Leeching files and Stealing Bandwidth please help

Nuke Soldier Joined: Mar 16, 2003 Posts: 12

Is they a file i can add to stop this ppl form Leeching my files and Stealing my Bandwidth

Major Joined: Jan 13, 2003 Posts: 892

There is a phpnuke downloads hack that adds a sec code to the downloads module for 6.0 I can't remember who did it so can't point ya to the link for it. Its a fairly good way to prevent leeching. yet allow non registered folks download.

Support Mod Joined: Mar 19, 2003 Posts: 308

garofwar wrote:

Is they a file i can add to stop this ppl form Leeching my files and Stealing my Bandwidth

Put it on 'Members only'

ciao,

luchtzak

Posted: Wed May 28, 2003 7:07 am

This is what we use.
http://www.andrewkimball.com/products/scripts/leecher.php

Works great.

Alos, if you KNOW who is leeching your files, you can use .htaccess file to somewhat protect them. But you would need to know the web address of the culprit.

mikem

Posted: Wed May 28, 2003 7:21 am

Hello,

Add one of the following codes to your .htaccess file.

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com [NC]
RewriteRule [^/]+.(gif|jpg)$ - [F]

If you have another domain you can insert the following underneath line 3:

Code:

RewriteCond %{HTTP_REFERER} !^http://www.yoursite2.com [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite2.com [NC]

If you wish to return an image, stating they're not permitted to access your images, modify this line:

Code:

RewriteRule [^/]+.(gif|jpg)$ - [F]

to these lines:

Code:

RewriteCond %{REQUEST_URI} !^/restricted_image.jpg
RewriteRule +.(gif|jpg|GIF|JPG)$ http://www.yoursite.com/hotlink.jpg

You do not need to capitalized alternates unless you have them on your server.

You can use most extensions, such as:

RewriteRule +.(gif|jpg|mp3|htm|html|php)$ - [F]

For sub domains

Code:

RewriteCond %{HTTP_REFERER} !^http://sub.yoursite.com/ [NC]
RewriteRule [^/]+.(gif|jpg)$ - [F]

If you have many subdomains, you can use this code:

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+)?yoursite.com/
RewriteRule +.(gif|jpg)$ - [F]

Posted: Wed May 28, 2003 7:57 am

Yeah that method works for the htaccess file. But it doesn't seem to work with zip extensions. Mostly it only works with image files. And if you change the Rewrite Rule to guard php and html files, then no one will be able to access any file with a php extension...umm like your Main page. Or won't it?

Here's the method in the .htaccess that can be used to BLOC a particular site that is leeching your files.

Code:

ErrorDocument 403 SetEnvIfNoCase http://www.YourSite.com/leech.html

SetEnvIfNoCase Referer "^http://www.LeechJerks.com/" BadReferrer

order deny,allow
deny from env=BadReferrer

What that does is block a particular site you specify with

Code:

SetEnvIfNoCase Referer "^http://www.LeechJerks.com/" BadReferrer

You can add more of those lines with more sites.
The page they will get will be a 403 error page so you can redirtect them to an html file on your server telling them they are leeching.

Code:

http://www.YourSite.com/leech.html

Here is what our leech page looks like. You can get really rude if you want to.
http://www.nukemods.com/images/leech/leech.html

We don't use the .htaccess file anymroe since we found that program I piosted above.

mikem

Posted: Thu May 29, 2003 11:12 am

mikem,

like the leech page.. made me feel Embarassed

just looking at it.. lol

Thnaks for all the input here.,..
although I don't have any leechers yet.. doesn't mean that I can't implement this Wink

Tank863

Posted: Thu May 29, 2003 2:02 pm

Good stuff People.

I never heard about that program before. Thanks for the tip, you saved me some work.

Lieutenant Joined: Mar 11, 2003 Posts: 180

how about this fellas...

how could i use .htaccess/httpd.conf to give full access to the files from http://www.csmapcentral.com, but require a username/password for ne1 else?? i just found out how to use basic http auth, but i dunno how i could allow *only* csmapcentral full access, and require login for everyone else...

i need it setup that way, so that the downloads still work for a remote installer that i created, and the installer software has support built in for basic http auth, which is why i'd like to use the httpd.conf method

Sergeant Joined: Apr 30, 2003 Posts: 122

foxyfemfem wrote:

Hello,

Add one of the following codes to your .htaccess file.

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com [NC]
RewriteRule [^/]+.(gif|jpg)$ - [F]

If you have another domain you can insert the following underneath line 3:

Code:

RewriteCond %{HTTP_REFERER} !^http://www.yoursite2.com [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite2.com [NC]

If you wish to return an image, stating they're not permitted to access your images, modify this line:

Code:

RewriteRule [^/]+.(gif|jpg)$ - [F]

to these lines:

Code:

RewriteCond %{REQUEST_URI} !^/restricted_image.jpg
RewriteRule +.(gif|jpg|GIF|JPG)$ http://www.yoursite.com/hotlink.jpg

You do not need to capitalized alternates unless you have them on your server.

You can use most extensions, such as:

RewriteRule +.(gif|jpg|mp3|htm|html|php)$ - [F]

For sub domains

Code:

RewriteCond %{HTTP_REFERER} !^http://sub.yoursite.com/ [NC]
RewriteRule [^/]+.(gif|jpg)$ - [F]

If you have many subdomains, you can use this code:

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+)?yoursite.com/
RewriteRule +.(gif|jpg)$ - [F]

I tried this on my site:

Code:

RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/modules/Gallery/gallery/OtherVideo/ [NC]
RewriteRule [^/]+.(wmv|rm|swf)$ - [F]

To protect my media files in the directory /OtherVideo from being hotlinked, but now the files won't even play from my own site.
Any ideas how I can make it work? So that it plays only from my site.

Nuke Cadet Joined: Dec 10, 2003 Posts: 7

i don't believe you need the whole path to OtherVideo at the end of yours....

try it as

Code:

RewriteCond %{HTTP_REFERER} !^http://www.mysite.com[NC]
RewriteRule [^/]+.(wmv|rm|swf)$ - [F]

Nuke Soldier Joined: Jan 14, 2004 Posts: 26

I think the solution presented by FoxyFemFem is the MOST elegant solution. The regular expression matching all capitalizations of JPEG|jpg|JPG|jpeg|gif|GIF|png|PNG should be sufficient to block the majority of your bandwidth thieves and allow for natural variations in your file extensions.

Hey, don't fool with adding php or html in that regular expression. There's no way people are going to steal your bandwidth by linking to html or php files. If it's your goal to prevent people framing your site inside of theirs, then you just need to add a header to all your php files that checks to see if it's being framed..

I think you're gonna get the best performance if you put this in the .htaccess file of the base directory that stores your image files. If you put this in httpd.conf, then your web server is gonna have to apply the regular expression check against every dang file served from anywhere on your site.

Hope this helps to back up what FoxyFemFem said.

di11rod

Sergeant Joined: Aug 16, 2003 Posts: 144

if you have CPanel turn on hotlinking

Nuke Cadet Joined: Apr 09, 2004 Posts: 1

A cluster of hacker web sites is sending millions of hits to a nonexistent image on our server.

The incoming hits and resulting error messages have consumed all our bandwidth.

How do we deflect (block) the incoming requests WITHOUT sending a bandwidth-eating error message?

Any guidance would be greatly appreciated.