Prevent and Profit from VIDEO hotlinking.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • SmokeyTheBear
    ►SouthOfHeaven
    • Jun 2004
    • 28609

    #1

    Prevent and Profit from VIDEO hotlinking.

    ok heres a simple way , feel free to modify it.. if you know of any other tricks , feel free to let me know

    Save the following as index.php and put it in a folder with your videos

    Code:
    <?php
    $mov = $_GET['x'];
    
    echo "<center>Add an advertisement here - dont use quotes<br><embed src=$mov.wmv></embed>";
    ?>
    ( if your using mpg/avi videos change the code to mpg/avi in both files)

    ok now make a new folder in your main directory, save the following as .htaccess ( modify the url to point to the directory with your videos )
    Code:
    Options +FollowSymlinks
     RewriteEngine on
     RewriteRule ^(.*)\.wmv http://yoursite.com/videos/index.php?x=$1 [nc]
    ok now what this will do is , when you call a video or someone hotlinks a video it will call the video and display it in an html page so you can add advertising and such..

    Now keep in mind this doesnt actually prevent hotlinking all it does is rewrite the request to a different folder , so if you try to get http://yourserver.com/protected/video.wmv it would get the video from a different folder and write it into an html file.. the end video is still unprotected , so if someone views source of the html they can simply get the redirected movie url

    BUT heres what you do.. you can simply rename the folder with your protected videos then change the .htaccess file to reflect that every so often , you dont have to change any of your links as they will just be redirected to the new folder without any changes on your part

    synopsis.

    If you normally had a link like http://yourserver.com/1/video.wmv it will rewrite it as http://yourserrver.com/2/video.wmv , embed it in a page so you can add advertising , if the hotlinkers ever find where the true video resides you can simply rename the destination folder without having to change any exisiting links on your page , (i.e. you can link using http://yourserver.com/1/video.wmv and never have to change it regardless of where the real videos reside )
    hatisblack at yahoo.com
  • Juicy D. Links
    So Fucking Banned
    • Apr 2001
    • 122992

    #2
    bumpooooooooooooo

    Comment

    • Manowar
      jellyfish  
      • Dec 2003
      • 71528

      #3
      good stuff smokey

      Comment

      • fris
        Too lazy to set a custom title
        • Aug 2002
        • 55689

        #4
        ya video hotlinking you will need actual software or write your own module. cause when linking videos sometimes it sends blank refer, fake refer, or anything different with images, i pay for antihotlinking.com great software.
        Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

        Comment

        • SmokeyTheBear
          ►SouthOfHeaven
          • Jun 2004
          • 28609

          #5
          Originally posted by fris
          ya video hotlinking you will need actual software or write your own module. cause when linking videos sometimes it sends blank refer, fake refer, or anything different with images, i pay for antihotlinking.com great software.
          this is true..

          With this method though you get the added benefit from people that "think" they are hotlinking your videos but they are actually helping you make some profit.. and it works about the same way as true anti-hotlinking methods other than you have to do a little modification every now and then to keep the clever people away
          Last edited by SmokeyTheBear; 02-28-2006, 07:53 AM.
          hatisblack at yahoo.com

          Comment

          • u-Bob
            there's no $$$ in porn
            • Jul 2005
            • 33063

            #6
            or you could do some crazy shit with swf + php + flv + cookies + some js.

            Comment

            • woj
              <&(©¿©)&>
              • Jul 2002
              • 47882

              #7
              you can do similar setup to turn jpegs into jpegs on html
              Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
              Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
              Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

              Comment

              • SmokeyTheBear
                ►SouthOfHeaven
                • Jun 2004
                • 28609

                #8
                p.s. thehun likely wont accept a gallery using this anti-hotlink method because the script wont be able to detect if theres actual movies on the gallery ( because the requests would be handled by the php file ) ..

