Hotlinking / Help

Discussions and support about the different URL Rewriting techniques for phpBB2.

Moderator: Moderators

Hotlinking / Help

Postby AMH » Fri Oct 13, 2006 7:59 am

Following your advice from here:

http://boards.phpbb-seo.com/phpbb-mod-r ... vt302.html


I have now tried the following as you stated. This is with the advanced code for SEO. Now PHPBB will not work. When I do this I get a code 500 internal server error.

What now? :oops:




Code: Select all
# These three lines should only be added if not already done in the .htaccess
Options +FollowSymlinks
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_REFERER} !^$ [AND]
RewriteCond %{HTTP_REFERER} !^http://mydomain.net/.*$ [NC, AND]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.net/.*$ [NC]
ReWriteRule .*\.(rar|zip|jpe?g)$ - [F,L]

#########################################################
# forum SEO REWRITE RULES            #
#########################################################
# AUTHOR : DCZ http://www.forum-seo.com/
# STARTED : 01/2006
#####################################################
#



ETC ETC ETC
AMH
 
Posts: 32
Joined: Wed Oct 11, 2006 8:45 am

Advertisement

Postby dcz » Fri Oct 13, 2006 10:26 am

hum,

And what about this :

Code: Select all
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.mydomain\.net/.*$ [NC]
ReWriteRule .*\.(rar|zip|jpe?g)$ - [F,L]


As a first try.

The www prefix matter should be dealt with before, so you don't really need to re check it here.

++
Useful links :
SEO Forum || SEO Directory || SEO phpBB || Search
____________________

Liens Utiles :
Forum référencement || Annuaire référencement || Référencement phpBB || Recherche
dcz
Admin
Admin
 
Posts: 21428
Joined: Fri Apr 28, 2006 9:03 pm

Postby AMH » Fri Oct 13, 2006 11:41 am

http://www.inetbridge.net/forum/download.php?id=375

If you can download that file off here by clicking on it then that one did not work.

I am lost in space. :D
AMH
 
Posts: 32
Joined: Wed Oct 11, 2006 8:45 am

Postby dcz » Sat Oct 14, 2006 6:45 pm

Oh I see, we do not deal with images here, but with downloads.

So this should be done php wise in download.php after the var grabbing and before the work, following the same principle. 1) check if HTTP_REFERER is not empty then check if it's not yours and if not deny or do whatever.

Code: Select all
if ( !empty($_SERVER['HTTP_REFERER']) && !strpos($_SERVER['HTTP_REFERER'], 'www.example.com') ) {
     // Deny the download, could load a custom page from here
     ............
}


++
Useful links :
SEO Forum || SEO Directory || SEO phpBB || Search
____________________

Liens Utiles :
Forum référencement || Annuaire référencement || Référencement phpBB || Recherche
dcz
Admin
Admin
 
Posts: 21428
Joined: Fri Apr 28, 2006 9:03 pm

Postby AMH » Sun Oct 15, 2006 1:46 am

dcz wrote:after the var grabbing and before the work



Where in the code would that be? I have no idea what you are saying.
AMH
 
Posts: 32
Joined: Wed Oct 11, 2006 8:45 am

Postby dcz » Sun Oct 15, 2006 10:37 am

Could you post the first 50 lines of code from you download.php file, or a link to a zip of it ?

++
Useful links :
SEO Forum || SEO Directory || SEO phpBB || Search
____________________

Liens Utiles :
Forum référencement || Annuaire référencement || Référencement phpBB || Recherche
dcz
Admin
Admin
 
Posts: 21428
Joined: Fri Apr 28, 2006 9:03 pm

Postby AMH » Sun Oct 15, 2006 12:24 pm

Code: Select all
<?php
/**
*
* @package attachment_mod
* @version $Id: download.php,v 1.6 2006/09/04 12:56:06 acydburn Exp $
* @copyright (c) 2002 Meik Sievertsen
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/


      $browser_version = $log_version[1];
      $browser_agent = 'konqueror';
   }
   else
   {
      $browser_version = 0;
      $browser_agent = 'other';
   }
Last edited by AMH on Wed Oct 18, 2006 9:36 am, edited 1 time in total.
AMH
 
Posts: 32
Joined: Wed Oct 11, 2006 8:45 am

Postby dcz » Sun Oct 15, 2006 1:49 pm

As it's within phpbb sessions, you can put this after :

