Greenguy's Board

Greenguy's Board (http://www.greenguysboard.com/board/index.php)
-   Programming & Scripting (http://www.greenguysboard.com/board/forumdisplay.php?f=15)
-   -   How to stop Fusker (http://www.greenguysboard.com/board/showthread.php?t=23095)

ponyman 2005-08-16 11:22 PM

How to stop Fusker
 
I have read a lot of the old threads about fusker, but I still could not get a straight answer to my question.

I'm seeing A LOT of fusker hotlinking in my stats. I'd like to put something in my .htaccess that will give them an image of my choice instead of the actual images they are trying to hotlink. Is this possible?

If not, what is a good .htaccess code to just not allow fusker to hotlink my pics?

cd34 2005-08-17 01:15 AM

hit FAQ up above. :)

or

The current thought on preventing sites like Fusker/UsefulIdiots/etc from hotlinking your graphics is the following set of rules in your .htaccess file.

If you want to disallow the empty referrer, you can remove the first line of the rule with the !^$ in it.

RewriteEngine on
# leave this line in allow empty referrers, remove to disallow empty referrers
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.*@)?([a-z0-9-]+\.)*yourdomain\.com(:[0-9]+)?(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.*@)?1\.2\.3\.4(:[0-9]+)?(/.*)?$
RewriteRule .*\.(asf|mpg|mpeg|wmv|avi|rm|gif|jpeg|jpg|zip)$ - [NC,F,L]

Halfdeck 2005-08-17 02:05 AM

Another thing you might try is to avoid using sequential numbers when naming your pics or directories.

Chop Smith 2005-08-17 02:07 AM

|thumb When did that cool feature get added to FAQ? Could turn into a great feature for GG&J folks.

juggernaut 2005-08-17 08:19 AM

Thanks helped me too. Took me a little while to figure it out but finnaly got it working. thanks

eskimoen 2005-08-17 11:38 AM

You can also use http://www.htaccesstools.com/hotlink-protection/ to create a .htaccess that disables hotlinking.

wankmaster 2005-08-17 02:55 PM

I just emailed them and asked them to stop. They emailed back and said "OK".
Then they stopped.

Don't know if this simple method still works tho.

ponyman 2005-08-17 05:35 PM

I found a page on their site that allows you to send them mail, supposedly to remove your sites from fusker. I don't know if it will work, or maybe just cause more fuskering?

Thanks CD34, that's just what I needed!

pornoTGB 2005-08-17 08:48 PM

I think the best way of protecting your files is by creating them dynamicly. Yes.. this does drive up the server-load but files are safe! No direct downloads, hotlinks..
Just put lets say your images into a htaccess-protected folder.
Make a new php-file in your root that you protect by handing over correct varaibles with the header of the desired file type.

for instance for a jpg you would want:
PHP Code:

header('Last-Modified: '.gmdate('D, d M Y H:i:s'$timestamp).' GMT');  header("Content-type: image/jpeg");    $im imagecreatefromjpeg("YOURIMAGE");    imagejpeg($im''100);  imagedestroy($im); 

in that file.. watch out that there is no text in the output! .. for a gif just exchange the content-type header to image/gif
Doing this with animated gifs is a bit more work..
a lot of help are the post on php.net when searching for a function.

cd34 2005-08-17 09:39 PM

How exactly does that script stop hotlinking?

pornoTGB 2005-08-17 10:42 PM

by handing over variables... lets say the IP and or timestamp..
now make the file you have the header in check if the info is correct.. tada..

check out http://joskeonline.com/~keepmyfi/
the real site (http://www.keepmyfile.com) only accepts small files for now since it just moved to a new server.. still have to set upload size in php.ini .. thats on my to-do-list for tomorrow
try hotlinking an uploaded image of yours (the real ones.. thumbs are intended for hotlinking)

wankmaster 2005-08-18 12:49 AM

I'm not sure that .htaccess can stop hotlinking.

Can someone post an url of a page that has the thumbs or images .htaccess protected and I'll see if I can get around it?

Jel 2005-08-18 03:54 AM

I use htaccess, feel free to see if mine works. Here's a page:

http://www.cfnmparty.co.uk/teen_orgy..._on_stage.html

wankmaster 2005-08-18 04:13 AM

Thanks, I'll give it a shot.

wankmaster 2005-08-18 04:25 AM

OK, there you go

http://www.sneakyskunk.com/hotlinker.htm

Jel 2005-08-18 04:38 AM

Well that's sneaky :D

OK, that's not normally how an image or list of them would be hotlinked, gimme 2 minutes.........