                You could still use this method though by changing the php to redirect directly to the video instead of creating an html page to ebmed it into. This way your gallery will still get accepted.. ( you would then be just as prone to hotlinking, BUT you can change the destination video folder with one line of code instead of changing all the html files..

                example if i made 200 hun galleries and each one had 4 videos on it.. like < a href=http://yoursite.com/hotlink/1-a.wmv>1</a>

                the real video would be in http://yoursite.com/differentfolder/1-a.wmv redirected using the htaccess , now if people started hotlinking your vids you simply change the destination folder to yoursite.com/newfolder, then change the 1 line of htaccess and you dont have to change 800 links on all the html pages.. its done with one simple edit.
                hatisblack at yahoo.com

                Comment

                • SmokeyTheBear
                  ►SouthOfHeaven
                  • Jun 2004
                  • 28609

                  #9
                  Originally posted by woj
                  you can do similar setup to turn jpegs into jpegs on html
                  or any file for that matter , flash files etc..
                  hatisblack at yahoo.com

                  Comment

                  • sfera
                    Confirmed User
                    • Aug 2005
                    • 8597

                    #10
                    cool stuff man

                    Comment

                    • SmokeyTheBear
                      ►SouthOfHeaven
                      • Jun 2004
                      • 28609

                      #11
                      so if you wanted to get your galleries listed on the hun and cant use the above method because the script doesnt allow. then it use this.

                      If people start hotlinking the videos , all you have to do is rename the folder with the videos and change this one php line to reflect the new folder name , without having to change the html in the galleries
                      Code:
                      <?php
                      $mov = $_GET['x'];
                      header("Location: http://yoursite.com/realvideofolder/$mov.wmv");
                      ?>

                      p.s. you would use the same htaccess from above as well.
                      hatisblack at yahoo.com

                      Comment

                      • BlingDaddy
                        Confirmed User
                        • Apr 2004
                        • 6343

                        #12
                        Wicked info.
                        Every Day... Bling Daddy's Masturbation Station!
                        Bling Daddy's Masturbation Station!

                        The Daily Bag of Douche - Humor at it's FINEST.

                        Comment

                        • austinth
                          Confirmed User
                          • Jul 2002
                          • 1770

                          #13
                          smokey is one of the few posters here that actually has incredible info and tips to share. Thanks Smokey!!
                          Get A $25 Circuit City GIFT Card - FREE!

                          Comment

                          • austinth
                            Confirmed User
                            • Jul 2002
                            • 1770

                            #14
                            your last cloaking code works very well!
                            Get A $25 Circuit City GIFT Card - FREE!

                            Comment

                            • SmokeyTheBear
                              ►SouthOfHeaven
                              • Jun 2004
                              • 28609

                              #15
                              p..s. if anyone needs some help or modification feel free to hit me up on icq and i will walk you through it, its very simple , i'm not always on , but if i'm not doing anything im glad to help..
                              hatisblack at yahoo.com

                              Comment

                              • SmokeyTheBear
                                ►SouthOfHeaven
                                • Jun 2004
                                • 28609

                                #16
                                Originally posted by austinth
                                smokey is one of the few posters here that actually has incredible info and tips to share. Thanks Smokey!!
                                hey thanks a bunch man , its nice to know people appreciate it..
                                hatisblack at yahoo.com

                                Comment

                                • chase
                                  Confirmed User
                                  • Jul 2004
                                  • 6019

                                  #17
                                  Awesome! Where's Hal with his Flash of Fucking Brilliance award?
                                  Need Hosting? Reality Check Network services me purrrfectly!

                                  Comment

                                  • Rui
                                    web
                                    • Dec 2001
                                    • 9533

                                    #18
                                    Great stuff one of the best GFY threads of 2006 ;)

                                    Comment

                                    • 4Pics
                                      Confirmed User
                                      • Dec 2001
                                      • 7952

                                      #19
                                      Isn't the $_GET part bad for security?

                                      I can pass whatever I want to the variable.

                                      Comment

                                      • 4Pics
                                        Confirmed User
                                        • Dec 2001
                                        • 7952

                                        #20
                                        like blah x=http://www.spywaresite.com/?.wmv

                                        so when you add the ? it pretty much ignores the .wmv right?

                                        Comment

                                        • SmokeyTheBear
                                          ►SouthOfHeaven
                                          • Jun 2004
                                          • 28609

                                          #21
                                          Originally posted by 4Pics
                                          Isn't the $_GET part bad for security?

