Author |
Topic |
@tomic
Senior Member
USA
1790 Posts |
Posted - 16 September 2002 : 04:14:55
|
I decided to go ahead and use this code to protects ALL images and it is super easy. You can do it too. Add a page called geticon.asp to the root of your website. Not your forum. One level above that. Use the following code for geticon.asp:
<% Option Explicit
'Get where the request came from
Dim strBuffer, FilePath
strBuffer = Request.ServerVariables("HTTP_REFERER")
strBuffer = mid(strBuffer, InStr(strBuffer,".") + 1)
strBuffer = left(strBuffer, InStr(strBuffer, "/") - 1)
'Specify the path we should be served from
' (This can be another web site (http://www.site2.com) or
' some directory where the web surfer will not expect to
' find your images...
FilePath = "/HIDDEN/"
'Test to see if we should serve the file or not
' Enter your domain name here without the www
If strBuffer = "mysite.com" then
'The Image can be served
FilePath = FilePath + Request.QueryString("FName")
Else
'They are trying to leach our file!!
FilePath = "/images/leecher.gif"
End If
'Send them to the appropriate file
Response.Redirect(FilePath)
%> Go to inc_iconfiles.asp
Find:
getCurrentIcon = "<img src=""" & strTempImageUrl & tmpicons(0) & """" & fWidth & fHeight & " border=""0"" alt=""" & fAltText & """ title=""" & fAltText & """" & fOtherTags & " />"
And change it to:
getCurrentIcon = "<img src=""/geticon.asp?FName=" & tmpicons(0) & """" & fWidth & fHeight & " border=""0"" alt=""" & fAltText & """ title=""" & fAltText & """" & fOtherTags & " />"
This assumes that your icons referred to in inc_iconfiles.asp are in a folder called hidden.
What this mod does is creates image links that look like geticon.asp?FName=icon_folder.gif etc. It does not stop anyone from right clicking and saving your images. But if you make an image called leecher.gif with an appropriate message and put it in a folder called images someone that tries to link to one of your image gets only leecher.gif. So they can't drain your bandwidth away.
Some could still link to your image if they can guess the path to the file. So if you create a less obvious name for your image folder the chances are slim this will happen.
@tomic |
SportsBettingAcumen.com |
Edited by - @tomic on 16 September 2002 04:19:51 |
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 16 September 2002 : 05:02:05
|
useful, but not fool proof, since all they have to do is guess your directory structure to figure out where the files actually are, since you are passing its name around anyway.
The only safe way t do this for certain is to use an isapi dll which catches the request and diverts it first, otherwise after guessing your path structure, anyone could just link directly to the files |
|
|
@tomic
Senior Member
USA
1790 Posts |
Posted - 16 September 2002 : 05:07:03
|
quote: useful, but not fool proof, since all they have to do is guess your directory structure to figure out where the files actually are, since you are passing its name around anyway.
Precisely. That's why I suggested an unusual image folder name.
@tomic |
SportsBettingAcumen.com |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 16 September 2002 : 05:09:27
|
but won't your paths just show up in a view source on the page in ie ? |
|
|
@tomic
Senior Member
USA
1790 Posts |
Posted - 16 September 2002 : 05:12:46
|
No. The avatar image tag ends up looking like this:
<img src="/getimage.asp?FName=imagename.gif" width="64" height="64" border="0">
I just got that from a view source from a page with avatars.
@tomic |
SportsBettingAcumen.com |
Edited by - @tomic on 16 September 2002 05:14:15 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 16 September 2002 : 05:47:25
|
I only voiced my warning, because I have a site on my server which did this, they ended up getting charged for over 60Gb of files which someone leeched out of their directory, so I know from first hand that it is not a very effective way of doing it.
|
|
|
Sandro
Starting Member
Belgium
26 Posts |
Posted - 16 September 2002 : 10:14:14
|
with a packet analyser you can easily find the real location of the images. |
|
|
@tomic
Senior Member
USA
1790 Posts |
Posted - 16 September 2002 : 12:00:01
|
quote: with a packet analyser you can easily find the real location of the images.
Yes I am sure there are ways of finding the location. I am only concerned with the average user for now which, so far, is all I have had to deal with. This would probably stop 99.9% of leechers. For the other .01% I would still check my logs.
@tomic |
SportsBettingAcumen.com |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 16 September 2002 : 12:53:26
|
checking your logs is a bit later after the fact. |
|
|
@tomic
Senior Member
USA
1790 Posts |
Posted - 16 September 2002 : 13:00:49
|
I check them every day and assuming you can't use a isapi dll what would you suggest?
@tomic |
SportsBettingAcumen.com |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 16 September 2002 : 13:05:09
|
there is no other way to do it effectively since you need to trap a request for an image file, something you can't do in code. |
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 16 September 2002 : 13:34:19
|
there are tools out there like the one that can be found at http://www.iconico.com that allows you to easily strip images, scripts, stylesheets, the works from ANY web site. it is an extremely useful development tool but I have been inclined to use it for other reasons, such as checking out someones stylesheets and getting images.
the tool can be downloaded here:
http://www.iconico.com/webtool/ |
|
Edited by - dayve on 16 September 2002 13:34:38 |
|
|
@tomic
Senior Member
USA
1790 Posts |
Posted - 16 September 2002 : 14:18:13
|
I am unconcerned with someone saving my images. I am just trying to stop the average user from linking to my images. Yes, you can get around it but you still lock your home up even though a dedicated thief can still gain entry right?
@tomic |
SportsBettingAcumen.com |
Edited by - @tomic on 16 September 2002 14:18:40 |
|
|
BWJM
Junior Member
Canada
193 Posts |
Posted - 16 September 2002 : 14:30:45
|
@tomic: Roughly about a year ago, I was using a server component called ShotGraph which created images via ASP code. It was pretyy cool. But that's not the point... The point is in the way that these images were output to the browser. They utilized something like Response.BinaryWrite which is a procedure of the common Response ASP object. Using this technique, a user would not be able to right click on the displayed graphic and see the true location (eg: /hiddenfolder/myimg.gif) as in your solution above but would see the URL of hte ASP file. As far as the browser is concerned, that ASP file is thte graphic, rather than the ASP file telling the browser where to find the graphic.
I've got some source code at home which I believe illustrates this method very well and I will try remember to post it later today. In the meantime, feel free to look up the details of the Response.BinaryWrite procedure.
Of cource, this method will still not prevent users from right-clicking on the graphic and saving it to their HDDs. :-/ Any image which is displayed can be saved. |
|
|
|
@tomic
Senior Member
USA
1790 Posts |
Posted - 16 September 2002 : 14:59:34
|
I was playing around with BinaryWrite via ASPImage last night and it was going great until I realized GIF was not supported. But once again, the point of this code is to help people create a first line of defense from image leeching that can't use server components. It's not perfect but it beats having no defense at all. I can use a component myself, but i wanted to attempt to help those that do not have this option.
@tomic |
SportsBettingAcumen.com |
|
|
Aaron S.
Average Member
USA
985 Posts |
Posted - 16 September 2002 : 15:09:28
|
Is there code that could be added to store the website URL that is requesting the image (so you would know which sites were offenders)?
--Aaron
|
DOWNLOAD GREAT NEW MODS HERE |
|
|
Topic |
|