Jel 2005-08-18 04:49 AM

Nope, I'm flummoxed. So how do I prevent that then wankmaster?

wankmaster 2005-08-18 05:04 AM

Something like this thread appears on most of the webmaster boards about once week.

Lots of .htaccess solutions get posted, and everyone seems happy that they fixed the problem, which says to me it's not much of a problem.

.htaccess will deter the average surfer who posts your image links on surfer boards, and for that reason .htaccess is usually good enough, but the way the http protocol works it can be gotten around, and I don't think there is a .htaccess solution to the problem.

Someone may prove me wrong on this, in which case, good!

In any case the bigger problem is in protecting video files, as WindowsMediaPlayer sends a blank referrer ( I don't know if they changed this in the last few months, but at least when I looked at it that seemed the case ).

As I say I don't think it is a big problem, people just get hot under the collar because they got Fuskered. When it happened to me I just asked them to stop it and they did, which seems the easiest solution to me.

There are ways to stop hotlinking without .htaccess. There are packages on the market ( I don't know if they really work ), or your host will do it ( but they may charge a monthly fee ).

There are some scripting methods that will prevent hotlinking if it REALLY is an issue, but best not post these on a board.

.htaccess is "good enough".

pornoTGB 2005-08-18 06:11 AM

I might not have explained this right!
Put all you files that you want to protect in a password-protected folder.. so really no-one can access it. Now they are safe.. right?

Now make a script that can you can hand over like following variables:
filename or some kind of id for the file
dynamic variables like a timestamp and/or IP (so that the "link" to the file changes for each user)

here is a link to a page showing a picture: http://www.keepmyfile.com/imagelink.php?dl=2
try hotlinking it or downloading it (by direct-request) without any effords to add php code.. please keep in mind that I give access for 1 day.. so just ask someone else to check the source you get

for instance the link-source will look like this for me:
http://www.keepmyfile.com/pic.gif.ph...4336banner.gif
i have only taken out my IP

The security check for this site is not completed yet.. since just checking date and IP is inadequate... but you could perhaps md5-encode some kind of passphrase you make up with influence of dynamic factors and hand that value over..

try hotlinking to a file you uploaded on keepmyfile.com!

wankmaster 2005-08-18 07:06 AM

Quote:

Originally Posted by pornoTGB
I might not have explained this right!

Seemed a clear enough explination to me.

Maybe I didn't explain myself clearly enough?

You have a scripting solution, and that will work.

A pure .htaccess solution will not.

wankmaster 2005-08-18 07:27 AM

P.S.

I don't think md5 encyption is your best bet because won't you have to unencrypt the string at the other end? md5 is a one-way hash.

Better use RSA.

pornoTGB 2005-08-18 08:14 AM

@wankmaster.. yes.. pure .htaccess will not work..

thats the beautiful thing about md5.. its one way ;-)
so just do the same thing at the other end..
encrypt lets say timestamp combined with IP (or even data you save to your database) to md5
on the other end also get the time and IP and hash that.. if its the same data then hash will be the same --> aproved to download

I just posted this since there is no way to protect your files other than by script or some other server sided technike and wanted to give people an idea of how to realise a script-protection for your files

The only reason why I need my files protected so hard is that I have a file-hosting service and I want to show an add above the file to download / picture to view..

wankmaster 2005-08-18 08:19 AM

OK, but wont the timestamp differ between when you get it the first time, and the second time?

Another problem could be dynamic ip addresses, but I don't know if that will effect what you're trying to do or not.

pornoTGB 2005-08-18 08:49 AM

yes.. when hashing the timestamp it will be a problem.. (encrypting with RSA would be a good idea for that)
what I do is that I have set a time-offset (right now a day) that gets accepted.. just check if the timestamp is inbetween a certain time-span


when leaving the seconds away from the timestamp it should not be a problem since one page loads the dynamic pic right away when being loaded --> so no delay (or very little)

dynamic IPs are not a problem.. since the IP will always be the same when online.. it does not jump around during one online session..

dynamic proxies could be a problem --> IP does change
but I have not read up on that yet

wankmaster 2005-08-18 08:55 AM

OK, but I still don't know how you can check if the timestamp is within a time-offset if you can't unencrypt the original timestamp to check it?

Anyway you seem to have a good idea of what you want to achieve.

Good luck with your project.


All times are GMT -4. The time now is 08:24 AM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc