Hotlinking Punishment - GoFuckYourself.com

Mojo Rizin · 02-18-2004, 12:01 PM

Some nice code from a good friend of mine.

.htaccess:
RewriteEngine on
RewriteRule ^(.*)\.gif$ /punisher.php?file=$1.gif [L]

punisher.php:
?
$localsite = "yoursitename.com";
$ref = getenv("HTTP_REFERER");

if ($ref != "" & !preg_match("/$localsite/i", $ref)) {
header("HTTP/1.0 302");
header("Location: $ref");
}
else {
/* This doesn't work for some reason */
header("Content-Type: image/gif");
@readfile("$file");
}
?>

What this will do is automatically img src a hotlinkers entire site. Obviously you need to add < before the first ? mark

Enjoy..

MichaelP · 02-18-2004, 12:03 PM

Thanks we'll try that

hova · 02-18-2004, 12:05 PM

sweeeeeeet

Roger · 02-18-2004, 12:06 PM

hehe nice but it is illegal to do that though

Mojo Rizin · 02-18-2004, 12:07 PM

When you test the code, it does not appear to work.. funny thing is keep checking the image source properties

Mojo Rizin · 02-18-2004, 12:09 PM

Quote:

Originally posted by Roger
hehe nice but it is illegal to do that though

A hotlinker has more rights then the server owner?

Definately a backwards society

XxXotic · 02-18-2004, 12:10 PM

Quote:

Originally posted by Roger
hehe nice but it is illegal to do that though

oh but it's legal for them to hotlink you to start with right? What? the site you img src is gonna report you to authorities for what? doing to them what they're doing to you?

Mojo Rizin · 02-18-2004, 12:11 PM

Quote:

Originally posted by XxXotic
oh but it's legal for them to hotlink you to start with right? What? the site you img src is gonna report you to authorities for what? doing to them what they're doing to you?

Exactly..

Roger · 02-18-2004, 12:12 PM

Quote:

Originally posted by Mojo Rizin

A hotlinker has more rights then the server owner?

Definately a backwards society

Well we don't live in a society that allows us to do ourselves justice. The cops and the courts are here for that.

Technically, yeah he can sue you.

Mojo Rizin · 02-18-2004, 12:17 PM

Quote:

Originally posted by Roger

Well we don't live in a society that allows us to do ourselves justice. The cops and the courts are here for that.

Technically, yeah he can sue you.

I would love to see a hotlinker take someone to court.. lol

SoundMan · 02-18-2004, 12:17 PM

just replace the hotmilnk image with somthing creative!

Project-Shadow · 02-18-2004, 12:18 PM

.. hmmm

RewriteRule ^(.*)\.gif$ /punisher.php?file=$1.gif [L]

That bit is the only bit that I find a bit wrong, what if someone is hotlinking say x.com/images/x.jpg

Would it not try to access x.com/images/punisher.php?

Correct me if i'm wrong it looks like a great script and I can't programme for shit just trying to clear this up

Mojo Rizin · 02-18-2004, 12:21 PM

Quote:

Originally posted by Project-Shadow
.. hmmm

RewriteRule ^(.*)\.gif$ /punisher.php?file=$1.gif [L]

That bit is the only bit that I find a bit wrong, what if someone is hotlinking say x.com/images/x.jpg

Would it not try to access x.com/images/punisher.php?

Correct me if i'm wrong it looks like a great script and I can't programme for shit just trying to clear this up

You obviously can customize as needed

JDog · 02-18-2004, 12:28 PM

But that doesn't work with Mozilla!

Mozilla can still see hotlinked images!

jDoG

Mojo Rizin · 02-18-2004, 12:30 PM

Quote:

Originally posted by JDog
But that doesn't work with Mozilla! Mozilla can still see hotlinked images!

jDoG

You look at the image properties?

JDog · 02-18-2004, 12:31 PM

It does work with people using IE, I'm not able to load the image on www.jdogsbitches.com from the other domain gallys.ezfreeporn.net but in Mozilla it will allow me to do it!

This is the hard part of referrer based hotlink protection! And that is what the hard part of hotlinking movies is, that WMP opens them with no referer at all!

Just my

But it is good code for any of you out there!

jDoG

JDog · 02-18-2004, 12:32 PM

Quote:

Originally posted by Mojo Rizin

You look at the image properties?

No, I know it works for IE, but every browser carries referer's differently!

jDoG

Mojo Rizin · 02-18-2004, 12:44 PM

Quote:

Originally posted by JDog

No, I know it works for IE, but every browser carries referer's differently!

jDoG

Let me look at what is wrong here, becasue I had it working fine with zilla and IE

JDog · 02-18-2004, 12:53 PM

Quote:

Originally posted by Mojo Rizin

Let me look at what is wrong here, becasue I had it working fine with zilla and IE

Referer based is totally weird but it does work with zilla for some things! Like fusker it works!

jDoG

VeriSexy · 02-18-2004, 03:20 PM

Don't do anything illegal, just redirect his hotlinking traffic to your sponsor. Much more productive

See Sig

hypnos · 02-18-2004, 04:09 PM

That is a dangerous piece of code. What if I request:

http://hostname/punisher.php?file=/etc/passwd

You guessed it! I can see all the valid users on your system. There are many other files I can see also.

