Just curious.. how would one keep someone from "live linking" to files etc. on my website? I have someone doing that with midi files.. I tried changing it to play "TAPS" on their website.. then Halloween music (when I know they want Christmas music).. now I am trying obnoxious music.. emails have went unanswered and I am running out of ideas.
Any suggestions?

*Evil Grin* - Depends if you want to be naughty or nice... http://www.aota.net/ubb/wink.gif

I would use mod_rewrite to try to *adjust* what they receive... It's not 100% foolproof as it would depend on 'referrer' field...

I do this within the Apache server configuration itself...

Nice:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.pumpkindriver.com/.*$ [NC]
RewriteRule .*\.mid$ - [F]

Naughty:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.pumpkindriver.com/.*$ [NC]
RewriteRule .*\.mid$ taps.mid

Above is one of the many slick tricks you can do with mod_rewrite... http://www.aota.net/ubb/wink.gif

In a nutshell:
if other end doesn't send referrer field - do nothing
if other end does send referrer field - test to see if it's a local referrer - if yes do nothing
if no - rewrite any .mid file to taps.mid

--
Terra
sysAdmin
FutureQuest

p.s.

taps.mid should be something REALLY HUGE in file size... oh if you have a few megs to spare then a 5 meg .mid should help get the point across http://www.aota.net/ubb/wink.gif

[This message has been edited by Deb (edited 12-23-98).]

I am going to ask a related question that I probably shouldnt ask, but the evil grin got my creative juices flowing...Mind you, this is a dont try this at home kids question...but I cant resist. Could you conceivably use mod_rewrite to make that .mid access a ping execution file? (like on hostinvestigator) Then of course that file would specify someones ip add..etc, so that everytime they decided to abscond with files they would get pinged?


Zeb
Living in fantasy land...

Actually, yes you can... I can *easily* redirect the request to a CGI script...

I've got a *very* hostile EmailSiphon buster that I wrote to protect FutureQuest.net realm (all domains as well)...

Anything that comes in from the various types of EMail address siphons/harvesters out there, I fire this back at them... http://www.aota.net/ubb/wink.gif

I don't like spamming, and this was my little guerilla warfare tactic to curb our customers email addresses ending up on Spam lists...

http://www.futurequest.net/cgi-sys/Spammers/no-harvest.pl

It doesn't matter what site they hit, or which URL they start at -- if your domain is on FutureQuest, they will not get past this...

Just one of the many things that people just don't know about, that happens behind the scenes with FutureQuest... http://www.aota.net/ubb/wink.gif

--
Terra
sysAdmin
FutureQuest

------------------
www.FutureQuest.net (http://www.FutureQuest.net)
--The best way to predict the future is by inventing it--

I've got a *very* hostile EmailSiphon buster that I wrote to protect FutureQuest.net realm (all domains as well)...

That's why I love FQuest, y'all actually do stuff to help. The last host I was on said they stopped EmailSiphon from hitting us. Turned out they just added it to the robots.txt file (which, as we all know, emailsiphon ignores...).

I love this place!


------------------
Del
http://www.downinit.com/

Thanks for the replies.. I haven't figured out which path I will take, but I'm gonna do "something".. so there. http://www.pumpkindriver.com/tongue.gif

It doesn't matter what site they hit, or which URL they start at -- if your domain is on FutureQuest, they will not get past this...

You mean that many known email-grabbers will get your nice list of broken addresses?

That's a super-cool feature !!! Again, I'm glad to be hosted by FutureQuest.

Do you have more of this useful features that run behind the scenes?

Greetings from Bonn, Germany
[nbsp][nbsp]Meikel
http://www.tickerland.com
http://www.meikel.com

Ahhh, the others are fairly boring - you know, mundane sysadmin stuff... http://www.aota.net/ubb/wink.gif

--
Terra
sysAdmin
FutureQuest

terra - -
That was absolutely beautiful!!! I have a superfast connection (t1) and I never thought I would get through that list. That was as good as (and much more legal than) evoking the almighty "ping of death"!

Its beginning to look a lot like christmas.. http://www.aota.net/ubb/smile.gif


Zeb

MUHAHAHAHAHAHAHAHHAHAHAHAHA

Hey wassup with that reverse color smily - looks like it got a bit to close to the fire place!

Lea

later - oh duh its a tongue icon hahaha
what was it trying to lick the soot outa the fierplace? hehehe :Þ

[This message has been edited by pqwabbit (edited 12-23-98).]

hey whhy the fudge didnt mine work do I have to like use the lamo P for a tongue? :P adn is it the big P or the small p?

[This message has been edited by pqwabbit (edited 12-23-98).]

:p

[This message has been edited by pqwabbit (edited 12-23-98).]

ok I give up how do you make that blasted thing??!

[This message has been edited by pqwabbit (edited 12-23-98).]

