Programs: Lock up your servers against Fusker

RawAlex · 2005-03-29, 05:37 PM

Wenchy, I wouldn't put the long list except possibly inside a member's area, or an area that has high quantities of content, or possibly on key personal link areas (where many of your own sites are listed). Otherwise it's a ton of work for very little return, IMHO.

As for the "blocking fusker", the code you listed blocks ALL attempts to reach your images by a third party. If you want to allow things like google or yahoo to index your images, you need to let them in.

The alternate route is to specifically block all access from certain domains. You can do this on a more global level (either at the root level of your webserver, or in the webserver config). This could become a long list, so it really is up to you how you decide to handle it.

Either way, making your sites unfriendly to Fusker is an important move.

Alex
Alex

Wenchy · 2005-03-29, 05:53 PM

Thanks, Alex; sounds like excellent advice.

I'd prefer to allow google, yahoo, etc., and logic dictates I do that by using...

RewriteCond %{HTTP_REFERER} !^http://(.*@)?([a-z0-9-]+\.)*yourdomain\.com(:[0-9]+)?(/.*)?$ [NC]

... and replacing "yourdomain" with the appropriate SE domain.

Back in the day I was the victim of a hotlinker (japanese, I think) and it cost me a fortune in BW. I'm on a mad quest to prevent a repeat of those events whenever and by what ever means possible. I prefer to only have my nightmares when I'm sleeping |shocking|

Appreciate the assistance! |cool|

jmf000 · 2005-04-01, 10:00 AM

I just wonder would the condition
RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9A-Z]+\.)*yourdomain\.com(/|$|:[0-9])
work faster than
RewriteCond %{HTTP_REFERER} !^http://(([a-z0-9-]+\.)+)?yourdomain.com(:[0-9]+)?(/.*)?$ [NC]
since it is unlikely subdomains contain uppercases.
I hope it will provide adequate security.
And by the way as I recall Domains are case sensitive (potentially).

And one more clue : I would not place .htaccess with such antihotlinking technics in the root of domain. Instead I would place it in the subdirectory(ies) under which "real heavy" content resides. So leachers still could see your hosted banners linked to sponsors but not actual images/video.

Thanks for your time.

raymor · 2005-03-29, 07:24 PM

That long anti-ripper .htaccess is bad/wrong
in at least a couple ways. All of those rules will
impact performance. Even with all of those rules,
though, it's not nearly complete, so it won't block
more than half of the rippers.
The first rule of security is to disallow everything
that isn't specifically allowed.
That .htaccess violates that rule, leading to
the two problems I mentioned.
Rather, it would be better to list the 3 or 4 user agents
that are allowed and disallow everything else.
You'd allow IE, the Gecko browsers (Mozilla, Firefox and Safari are all Gecko and
thus would probably use just one rule),
Opera and perhaps you'd come up with a couple more.
Anything besides IE, Firefox, Safari, Mozilla, and Opera would be redirected.
Of course you may wish to also allow the main SE spiders.

This also has the inherent flaw that you're
assuming one thing based on another thing,
and in fact based on what the user tells you.
The major rippers will let the user set the User-agent
however they want, so just because it
SAYS it's IE doesn't mean that it is.
In fact several rippers are IE based and will therefore report as IE.
On the other hand some people using IE, Mozilla, or Firefox set their user-agent
to something else, such as "None of Your Business Version 0".
But in fact it's not the software name that you're
concerned with, it's a particular BEHAVIOR of the software.
So why not blocked based on that behavior?
That's what Strongbox does. Strongbox blocks
anyone who goes ripping your site, blindly following every single link.
On the other hand it does not block any browser where
the user actually clicks on the links.
THAT is what you really want to block, so that's
what Strongbox looks at, rather than the reported
name of the software.

Verbal · 2005-04-01, 11:41 AM

Quote:

Originally Posted by raymor

Rather, it would be better to list the 3 or 4 user agents that are allowed and disallow everything else.

This is some sound advice right here, instead of maintaining a huge blocked list.

airdick · 2005-03-29, 10:40 PM

Quote:

Originally Posted by RawAlex

As for the "blocking fusker", the code you listed blocks ALL attempts to reach your images by a third party. If you want to allow things like google or yahoo to index your images, you need to let them in.