                                          I can pass whatever I want to the variable.
                                          This is true im new at php

                                          change the abopve code to the following to be more secure

                                          Code:
                                          <?php
                                          $mov = $_GET['x'];
                                          $mov = strip_tags($mov);
                                          echo "<center>add any html here dont use double quotes<embed src=$mov.mpg></embed>";
                                          ?>
                                          hatisblack at yahoo.com

                                          Comment

                                          • SmokeyTheBear
                                            ►SouthOfHeaven
                                            • Jun 2004
                                            • 28609

                                            #22
                                            Code:
                                            <?php
                                            $mov = $_GET['x'];
                                            $mov = strip_tags($mov);
                                            $url = "http://yoursite.com/header.html";
                                            $html = file_get_contents($url);
                                            echo "$html<br><center><embed src=$mov.mpg></embed>";
                                            ?>
                                            heres a better version .. this way you can just add a header to every video , put whatever html you want in the header page and it will be put above the video.. so you can customize the output page a little better
                                            hatisblack at yahoo.com

                                            Comment

                                            • Jace
                                              FBOP Class Of 2013
                                              • Jan 2004
                                              • 35562

                                              #23
                                              smokey, I love that you are learning html man....you have been posting some cool shit lately with your new knowledge

                                              I can't wait to see what you will be doing in a years time with it

                                              Comment

                                              • Brujah
                                                Beer Money Baron
                                                • Jan 2001
                                                • 22157

                                                #24
                                                Smokey, just some info to pass along, in case you're interested.

                                                You can look into preg_match to clean variables or test them also. Will come in especially handy if you learn regex's or know a little about them already.

                                                www.php.net/preg_match

                                                Code:
                                                So then: page.php?test=filename.mpg would pass
                                                but page.php?test=`cat /etc/passwd`;etc..whatever-movie.mpg would fail.

                                                Code:
                                                if( !preg_match('/^([A-Z0-9\ \-]+)\.mpg$/i',$_GET['test'],$m) ) {
                                                        print '<span style="color:red">Test Failed. Not Allowing.</span>';
                                                } else {            
                                                        print '<span style="color:blue">Passed</span>: '.$m[0];            
                                                }

                                                Comment

                                                • Spunky
                                                  I need a beer
                                                  • Jun 2002
                                                  • 133986

                                                  #25
                                                  Thanks for the tip man

                                                  Comment

                                                  • fris
                                                    Too lazy to set a custom title
                                                    • Aug 2002
                                                    • 55689

                                                    #26
                                                    Originally posted by woj
                                                    you can do similar setup to turn jpegs into jpegs on html
                                                    i am looking for that solution on an opendir. cant seem to get it working.
                                                    Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                                                    Comment

                                                    • SmokeyTheBear
                                                      ►SouthOfHeaven
                                                      • Jun 2004
                                                      • 28609

                                                      #27
                                                      Originally posted by Brujah
                                                      Smokey, just some info to pass along, in case you're interested.

                                                      You can look into preg_match to clean variables or test them also. Will come in especially handy if you learn regex's or know a little about them already.

                                                      www.php.net/preg_match

                                                      Code:
                                                      So then: page.php?test=filename.mpg would pass
                                                      but page.php?test=`cat /etc/passwd`;etc..whatever-movie.mpg would fail.

                                                      Code:
                                                      if( !preg_match('/^([A-Z0-9\ \-]+)\.mpg$/i',$_GET['test'],$m) ) {
                                                              print '<span style="color:red">Test Failed. Not Allowing.</span>';
                                                      } else {            
                                                              print '<span style="color:blue">Passed</span>: '.$m[0];            
                                                      }
                                                      Thanx im a little new to php , since you seem to be a litle better, can i ask , the way i revised it will be fine right ? the way you did it is obviously better but mine would work right ? like as far as not accepting dangerous code it would just make the page invalid if someone tried x=filenam><br><hr><script>alert('hi')</script> i tried a few combo's couldnt find anything that looked langerous

                                                      like using you method if someone tried to introduce bad string it would fail using mine it wouldnt show bad stuff , but the page just might not work right ..?
                                                      Last edited by SmokeyTheBear; 02-28-2006, 04:29 PM.
                                                      hatisblack at yahoo.com

                                                      Comment

                                                      • SmokeyTheBear
                                                        ►SouthOfHeaven
                                                        • Jun 2004
                                                        • 28609

                                                        #28
                                                        i did find an interesting side note though while testing bad string as input ..

