Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Protect Your Images!
 New Topic  Topic Locked
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

@tomic
Senior Member

USA
1790 Posts

Posted - 16 September 2002 :  04:14:55  Show Profile  Visit @tomic's Homepage  Send @tomic an ICQ Message
I decided to go ahead and use this code to protects ALL images and it is super
easy. You can do it too. Add a page called geticon.asp to the root of your
website. Not your forum. One level above that. Use the following code for
geticon.asp:
<% Option Explicit

'Get where the request came from
Dim strBuffer, FilePath
strBuffer = Request.ServerVariables("HTTP_REFERER")
strBuffer = mid(strBuffer, InStr(strBuffer,".") + 1)
strBuffer = left(strBuffer, InStr(strBuffer, "/") - 1)

'Specify the path we should be served from
' (This can be another web site (http://www.site2.com) or
' some directory where the web surfer will not expect to
' find your images...
FilePath = "/HIDDEN/"

'Test to see if we should serve the file or not
' Enter your domain name here without the www
If strBuffer = "mysite.com" then

'The Image can be served
FilePath = FilePath + Request.QueryString("FName")

Else

'They are trying to leach our file!!
FilePath = "/images/leecher.gif"

End If

'Send them to the appropriate file
Response.Redirect(FilePath)

%>

Go to inc_iconfiles.asp

Find:

getCurrentIcon = "<img src=""" & strTempImageUrl & tmpicons(0) & """" & fWidth & fHeight & " border=""0"" alt=""" & fAltText & """ title=""" & fAltText & """" & fOtherTags & " />"


And change it to:

getCurrentIcon = "<img src=""/geticon.asp?FName=" & tmpicons(0) & """" & fWidth & fHeight & " border=""0"" alt=""" & fAltText & """ title=""" & fAltText & """" & fOtherTags & " />"


This assumes that your icons referred to in inc_iconfiles.asp are in a folder called hidden.

What this mod does is creates image links that look like geticon.asp?FName=icon_folder.gif etc.
It does not stop anyone from right clicking and saving your images. But if you make an image
called leecher.gif with an appropriate message and put it in a folder called images someone
that tries to link to one of your image gets only leecher.gif. So they can't drain your bandwidth
away.

Some could still link to your image if they can guess the path to the file. So if you create a
less obvious name for your image folder the chances are slim this will happen.

@tomic

SportsBettingAcumen.com

Edited by - @tomic on 16 September 2002 04:19:51

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 16 September 2002 :  05:02:05  Show Profile  Visit HuwR's Homepage
useful, but not fool proof, since all they have to do is guess your directory structure to figure out where the files actually are, since you are passing its name around anyway.

The only safe way t do this for certain is to use an isapi dll which catches the request and diverts it first, otherwise after guessing your path structure, anyone could just link directly to the files
Go to Top of Page

@tomic
Senior Member

USA
1790 Posts

Posted - 16 September 2002 :  05:07:03  Show Profile  Visit @tomic's Homepage  Send @tomic an ICQ Message
quote:
useful, but not fool proof, since all they have to do is guess your directory structure to figure out where the files actually are, since you are passing its name around anyway.


Precisely. That's why I suggested an unusual image folder name.

@tomic

SportsBettingAcumen.com
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 16 September 2002 :  05:09:27  Show Profile  Visit HuwR's Homepage
but won't your paths just show up in a view source on the page in ie ?
Go to Top of Page

@tomic
Senior Member

USA
1790 Posts

Posted - 16 September 2002 :  05:12:46  Show Profile  Visit @tomic's Homepage  Send @tomic an ICQ Message
No. The avatar image tag ends up looking like this:

<img src="/getimage.asp?FName=imagename.gif" width="64" height="64" border="0">

I just got that from a view source from a page with avatars.

@tomic

SportsBettingAcumen.com

Edited by - @tomic on 16 September 2002 05:14:15
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 16 September 2002 :  05:47:25  Show Profile  Visit HuwR's Homepage
I only voiced my warning, because I have a site on my server which did this, they ended up getting charged for over 60Gb of files which someone leeched out of their directory, so I know from first hand that it is not a very effective way of doing it.

