|
|
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
2009-04-14, 11:57 AM | #1 |
I can now put whatever you want in this space :)
Join Date: Mar 2009
Location: Merica!
Posts: 543
|
Are people stealing your bandwidth by hotlinking you Vids?
If you are running a blog with embedded vids, it is damn near impossible to stop hot linking goddamn theives from also embedding your vids unless you deny all viewers without a referrer. After some lengthy thought I came up with an idea that may help alleviate the problem. If anyone wants the solution, message me and I'll fill you in. It may not be the best solution available, but its the best I could think of. No, it doesn't cost anything and it isn't some sort of shit I'm promoting. It isn't foolproof, but nothing is.
Also you might note, it will deter hotlinking fuckers from using jscript to hijack your bandwidth by using your images too. This is a public service announcement with the intent of stopping goddamn thieving hotlinkers. You may now return to your previously scheduled activities. Last edited by nate; 2009-04-14 at 11:58 AM.. Reason: grammar |
2009-04-14, 12:03 PM | #2 |
I can now put whatever you want in this space :)
Join Date: Mar 2009
Location: Merica!
Posts: 543
|
addnedum:
come to think of it, if you deny all viewers without a referrer, nobody will see the vids embedded in your site, unless your player somehow gives a referrer (mine dont). So don't just willy-nilly deny people without referrers!! You will be denying all your legit viewers. I just thought I'd add that, my solution to hotlinkers isnt related to referrers anyway. |
2009-04-14, 12:12 PM | #3 |
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
http://redmine.lighttpd.net/projects...BeforeDownload
http://trafficguardian.com/ (anti hotlinking) TrafficGuardian worked pretty well with apache until his hosting went down or his domain expired. Every morning when logs rotated, apache had to check in with his server for authorization. That might have changed and his site appears to be up now. Another trick people use is to write a cookie on the page then use mod_rewrite to check for the existence of that cookie to determine whether to serve the media. Some browsers spawn a helper player that doesn't have access to those cookies. The other thing I have noticed is that a lot of the rewrite rules have gotten away from specifics, allowing specially crafted urls to contain enough of the url pattern to match the referrer. And there is good hotlinking, so, make sure your system accounts for that.
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
2009-04-14, 12:35 PM | #4 | |
Certified Nice Person
|
Quote:
In order for it to be a public service announcement, you'd have to ANNOUNCE IT PUBLICLY. If someone wants to PM this guy and post his idea in this thread, I'll give you 5 cents on Epasssporte.
__________________
Click here to purchase a bridge I'm selling. |
|
2009-04-14, 12:57 PM | #5 | |
I can now put whatever you want in this space :)
Join Date: Mar 2009
Location: Merica!
Posts: 543
|
Quote:
I'll post the gist of it. rewrite your .htaccess in your /videos subdirectory everytime a surfer hits your page header to include his IP. if his IP isnt in the htaccess he gets denied when he tries to view whatever the hotlinker tried to steal with his nifty jscript player. I didnt want to post it on a board because it might aid the goddamn hotlinking thieves in figuring out why they cant steal your shit. Is that public enough? Or do you also want me to post the 7 lines of PHP code you include in the header as well? LOL. This is what you get for trying to help people out. |
|
2009-04-14, 01:10 PM | #6 | |
I can now put whatever you want in this space :)
Join Date: Mar 2009
Location: Merica!
