Prevent and Profit from VIDEO hotlinking. - GoFuckYourself.com

SmokeyTheBear · 02-28-2006, 09:35 AM

ok heres a simple way , feel free to modify it.. if you know of any other tricks , feel free to let me know

Save the following as index.php and put it in a folder with your videos

Code:

<?php
$mov = $_GET['x'];

echo "<center>Add an advertisement here - dont use quotes<br><embed src=$mov.wmv></embed>";
?>

( if your using mpg/avi videos change the code to mpg/avi in both files)

ok now make a new folder in your main directory, save the following as .htaccess ( modify the url to point to the directory with your videos )

Code:

Options +FollowSymlinks
 RewriteEngine on
 RewriteRule ^(.*)\.wmv http://yoursite.com/videos/index.php?x=$1 [nc]

ok now what this will do is , when you call a video or someone hotlinks a video it will call the video and display it in an html page so you can add advertising and such..

Now keep in mind this doesnt actually prevent hotlinking all it does is rewrite the request to a different folder , so if you try to get http://yourserver.com/protected/video.wmv it would get the video from a different folder and write it into an html file.. the end video is still unprotected , so if someone views source of the html they can simply get the redirected movie url

BUT heres what you do.. you can simply rename the folder with your protected videos then change the .htaccess file to reflect that every so often , you dont have to change any of your links as they will just be redirected to the new folder without any changes on your part

synopsis.

If you normally had a link like http://yourserver.com/1/video.wmv it will rewrite it as http://yourserrver.com/2/video.wmv , embed it in a page so you can add advertising , if the hotlinkers ever find where the true video resides you can simply rename the destination folder without having to change any exisiting links on your page , (i.e. you can link using http://yourserver.com/1/video.wmv and never have to change it regardless of where the real videos reside )

Juicy D. Links · 02-28-2006, 09:39 AM

bumpooooooooooooo

Manowar · 02-28-2006, 09:46 AM

good stuff smokey

fris · 02-28-2006, 09:48 AM

ya video hotlinking you will need actual software or write your own module. cause when linking videos sometimes it sends blank refer, fake refer, or anything different with images, i pay for antihotlinking.com great software.

SmokeyTheBear · 02-28-2006, 09:51 AM

Quote:

Originally Posted by fris

ya video hotlinking you will need actual software or write your own module. cause when linking videos sometimes it sends blank refer, fake refer, or anything different with images, i pay for antihotlinking.com great software.

this is true..

With this method though you get the added benefit from people that "think" they are hotlinking your videos but they are actually helping you make some profit.. and it works about the same way as true anti-hotlinking methods other than you have to do a little modification every now and then to keep the clever people away

u-Bob · 02-28-2006, 09:55 AM

or you could do some crazy shit with swf + php + flv + cookies + some js.

woj · 02-28-2006, 09:59 AM

you can do similar setup to turn jpegs into jpegs on html

SmokeyTheBear · 02-28-2006, 10:00 AM

p.s. thehun likely wont accept a gallery using this anti-hotlink method because the script wont be able to detect if theres actual movies on the gallery ( because the requests would be handled by the php file ) ..

You could still use this method though by changing the php to redirect directly to the video instead of creating an html page to ebmed it into. This way your gallery will still get accepted.. ( you would then be just as prone to hotlinking, BUT you can change the destination video folder with one line of code instead of changing all the html files..

example if i made 200 hun galleries and each one had 4 videos on it.. like < a href=http://yoursite.com/hotlink/1-a.wmv>1</a>

the real video would be in http://yoursite.com/differentfolder/1-a.wmv redirected using the htaccess , now if people started hotlinking your vids you simply change the destination folder to yoursite.com/newfolder, then change the 1 line of htaccess and you dont have to change 800 links on all the html pages.. its done with one simple edit.

SmokeyTheBear · 02-28-2006, 10:01 AM

Quote:

Originally Posted by woj

you can do similar setup to turn jpegs into jpegs on html

or any file for that matter , flash files etc..

sfera · 02-28-2006, 10:02 AM

cool stuff man

SmokeyTheBear · 02-28-2006, 10:10 AM

so if you wanted to get your galleries listed on the hun and cant use the above method because the script doesnt allow. then it use this.