Code: Select all
include($phpbb_root_path . 'common.' . $phpEx);


Don't forget you need to decide what to do, you could for example do this to simply deny the loading :
Code: Select all
if ( !empty($_SERVER['HTTP_REFERER']) && !strpos($_SERVER['HTTP_REFERER'], 'www.example.com') ) {
      if ( !empty($db) ) {
         $db->sql_close();
      }
      exit();
}


or use message_die(GENERAL_MESSAGE, 'yourmessage'); to output a nice message instead ;)

++
Useful links :
SEO Forum || SEO Directory || SEO phpBB || Search
____________________

Liens Utiles :
Forum référencement || Annuaire référencement || Référencement phpBB || Recherche
dcz
Admin
Admin
 
Posts: 21428
Joined: Fri Apr 28, 2006 9:03 pm

Postby AMH » Sun Oct 15, 2006 3:27 pm

Thankyou!


You are brilliant! :D :D :D :D :D :D :D


One last "small" problem.

On a webpage as on this one it blocks the download. BUT if you copy the url into the browser, it still downloads. Is that normal?
AMH
 
Posts: 32
Joined: Wed Oct 11, 2006 8:45 am

Postby dcz » Sun Oct 15, 2006 5:10 pm

You're welcome ;)

Well yes, because in this cas the http referer will be empty. If you do not allow empty http referer you take the risk to deny download for user of your website behind firewalls, as the http referer could be blocked by the firewall settings.

But this is not this big of a deal to allow empty http referer as you filter most people who followed a download link from another web site, unless again behind a firewall.

I don't think people copying and pasting URL into the browser would end up being many.

++
Useful links :
SEO Forum || SEO Directory || SEO phpBB || Search
____________________

Liens Utiles :
Forum référencement || Annuaire référencement || Référencement phpBB || Recherche
dcz
Admin
Admin
 
Posts: 21428
Joined: Fri Apr 28, 2006 9:03 pm

Postby AMH » Mon Oct 16, 2006 1:57 am

Thanks again! :D
AMH
 
Posts: 32
Joined: Wed Oct 11, 2006 8:45 am

Postby dcz » Mon Oct 16, 2006 10:41 am

;)
Useful links :
SEO Forum || SEO Directory || SEO phpBB || Search
____________________

Liens Utiles :
Forum référencement || Annuaire référencement || Référencement phpBB || Recherche
dcz
Admin
Admin
 
Posts: 21428
Joined: Fri Apr 28, 2006 9:03 pm

Postby AMH » Sat Sep 01, 2007 9:45 am

Its taken a while to figure why my bandwidth is going skyward again. It appears that the solution here does not work. Users can still right click on the sites and download from my site.

EG:

I have a scraper site that is leaching my bandwidth by a few GB a day.

<scraper site>


If you click on the link on the above page - Yes, it does do what this threads says it will do however if you right click and download it can still steal bandwidth.

Is there any way to fix this? :roll:
Last edited by AMH on Sat Sep 01, 2007 10:26 am, edited 2 times in total.
AMH
 
Posts: 32
Joined: Wed Oct 11, 2006 8:45 am

Postby AMH » Sat Sep 01, 2007 10:25 am

:D :D

I found the solution and itt might be useful to others! Oh, I get to contribute. Might limit damage from these scraper sites!



Keep people from hotlinking your attachments

Create an .htaccess file with this code and drop it in your files directory

:arrow:

SetEnvIfNoCase Referer "http://www.yourdomain.com" locally_linked=1
SetEnvIfNoCase Referer "http://yourdomain.com" locally_linked=1
<FilesMatch "\.*$">
Order Allow,Deny
Allow from env=locally_linked
</FilesMatch>


:arrow: Open download.php


:arrow: Find:

readfile($filename);


:arrow: Replace with:

header("Location: $filename");
AMH
 
Posts: 32
Joined: Wed Oct 11, 2006 8:45 am

Postby dcz » Sun Sep 02, 2007 3:03 pm

Thanks for sharing ;)
Useful links :
SEO Forum || SEO Directory || SEO phpBB || Search
____________________

Liens Utiles :
Forum référencement || Annuaire référencement || Référencement phpBB || Recherche
dcz
Admin
Admin
 
Posts: 21428
Joined: Fri Apr 28, 2006 9:03 pm


Return to phpBB2 mod Rewrite

Who is online

Users browsing this forum: No registered users and 1 guest


 
cron