                                                        if you make a page with <embed src=video></embed> with no file extension , and have a video in the directory named video.mpg , it will play fine.. starnge
                                                        hatisblack at yahoo.com

                                                        Comment

                                                        • SmokeyTheBear
                                                          ►SouthOfHeaven
                                                          • Jun 2004
                                                          • 28609

                                                          #29
                                                          i did find an interesting side note though while testing bad string as input ..

                                                          if you make a page with <embed src=video></embed> with no file extension , and have a video in the directory named video.mpg , it will play fine.. starnge
                                                          hatisblack at yahoo.com

                                                          Comment

                                                          • Brujah
                                                            Beer Money Baron
                                                            • Jan 2001
                                                            • 22157

                                                            #30
                                                            Originally posted by SmokeyTheBear
                                                            Thanx im a little new to php , since you seem to be a litle better, can i ask , the way i revised it will be fine right ? the way you did it is obviously better but mine would work right ? like as far as not accepting dangerous code it would just make the page invalid if someone tried x=filenam><br><hr><script>alert('hi')</script> i tried a few combo's couldnt find anything that looked langerous

                                                            like using you method if someone tried to introduce bad string it would fail using mine it wouldnt show bad stuff , but the page just might not work right ..?
                                                            I'm not sure offhand, if there's anything they could really do with this specific use. If you wanted tho, you could ...

                                                            REPLACE THIS:
                                                            Code:
                                                            $mov = $_GET['x'];
                                                            $mov = strip_tags($mov);
                                                            WITH THIS:
                                                            Code:
                                                            if( preg_match('/^([a-z0-9\ \-]+)\.mpg$/i',$_GET['x'],$m) ) {
                                                             $mov = $m[0];
                                                            }

                                                            Comment

                                                            • SmokeyTheBear
                                                              ►SouthOfHeaven
                                                              • Jun 2004
                                                              • 28609

                                                              #31
                                                              Originally posted by Brujah
                                                              I'm not sure offhand, if there's anything they could really do with this specific use. If you wanted tho, you could ...

                                                              REPLACE THIS:
                                                              Code:
                                                              $mov = $_GET['x'];
                                                              $mov = strip_tags($mov);
                                                              WITH THIS:
                                                              Code:
                                                              if( preg_match('/^([a-z0-9\ \-]+)\.mpg$/i',$_GET['x'],$m) ) {
                                                               $mov = $m[0];
                                                              }
                                                              thanx a bunch
                                                              hatisblack at yahoo.com

                                                              Comment

                                                              • SmokeyTheBear
                                                                ►SouthOfHeaven
                                                                • Jun 2004
                                                                • 28609

                                                                #32
                                                                but the file extension isnt passed along with the strin "x" just the filename
                                                                hatisblack at yahoo.com

                                                                Comment

                                                                • Young
                                                                  Bland for life
                                                                  • Nov 2004
                                                                  • 10468

                                                                  #33
                                                                  Smokey I'd love to have access to your script archive!
                                                                  ★★★

                                                                  Comment

                                                                  • jmk
                                                                    Confirmed User
                                                                    • Sep 2002
                                                                    • 5391

                                                                    #34
                                                                    Now this a useful post ... why can't there be more like that!
                                                                    Good job!

                                                                    Comment

                                                                    • SmokeyTheBear
                                                                      ►SouthOfHeaven
                                                                      • Jun 2004
                                                                      • 28609

                                                                      #35
                                                                      ok heres a more secure method

                                                                      the other one could be exploited by ?x=file%20onload=badstuff> ( nothing serious but just to be sure lets try this one

                                                                      sorry for the slopiness im new
                                                                      Code:
                                                                      <?php
                                                                      $mov = $_GET['x'];
                                                                      $mov = strip_tags($mov);
                                                                      $mov = str_replace(">", "", $mov);
                                                                      $mov = str_replace(" ", "", $mov);
                                                                      echo "<center>Add an advertisement here - dont use quotes<br><embed src=$mov.wmv></embed>";
                                                                      ?>
                                                                      Last edited by SmokeyTheBear; 02-28-2006, 05:13 PM.
                                                                      hatisblack at yahoo.com