If people start hotlinking the videos , all you have to do is rename the folder with the videos and change this one php line to reflect the new folder name , without having to change the html in the galleries

Code:

<?php
$mov = $_GET['x'];
header("Location: http://yoursite.com/realvideofolder/$mov.wmv");
?>

p.s. you would use the same htaccess from above as well.

BlingDaddy · 02-28-2006, 10:12 AM

Wicked info.

austinth · 02-28-2006, 10:40 AM

smokey is one of the few posters here that actually has incredible info and tips to share. Thanks Smokey!!

austinth · 02-28-2006, 10:40 AM

your last cloaking code works very well!

SmokeyTheBear · 02-28-2006, 10:49 AM

p..s. if anyone needs some help or modification feel free to hit me up on icq and i will walk you through it, its very simple , i'm not always on , but if i'm not doing anything im glad to help..

SmokeyTheBear · 02-28-2006, 10:51 AM

Quote:

Originally Posted by austinth

smokey is one of the few posters here that actually has incredible info and tips to share. Thanks Smokey!!

hey thanks a bunch man , its nice to know people appreciate it..

chase · 02-28-2006, 11:35 AM

Awesome! Where's Hal with his Flash of Fucking Brilliance award?

Rui · 02-28-2006, 12:56 PM

Great stuff one of the best GFY threads of 2006 ;)

4Pics · 02-28-2006, 01:28 PM

Isn't the $_GET part bad for security?

I can pass whatever I want to the variable.

4Pics · 02-28-2006, 01:29 PM

like blah x=http://www.spywaresite.com/?.wmv

so when you add the ? it pretty much ignores the .wmv right?

SmokeyTheBear · 02-28-2006, 05:00 PM

Quote:

Originally Posted by 4Pics

Isn't the $_GET part bad for security?

I can pass whatever I want to the variable.

This is true im new at php

change the abopve code to the following to be more secure

Code:

<?php
$mov = $_GET['x'];
$mov = strip_tags($mov);
echo "<center>add any html here dont use double quotes<embed src=$mov.mpg></embed>";
?>

SmokeyTheBear · 02-28-2006, 05:13 PM

Code:

<?php
$mov = $_GET['x'];
$mov = strip_tags($mov);
$url = "http://yoursite.com/header.html";
$html = file_get_contents($url);
echo "$html<br><center><embed src=$mov.mpg></embed>";
?>

heres a better version .. this way you can just add a header to every video , put whatever html you want in the header page and it will be put above the video.. so you can customize the output page a little better

Jace · 02-28-2006, 05:23 PM

smokey, I love that you are learning html man....you have been posting some cool shit lately with your new knowledge

I can't wait to see what you will be doing in a years time with it

Brujah · 02-28-2006, 05:28 PM

Smokey, just some info to pass along, in case you're interested.

You can look into preg_match to clean variables or test them also. Will come in especially handy if you learn regex's or know a little about them already.

www.php.net/preg_match

Code:

So then: page.php?test=filename.mpg would pass
but page.php?test=`cat /etc/passwd`;etc..whatever-movie.mpg would fail.

Code:

if( !preg_match('/^([A-Z0-9\ \-]+)\.mpg$/i',$_GET['test'],$m) ) {
        print '<span style="color:red">Test Failed. Not Allowing.</span>';
} else {            
        print '<span style="color:blue">Passed</span>: '.$m[0];            
}

Spunky · 02-28-2006, 05:32 PM

Thanks for the tip man

fris · 02-28-2006, 05:33 PM

Quote:

Originally Posted by woj

you can do similar setup to turn jpegs into jpegs on html

i am looking for that solution on an opendir. cant seem to get it working.

SmokeyTheBear · 02-28-2006, 06:28 PM

Quote:

Originally Posted by Brujah

Smokey, just some info to pass along, in case you're interested.

You can look into preg_match to clean variables or test them also. Will come in especially handy if you learn regex's or know a little about them already.

www.php.net/preg_match

Code:

So then: page.php?test=filename.mpg would pass
but page.php?test=`cat /etc/passwd`;etc..whatever-movie.mpg would fail.