Go to Top of Page

Sandro
Starting Member

Belgium
26 Posts

Posted - 16 September 2002 :  10:14:14  Show Profile  Visit Sandro's Homepage
with a packet analyser you can easily find the real location of the images.
Go to Top of Page

@tomic
Senior Member

USA
1790 Posts

Posted - 16 September 2002 :  12:00:01  Show Profile  Visit @tomic's Homepage  Send @tomic an ICQ Message
quote:
with a packet analyser you can easily find the real location of the images.


Yes I am sure there are ways of finding the location. I am only concerned with the average user for now which, so far, is all I have had to deal with. This would probably stop 99.9% of leechers. For the other .01% I would still check my logs.

@tomic

SportsBettingAcumen.com
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 16 September 2002 :  12:53:26  Show Profile  Visit HuwR's Homepage
checking your logs is a bit later after the fact.
Go to Top of Page

@tomic
Senior Member

USA
1790 Posts

Posted - 16 September 2002 :  13:00:49  Show Profile  Visit @tomic's Homepage  Send @tomic an ICQ Message
I check them every day and assuming you can't use a isapi dll what would you suggest?

@tomic

SportsBettingAcumen.com
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 16 September 2002 :  13:05:09  Show Profile  Visit HuwR's Homepage
there is no other way to do it effectively since you need to trap a request for an image file, something you can't do in code.
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 16 September 2002 :  13:34:19  Show Profile  Visit dayve's Homepage
there are tools out there like the one that can be found at
http://www.iconico.com that allows you to easily strip images,
scripts, stylesheets, the works from ANY web site. it is an
extremely useful development tool but I have been inclined to use it
for other reasons, such as checking out someones stylesheets and
getting images.

the tool can be downloaded here:

http://www.iconico.com/webtool/


Edited by - dayve on 16 September 2002 13:34:38
Go to Top of Page

@tomic
Senior Member

USA
1790 Posts

Posted - 16 September 2002 :  14:18:13  Show Profile  Visit @tomic's Homepage  Send @tomic an ICQ Message
I am unconcerned with someone saving my images. I am just trying to
stop the average user from linking to my images. Yes, you can get
around it but you still lock your home up even though a dedicated
thief can still gain entry right?

@tomic

SportsBettingAcumen.com

Edited by - @tomic on 16 September 2002 14:18:40
Go to Top of Page

BWJM
Junior Member

Canada
193 Posts

Posted - 16 September 2002 :  14:30:45  Show Profile
@tomic: Roughly about a year ago, I was using a server component called ShotGraph which created images via ASP code. It was pretyy cool. But that's not the point... The point is in the way that these images were output to the browser. They utilized something like Response.BinaryWrite which is a procedure of the common Response ASP object. Using this technique, a user would not be able to right click on the displayed graphic and see the true location (eg: /hiddenfolder/myimg.gif) as in your solution above but would see the URL of hte ASP file. As far as the browser is concerned, that ASP file is thte graphic, rather than the ASP file telling the browser where to find the graphic.

I've got some source code at home which I believe illustrates this method very well and I will try remember to post it later today. In the meantime, feel free to look up the details of the Response.BinaryWrite procedure.

Of cource, this method will still not prevent users from right-clicking on the graphic and saving it to their HDDs. :-/ Any image which is displayed can be saved.

Go to Top of Page

@tomic
Senior Member

USA
1790 Posts

Posted - 16 September 2002 :  14:59:34  Show Profile  Visit @tomic's Homepage  Send @tomic an ICQ Message
I was playing around with BinaryWrite via ASPImage last night and it was going great until I realized GIF was not supported. But once again, the point of this code is to help people create a first line of defense from image leeching that can't use server components. It's not perfect but it beats having no defense at all. I can use a component myself, but i wanted to attempt to help those that do not have this option.

@tomic

SportsBettingAcumen.com
Go to Top of Page

Aaron S.
Average Member

USA
985 Posts

Posted - 16 September 2002 :  15:09:28  Show Profile  Visit Aaron S.'s Homepage
Is there code that could be added to store the website URL that is requesting the image (so you would know which sites were offenders)?

--Aaron


DOWNLOAD GREAT NEW MODS HERE
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.26 seconds. Powered By: Snitz Forums 2000 Version 3.4.07