How to protect material&bandwidth from cheaters/stolen ?

Litwa · 2005-04-27, 08:34 PM

Hi,

Can You halp me please?

Some fuckers have stolen pics and bandwidth from my gallerys using site like this:
http://fusker.lewww.com/index.php and
http://cs5.chatropolis.com/middle/double_ds
I found this urls on my host control panel. In one day visitors from fusker.lewww.com downloaded more bytes then sufers reffered from penisbot do in month (yes i'm a noob |clown| )So what should I do to protect my pics and bandwidth?

My friend gave me a txt file .htacess

RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^http://(www\.)?titshunters.com(/)?.*$ [NC]RewriteRule .*\.(gif|jpg|jpeg|bmp|wmv)$ http://www.titshunters.com/index.html [R,NC]

is in enought?
where should I keep this file?
should I save it as .htacess or .htacess.txt

or... what a hell should i do ??

Litwa

cd34 · 2005-04-27, 09:16 PM

Post 60 has what we determined to be the real solution.

http://www.greenguysboard.com/board/...864#post145864
http://www.greenguysboard.com/board/...em#faq_hotlink

put it in .htaccess in your site, or, in your apache config file.

Barron · 2005-04-28, 02:06 AM

Litwa,

Click on this link that cd34 provided.

http://www.greenguysboard.com/board...tem#faq_hotlink

Notice how it formated, each thing is on its own line. You want to create your file in a plain text editor like Notepad and upload in ASCII mode.

In your post, the example you showed has your domain in the last line. You dont want to do that, you'll send the server into an endless loop. Use the example in the link above.

Also, notice how cd34 spelled the name of the file: .htaccess

For those that dont know, the period in front of the file name makes it a hidden file.

-

grzepa · 2005-04-28, 03:44 AM

sent you mine

Litwa · 2005-04-28, 03:47 AM

thx a lot Guyes!
hope it will stop them.

Recived!

viktor · 2005-05-04, 01:46 AM

I just registered here because I'm interested in a similar topic.

However, if I understand correctly, this method is very easy to circumvent. You are essentially having the server check the REFERER as it is sent by the client. The problem is that the client can send whatever they want, even one of your "valid" REFERER values. Google for spoofing referer [sic] and you will break this kind of "security" in 5 minutes.

wankmaster · 2005-05-17, 04:02 PM

Tho you can spoof the referer not many people will bother. Most hotlinking is via an URL posed to a BBS.

Anyway .htaccess won't protect video content as windows media player sends a blank referrer, and most .htaccess files allow a blank referrer, so no help there. Given that video is most costly in bandwidth that's what you need to protect.

I came accross a similar thread in anther forum, people getting very hot under the collar about all the bandwidth stealing. Having been the victim of hotlinking myself I wrote a little script to stop it, and offered it to all those who were complaining about it.

How many people used my script?

0

At the end of the day it was all hot air. People like to vent about it, but can't be assed to even install a simple script to stop it.

On the slim chance that anyone is serious about wanting to stop bandwidth theft here's the link

http://www.10minutetgp.com/nohotlink2/index.htm

It's free. I don't want any payment, just a few hits or favors or a linkback if you use it and feel you'd like to return something. But I'm guessing no one will bother, and I'll see this same discussion over and over again.

At the end of the day unless it becomes a REAL problem my advice is to ignore it, it soon goes away.

cd34 · 2005-05-17, 04:15 PM

One thing you might want to take a look at -- you have Accept-Ranges: bytes set, but, you provide no mechanism for partial gets.

you also set the Content-Header to text/plain which will break on non-IE machines.

Other than that, what sort of traffic have you pushed through it?

wankmaster · 2005-05-17, 04:44 PM

None, never really been used other than by me.

If people were to start using it, then it would be worth ironing out any glitches. Or maybe the whole premise is flawed, or maybe it won't stand up to a lot of traffic? I dont know.

Only way to develop anything like this is to have it used and the input of others to point out the flaws and help fix em.

The code is freely available so anyone who wants to improve or modify it, then that would be fine.