Code:

if( !preg_match('/^([A-Z0-9\ \-]+)\.mpg$/i',$_GET['test'],$m) ) {
        print '<span style="color:red">Test Failed. Not Allowing.</span>';
} else {            
        print '<span style="color:blue">Passed</span>: '.$m[0];            
}

Thanx im a little new to php , since you seem to be a litle better, can i ask , the way i revised it will be fine right ? the way you did it is obviously better but mine would work right ? like as far as not accepting dangerous code it would just make the page invalid if someone tried x=filenam><br><hr><script>alert('hi')</script> i tried a few combo's couldnt find anything that looked langerous

like using you method if someone tried to introduce bad string it would fail using mine it wouldnt show bad stuff , but the page just might not work right ..?

SmokeyTheBear · 02-28-2006, 06:31 PM

i did find an interesting side note though while testing bad string as input ..

if you make a page with <embed src=video></embed> with no file extension , and have a video in the directory named video.mpg , it will play fine.. starnge

SmokeyTheBear · 02-28-2006, 06:31 PM

i did find an interesting side note though while testing bad string as input ..

if you make a page with <embed src=video></embed> with no file extension , and have a video in the directory named video.mpg , it will play fine.. starnge

Brujah · 02-28-2006, 06:42 PM

Quote:

Originally Posted by SmokeyTheBear

Thanx im a little new to php , since you seem to be a litle better, can i ask , the way i revised it will be fine right ? the way you did it is obviously better but mine would work right ? like as far as not accepting dangerous code it would just make the page invalid if someone tried x=filenam><br><hr><script>alert('hi')</script> i tried a few combo's couldnt find anything that looked langerous

like using you method if someone tried to introduce bad string it would fail using mine it wouldnt show bad stuff , but the page just might not work right ..?

I'm not sure offhand, if there's anything they could really do with this specific use. If you wanted tho, you could ...

REPLACE THIS:

Code:

$mov = $_GET['x'];
$mov = strip_tags($mov);

WITH THIS:

Code:

if( preg_match('/^([a-z0-9\ \-]+)\.mpg$/i',$_GET['x'],$m) ) {
 $mov = $m[0];
}

SmokeyTheBear · 02-28-2006, 06:49 PM

Quote:

Originally Posted by Brujah

I'm not sure offhand, if there's anything they could really do with this specific use. If you wanted tho, you could ...

REPLACE THIS:

Code:

$mov = $_GET['x'];
$mov = strip_tags($mov);

WITH THIS:

Code:

if( preg_match('/^([a-z0-9\ \-]+)\.mpg$/i',$_GET['x'],$m) ) {
 $mov = $m[0];
}

thanx a bunch

SmokeyTheBear · 02-28-2006, 06:54 PM

but the file extension isnt passed along with the strin "x" just the filename

Young · 02-28-2006, 07:04 PM

Smokey I'd love to have access to your script archive!

jmk · 02-28-2006, 07:08 PM

Now this a useful post ... why can't there be more like that!
Good job!

SmokeyTheBear · 02-28-2006, 07:12 PM

ok heres a more secure method

the other one could be exploited by ?x=file%20onload=badstuff> ( nothing serious but just to be sure lets try this one

sorry for the slopiness im new

Code:

<?php
$mov = $_GET['x'];
$mov = strip_tags($mov);
$mov = str_replace(">", "", $mov);
$mov = str_replace(" ", "", $mov);
echo "<center>Add an advertisement here - dont use quotes<br><embed src=$mov.wmv></embed>";
?>

Pete-KT · 02-28-2006, 07:14 PM

Badass thanks Smokey

jayeff · 02-28-2006, 07:29 PM

This code has been around for a quite a while for displaying still images in neatly formatted pages when they are called up "bare". It works just fine with type-ins or when another site provides a link to your image: then your server will redirect the request and deliver the pic up in its page. But if someone hotlinks the image itself via "img src", you will just see the usual red "x" (or nothing, depending on your browswer).

It doesn't matter how tricky you get, browser's will not allow you to deliver anything except an image if an image is what they were expecting. Whether movies present the same problem I don't know, but have you checked that?

SmokeyTheBear · 02-28-2006, 07:34 PM

Quote:

Originally Posted by jayeff

This code has been around for a quite a while for displaying still images in neatly formatted pages when they are called up "bare". It works just fine with type-ins or when another site provides a link to your image: then your server will redirect the request and deliver the pic up in its page. But if someone hotlinks the image itself via "img src", you will just see the usual red "x" (or nothing, depending on your browswer).