Posts: 543
|
Quote:
I also read something about trip pages under lighttpd, but havent had time to reallly look into it. Is that what you were referring to? That was one of the ideas I was going to look into further, as well as some weird iptables and proxy stuff, but the idea to dynamically rewrite the .htaccess for allow/deny was a whole lot simpler, at least under apache. |
|
2009-04-14, 01:15 PM | #7 | |
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
Quote:
Good thing I had a great host that got me running again right away. |
|
2009-04-14, 02:32 PM | #8 | |
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
Quote:
lighttpd removes quite a few capabilities that apache includes by default and lighttpd starts as a stripped down server. Apache is by no means a great performer, but, it is consistent, has a huge installed base, and everyone writes software expecting all of the things that would normally be present in an apache environment. As for your idea, verifying a cookie, trigger before download and trafficguardian, there is a very, very simple way to bypass those protections which makes those methods somewhat fruitless to someone determined to hotlink the sites. Short of some very specific cases, not using apache will add headaches down the line. If you liked lighttpd, check nginx. If you're looking for something relatively seamless to make apache quicker, check varnish. I'll warn you -- once you step off the path from apache, you either have to change the way you work, or spend a lot of time making them work the way you do. And while they all claim to have somewhat sane defaults, those defaults are nowhere near production quality. Just to give you an idea: ab -n 10000 -c 50 http://66.55.44.33/info.php nginx, Requests per second: 320.79 [#/sec] (mean) apache mpm-worker, Requests per second: 320.65 [#/sec] (mean) lighttpd, Requests per second: 278.49 [#/sec] (mean) varnish, Requests per second: 3391.36 [#/sec] (mean) (varnish cached the response and answered the request out of the cache. Depending on your site, php isn't cacheable since Wordpress and others stuff expire times in there to require that the page be generated on every pageload. Yes, you can tell varnish to ignore that.) info.php is just <?php phpinfo();?> 71k .jpg image nginx, Requests per second: 3505.96 [#/sec] apache mpm-worker, Requests per second: 814.97 [#/sec] apache mpm-worker with allowoverride turned off: Requests per second: 2488.22 [#/sec] (mean) lighttpd, Requests per second: 3819.69 [#/sec] (had 17 failed to serves) varnish, Requests per second: 3012.98 [#/sec] There's another test that I did on throughput -- lighttpd actually serves files slower than each of the others. 100mb file took longer to download on lighttpd than it did on the other three. So, lighttpd dropped 17 requests out of 10000 and serves slower on long files than the others. Granted a benchmark is a crude test, but, it gives you some idea. So, if you're out for true performance, you've already swapped out apache-mpm-prefork for apache-mpm-worker. Or, if you like to live on the edge (no pun intended), you might be using mpm-event. If you're still using prefork and comparing that to lighttpd and have overrides set and mod_status and the dozen other apache modules still installed, then its not really a fair test. Apache does extremely well until you start pushing 70-80mb/sec or get close to 1000 requests per second. If you like to use server side includes, varnish has Edge Side Includes which are extremely powerful. Sort of diverted from the original post.
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
|
2009-04-14, 02:44 PM | #9 |
I can now put whatever you want in this space :)
Join Date: Mar 2009
Location: Merica!
Posts: 543
|
|
2009-04-14, 04:11 PM | #10 | |
If something's hard to do, then it's not worth doing
Join Date: Sep 2008
Location: Berlin, Germany
Posts: 247
|
Quote:
Waiting for 2.0 really Anyway back to the regularly scheduled thread...
__________________
What's blue and not heavy? |
|
2009-04-14, 05:21 PM | #11 |
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
lighttpd is bound by core due to their spinlocks. Their core is not properly threaded and they hacked together a solution that works most of the time. When it was written, we didn't have that many SMP or Hyperthreaded machines. They also don't use some of the hooks in the kernel that other solutions use. With cpu affinity and pinning interfaces, you can work around that, or, you can use nginx without all that mess. But, nginx isn't without its quirks either.
I've heard, mpm-worker and mod_perl don't get along but I've not done enough mod_perl to really run into it. I really don't understand why perl would have a problem with mpm-worker since worker only uses pthreads and perl has been threadsafe for years. It is possible that cpan modules are not threadsafe which would cause problems. There are a bunch of potential solutions and its a matter of finding the right tool for the job. Apache isn't all things to all people -- it is about the most flexible, most generic solution and properly tuned will give the performance that 90% of the people out there will be happy with. mpm-prefork doesn't fall too far behind mpm-worker in most situations. Measure the tradeoffs, make the decision as to which way to head. The task dictates the solution -- or something like that.
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
2009-04-15, 01:09 AM | #12 | |||
If something's hard to do, then it's not worth doing
Join Date: Sep 2008
Location: Berlin, Germany
Posts: 247
|
Quote:
Quote:
Quote:
My regular setup is lighty -> fastcgi which does sort of alleviate the core bound problem since lighty just sits there forwarding things and all the heavy lifting comes off the fastcgi instances
__________________
What's blue and not heavy? |
|||
|
|