GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Is there anyway to stop people from hotlingking flash files? (https://gfy.com/showthread.php?t=862960)

Phil 10-18-2008 08:09 PM
Is there anyway to stop people from hotlingking flash files?
 
I got hijacked by chinese leachers. need help asap..

IllTestYourGirls 10-18-2008 08:11 PM
just flash?

Tempest 10-18-2008 08:13 PM
setup some streaming instead... simple php streaming can do the trick for most hotlinking.

Phil 10-18-2008 08:14 PM
Quote:
Originally Posted by IllTestYourGirls (Post 14919682)
just flash?
yes, flash videos.

X37375787 10-18-2008 08:17 PM
Can't you have your host block the requesting referrers?

sfera 10-18-2008 08:21 PM
make your site the only referral. also would block chinese ips.

Phil 10-18-2008 08:23 PM
Quote:
Originally Posted by sfera (Post 14919703)
make your site the only referral. also would block chinese ips.
is there any way to block any hotlinking of all flash files, not just chinese?

boneprone 10-18-2008 08:30 PM
YEah there is. We had the same issue. Our host did something about it. Like a htaccess kinda thing

Phil21 10-18-2008 08:42 PM
You can use referral blocking (mod_rewrite type of stuff) and it's generally "good enough" for a casual deterrent.

However, many browsers do *not* send a refferer header string for flash movie content, thus you cannot truly rely on it. Most sites won't bother hotlinking though, when 30-60% or whatever traffic doesn't get a good pageload.

The best way to do it is via secure download tokens, like lighttpd's mod_securedownload and about 5,000 others. Basically, you have your PHP code generate a link to the movie with a hash, using a shared secret. Your webserver then checks to ensure that this hash is valid prior to serving the file in question.

If both the PHP and the static files (.flv) are hosted on the same webserver instance, you can use a myriad of off-the-shelf anti-hotlink products. Nearly anything on the market.

If they are hosted elsewhere, most products will no longer work - and you'll want something like the hash sharing mechanism outlined above.

As for PHP "streaming" - yeah, if you want to do about 1/100th of what the server can actually push, sure :) Running static files through PHP is a horrible idea, unless you simply don't have enough traffic for it to matter and it's the easiest solution for your particular developers.

Regards,

-Phil

Voodoo 10-18-2008 09:02 PM
Try this:

Code:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com(/)?.*$ [NC]
RewriteRule .*.(jpg|flv)$ - [NC,F]
Found it on Google, I haven't tested it though.

Naughty-Pages 10-18-2008 09:06 PM
Quote:
Originally Posted by Voodoo (Post 14919799)
Try this:

Code:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com(/)?.*$ [NC]
RewriteRule .*.(jpg|flv)$ - [NC,F]
Found it on Google, I haven't tested it though.
yup.. although that includes jpg's..

i use a similar code on all of our servers for mainly jpg's and gif.. to keep bandwidth down..

fujiko 10-18-2008 10:51 PM
Quote:
Originally Posted by Voodoo (Post 14919799)
Try this:

Code:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com(/)?.*$ [NC]
RewriteRule .*.(jpg|flv)$ - [NC,F]
this code doesnt protect flv hotlinking on firefox... ive tried it.

boneprone 10-18-2008 11:26 PM
Listen to Phil21..

He's the one who PERSONALLY helped me and fixed our problem.

papill0n 10-19-2008 01:28 AM
Quote:
Originally Posted by Phil21 (Post 14919752)
You can use referral blocking (mod_rewrite type of stuff) and it's generally "good enough" for a casual deterrent.

However, many browsers do *not* send a refferer header string for flash movie content, thus you cannot truly rely on it. Most sites won't bother hotlinking though, when 30-60% or whatever traffic doesn't get a good pageload.

The best way to do it is via secure download tokens, like lighttpd's mod_securedownload and about 5,000 others. Basically, you have your PHP code generate a link to the movie with a hash, using a shared secret. Your webserver then checks to ensure that this hash is valid prior to serving the file in question.

If both the PHP and the static files (.flv) are hosted on the same webserver instance, you can use a myriad of off-the-shelf anti-hotlink products. Nearly anything on the market.

If they are hosted elsewhere, most products will no longer work - and you'll want something like the hash sharing mechanism outlined above.

As for PHP "streaming" - yeah, if you want to do about 1/100th of what the server can actually push, sure :) Running static files through PHP is a horrible idea, unless you simply don't have enough traffic for it to matter and it's the easiest solution for your particular developers.

Regards,

-Phil
Great post Phil :thumbsup

NY Jester 10-19-2008 03:22 AM
i was thiking htaccess but Phil21 seems to have a better way for sure.

Naughty-Pages 10-19-2008 09:04 AM
Quote:
Originally Posted by fujiko (Post 14919947)
this code doesnt protect flv hotlinking on firefox... ive tried it.
this has nothing to do with firefox LOL.. this is related to the server

(FYI: the yoursite.com is the site(s) you will allow to hotlink)

(instead of using it in htaccess i use it in a separate server-wide rules file..)

james_clickmemedia 10-19-2008 09:17 AM
Quote:
Originally Posted by Phil21 (Post 14919752)
You can use referral blocking (mod_rewrite type of stuff) and it's generally "good enough" for a casual deterrent.

However, many browsers do *not* send a refferer header string for flash movie content, thus you cannot truly rely on it. Most sites won't bother hotlinking though, when 30-60% or whatever traffic doesn't get a good pageload.

The best way to do it is via secure download tokens, like lighttpd's mod_securedownload and about 5,000 others. Basically, you have your PHP code generate a link to the movie with a hash, using a shared secret. Your webserver then checks to ensure that this hash is valid prior to serving the file in question.

If both the PHP and the static files (.flv) are hosted on the same webserver instance, you can use a myriad of off-the-shelf anti-hotlink products. Nearly anything on the market.

If they are hosted elsewhere, most products will no longer work - and you'll want something like the hash sharing mechanism outlined above.

As for PHP "streaming" - yeah, if you want to do about 1/100th of what the server can actually push, sure :) Running static files through PHP is a horrible idea, unless you simply don't have enough traffic for it to matter and it's the easiest solution for your particular developers.

Regards,

-Phil
Exactly what we have been using for years. Something about sessions is all I remember when our programmers explained it.


All times are GMT -7. The time now is 07:03 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123