|
ANTI-HOTLINKING tutorial
- FOR VIDEOS -
ok as requested i will post source here.. you are welcome to clean up the code. I have posted the easiest method here as an example , there are quite a few additional things you can add to provide more security.. ok here goes for this example were assuming you have a folder called protected on your server EXAMPLE yourserver.com/protected/ so lets start off with making a folder called "protected" on your server. Inside that folder should be 2 folders , one we will call "videos" and another we will call "secret" paths should look like this yourserver.com/protected/videos and yourserver.com/protected/secret ok save the following as ".htaccess" and upload to the folder called "videos" Code:
rewriteengine onok now copy the following code and save as index.php in the folder "protected" Code:
<?phpCode:
<?phpok now all your video links should now point to yourserver.com/protected/videos/example.wmv in order for the videos to work the surfer will have to have seen the following image yourserver.com/protected/videos/access.jpg so if your doing fhg's you should put that image on every page somehwere , doesnt matter the size so if you just wanna make it a hidden image you could zero the width/height. Or you could tie the forward in the img.php to a banner you should put a file called x.wmv in the "protected" directory to represent the default BAD VIDEO or you can simply modify the link to a website " ps i recommend using a flash file here because if the user is trying to hotlink your video in a website it would just show a dead video , wheras if you use a flash file as the link it would play your flash video when they try and hotlink it In the img.php you should point to a small picture or you can tie this into a banner. what the img.php is for is a security check to make sure the user has viewed the picture first. , when the image is viewed it logs your ip to the log.dat file , when a user attempts to view the video it checks the log.dat to make sure your ip is found. if not it sends to the x.wmv , if it is found it sends you to the proper videos The REAL videos should go in the "secret" folder as pointed in index.php. The real video url could be detected so its essential you rename this every now and then in the index.php and the actual folder.. you wont have to change your existing links on your pages at all , just the folder and the pointer in the index.php p.s. as i mentioned , there are quite a few things you can do to make this more dynamic, i'm more than happy to help anyone with specific customization. for ease of use i have posted the easiest method for fastest load If you have any q's ask If you make a cool mod to this please share / post |
I Heart You Smokey!
|
Good tip Smokey.. While I know this protects from direct linking, do you feel doing it this way creates less .htaccess / video playing problems?
I use a script to create symlinks with a random dir name, that can only be called by the root domain. However if your way makes videos work without any issues related to the .htaccess files - then this is better way to link the videos for serps. |
Gotta bookmark this and try it when I get back home.
|
Quote:
well in the example posted i forgot to mention it only covers .wmv if you wanted it to cover multiple filetypes in the same folder you might have problems, gotta make a few mods for that |
thread bookmarked trhanks
|
This is very cool. I'm looking forward to your modifactions to protect the other videos.
So far I've been embedding my videos in flash files to stave off hotlinkers this looks like it will be far less labor intensive. -A |
you have to remove ips at some point from the log files? otherwise it will keep growing till it kills apache?
|
very nice tutorials.
*bookmarked!* :) |
Quote:
|
Quote:
edit lol i see your reply now whoops |
ok heres how you modify it to do multiple filetypes
the htacess should look like this notice how it has a line for wmv and mpg, just copy that line and modify for the filetypes you need to add Code:
rewriteengine on Code:
|
Once again kick ass work Smokey!!!
|
I need AHL installed on my server but they dont exist anymore. :(
How does this compare to AHL? I really enjoyed the feature that would allow cheaters to hotlink my movies for a certain set time and after that time as passed it would redirect their traffic to wherever I wanted. |
Had to bump this thread since it's a good one! For those that want to use it for gallery submitting it may not be ideal since some TGP scripts will get sent to the hotlink video.
|
nice, like to see programming that solves a problem simply and by thinking out of the box :thumbsup
|
Great tutorials. Very helpful.
|
You do realize that you can access the videos directly (bypassing the PHP scripts):
http://www.yoursite.com/protected/secret/video1.wmv etc. And you do realize that all the redirections will reveal the "secret" directory, right? It would take someone reasonably technical about 7 seconds to figure this all out, and then they would hot link directly to the "secret" videos and you'd continue on thinking you're "protected". (sigh) One suggestion - you could serve up the thumbs/videos through the PHP script, but that's got its own problems. You need to look into a token system that's built into Apache -- *not* PHP, which only protects HTML/PHP files, does not protect content. Note: this does not require any special software to do. (hint: mod_rewrite and cookies) |
Hey Smokey, we <3 u
|
Quote:
All I need to make a full mirror from every shitty site :upsidedow:) |
Thanks for nice tutorial...
|
Smokey, do you know of a way to block these Russian bastards that are doing shit like this:
http://www.redlips.ru/cat/anal/2.htm normal htaccess shit doesn't work, has my host stumped as well...they're using java or some kind of frame. |
Quote:
this allows you to change the directory of the video without changin the hardcoded url. so if some clever joe like yourself tries to copy the final video url then i change the directory structure i then get to steal all your traffic , unless you want to change all your hardcoded urls all the time |
Quote:
|
Quote:
Quote:
|
That Smokey is one smart cookie
|
Resource post FTW. Good job, Smokey!
|
Quote:
My point is, security through obscurity is not really security. Better to design the thing right the first time and not have to touch it again. |
Quote:
|
Quote:
|
Quote:
Quote:
Quote:
the point was to think outside the box. you cant have it both ways. best for se, best for antihotlinking and the best for making money , go ahead show us the script on gfy for free and write a tutorial , i will say kudos to you.:thumbsup I would rather give someone the plate and have them choose their own food, rather than give them a plate of food and tell them what to eat :) |
Quote:
simple fact is most hotlinkers arent doing it on an individual basis , they arent going to write some crazy script to spider my site for auto rotating directory changing if they did i would simply cron job rotate the directory paths every 5 mins then pick you off like a cherry when i see your script doing the same. The example was meant to be simple so people could modify at as they see fit, to either add additional security or not.. so sure yes some crazy script could allow someone to hotlink my videos if they use ip shifting crawlers that i somehow cant stop, right now most people use nothing, in my book something is one step ahead of nothing :thumbsup and something that costs nothing , saves you money and makes you money at the same time, has to be better than the alternative of NOTHING. |
| All times are GMT -7. The time now is 03:12 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123