It doesn't matter how tricky you get, browser's will not allow you to deliver anything except an image if an image is what they were expecting. Whether movies present the same problem I don't know, but have you checked that?

yes i hope i didnt give the wrong impression.. if a hotlinker or you are embeding a video it wont redirect the page it will just show a broken video ( or no video ) if someone just drops a link to the video ( like in a forum ) it will do whats described above..

Most people link to the videos.. thiw wouldn't work if you ran filecabi.net , but it would work on galleries

Brujah · 02-28-2006, 07:44 PM

Quote:

Originally Posted by SmokeyTheBear

but the file extension isnt passed along with the strin "x" just the filename

Try $m[1] instead

jayeff · 02-28-2006, 07:45 PM

Quote:

Originally Posted by SmokeyTheBear

yes i hope i didnt give the wrong impression.. if a hotlinker or you are embeding a video it wont redirect the page it will just show a broken video ( or no video ) if someone just drops a link to the video ( like in a forum ) it will do whats described above..

Most people link to the videos.. thiw wouldn't work if you ran filecabi.net , but it would work on galleries

FYI the variation on this which I first came across is at http://www.alistapart.com/articles/hotlinking and some of the comments might interest anyone who has security concerns about the php code involved.

For anyone who tries using that version for images, I had to alter one of the htaccess lines to get it to work, putting:

Code:

RewriteRule (.*) /showpic.php?pic=protected_directory/$1

in place of:

Code:

RewriteRule (.*) /showpic.php?pic=$1

ie the name of the protected directory had to go ahead of the variable.

Brujah · 02-28-2006, 07:46 PM

I used to host with xcite.net and Mike had a great page up with some info about protecting your videos. Not sure how relevant it will be today, but here it is.

http://www.xcite.net/resources/index.html

02-28-2006, 09:35 AM	#1
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	Prevent and Profit from VIDEO hotlinking. ok heres a simple way , feel free to modify it.. if you know of any other tricks , feel free to let me know Save the following as index.php and put it in a folder with your videos Code: <?php $mov = $_GET['x']; echo "<center>Add an advertisement here - dont use quotes<br><embed src=$mov.wmv></embed>"; ?> ( if your using mpg/avi videos change the code to mpg/avi in both files) ok now make a new folder in your main directory, save the following as .htaccess ( modify the url to point to the directory with your videos ) Code: Options +FollowSymlinks RewriteEngine on RewriteRule ^(.*)\.wmv http://yoursite.com/videos/index.php?x=$1 [nc] ok now what this will do is , when you call a video or someone hotlinks a video it will call the video and display it in an html page so you can add advertising and such.. Now keep in mind this doesnt actually prevent hotlinking all it does is rewrite the request to a different folder , so if you try to get http://yourserver.com/protected/video.wmv it would get the video from a different folder and write it into an html file.. the end video is still unprotected , so if someone views source of the html they can simply get the redirected movie url BUT heres what you do.. you can simply rename the folder with your protected videos then change the .htaccess file to reflect that every so often , you dont have to change any of your links as they will just be redirected to the new folder without any changes on your part synopsis. If you normally had a link like http://yourserver.com/1/video.wmv it will rewrite it as http://yourserrver.com/2/video.wmv , embed it in a page so you can add advertising , if the hotlinkers ever find where the true video resides you can simply rename the destination folder without having to change any exisiting links on your page , (i.e. you can link using http://yourserver.com/1/video.wmv and never have to change it regardless of where the real videos reside ) __________________ hatisblack at yahoo.com

02-28-2006, 09:48 AM	#4
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,372	ya video hotlinking you will need actual software or write your own module. cause when linking videos sometimes it sends blank refer, fake refer, or anything different with images, i pay for antihotlinking.com great software. __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

02-28-2006, 09:59 AM	#7
woj <&(©¿©)&> Industry Role: Join Date: Jul 2002 Location: Chicago Posts: 47,882	you can do similar setup to turn jpegs into jpegs on html __________________ Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

