Hotlink Protection using Cookies - GoFuckYourself.com

VeriSexy · 10-13-2002, 06:25 AM

I hope big sites like thehun won't mind people using cookies and javascript. I think some tgps are so picky that they even ban javascript.

I found this info from a site and might be useful.

==============================================

THE PROBLEM WITH MOVIE & FLASH FILES

There seems to be problem protecting movie images and particularly .swf (flash).
Some webmasters say they have to embed their mpegs and flash files and not use the
<img scr> tag.

It is said that there is not yet a perfect solution to this, but the problems are caused because movie players use java and do not send headers and so the server does not track them. But, as a solution, most of the time the following will help:

Add this rule to your .htaccess file in your movie directory:
RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com/ [NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+;)*)id=valid(;.*|$)
RewriteRule /*$ http://www.yourdomain.com/ [L,R]

Or add this one
RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} !^http://yourIPaddress/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.*$ [NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+;)*)id=valid(;.*|$)
RewriteRule /*$ http://www.yoursite.com [L,R]

Place the cookie script below between the <head> </head> HTML section of the index.html page of the aria where your movie/flash files are. It must be in the first page the users go through to reach the files; The entry page. The cookie duration time is set to 4 hours; change it, if you like.

As the users must login every time they come to your site with your .htaccess protection, and they'd get a cookie anyway, the cookie here only acts as a guard against hotlinkers. The server will look for a cookie every time anyone tries to access anything within this directory, and so they must login first to see the mpeg (no stopping pass-sharing or hackers, remember) but it does stop your files being hotlinked to be viewed from other sites. You must use a cookie to prevent hotlinking of your movies.

<SCRIPT LANGUAGE="javascript">
// Calculate the expiration date
var expires = new Date ();
expires.setTime(expires.getTime() + 1 * 60 * 60 * 1000);
document.cookie = "id=valid; path=/" + "; expires=" + expires.toGMTString();
</SCRIPT>

Only the above combination of .htaccess and cookie will prevent the hotlinkers from cutting and pasting URL's to bypass the sole '.htaccess' hotlinking protection. You may have to place the movies is a seperate directory as the htaccess code may not work along side the other codes in your htaccess file.

==============================================

To prevent people HOTLINKING (linking to your images from other sites, so they
show on their pages on their sites, without the viewer ever visiting your site, though you pay for the bandwidth)add this rule to any of your .htaccess files on your site. Remember: placed in the root they guard the whole site.

The http://www.yoursite.com/, tells the server which site the rewrite is for. The *somesite.com, tells the script to allow hot-linking from anywhere on that site, add a line for each site allowed to hotlink (change somesite.com/ to yoursite.com, if no hotlinking from other sites is allowed). You can choose whether to place this 'anti-hotlink' rule in your members aria to protect only there, or in your root to protect
your whole site. If it's in your root, nobody can hotlink - no topsites, nothing, to anywhere on your site, accept the site/s positioned at '*somesite.com!)

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*somesite.com/ [NC]
RewriteRule /* http://www.yoursite.com [L,R]

You may want to protect mpegs, too: in that case, use this one:

Use this one to prevent the hot-linking of your pics, and movies (but read further here)

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG|mpg|MPG|Mpeg|mpeg|MPEG|rm|RM) $ http://www.yourdomain.com [R,L]

Or this one
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://w*\.*yourdomain.com
RewriteCond %{HTTP_REFERER} !^http://w*\.*yourIPaddress
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://www.yourbannerpage.com [R,L]

Test it by linking direct to the pics and movies from an other site and also cut then paste the direct link.

==============================================

If you have any more tricks, please post them.

SR · 10-13-2002, 06:27 AM

I tried it and it works......
You'll get thru most submission scripts.
But when they see that you are using it they won't list you....... about 10% of the surfers have cookies turned off so they can't see the movie.

Seb From Holland · 10-13-2002, 06:28 AM

http://www.htmlbasix.com/disablehotlinking.shtml

Seb.

Sambuka · 10-13-2002, 06:44 AM

Ahhh, I think the only problem with the RewriteEngine on stuff is that it won't let visitors download movies to there harddrives, they can still view them but no downloading.

I personally hate waiting for each file to load and then watch it, I always download the lot. I think you might get banned if the website owners of these MGP's find this out and don't like the idea. Otherwise they might not give a shit.

Sammy

VeriSexy · 10-13-2002, 06:44 AM

Yeah, just what I thought. Cookies and java script works better than .htaccess alone but TGPs won't allow it???? =/

