Orpheus — Mon, 15 May 2000 23:33:00 +0000

Here's something a pretty cool snippet of code I found.

This is one of the best ways I know to hide a files location.

code:

sub DownloadFile {

	# $filepath is the directory
	# $filename is the name of the file
	my ($filepath,$filename) = @_;

	chdir($filepath) | | return(0);
	my $filesize = -s $filename;

	# print full header
	print "Content-disposition: inline; filename=$filename\n";
	print "Content-Length: $filesize\n";
	print "Content-Type: application/octet-stream\n\n";

	# open in binmode
	open(READ,$filename) | | die;
	binmode READ;

	# stream it out
	binmode STDOUT;
	while (<READ> ) { print;	}
	close(READ);

	# should always return true
	return(1);
}
[/code]

[This message has been edited by Orpheus (edited 15 May 2000).]

Maverick — Mon, 15 May 2000 20:07:00 +0000

On Apache, you can accomplish the same thing with .htaccess if mod_rewrite is installed

Add the following to .htaccess:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC]
RewriteRule .*\.wav$ stolen.php3
RewriteRule .*\.jpg$ stolen.php3
RewriteRule .*\.gif$ stolen.php3

That checks to see if the HTTP_REFERER is from your domain when the listed file extensions are requested. If the referer field is valid, the file loads, if the referer isn't valid it forwards to some other page or image.

For example, try loading a sound file from my site: http://www.montypython.net/sounds/lob/joke.wav

It'll forward you to a different page without letting you grab the file. This method has several advantages over an anti-leech script, the most prominent being that you don't have to edit any pages or links. You can easily select which file types or directories you want to protect by adding an .htaccess file to them.

Just a warning, with mod_rewrite, make sure to test in a subdirectory first before applying the code sitewide. A simple typo can make your entire site unreachable. It's a little like playing with explosives, a useful tool, but a small boo-boo can hurt you a whole lot.

Oops, forgot to mention a couple of things:

RewriteRule .*\.gif$ stolen.php3

change .gif to whatever file type you want to protect like .jpg .wav .mid etc

change stolen.php3 to the file name you want bad referers forwarded to. I use a file named stolen.php3, but you might want to use an image to replace a pirated image, so you'd use the line
RewriteRule .*\.gif$ bandwidth.gif

Also, IE doesn't send an HTTP_REFERER field on right clicks, only on left clicks. So if anyone tries to grab a file by right-clicking and using "save picture as..." you can't prevent it, but then again, a CGI script wouldn't prevent it either since it checks the same field.

[This message has been edited by Maverick (edited 15 May 2000).]

orlando_5 — Mon, 15 May 2000 18:32:00 +0000

I did take a look around CGI Resource and hotscipts.com, FM, etc. None of those script I like. I have over 300 files I need to protect and if I use those script it will take me forever to protect those files. What I want is a sript that give me protection for the whole site instead of typing one file at a time. Anyone know a script for that?

Mon, 15 May 2000 17:56:00 +0000

Orlando,

Take a look at CGI Resources. I found a few within a few seconds of looking around.
http://www.sponsorfind.com/Scripts/LeechThis/
http://www.confine.com/programs.shtml
http://www.cgi.com.hk/scripts/getitex/

------------------
Adam
AIS Internet Solutions
adam@aisinternet.com
www.aisinternet.com

anti — Mon, 15 May 2000 08:32:00 +0000

Hi,

just write it yourself, it should be a ten liner.

- Check the referer. If it wasn't your site send back the "no-leech"-pic.
Some clients can fake the referer, but the user would have to know what the original site was.
- Optional: Check if the refering page has been loaded by the client before. (http-log or another script)
- Send the data.

ciao
Anti