02-28-2006, 10:00 AM	#8
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	p.s. thehun likely wont accept a gallery using this anti-hotlink method because the script wont be able to detect if theres actual movies on the gallery ( because the requests would be handled by the php file ) .. You could still use this method though by changing the php to redirect directly to the video instead of creating an html page to ebmed it into. This way your gallery will still get accepted.. ( you would then be just as prone to hotlinking, BUT you can change the destination video folder with one line of code instead of changing all the html files.. example if i made 200 hun galleries and each one had 4 videos on it.. like < a href=http://yoursite.com/hotlink/1-a.wmv>1</a> the real video would be in http://yoursite.com/differentfolder/1-a.wmv redirected using the htaccess , now if people started hotlinking your vids you simply change the destination folder to yoursite.com/newfolder, then change the 1 line of htaccess and you dont have to change 800 links on all the html pages.. its done with one simple edit. __________________ hatisblack at yahoo.com

02-28-2006, 10:10 AM	#11
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	so if you wanted to get your galleries listed on the hun and cant use the above method because the script doesnt allow. then it use this. If people start hotlinking the videos , all you have to do is rename the folder with the videos and change this one php line to reflect the new folder name , without having to change the html in the galleries Code: <?php $mov = $_GET['x']; header("Location: http://yoursite.com/realvideofolder/$mov.wmv"); ?> p.s. you would use the same htaccess from above as well. __________________ hatisblack at yahoo.com

02-28-2006, 09:39 AM	#2
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	bumpooooooooooooo

02-28-2006, 09:46 AM	#3
Manowar jellyfish Join Date: Dec 2003 Posts: 71,528	good stuff smokey

02-28-2006, 09:55 AM	#6
u-Bob there's no $$$ in porn Industry Role: Join Date: Jul 2005 Location: icq: 195./568.-230 (btw: not getting offline msgs) Posts: 33,063	or you could do some crazy shit with swf + php + flv + cookies + some js.

02-28-2006, 10:02 AM	#10
sfera Confirmed User Join Date: Aug 2005 Location: ICQ: 248877409 Posts: 8,597	cool stuff man

02-28-2006, 10:12 AM	#12
BlingDaddy Confirmed User Join Date: Apr 2004 Location: Denver, CO ICQ 280-752-076 Posts: 6,343	Wicked info. __________________ Every Day... Bling Daddy's Masturbation Station! Bling Daddy's Masturbation Station! The Daily Bag of Douche - Humor at it's FINEST.

02-28-2006, 10:40 AM	#13
austinth Confirmed User Join Date: Jul 2002 Location: Fantasy Island Posts: 1,770	smokey is one of the few posters here that actually has incredible info and tips to share. Thanks Smokey!! __________________ Get A $25 Circuit City GIFT Card - *FREE*!

02-28-2006, 10:49 AM	#15
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	p..s. if anyone needs some help or modification feel free to hit me up on icq and i will walk you through it, its very simple , i'm not always on , but if i'm not doing anything im glad to help.. __________________ hatisblack at yahoo.com

02-28-2006, 11:35 AM	#17
chase Confirmed User Join Date: Jul 2004 Location: Tampa Bay Posts: 6,019	Awesome! Where's Hal with his Flash of Fucking Brilliance award? __________________ Need Hosting? Reality Check Network services me purrrfectly!

02-28-2006, 12:56 PM	#18
Rui web Join Date: Dec 2001 Location: On icq: 85-483-060 Posts: 9,533	Great stuff one of the best GFY threads of 2006 ;)

02-28-2006, 01:28 PM	#19
4Pics Confirmed User Industry Role: Join Date: Dec 2001 Posts: 7,952	Isn't the $_GET part bad for security? I can pass whatever I want to the variable.

02-28-2006, 01:29 PM	#20
4Pics Confirmed User Industry Role: Join Date: Dec 2001 Posts: 7,952	like blah x=http://www.spywaresite.com/?.wmv so when you add the ? it pretty much ignores the .wmv right?