Oh and thanks for pointing out a few flaws already ;-)

2005-04-27, 08:34 PM	#1
Litwa A woman is like beer. They look good, they smell good, and you'd step over your own mother just to get one! Join Date: Feb 2005 Location: Poland Posts: 53	How to protect material&bandwidth from cheaters/stolen ? Hi, Can You halp me please? Some fuckers have stolen pics and bandwidth from my gallerys using site like this: http://fusker.lewww.com/index.php and http://cs5.chatropolis.com/middle/double_ds I found this urls on my host control panel. In one day visitors from fusker.lewww.com downloaded more bytes then sufers reffered from penisbot do in month (yes i'm a noob \|clown\| )So what should I do to protect my pics and bandwidth? My friend gave me a txt file .htacess RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^http://(www\.)?titshunters.com(/)?.$ [NC]RewriteRule .\.(gif\|jpg\|jpeg\|bmp\|wmv)$ http://www.titshunters.com/index.html [R,NC] is in enought? where should I keep this file? should I save it as .htacess or .htacess.txt or... what a hell should i do ?? Litwa __________________ One real world is enought ...

2005-04-27, 09:16 PM	#2
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	Post 60 has what we determined to be the real solution. http://www.greenguysboard.com/board/...864#post145864 http://www.greenguysboard.com/board/...em#faq_hotlink put it in .htaccess in your site, or, in your apache config file. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2005-04-28, 03:44 AM	#4
grzepa You can now put whatever you want in this space :) Join Date: Nov 2003 Posts: 980	sent you mine __________________ RATIOS SUCK ? - TRY REALITYCASH !

2005-04-28, 03:47 AM	#5
Litwa A woman is like beer. They look good, they smell good, and you'd step over your own mother just to get one! Join Date: Feb 2005 Location: Poland Posts: 53	thx a lot Guyes! hope it will stop them. Recived! __________________ One real world is enought ...

2005-05-04, 01:46 AM	#6
viktor Internet! Is that thing still around? Join Date: May 2005 Posts: 2	Not so sure... I just registered here because I'm interested in a similar topic. However, if I understand correctly, this method is very easy to circumvent. You are essentially having the server check the REFERER as it is sent by the client. The problem is that the client can send whatever they want, even one of your "valid" REFERER values. Google for spoofing referer [sic] and you will break this kind of "security" in 5 minutes.

2005-04-28, 02:06 AM	#3
Barron You tried your best and you failed miserably. The lesson is 'never try' Join Date: Oct 2004 Posts: 166	Litwa, Click on this link that cd34 provided. http://www.greenguysboard.com/board...tem#faq_hotlink Notice how it formated, each thing is on its own line. You want to create your file in a plain text editor like Notepad and upload in ASCII mode. In your post, the example you showed has your domain in the last line. You dont want to do that, you'll send the server into an endless loop. Use the example in the link above. Also, notice how cd34 spelled the name of the file: .htaccess For those that dont know, the period in front of the file name makes it a hidden file. -

2005-05-17, 04:02 PM	#7
wankmaster Just because I don't care doesn't mean I don't understand! Join Date: May 2005 Posts: 96	Tho you can spoof the referer not many people will bother. Most hotlinking is via an URL posed to a BBS. Anyway .htaccess won't protect video content as windows media player sends a blank referrer, and most .htaccess files allow a blank referrer, so no help there. Given that video is most costly in bandwidth that's what you need to protect. I came accross a similar thread in anther forum, people getting very hot under the collar about all the bandwidth stealing. Having been the victim of hotlinking myself I wrote a little script to stop it, and offered it to all those who were complaining about it. How many people used my script? 0 At the end of the day it was all hot air. People like to vent about it, but can't be assed to even install a simple script to stop it. On the slim chance that anyone is serious about wanting to stop bandwidth theft here's the link http://www.10minutetgp.com/nohotlink2/index.htm It's free. I don't want any payment, just a few hits or favors or a linkback if you use it and feel you'd like to return something. But I'm guessing no one will bother, and I'll see this same discussion over and over again. At the end of the day unless it becomes a REAL problem my advice is to ignore it, it soon goes away.

2005-05-17, 04:15 PM	#8
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	One thing you might want to take a look at -- you have Accept-Ranges: bytes set, but, you provide no mechanism for partial gets. you also set the Content-Header to text/plain which will break on non-IE machines. Other than that, what sort of traffic have you pushed through it? __________________ SnapReplay.com a different way to share photos - iPhone & Android

2005-05-17, 04:44 PM	#9
wankmaster Just because I don't care doesn't mean I don't understand! Join Date: May 2005 Posts: 96	None, never really been used other than by me. If people were to start using it, then it would be worth ironing out any glitches. Or maybe the whole premise is flawed, or maybe it won't stand up to a lot of traffic? I dont know. Only way to develop anything like this is to have it used and the input of others to point out the flaws and help fix em. The code is freely available so anyone who wants to improve or modify it, then that would be fine. Oh and thanks for pointing out a few flaws already ;-)