Please don't use this code!!!

You should sanitize the vars before using them, or else you might get hacked

If I hadn't seen the code, it wouldn't be as easy to snoop your system. But smart hackers/crackers will test a bunch of stuff to see what works.

I hope everyone understands how serious this can be!

I'd edit this post Mojo and remove the code before others use it.

02-18-2004, 12:01 PM	#1
Mojo Rizin Confirmed User Join Date: Dec 2002 Location: Chandler, AZ Posts: 1,089	Hotlinking Punishment Some nice code from a good friend of mine. .htaccess: RewriteEngine on RewriteRule ^(.)\.gif$ /punisher.php?file=$1.gif [L] punisher.php: ? $localsite = "yoursitename.com"; $ref = getenv("HTTP_REFERER"); if ($ref != "" & !preg_match("/$localsite/i", $ref)) { header("HTTP/1.0 302"); header("Location: $ref"); } else { / This doesn't work for some reason */ header("Content-Type: image/gif"); @readfile("$file"); } ?> What this will do is automatically img src a hotlinkers entire site. Obviously you need to add < before the first ? mark Enjoy.. __________________ Start Making Reel Profits Today! VOIP Technology Is NOW

02-18-2004, 12:05 PM	#3
hova Traffillionaire Industry Role: Join Date: Jan 2002 Location: ICQ:209371571 Posts: 22,430	sweeeeeeet __________________ http://traffillions.com/ Sign up and get lifetime revshare on your traffic

02-18-2004, 12:07 PM	#5
Mojo Rizin Confirmed User Join Date: Dec 2002 Location: Chandler, AZ Posts: 1,089	When you test the code, it does not appear to work.. funny thing is keep checking the image source properties __________________ Start Making Reel Profits Today! VOIP Technology Is NOW

02-18-2004, 12:28 PM	#14
JDog Confirmed User Join Date: Feb 2003 Location: Canby, OR Posts: 7,453	But that doesn't work with Mozilla! Mozilla can still see hotlinked images! jDoG __________________ NSCash now powering ReelProfits.com ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash NOW OFFERING OVER 60 SITES CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

02-18-2004, 12:31 PM	#16
JDog Confirmed User Join Date: Feb 2003 Location: Canby, OR Posts: 7,453	It does work with people using IE, I'm not able to load the image on www.jdogsbitches.com from the other domain gallys.ezfreeporn.net but in Mozilla it will allow me to do it! This is the hard part of referrer based hotlink protection! And that is what the hard part of hotlinking movies is, that WMP opens them with no referer at all! Just my But it is good code for any of you out there! jDoG __________________ NSCash now powering ReelProfits.com ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash NOW OFFERING OVER 60 SITES CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

02-18-2004, 12:03 PM	#2
MichaelP Registered User Industry Role: Join Date: Aug 2003 Location: QWEBEC Corporate Office Posts: 7,124	Thanks we'll try that

02-18-2004, 12:06 PM	#4
Roger Confirmed User Industry Role: Join Date: Jul 2003 Location: MetroCity Posts: 3,181	hehe nice but it is illegal to do that though

02-18-2004, 12:17 PM	#11
SoundMan So Fucking Banned Join Date: Nov 2003 Location: MidWest Posts: 3,471	just replace the hotmilnk image with somthing creative!

02-18-2004, 12:18 PM	#12
Project-Shadow Confirmed User Industry Role: Join Date: Feb 2003 Posts: 7,340	.. hmmm RewriteRule ^(.*)\.gif$ /punisher.php?file=$1.gif [L] That bit is the only bit that I find a bit wrong, what if someone is hotlinking say x.com/images/x.jpg Would it not try to access x.com/images/punisher.php? Correct me if i'm wrong it looks like a great script and I can't programme for shit just trying to clear this up

02-18-2004, 03:20 PM	#20
VeriSexy Join The Royal Family Join Date: Apr 2002 Posts: 25,463	Don't do anything illegal, just redirect his hotlinking traffic to your sponsor. Much more productive See Sig __________________ Looking for a KICK ASS TEEN SPONSOR? Check out ROYAL CASH - THE KING OF TEEN! Incredible webmaster tools FHGs, Morphing Blog and RSS Feeds, Embedded FLV & WMV Videos. With TOP RATIO Sites like TeenStarsOnly.com - Earn $$ with our New Site & Bonus Payouts!! ATMovs.com \| iTeenVideo.com \| TeenSexMovs.com \| TeenSexMania.com

02-18-2004, 04:09 PM	#21
hypnos Registered User Join Date: Aug 2001 Posts: 6	That is a dangerous piece of code. What if I request: http://hostname/punisher.php?file=/etc/passwd You guessed it! I can see all the valid users on your system. There are many other files I can see also. Please don't use this code!!! You should sanitize the vars before using them, or else you might get hacked If I hadn't seen the code, it wouldn't be as easy to snoop your system. But smart hackers/crackers will test a bunch of stuff to see what works. I hope everyone understands how serious this can be! I'd edit this post Mojo and remove the code before others use it.