Author |
Topic  |
Gato
New Member

Brazil
92 Posts |
Posted - 23 September 2004 : 18:00:14
|
Well, I have been facing problems with users linking files and, specially, images from my site on another site. So, they use the stuff they upload on my site to display them on another site (like a free hosting provider).
I would like to know if I can use any code or iss config to prevent them from doing this. Like a mirroring check or somthing similar.
Let me know and thanks for your help.
See you |
Get the new Gato's MultiLanguage Portal Code with 6 Languages Included and more than 70 MODs & 30 New Features Get more information here |
|
Tiggerz
Starting Member
45 Posts |
Posted - 23 September 2004 : 18:14:36
|
Not sure how to do that - but deep linking is illegal in most countries. Breaks copyright laws. So it maybe worth while putting some kind of disclaimer in a signup notice or something. |
Edited by - Tiggerz on 23 September 2004 18:15:21 |
 |
|
-gary
Development Team Member
 
406 Posts |
Posted - 23 September 2004 : 18:21:09
|
There's no real easy way on Windows. There is the free Leechblock ISAPI filter, but it only checks the referer header. Stops embeding images, but a quick refresh defeats it. There is also another ISAPI filter called ColdLink, but it's like $100 and they weren't taking online orders the last time I looked, or I would've bought it.
Currently, I'm using an ASP script to protect my files. Members must use an [ attach ] function link to specifiy a file name. The files are stored in a directory that is never access from the outside world and all files are stored without extensions, since I know they're all JPEGs. The script checks to make sure the requester is a member and then reads the image in with the filesystem object and does a binary write to the browser with a JPEG mime type.
The next scheme I'm going to try and use is to create a virtual directory at server startup that changes every so often and store the name of the directory in the application space to write out whenever the attach function is called. The hot link would work for a while, but not for more than a day. |
KawiForums.com
 |
 |
|
Gato
New Member

Brazil
92 Posts |
Posted - 23 September 2004 : 18:41:43
|
nice idea. But it just goes fine with images, right? Can you give me a sample of your code.
Thanks for your suggestions and for sharing ideas.
Its really aprecciated. |
Get the new Gato's MultiLanguage Portal Code with 6 Languages Included and more than 70 MODs & 30 New Features Get more information here |
 |
|
-gary
Development Team Member
 
406 Posts |
Posted - 24 September 2004 : 12:43:45
|
Here's my attachment code in full. I only allow image uploads, so that's all I deal with here and there's a bunch of code in there for displaying the user a thumbnail in their selected size, so just ignore that. This would work just as easily with any type of file as long as you set the meta type to the correct format. Would be a problem in Win2003 with files over 7MB though because of the ASP buffer size limit problem. I do a lot of disk checking that I'm going to take out in the next update, but performance wise I currently don't see any real hits even on pages with 20 images.
<!-- METADATA TYPE="typelib" UUID="00000205-0000-0010-8000-00AA006D2EA4" NAME="ADODB Type Library" -->
<%
'on error resume next
if Request.QueryString("strKey") = Application("dtAttachKey") then
Dim objStream : Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Type = adTypeBinary
objStream.Open
Response.Buffer = False
if session("M_NAME") <> "" then
strFile = Request.QueryString("strFile")
intImageMemberID = left(strFile, instr(strFile, "-")-1)
if Request.QueryString("intMax") = "1" then
intSize = 0
elseif IsNumeric(Request.QueryString("size")) then
intSize = Request.QueryString("size")
else
intSize = session("M_CIMAGESIZE")
end if
strDisplayFile = Server.MapPath(Application("/strTopicUploadPath") & intImageMemberID & "/" & intSize & "/" & strFile & "-" & intSize)
if not IsFile(strDisplayFile) then
for i = intSize + 1 to 5
if IsFile(Server.MapPath(Application("/strTopicUploadPath") & intImageMemberID & "/" & i & "/" & strFile & "-" & i)) then
strDisplayFile = Server.MapPath(Application("/strTopicUploadPath") & intImageMemberID & "/" & i & "/" & strFile & "-" & i)
exit for
end if
next
end if
if not IsFile(strDisplayFile) then
strDisplayFile = Server.MapPath(Application("/strTopicUploadPath") & intImageMemberID & "/0/" & strFile & "-0")
end if
if IsFile(strDisplayFile) then
objStream.LoadFromFile(strDisplayFile)
else
strDisplayFile = Server.MapPath(Application("/strImageURL") & "attachment_not_found.jpg")
objStream.LoadFromFile(strDisplayFile)
end if
else
strDisplayFile = Server.MapPath(Application("/strImageURL") & "no_view.jpg")
objStream.LoadFromFile(strDisplayFile)
end if
Response.AddHeader "Content-Disposition", "attachment; filename=" & right(strFile, len(strFile)-instr(strFile, "-")) & ".jpg"
Response.AddHeader "Content-Length", sizefile(strDisplayFile)
Response.ContentType = "image/jpeg"
Response.Charset = "UTF-8"
Response.BinaryWrite objStream.Read
objStream.Close
set objStream = Nothing
end if
%>
|
KawiForums.com
 |
 |
|
-gary
Development Team Member
 
