Thread: Stolen Site!
View Single Post
Old 2004-10-20, 01:50 PM   #25
raymor
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
 
Join Date: Jan 2004
Posts: 178
Send a message via ICQ to raymor
Quote:
Originally posted by MrHackula

Has this been changed, or do you still need to acquire an addition piece of software to make it do the job?
[/b]
That has been changed. I need to update the site.
A standard Strongbox install now fights rippers in
two simple but effective ways. It's also still easy
for your custom script to notfy Strongbox to kick
someone out if you wanted to use a more complex
script. Our top secret underground labs are working
on just such a more complex script that has it's basis
on how much a user is allowed to download within
a two hour period and within a two day period, but
takes that concept to the next level.

In regards to the long list of rewrite conditions that
some people use listing hundreds of different rippers:
One simple change in that approach will make it
work a lot better and be MUCH more efficient.
Keep in mind that if. for example, you have a page
with 30 thumbnails that requires 30 requests to
the server and the server has to process the .htaccess
30 times. If you have 200 rippers listed than loading
those 30 thumbs means that the server then has to
look at and compare the user_agent 30 X 200 times.
That's 6,000 comparisons to be done to load just one page.
This is the type of thing why we used to do just fine with
200 Mhz Pentium processors in our servers and now
2600 Mhz machines aren't fast enough at times -
that's an enormous waste of resources.
Waste? It's not a waste if it's doing something good, right?
That approach is a waste because of computer security rule #1:
Disallow everything, then allow that which is needed.

Take a look at your typical .htaccess for a paysite
and you'll see that rule in action:
deny from all
require valid-user
There's no need to try to list every possible user_agent
who shouldn't be allowed to access your members area.
That list could never possibly be kept current anyway.
Instead just list the four or five browsers that SHOULD
be allowed to access. MSIE, Mozilla (including
Firefox and Netscape versions), Opera and Safari.
If you hve videos you'll also allow WMP, RealPlayer,
Quicktime and maybe Xine and XMMS if you have Linux customers .
Without videos, that means that instead of 200 conditions
you only have 5-7 and instead of doing 6,000 comparisons
you're only doing 150.

Well, Ray, what if some day a new browser comes along that
a lot of people start using nd I don't want to have to go back
and update all of my .htaccess? Ok, fine. Still if the user_agent
is IE we don't have to check 200 times to see if it's also a ripper.
Once we know it's IE or Mozilla we can stop checking:
RewriteCond ^Mozilla/[0-9]\.[0-9].*Gecko [OR]
RewriteCond ^Mozilla/[0-9]\.[0-9] (compatible; MSIE [OR]
RewriteRule /* - [L]
Now put your 200 rules here, to be checked only if it's not IE or Mozilla.
BTW, the Mozilla Gecko condition picks up Mozilla,
Firefox, Netscape, and Safari because they all use
the Gecko rendering engine.
__________________
Ray Morris
support@bettercgi.com
Strongbox/Throttlebox & more
TXDPS #A14012
raymor is offline   Reply With Quote