10-13-2002, 06:25 AM	#1
VeriSexy Join The Royal Family Join Date: Apr 2002 Posts: 25,463	Hotlink Protection using Cookies I hope big sites like thehun won't mind people using cookies and javascript. I think some tgps are so picky that they even ban javascript. I found this info from a site and might be useful. ============================================== THE PROBLEM WITH MOVIE & FLASH FILES There seems to be problem protecting movie images and particularly .swf (flash). Some webmasters say they have to embed their mpegs and flash files and not use the <img scr> tag. It is said that there is not yet a perfect solution to this, but the problems are caused because movie players use java and do not send headers and so the server does not track them. But, as a solution, most of the time the following will help: Add this rule to your .htaccess file in your movie directory: RewriteEngine on RewriteOptions inherit RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)yourdomain.com/ [NC] RewriteCond %{HTTP_COOKIE} !(^\|(.+;))id=valid(;.\|$) RewriteRule /$ http://www.yourdomain.com/ [L,R] Or add this one RewriteEngine on RewriteOptions inherit RewriteCond %{HTTP_REFERER} !^http://yourIPaddress/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.$ [NC] RewriteCond %{HTTP_COOKIE} !(^\|(.+;))id=valid(;.\|$) RewriteRule /$ http://www.yoursite.com [L,R] Place the cookie script below between the <head> </head> HTML section of the index.html page of the aria where your movie/flash files are. It must be in the first page the users go through to reach the files; The entry page. The cookie duration time is set to 4 hours; change it, if you like. As the users must login every time they come to your site with your .htaccess protection, and they'd get a cookie anyway, the cookie here only acts as a guard against hotlinkers. The server will look for a cookie every time anyone tries to access anything within this directory, and so they must login first to see the mpeg (no stopping pass-sharing or hackers, remember) but it does stop your files being hotlinked to be viewed from other sites. You must use a cookie to prevent hotlinking of your movies. <SCRIPT LANGUAGE="javascript"> // Calculate the expiration date var expires = new Date (); expires.setTime(expires.getTime() + 1 60 * 60 * 1000); document.cookie = "id=valid; path=/" + "; expires=" + expires.toGMTString(); </SCRIPT> Only the above combination of .htaccess and cookie will prevent the hotlinkers from cutting and pasting URL's to bypass the sole '.htaccess' hotlinking protection. You may have to place the movies is a seperate directory as the htaccess code may not work along side the other codes in your htaccess file. ============================================== To prevent people HOTLINKING (linking to your images from other sites, so they show on their pages on their sites, without the viewer ever visiting your site, though you pay for the bandwidth)add this rule to any of your .htaccess files on your site. Remember: placed in the root they guard the whole site. The http://www.yoursite.com/, tells the server which site the rewrite is for. The somesite.com, tells the script to allow hot-linking from anywhere on that site, add a line for each site allowed to hotlink (change somesite.com/ to yoursite.com, if no hotlinking from other sites is allowed). You can choose whether to place this 'anti-hotlink' rule in your members aria to protect only there, or in your root to protect your whole site. If it's in your root, nobody can hotlink - no topsites, nothing, to anywhere on your site, accept the site/s positioned at 'somesite.com!) RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)somesite.com/ [NC] RewriteRule / http://www.yoursite.com [L,R] You may want to protect mpegs, too: in that case, use this one: Use this one to prevent the hot-linking of your pics, and movies (but read further here) RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com [NC] RewriteCond %{HTTP_REFERER} !^http://yourdomain.com [NC] RewriteRule .\.(gif\|GIF\|jpg\|JPG\|mpg\|MPG\|Mpeg\|mpeg\|MPEG\|rm\|RM) $ http://www.yourdomain.com [R,L] Or this one RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://w\.yourdomain.com RewriteCond %{HTTP_REFERER} !^http://w\.yourIPaddress RewriteRule .[Jj][Pp][Gg]$\|.[Gg][Ii][Ff]$ http://www.yourbannerpage.com [R,L] Test it by linking direct to the pics and movies from an other site and also cut then paste the direct link. ============================================== If you have any more tricks, please post them. __________________ Looking for a KICK ASS TEEN SPONSOR? Check out ROYAL CASH - THE KING OF TEEN!* Incredible webmaster tools FHGs, Morphing Blog and RSS Feeds, Embedded FLV & WMV Videos. With TOP RATIO Sites like TeenStarsOnly.com - Earn $$ with our New Site & Bonus Payouts!! ATMovs.com \| iTeenVideo.com \| TeenSexMovs.com \| TeenSexMania.com

10-13-2002, 06:44 AM	#5
VeriSexy Join The Royal Family Join Date: Apr 2002 Posts: 25,463	Yeah, just what I thought. Cookies and java script works better than .htaccess alone but TGPs won't allow it???? =/ __________________ Looking for a KICK ASS TEEN SPONSOR? Check out ROYAL CASH - THE KING OF TEEN! Incredible webmaster tools FHGs, Morphing Blog and RSS Feeds, Embedded FLV & WMV Videos. With TOP RATIO Sites like TeenStarsOnly.com - Earn $$ with our New Site & Bonus Payouts!! ATMovs.com \| iTeenVideo.com \| TeenSexMovs.com \| TeenSexMania.com

10-13-2002, 06:27 AM	#2
SR Confirmed User Join Date: Jul 2001 Location: The Netherlands Posts: 2,239	I tried it and it works...... You'll get thru most submission scripts. But when they see that you are using it they won't list you....... about 10% of the surfers have cookies turned off so they can't see the movie.

10-13-2002, 06:28 AM	#3
Seb From Holland Confirmed User Join Date: May 2002 Location: The Netherlands Posts: 2,747	http://www.htmlbasix.com/disablehotlinking.shtml Seb.

10-13-2002, 06:44 AM	#4
Sambuka Registered User Join Date: Sep 2002 Location: - Posts: 500	Ahhh, I think the only problem with the RewriteEngine on stuff is that it won't let visitors download movies to there harddrives, they can still view them but no downloading. I personally hate waiting for each file to load and then watch it, I always download the lot. I think you might get banned if the website owners of these MGP's find this out and don't like the idea. Otherwise they might not give a shit. Sammy