406 Posts |
Posted - 24 September 2004 : 12:46:31
|
I should've pointed out the Application("dtAttachKey") variable is a timestamp stored at application startup, so any hot links that do not have the correct timestamp are ignored without any kind of member checking and no overhead involved in returning the not found or no view images. |
KawiForums.com
 |
 |
|
CarKnee
Junior Member
 
USA
297 Posts |
Posted - 24 September 2004 : 14:10:49
|
I am using an ASP.NET HttpHandler to prevent the image from being displayed to people that do not have my domain in the referrer information. Rather than seeing the image they expect you see, they see an image that says "No external linking from my domain.com" (Note that this causes a few emails from people who use Norton Internet Security and see the no linking image on my site. )
In order to use an HttpHandler you need to have ASP.NET on the server, map .jpg files to the aspnet_isapi.dll with IIS, and add the verb to your web.config file at the root of the application (web site). Here is one of MANY articles on it: http://www.uberasp.net/getarticle.aspx?id=13 |
 |
 |
|
Gato
New Member

Brazil
92 Posts |
Posted - 24 September 2004 : 15:57:30
|
Thanks a lot. I will read everything and see if I can implement it
This will help me a lot...
see you |
Get the new Gato's MultiLanguage Portal Code with 6 Languages Included and more than 70 MODs & 30 New Features Get more information here |
 |
|
Gargoyle
Junior Member
 
USA
280 Posts |
|
Gato
New Member

Brazil
92 Posts |
Posted - 24 September 2004 : 17:19:06
|
Great. I will test it together with the ISAPI_REWRITE software, then I will see what goes better
see you |
Get the new Gato's MultiLanguage Portal Code with 6 Languages Included and more than 70 MODs & 30 New Features Get more information here |
 |
|
sy
Average Member
  
United Kingdom
638 Posts |
Posted - 25 September 2004 : 11:20:12
|
This is an informative topic!
There is also a way to substitute the images people are stealing with a 'stolen' replacement image (instead of what they think they are getting, an image with a warning and your URL, or ZIP archive with one 'readme' file pointing people back to the original site), rather than disallowing access entirely.
I had this problem, and the replacements (with original URL) converted many visitors to the original site, maybe a different approach, but good topic :) |
The pessimist complains about the wind; the optimist expects it to change; the realist adjusts the sails
|
 |
|
Gato
New Member

Brazil
92 Posts |
Posted - 25 September 2004 : 11:41:45
|
What would be this way?
Thanks |
Get the new Gato's MultiLanguage Portal Code with 6 Languages Included and more than 70 MODs & 30 New Features Get more information here |
 |
|
-gary
Development Team Member
 
406 Posts |
Posted - 25 September 2004 : 15:42:11
|
My function can do the same thing. Instead of returning nothing when the verification key doesn't match, you can return an image. It does this when non-members try a view an image from the site, it returns the no_view.jpg that says they must be logged in to view attachments.
Much easier methods than I used above, but mine also requires no components and no .NET. All you need is access to the filesystem object to read in the files. |
KawiForums.com
 |
 |
|
dayve
Forum Moderator
    
USA
5820 Posts |
Posted - 01 December 2004 : 23:47:31
|
-gary, can you explain exactly where it is your script is supposed to be plugged in at. I think I follow but I'm not quite sure on what it happening. Thanks. |
|
 |
|
Podge
Support Moderator
    
Ireland
3776 Posts |
|
-gary
Development Team Member
 
406 Posts |
Posted - 02 December 2004 : 10:37:33
|
quote: Originally posted by dayve
-gary, can you explain exactly where it is your script is supposed to be plugged in at. I think I follow but I'm not quite sure on what it happening. Thanks.
Above is the attachment.asp file. It's used in an <img> tag like <img src="attachment.asp?id=1"> It checks your permission, loads the file and writes out the mime type before doing a binary write to display the image. So each attached image in a post calls the script to check for access, the existence of the file and which size thumbnail the user wants to see. I convert all uploads to JPEG, so I only need the one mime type.
quote: Originally posted by Podge
This is a free component that might also do the job for you - http://www.michaelbrumm.com/leechblocker.html
But like I said in post #3, it only checks referers, so all you have to do is hit refresh to defeat it. |
KawiForums.com
 |
 |
|
Topic  |
|