Well, if you know what you're doing, you could reverse-spam the person taking your graphics, mid-files, etc..

If you detect someone stealing, go to their page, get their email address, and put it into a script that emails this every time someone accesses a stolen graphic..

"Someone just accessed a graphic you've stolen from me, and worse, used my account to serve graphic for you. You will continue to receive an email each and every time someone views the offending page until you take the graphic off your site."

"Thank you, and have a nice day."

Even if its only a moderate traffic site, it may be enough to cause them to think twice http://www.aota.net/ubb/wink.gif

I did have such a script once. The only drawback was that you needed to get their address.

Substituting another file for your graphic, midi, etc., works well and doesn't require detective work on your part http://www.aota.net/ubb/smile.gif

i have been trying to follow this conversation.. could someone break this down in simpler terms? I understand that you are trying to protect files from being used from your server.. but how is it you are doing that? *a simple sentence or two would do*

Heh Hearts I feel your pain http://www.aota.net/ubb/wink.gif

Imagine living with Terra for a day :P

What this accomplishes is sending the one stealing the bandwidth something they do not want.

For example:

Let's say you have a cute lil teddy bear image on your home page...
Then you find out someone is calling that image from your server and showing it on their homepage... this is them wasting your bandwidth....

via the tools above... for your page... teddy.gif works just fine and your visitors see the teddy bear...
But on the theif's page yourdomain.com/teddy.gif shows a great big 400 pixels wide 400 pixels high black image with big red text that says "YOU DO NOT HAVE PERMISSION TO VIEW THIS IMAGE"

Anotherwords.. you are telling the server to only serve your images to your site.. and if anyone else trys to make the server serve their sites also, the server will give them an ugly annoying surprise http://www.aota.net/ubb/wink.gif

Make more sense now?

Deb

------------------
Unlocking the Power of the Internet!
www.FutureQuest.net (http://www.FutureQuest.net)

hey Deb.. thanks.. but how do ya do that?? if I understand correctly.. one needs to know how to that CGI stuff right?

Well.. i took the lazy way out for my music collection.. i put them at tripod. *giggle*

But I would love to learn how to do what you are talking about. *new years resolution* http://www.aota.net/ubb/wink.gif

How do ya know if someone is stealing bandwidth? (as far as graphic images)
If someone does that to me I would love to be able to change the graphic they stole to my banner LOL

I saw this script listed at the following web site. Sounds like it would do the job when someone is linking to your graphics .... http://www.aota.net/ubb/wink.gif
It's called Bandwidth Bandit:
http://www.freeperlcode.com/guide/Miscellaneous/


------------------

Actually I have to chime in a bit on this one. Recently I discovered two of my own contributors stealing bandwidth. Nice huh? Funny part is that they were/are both stealing bandwidth in order to have my graphics linking back to my site. Kind of odd no?

Got one of the two to correct this, had to upload the graphics for the one to his web server (Tripod) for him since he's on WebTV. The other one, despite e-mail discussions about this practice, is still doing it. Person barely has a clue on how to make web pages let alone anything else. He has no understanding of what he's doing at all. This is my personal argument in favor of newbies reading how-to's and learning html & server protocols.

Sorry wanted to rant while I wait for that WebTV viewer to download.

Oh my actual contribution on the topic is the website WebGuard http://www.darklock.com/webguard/index.html





------------------
Armand (aka Joe)
joe@arcanumcafe.com
www.arcanumcafe.com (http://www.arcanumcafe.com)

"Where did I go today?"
micro-soft in the head

I'm coming in late, but I've seen some GIF sites that re-name their files daily to prevent the problem you have.

Armand, on your buddy who doesn't have a clue, I'd offer to edit his HTML and change his IMG SRC for him.

Tom I would do that for him, but the guy doesn't even understand the whole using graphics thing.

All the graphics on his page are via stolen bandwidth. He doesn't understands the concept of saving/creating graphics and uploading them to his own server.

I'm not about to maintain and create his site for him. I help as much as I can on the net, but that doesn't extend to maintaining someone's website for them.

Wrong Thread.
[This message has been edited by Brian (edited 08-18-00@08:29 am)]

I was just curious how specific this mod_rewrite method could be?[nbsp][nbsp]If your site is serving banners to people outside linking to your site, it would seem to be rather detrimental for a friendly site to be ambushed by your 100megabyte whistle-blowing siren-tooting theft .wav when in fact they're doing nothing wrong.

Jacob said, and IIf you detect someone stealing, go to their page, get their email address, and put it into a script that emails this every time someone accesses a stolen graphic... What happens when they install an auto-responder to send you an e-mail everytime your server sends an e-mail to him for everytime he uses a file? What happens when you install a counter-attacking auto-responder on your address to send him an e-mail every time you get an e-mail from him auto-responding to your server's automatic e-mail to him everytime he uses a file? :P

-Tatu