                                                                      Comment

                                                                      • Pete-KT
                                                                        Workin With The Devil
                                                                        • Oct 2004
                                                                        • 51532

                                                                        #36
                                                                        Badass thanks Smokey

                                                                        Comment

                                                                        • jayeff
                                                                          Confirmed User
                                                                          • May 2001
                                                                          • 2944

                                                                          #37
                                                                          This code has been around for a quite a while for displaying still images in neatly formatted pages when they are called up "bare". It works just fine with type-ins or when another site provides a link to your image: then your server will redirect the request and deliver the pic up in its page. But if someone hotlinks the image itself via "img src", you will just see the usual red "x" (or nothing, depending on your browswer).

                                                                          It doesn't matter how tricky you get, browser's will not allow you to deliver anything except an image if an image is what they were expecting. Whether movies present the same problem I don't know, but have you checked that?
                                                                          Last edited by jayeff; 02-28-2006, 05:30 PM.

                                                                          Comment

                                                                          • SmokeyTheBear
                                                                            ►SouthOfHeaven
                                                                            • Jun 2004
                                                                            • 28609

                                                                            #38
                                                                            Originally posted by jayeff
                                                                            This code has been around for a quite a while for displaying still images in neatly formatted pages when they are called up "bare". It works just fine with type-ins or when another site provides a link to your image: then your server will redirect the request and deliver the pic up in its page. But if someone hotlinks the image itself via "img src", you will just see the usual red "x" (or nothing, depending on your browswer).

                                                                            It doesn't matter how tricky you get, browser's will not allow you to deliver anything except an image if an image is what they were expecting. Whether movies present the same problem I don't know, but have you checked that?
                                                                            yes i hope i didnt give the wrong impression.. if a hotlinker or you are embeding a video it wont redirect the page it will just show a broken video ( or no video ) if someone just drops a link to the video ( like in a forum ) it will do whats described above..

                                                                            Most people link to the videos.. thiw wouldn't work if you ran filecabi.net , but it would work on galleries
                                                                            Last edited by SmokeyTheBear; 02-28-2006, 05:37 PM.
                                                                            hatisblack at yahoo.com

                                                                            Comment

                                                                            • Brujah
                                                                              Beer Money Baron
                                                                              • Jan 2001
                                                                              • 22157

                                                                              #39
                                                                              Originally posted by SmokeyTheBear
                                                                              but the file extension isnt passed along with the strin "x" just the filename
                                                                              Try $m[1] instead

                                                                              Comment

                                                                              • jayeff
                                                                                Confirmed User
                                                                                • May 2001
                                                                                • 2944

                                                                                #40
                                                                                Originally posted by SmokeyTheBear
                                                                                yes i hope i didnt give the wrong impression.. if a hotlinker or you are embeding a video it wont redirect the page it will just show a broken video ( or no video ) if someone just drops a link to the video ( like in a forum ) it will do whats described above..

                                                                                Most people link to the videos.. thiw wouldn't work if you ran filecabi.net , but it would work on galleries
                                                                                FYI the variation on this which I first came across is at http://www.alistapart.com/articles/hotlinking and some of the comments might interest anyone who has security concerns about the php code involved.

                                                                                For anyone who tries using that version for images, I had to alter one of the htaccess lines to get it to work, putting:
                                                                                Code:
                                                                                RewriteRule (.*) /showpic.php?pic=protected_directory/$1
                                                                                in place of:
                                                                                Code:
                                                                                RewriteRule (.*) /showpic.php?pic=$1
                                                                                ie the name of the protected directory had to go ahead of the variable.

                                                                                Comment

                                                                                • Brujah
                                                                                  Beer Money Baron
                                                                                  • Jan 2001
                                                                                  • 22157

                                                                                  #41
                                                                                  I used to host with xcite.net and Mike had a great page up with some info about protecting your videos. Not sure how relevant it will be today, but here it is.

                                                                                  http://www.xcite.net/resources/index.html

                                                                                  Comment

                                                                                  Working...