Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/O Code)
 anti leech for images

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
   

T O P I C    R E V I E W
rasure Posted - 29 April 2007 : 12:56:01
Does any know of an anti leach script that can be integrated in to the snitz forum primarily to stop hot linking of images and be able to replace the hot linked image with a custom image for example "this image has been hotlink from site name"

Ideally I would like it to be able to work on subdirectories too, really for members photo gallery's.

any help, advice would be appreciated.<
13   L A T E S T    R E P L I E S    (Newest First)
master01 Posted - 24 July 2007 : 03:36:18
why dont you try the following link to find what you are looking for
forums.anti-leech.com<
rasure Posted - 15 July 2007 : 04:05:31
I haven't forgot about this, just been very short on time. I'm off work for 2 weeks next week so will get stuck into it then.

Many thanks.<
Sonic Posted - 26 May 2007 : 08:06:59
i found a little bug in my code....

if someone use a network traffic monitor like "wildpaket etherpeek"
and want to see a image he don't get the real image path

but yesterday i used a new programm for testing my site for security risks and sql and xss injections and this prog find my real image path... i was not lucky... but ok.... (prog was "Acunetix Web Vulerability Scanner")

so i decide to output the image as a server stream...
and i see it works more fine so no program can now get the real path...

new code to replace


'############### get image beginn

case "img"
Err_Msg = ""

FName = Request.QueryString("FName")
if Instr(FName,"/") then
UserFolder = Base64Decode(left(FName, Instr(FName,"/")-1))
FileName = right(FName, len(FName)-Instr(FName,"/"))
	
FilePath = Path & "\files\" & strFileSavePath & "\" & UserFolder & "\" & FileName
FName = Request.QueryString("FName")
FileName = right(FName, len(FName)-Instr(FName,"/"))
set fs=Server.CreateObject("Scripting.FileSystemObject") 
	
		If fs.FileExists(FilePath) then
		Set objFile = fs.GetFile(FilePath)
		Response.Clear()
		Response.Expires=-1 
		Response.Buffer = True
		Response.ContentType = "application/octet-stream"
		Response.AddHeader "content-disposition", "attachment;filename="&FileName
		Response.AddHeader "Content-Length", objFile.Size
		Response.AddHeader "Accept-Ranges","bytes"
		Response.Charset = "UTF-8"
		Set Stream = server.CreateObject("ADODB.Stream")
		Stream.Open
		Stream.Type = 1
		Stream.LoadFromFile FilePath
		Response.BinaryWrite Stream.Read()
		Response.Flush
		Stream.Close
		Set Stream = Nothing
		Set objFile = Nothing
		else 
		Response.Redirect ("../img/page/not_found.jpg")	
		End If
else 
Response.Redirect ("../img/page/not_found.jpg")	
End If

'############### get image end

by the way snitz forum software passes the"Acunetix Web Vulerability Scanner" check it shows 37 errors but these errors are not a failure of the asp code...

<
rasure Posted - 13 May 2007 : 15:38:37
Many thanks Sonic, I will let you know how it all goes once I've implemented it, I haven't had a great deal of time lately, but I appreciate all your replies and suggestions<
Sonic Posted - 09 May 2007 : 14:13:22
for the showing fotos use this:


make a file called getfile.aspand insert this:



<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="base64.asp"-->

<%
'############### site pass beginn
If InStr(Request.ServerVariables("HTTP_REFERER"),"pop_photo_view.asp") or _
	 InStr(Request.ServerVariables("HTTP_REFERER"),"photo_album_view.asp") then

'############### site pass end
select case Request.QueryString("view")


'############### get image beginn

case "img"

FName = Request.QueryString("FName")
if Instr(FName,"/") then
UserFolder = Base64Decode(left(FName, Instr(FName,"/")-1))
FileName = right(FName, len(FName)-Instr(FName,"/"))

Response.Redirect ("../uploaded/" & UserFolder & "/" & FileName & "")
else
Response.Redirect ("../img/page/not_found.jpg")	
end if

'############### get image end


'############### leacher beginn

case else
Response.Redirect ("../img/page/leacher.jpg")
end select

else
Response.Redirect ("../img/page/leacher.jpg")end If

'############### leacher end
%>


check the file pathes for your files (red marked)

==========================================

make a file called base64.aspand insert this:

<%
Const Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789~_"

Function Base64Encode(inData)
Dim cOut, sOut, I
  
For I = 1 To Len(inData) Step 3
Dim nGroup, pOut, sGroup

nGroup = &H10000 * Asc(Mid(inData, I, 1)) + _
			   &H100 * MyASC(Mid(inData, I + 1, 1)) + MyASC(Mid(inData, I + 2, 1))
nGroup = Oct(nGroup)
nGroup = String(8 - Len(nGroup), "0") & nGroup
pOut = Mid(Base64, CLng("&o" & Mid(nGroup, 1, 2)) + 1, 1) + _
	     Mid(Base64, CLng("&o" & Mid(nGroup, 3, 2)) + 1, 1) + _
       Mid(Base64, CLng("&o" & Mid(nGroup, 5, 2)) + 1, 1) + _
       Mid(Base64, CLng("&o" & Mid(nGroup, 7, 2)) + 1, 1)
sOut = sOut + pOut
Next

