streaming rather than just surfing/emailing as was intended.

Collapse -
I agree
by raydreamr / March 24, 2012 5:57 AM PDT

I agree, considered and mentioned another solution for that problem. not throttling the entire bandwidth as some suggested, but throttling individual user bandwidth. Throttling the entire connection defeats having a larger bandwidth. Throttling individual user LOGINS allows everyone to enjoy as much internet access as their access level permits (this suggests that "special access" could be granted to a user for a specific situation.

The thing that should be considered. Do not over complicate the affair. use what is needed and KISS!!! (Keep It Simple Stupid) This is a simple problem that only requires a simple solution. Over-complicating the thing is a flag for impassioned pioneers of Hacking. It is a challenge! something to defeat. (and most of the kids out there have some pretty good tools (Other people wrote for other GOOD purposes, as well as specialty Hacker tools)

Be secure, but don't make yourself a target.

Collapse -
Try Peerblock
by Carsto / March 25, 2012 1:57 AM PDT

Just discovered the Peerblock firewall and it's free! Very useful and flexible. I agree with the several ideas of doing a cost analysis for the pub in terms of return on the investment in an "open broadband" plan. It may still not be enough.

This is where this firewall comes in. You have control over both ports and sites to be blocked out, no rocket science included. All you need do is get the browsing histories for the unwanted sites and block them. This may still be stick figure control, but it may help to get the wildest cards off the table.

Collapse -
Check out dd-wrt
dd-wrt is an open source firewall that has been ported to most brands of routers. You have to make sure to get the version that matches your router, and they have a help system to point you at it. From there, it's pretty easy to flash it onto the router.

Built in to dd-wrt are a few different hotspot management systems to choose from. I've never set one up myself, but they're designed for exactly the situation you're facing. So, I'd assume that at least one of them would be fairly straightforward to set up.

Drake Christensen
Collapse -
Use QoS and the DD-WRT capabilities, encrypt and lockitup
by TheRadMan / March 23, 2012 10:32 AM PDT
In reply to: Check out dd-wrt

dd-wrt also has QoS throttling capability

Collapse -
Out of the box solutions: FON
by verdyp / March 25, 2012 12:30 PM PDT
In reply to: Check out dd-wrt

Why not using a FON hotspot, which comes out of the box with real security and separation between users (note: the separate IP is NOT a security, because all IPs in a classic hotspot can directly ping each other and discover themselves).

FON hotspot are cheap, preconfigured, and will provide bandwidth capping for each user; there are even some admin tools to help manage the protocols you want to keep available. If ever you get extra costs from your ISP, FON will grant you additional rights because of the usage made by your customers on your hotspot.

No complication: keep yout existing Wifi hotspot in private mode for your own usage, just connect the FON router on an Ethernet port of your Internet router, or on an intermediate switch.

Collapse -
Software

Hi!

I have noticed all the hardwares comments, and many are good ideas (but more expensive). What about using software readily available from others to accomplish much the same thing?

A daily new password, generated by that system, can be very effective. Then you can provide a "templated" access to the net, making it difficult for one to just leech from afar. Such software does not totally eliminate net access, but makes it more unlikely to be usable by non-customers. Customers with proper daily passwords would be able to by-pass the templated screen to surf anywhere (or not), and that would cut down access time. Also could provide timed sessions, tailored to their expected time online (for example, a password change after 45 minutes, etc).

Sure, softwares can eventually be "hacked," but NOT if a daily password is used. I used to use software like this to remotely control a pub's wifi system, and it worked very well with a minimum of new expenses.

Good luck with your decision!

Collapse -
Wi-Fi leeches

I would suggest you make up index-sized sheets with a paragraph explaining your situation and give them to people using devises. E.g.

"We provide a free Wi-Fi connection for customers in our pub; it is meant so you can get e-mail , find local attractions and maps, and look up the sports results or weather. It is not meant for "serial downloading" or watching online TV, as this consumes huge bandwidth and our ISP will increase our costs. We appreciate you using our wi-fi service considerately."

Collapse -
Call in a separate company to provide your wi-fi hotspot.

As your running an open wi-fi hotspot with a business you might be better to call in a separate company to set up a wi-fi hotspot for your customers, this can be run in conjunction with your existing connection and can be set up to allow you all the internet you require and access to all the things you want, whilst allowing your customers a free basic internet service and stop them from over doing your existing broadband.

In the UK we have numerous companies all offering this service, BT offer BT OpenZone and the wi-fi hotspot is set up by them for the company that has the hotspot. It is in the ISP's interest to offer these, rather then yours as like with BT they can advertise to their customers their is x number of hotspots available throughout the UK to our customers so increasing the chance of someone subscribing to their ISP service rather than a rival who doesn't have as many.

There is also Fonera which is another company that supplies routers that can create proper Wi-Fi hotspots, and The Cloud all to name a few.

All these companies have a system that allows them to give free internet away to their customers, and also charge non subscribers based on usage. They also have servers that are set up a lot better to monitor each individuals usage and restrict them from using specific channels, or charge them more for the privilege.

This would be a much better route to follow rather than trying to do it yourself, these major business have all the structure set up to keep customers secure, and offer them a certain amount of wi-fi whilst blocking out over-usage. In addition to this many of these will also pay you for having a hotspot.

Now think of this one - in your pub I bet you have some kind of fruit machine don't you? Now do you own that fruit machine or did you hire it from a third party. Chances are I know your going to say you hired it from a third party - and why? Because it would cost you more to buy that fruit machine, and to have that fruit machine maintained, and replaced every time a newer model comes out than what it does to let the lease company keep a percentage of the profits from the fruit machine, and you to be paid by them for having the fruit machine in your premises. Wi-Fi is exactly the same, don't do it on your own, call a professional company in to supply your wi-fi hotspot to your pub rather than creating your own.

Boingo seems to be one of the main wi-fi hotspot suppliers in the US so maybe you might want to take a look at their website here http://www.boingo.com/partnerships/

Collapse -
Plus - forgot to mention...
by darrenforster99 / March 17, 2012 2:49 AM PDT

Plus I forgot to mention many of these big firms also have a search engine for people to find their local hotspots, which can work as free advertising for you as well and increasing your customers.

Collapse -
3rd Party Access are Cold Blooded Profiteers!
by iSamsung2u / March 23, 2012 10:29 AM PDT

None of these are FREE to your customers and/or YOU! .....if they are doing it out of the kindness of their cold hearts, they must be getting profits or benefits somewhere. Others here have mentioned better options for small business, that for the most part are using Wifi Access as a come on freebie in the first place. Go to a revenue model where.... let's say they offer a percentage in return, your loyal locals will scatter and find a place they can drink a beer and check email, etc without having to pull out a Credit Cart or being a member of some Wifi Access Global Conglomerate!

If we knew what router the owner was using that would help immensely. Many routers have features for timed access, with a password that can also be programmed with a bandwidth limit. You can also restrict access sites or domains, if not a full blown block of sites with porn, etc.

Boingo is quite frankly a real turnoff for small businesses that are more interested in attracting customers than making their profits from Wifi Access. Most regulars would quickly find another spot in this case to have some drinks and do normal things you do in a bar. For Airports where you have non paying public that also have access. Boingo is perfect........ But not a local bar or pub where the Wifi Access is just a fringe benefit, where the owner makes his money off his main business like serving drinks!

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech Tip

Tired of your tricky Wi-Fi password?

Stop trying to memorize a complicated sequence of numbers and letters. Learn how to change the default password.