Anti Leech PHP Download

[fukachu]

Hey everyone,

just wondering can any1 help me out with this.. im trying to protect downloads on my site so people cant easily (without a download manager) get the url of my files. i want people to visit my site rather then download from links all over the net.

i have only got 1 script to work out of the many i have tried. that being Download Lite 1.4 www.stadtaus.com but that puts that persons url in the download file as an advertisment and i cant find a way to remove that. so im back to square one. needing to find a script.

i have no ability in php at all, otherwise i wouldnt be asking i guess. can some1 help me out. i have sspent probably 24hours of total time jsut sitting here installing different scripts and getting nowhere, so many tried so many failed and its frustrating.

if some1 knows a good script and can help me through getting it working on my site i would really appreciate it.

cheers

Fizical

[dnast]

It'll just block people whose browsers don't send the referrer data and people who intentionally turn that off. You shouldn't be blocking too many people by doing that.

[fukachu]

ok great thanks a lot for your help :) that was the big hurdel in getting my site ready for release.. thank you all very much for your help :)

[dan87]

Could I get some advice here...

I have a website that isn't hosting pictures, music, or video, but I am still concerned that some ass might run a download manager on my site just to mess with me, eating away at my bandwidth. Because of this I think the easiest way to prevent this problem would be to use .htaccess, since I am just using .html and .jpgs, and this way I can protect those images from over downloading. However, I ran accross this warning about using .htaccess, so i am unsure what I should use at this point

htaccess warning

Using the .htaccess method of anti-leech control is Pretty Wortthless and can often cause many problems for your website.

You may see htaccess code such as this claiming to provide anti-leech control for, in this case, gif jpg and png files.  What this code does is stop any request that was not referred from the yoursite.com domain name.

RewriteEngine On

RewriteBase /

RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com

RewriteRule [^/]+.(gif|jpg|png)$ http://www.yourdomain.com/error.gif [L]

The problem is this method relies on the http-referer code.  The referrer is sent by the client (browser).  That is the problem. Referrer is blocked by many firewalls and is not sent by many configurations.  So you may think you have stopped leeching problems, when what you have really done is block many people from seeing your website.

You can kid yourself into thinking it works, and run a test that shows it does.  But it only blocks people who are sending you can invalid referrer code.  Maybe better than nothing, but not much better.  All those people who get blockled will just go somewhere else assuming your website has too many errors since your images will not show.

To solve this problem, you see many examples like this:

RewriteEngine On

RewriteBase /

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com

RewriteRule [^/]+.(gif|jpg|png)$ http://www.yourdomain.com/error.gif [L]

The above example adds a line to let through any request which does not have a referrer code.  Yes, this does allow all those configurations which block referrer code to see your images.  However, if you open the door to allow anyone in with no referrer then you are watering down the protection to near worthless.

Then, to make matters worse, the referrer code can be easily faked anyway.

The htaccess anti-leech method is just plain Pretty Worthless.  Do not use it.

If you want to protect your images, consider using a watermark and denying access to the original unwatermarked copy.  You can find a watermark script and associated access control instructions this Tips & Scripts page.

If you are having trouble with a site leeching taking too much bandwidth, block that site.  You can find instructions for blocking traffic to your website on this Tips & Scripts page.

[fukachu]

Well unless there is a better solution im just going to direct invalid referals to an error.html which explains why they cant download the file. explain why i have done so and what they can do to get around it (turning firewall of, using another browser or something) but then again im not trying to block images which would be a problem for you because people wouldnt see the graphics on your site just text