Alex

I have always denied hotlinking and never added any special rules to allow google or yahoo, but I have images that are indexed in images.google.com and images.yahoo.com. My thumbnails that appear on those sites are not hotlinked -they are hosted on google & yahoo's servers and each thumb links to the page that that it was taken from, much like a thumbnail tgp.

2005-03-29, 05:53 PM	#2
Wenchy Trying is the first step towards failure Join Date: Jan 2005 Location: Mile High City Posts: 120	Thanks, Alex; sounds like excellent advice. I'd prefer to allow google, yahoo, etc., and logic dictates I do that by using... RewriteCond %{HTTP_REFERER} !^http://(.@)?([a-z0-9-]+\.)yourdomain\.com(:[0-9]+)?(/.)?$ [NC] ... and replacing "yourdomain" with the appropriate SE domain. Back in the day I was the victim of a hotlinker (japanese, I think) and it cost me a fortune in BW. I'm on a mad quest to prevent a repeat of those events whenever and by what ever means possible. I prefer to only have my nightmares when I'm sleeping \|shocking\| Appreciate the assistance! \|cool\| __________________ I was thinking of the immortal words of Socrates, who said, "I drank what?"*

2005-03-29, 07:24 PM	#4
raymor The only guys who wear Hawaiian shirts are gay guys and big fat party animals Join Date: Jan 2004 Posts: 178	That long anti-ripper .htaccess is bad/wrong in at least a couple ways. All of those rules will impact performance. Even with all of those rules, though, it's not nearly complete, so it won't block more than half of the rippers. The first rule of security is to disallow everything that isn't specifically allowed. That .htaccess violates that rule, leading to the two problems I mentioned. Rather, it would be better to list the 3 or 4 user agents that are allowed and disallow everything else. You'd allow IE, the Gecko browsers (Mozilla, Firefox and Safari are all Gecko and thus would probably use just one rule), Opera and perhaps you'd come up with a couple more. Anything besides IE, Firefox, Safari, Mozilla, and Opera would be redirected. Of course you may wish to also allow the main SE spiders. This also has the inherent flaw that you're assuming one thing based on another thing, and in fact based on what the user tells you. The major rippers will let the user set the User-agent however they want, so just because it SAYS it's IE doesn't mean that it is. In fact several rippers are IE based and will therefore report as IE. On the other hand some people using IE, Mozilla, or Firefox set their user-agent to something else, such as "None of Your Business Version 0". But in fact it's not the software name that you're concerned with, it's a particular BEHAVIOR of the software. So why not blocked based on that behavior? That's what Strongbox does. Strongbox blocks anyone who goes ripping your site, blindly following every single link. On the other hand it does not block any browser where the user actually clicks on the links. THAT is what you really want to block, so that's what Strongbox looks at, rather than the reported name of the software. __________________ Ray Morris support@bettercgi.com Strongbox/Throttlebox & more TXDPS #A14012

2005-03-29, 05:37 PM	#1
RawAlex Took the hint. Join Date: Mar 2003 Posts: 5,597	Wenchy, I wouldn't put the long list except possibly inside a member's area, or an area that has high quantities of content, or possibly on key personal link areas (where many of your own sites are listed). Otherwise it's a ton of work for very little return, IMHO. As for the "blocking fusker", the code you listed blocks ALL attempts to reach your images by a third party. If you want to allow things like google or yahoo to index your images, you need to let them in. The alternate route is to specifically block all access from certain domains. You can do this on a more global level (either at the root level of your webserver, or in the webserver config). This could become a long list, so it really is up to you how you decide to handle it. Either way, making your sites unfriendly to Fusker is an important move. Alex Alex

2005-04-01, 10:00 AM	#3
jmf000 WHO IS FONZY!?! Don't they teach you anything at school? Join Date: Sep 2003 Posts: 43	I just wonder would the condition *RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9A-Z]+\.)yourdomain\.com(/\|$\|:[0-9]) work faster than RewriteCond %{HTTP_REFERER} !^http://(([a-z0-9-]+\.)+)?yourdomain.com(:[0-9]+)?(/.)?$ [NC]* since it is unlikely subdomains contain uppercases. I hope it will provide adequate security. And by the way as I recall Domains are case sensitive (potentially). And one more clue : I would not place .htaccess with such antihotlinking technics in the root of domain. Instead I would place it in the subdirectory(ies) under which "real heavy" content resides. So leachers still could see your hosted banners linked to sponsors but not actual images/video. Thanks for your time.