Select Case Len(inData) Mod 3
Case 1: '8 bit final
sOut = Left(sOut, Len(sOut) - 2) + "--"
Case 2: '16 bit final
sOut = Left(sOut, Len(sOut) - 1) + "-"
End Select

Base64Encode = sOut
End Function

Function MyASC(OneChar)
If OneChar = "" Then MyASC = 0 Else MyASC = Asc(OneChar)
End Function


Function Base64Decode(ByVal base64String)
Dim dataLength, sOut, groupBegin

base64String = Replace(base64String, vbCrLf, "")
base64String = Replace(base64String, vbTab, "")
base64String = Replace(base64String, " ", "")
  
dataLength = Len(base64String)
If dataLength Mod 4 <> 0 Then
Err.Raise 1, "Base64Decode", "Bad Base64 string."
Exit Function
End If
  
For groupBegin = 1 To dataLength Step 4
Dim numDataBytes, CharCounter, thisChar, thisData, nGroup, pOut
numDataBytes = 3
nGroup = 0

For CharCounter = 0 To 3
thisChar = Mid(base64String, groupBegin + CharCounter, 1)

If thisChar = "-" Then
numDataBytes = numDataBytes - 1
thisData = 0
Else
thisData = InStr(1, Base64, thisChar, vbBinaryCompare) - 1
End If

If thisData = -1 Then
Err.Raise 2, "Base64Decode", "Bad character In Base64 string."
Exit Function
End If

nGroup = 64 * nGroup + thisData
Next
    
nGroup = Hex(nGroup)
nGroup = String(6 - Len(nGroup), "0") & nGroup
pOut = Chr(CByte("&H" & Mid(nGroup, 1, 2))) + _
	     Chr(CByte("&H" & Mid(nGroup, 3, 2))) + _
  	   Chr(CByte("&H" & Mid(nGroup, 5, 2)))
sOut = sOut & Left(pOut, numDataBytes)
Next

Base64Decode = sOut
End Function
%>


i use it to encode the member id so it is not so easy to decode the real folder of a file. further i use a "file_save_path" (a another folder) so the real path of a file looks like this http://192.168.0.9/files/ds9f7sda9f70asd5chu/1/file.txt

==========================================

on the page you want to see the image

include the base 64 for encode the "member folder"
and replace the <img ....... > tag with the "getfile.asp......" tag
to show the image only if you come from a page witch are allowed to show the image


e.g.

<!--#INCLUDE FILE="base64.asp"-->

<img name='img' src="getfile.asp?view=img&FName=<% = Base64Encode(M_Name) %>/image_file_name.jpg>




<
rasure Posted - 07 May 2007 : 16:37:59
Sorry for not replying sooner I've been busy. Many thanks for all your replies, I will have a closer look when I get home tomorrow, thanks once again

Sonic, at a quick look the only problem I can see with it being used for a members gallery are the folders names for all members "folder_with_stored_images" since images are stored in individual folder names for each member ie /uploaded/rasure/ for my member name.

Unfortunately I don't have access to the server for DLL files<
Jezmeister Posted - 30 April 2007 : 18:29:47
All the same, I think the same advice should apply here as did for a fair while until the referer mod was incorporated into the main release... if any users have problems and complain tell them to "stop using crap software" or words to that effect anyway <
HuwR Posted - 30 April 2007 : 07:02:04
see my post above yours for cautions on using such scripts<
Sonic Posted - 30 April 2007 : 06:59:36
here is a light version of my anti leach script i use...
(i use it for the file attachment, picture album, images and downloads)
- it is the light version only for images

make a new file called: getfile.asp
store these lines in it:

<%
If InStr(Request.ServerVariables("HTTP_REFERER"),"topic.asp") or _
InStr(Request.ServerVariables("HTTP_REFERER"),"pop_preview.asp") or _
InStr(Request.ServerVariables("HTTP_REFERER"),"post.asp") then

FileName = Request.QueryString("FName")
Response.Redirect ("../img/folder_with_stored_images/" & FileName & "")
else
Response.Redirect ("../img/leacher.jpg")
end if
%>


and place the img tag to where you need:

<img src="getfile.asp?FName=imagetoshow.jpg">

if somebody view e.g. the topic page the image will displayed
if somebody copy the url he will get the leacher image...

=========================================================

if somebody like to have the full version of the antileacher mod (not published yet!) let me know <
HuwR Posted - 30 April 2007 : 06:54:34
unfortunate problem is that to work effectively it usese the http referrer which as we all know to well nasty programs like Norton don't transmit, so you may end up hiding your images from your own users<
pdrg Posted - 30 April 2007 : 06:50:47
What a great find!<
Podge Posted - 29 April 2007 : 14:59:39
Free dll - http://www.michaelbrumm.com/leechblocker.html<
HuwR Posted - 29 April 2007 : 13:58:38
the only way to do this effectively is either using a .net httphandler or an isapi dll<

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.04 seconds. Powered By: Snitz Forums 2000 Version 3.4.07