02-28-2006, 05:13 PM	#22
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	Code: <?php $mov = $_GET['x']; $mov = strip_tags($mov); $url = "http://yoursite.com/header.html"; $html = file_get_contents($url); echo "$html<br><center><embed src=$mov.mpg></embed>"; ?> heres a better version .. this way you can just add a header to every video , put whatever html you want in the header page and it will be put above the video.. so you can customize the output page a little better __________________ hatisblack at yahoo.com

02-28-2006, 05:23 PM	#23
Jace FBOP Class Of 2013 Industry Role: Join Date: Jan 2004 Location: bumfuck, ky Posts: 35,562	smokey, I love that you are learning html man....you have been posting some cool shit lately with your new knowledge I can't wait to see what you will be doing in a years time with it

02-28-2006, 05:28 PM	#24
Brujah Beer Money Baron Industry Role: Join Date: Jan 2001 Location: brujah / gmail Posts: 22,157	Smokey, just some info to pass along, in case you're interested. You can look into preg_match to clean variables or test them also. Will come in especially handy if you learn regex's or know a little about them already. www.php.net/preg_match Code: So then: page.php?test=filename.mpg would pass but page.php?test=`cat /etc/passwd`;etc..whatever-movie.mpg would fail. Code: if( !preg_match('/^([A-Z0-9\ \-]+)\.mpg$/i',$_GET['test'],$m) ) { print '<span style="color:red">Test Failed. Not Allowing.</span>'; } else { print '<span style="color:blue">Passed</span>: '.$m[0]; } __________________ Free Premium Domain Lists and Tools at Clickmojo.com For Sale: Obscenity.com

02-28-2006, 05:32 PM	#25
Spunky I need a beer Industry Role: Join Date: Jun 2002 Location: ♠ Toiletville ♠ Posts: 133,944	Thanks for the tip man __________________ *YOUR INFORMATION HERE*

02-28-2006, 06:31 PM	#28
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	i did find an interesting side note though while testing bad string as input .. if you make a page with <embed src=video></embed> with no file extension , and have a video in the directory named video.mpg , it will play fine.. starnge __________________ hatisblack at yahoo.com

02-28-2006, 06:54 PM	#32
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	but the file extension isnt passed along with the strin "x" just the filename __________________ hatisblack at yahoo.com

02-28-2006, 07:04 PM	#33
Young Bland for life Industry Role: Join Date: Nov 2004 Posts: 10,468	Smokey I'd love to have access to your script archive!

02-28-2006, 07:08 PM	#34
jmk Confirmed User Industry Role: Join Date: Sep 2002 Posts: 5,391	Now this a useful post ... why can't there be more like that! Good job!

02-28-2006, 07:12 PM	#35
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	ok heres a more secure method the other one could be exploited by ?x=file%20onload=badstuff> ( nothing serious but just to be sure lets try this one sorry for the slopiness im new Code: <?php $mov = $_GET['x']; $mov = strip_tags($mov); $mov = str_replace(">", "", $mov); $mov = str_replace(" ", "", $mov); echo "<center>Add an advertisement here - dont use quotes<br><embed src=$mov.wmv></embed>"; ?> __________________ hatisblack at yahoo.com Last edited by SmokeyTheBear; 02-28-2006 at 07:13 PM..

02-28-2006, 07:14 PM	#36
Pete-KT Workin With The Devil Industry Role: Join Date: Oct 2004 Location: West Bloomfield, MI Posts: 51,532	Badass thanks Smokey

02-28-2006, 07:29 PM	#37
jayeff Confirmed User Join Date: May 2001 Posts: 2,944	This code has been around for a quite a while for displaying still images in neatly formatted pages when they are called up "bare". It works just fine with type-ins or when another site provides a link to your image: then your server will redirect the request and deliver the pic up in its page. But if someone hotlinks the image itself via "img src", you will just see the usual red "x" (or nothing, depending on your browswer). It doesn't matter how tricky you get, browser's will not allow you to deliver anything except an image if an image is what they were expecting. Whether movies present the same problem I don't know, but have you checked that? Last edited by jayeff; 02-28-2006 at 07:30 PM..

02-28-2006, 07:46 PM	#41
Brujah Beer Money Baron Industry Role: Join Date: Jan 2001 Location: brujah / gmail Posts: 22,157	I used to host with xcite.net and Mike had a great page up with some info about protecting your videos. Not sure how relevant it will be today, but here it is. http://www.xcite.net/resources/index.html __________________ Free Premium Domain Lists and Tools at Clickmojo.com For Sale: Obscenity.com