Quote:
Originally Posted by Vick!
Grouchy, being a server admin you tell these guys how a tube site owner can prevent such dirty little tricks.  |
I'm bored. I'll bite. There are tons of ways.
The easiest would be to just require registration; then, they've got direct user tracking; embed it into the rendered page data; then just check the access logs and use some heuristics for account auth.
There's HTTP_REFERER (sic) for FLV/FLA; easy to fake, though.
You could easily use a hash in the embed code for the player which obfuscates the path to the file, that's pretty trivial.
Another way would be to rebuild the system to put the file out of the access of the web root directory, and have a call to a ticket/auth system place a single symlink to the stream which expires upon load right once the stream starts 'streaming', so it doesn't work right when the file gets loaded. As the file handler 'stays' until the stream is done, that single request will work, but concurrent requests will fail unless done very, very, very, very quickly, again, supposing you can figure out how the auth system hashes.
There's plenty of ways to (over) engineer a system, but the easiest is still just blocking the thieves' IP address and analyzing the headers to see what sort of browser/etc it mimics to download the content.