#87768
06/22/2003 11:18 PM
|
Joined: Jun 2001
Posts: 729
Coder
|
Coder
Joined: Jun 2001
Posts: 729 |
In your .htaccess file This will return a 403 forbidden error. [/code]This replaces the linked image with one of your choosing. [code] In both examples replace YourDomain with either your domain or your hosts.
|
|
|
#87769
06/23/2003 6:50 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
That's what I use: [/code]loggin.cgi:
</pre></div></div>now when someone tries to access images, they get a picture. when they try to access other files, they get an HTML page telling them it's not allowed. it's also logged:<br>[code]
|
|
|
#87770
06/23/2003 9:40 AM
|
Joined: Nov 2002
Posts: 188
Member
|
Member
Joined: Nov 2002
Posts: 188 |
Where do I find an .htaccess file, or do I simply need to create it and place it in a specific directory..?
|
|
|
#87771
06/23/2003 9:57 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
If your server is Apache, you just create it and upload it to the directory. if it's not apache, you can't use it...
|
|
|
#87772
06/23/2003 10:12 AM
|
Joined: Jun 2001
Posts: 729
Coder
|
Coder
Joined: Jun 2001
Posts: 729 |
Nice LK. I'll be adding this For Windows you could use this: http://www.nncron.ru/ For those that use *NIX and do not have access to CRON here is a solution for you as well. http://www.smarterscripts.com/cron/ Remember .htacess is very powerful but if you mae a simple synactical mistake it will render your site from being able to be accessed and it is possible to send it in to an indefinite loop as well so be careful you do not make redundent inclusions. The full file name as it is just an extension and can be placed in any directory. Also the file should be uploaded in ASCii and by default works recursivly. The file should be chmoded to 644 so that it is not access able via a web browser which is also done by: [/code]I also use .htaccess to direct to custom error pages:
[code]
|
|
|
#87773
06/23/2003 10:21 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
yeah... in my hacks page, I use it for DirectoryIndex: [/code]and for simply redirecting (in an inside directory):[code]
|
|
|
#87774
06/23/2003 10:58 AM
|
Joined: Jun 2001
Posts: 729
Coder
|
Coder
Joined: Jun 2001
Posts: 729 |
I know this has been mentioned many times in securing stuff like cp.cgi but thought since we are noting the many inclusions that it was worth mentioning again. For restricting access to certain files I use: This is placed in the directory you are trying to protect. [/code].htpassword This can be located anywhere on your server. [code] For further security I use .crypt so that the password is not readily leigable.
|
|
|
#87775
06/23/2003 6:54 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
quote: Originally posted by 1QuickSI: This replaces the linked image with one of your choosing. [code][/code]In both examples replace YourDomain with either your domain or your hosts. Would this one (I added the swf) be a good one to keep people from hotlinking your games files?
|
|
|
#87776
06/25/2003 11:56 AM
|
Joined: Apr 2002
Posts: 111
Member
|
Member
Joined: Apr 2002
Posts: 111 |
[spam] I wanted to know who was hotlinking to our files, and trawling through the logs was a pain. I made a PHP script that uses PgSQL as storage, and is managed by a webpage, and at a glance you can see who's hotlinking to what, and allow or block domains. (By Default they get an image you set as the default, but blocking allows you to replace the image with something else, a 65Kx65K gif that one of our staff created is a favourite ) It also gives stats on top hotlinkers etc... Some piccies: Main Page Stats Page Homepage for my little project is: here [/spam] LK's logging is pretty good for smallish sites, but when you're getting >150 hotlinking requests per day, that file is going to fill up pretty quickly, and managing it will become a pain. BTW, yep my script does use the .htaccess stuff.
|
|
|
#87777
06/25/2003 12:37 PM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
Sounds really nice... too bad I don't know what PgSQL means, hence I won't register to your board (unless you tell me it's easy to transfer it to flat file), hence I can't check your code
|
|
|
#87778
06/25/2003 12:56 PM
|
Joined: Apr 2002
Posts: 111
Member
|
Member
Joined: Apr 2002
Posts: 111 |
PgSQL = PostgreSQL ~95% of the code is PHP, there's a few SQL statements in there in ahls_db_pgsql.php for data input and retrieval. Not sure on how difficult a flat file "database" would be for it, sorting would probably be the biggest pain, since the main page sorts by Image then Date then Time. And then the stats need sorting too Someone did say they'd work on a Flat File mod for me, but that hasn't came to be yet
|
|
|
#87779
06/25/2003 2:55 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
yes, sounds good
|
|
|
#87780
06/29/2003 3:24 AM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Would this: [code][/code]work to keep people from linking to my images except for the sites where I link to'em? I'm findin them all over the net
|
|
|
#87781
06/29/2003 3:30 AM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
ok, I see what's happening.. they're linking to my old domain stand318.com which I've pointed to the new domain, which allows them to load and apparently bypass my htaccess file http://www.stand318.com/ubb/graemlins/wavey.gif
|
|
|
#87782
06/29/2003 11:00 AM
|
Joined: Apr 2002
Posts: 111
Member
|
Member
Joined: Apr 2002
Posts: 111 |
Allen, that can be reduced to this: [code][/code](Plus I thought the Pipes in the RewriteRule were required. (Unless the UBB is removing them, I shall see once this is posted)
|
|
|
#87783
06/29/2003 5:05 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
thank you That should keep the new leechers away... I guess I'll have to replace the images they are linking to from the old domain, or just stop forwarding people from the old one to the new one
|
|
|
#87785
06/29/2003 5:53 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
the stand318 domain is parked and pointed to the praisecafe.org domain. All links to stand318.com/blah goes automagically to praisecafe.org/blah I unparked the domain for now... hopefully the ezboard eejits and open topic fruits will get the hint and use their own
|
|
|
#87786
06/30/2003 5:41 AM
|
Joined: Apr 2002
Posts: 111
Member
|
Member
Joined: Apr 2002
Posts: 111 |
I've had a lot of success with getting ezBoard to remove the links to the images. You can see their info on it here Each time I've given them an Image to delink, they've usually done it within 24 hours. Gone down from something like 20 ezBoard requests per day, down to about 1 every 3 days now. Been 2 months since I started that "campaign" though.
|
|
|
#87787
06/30/2003 9:41 AM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
hmmm... for some reason the htaccess isn't working. you can see a banana.gif almost to the bottom of this page: http://www.fragmere.com/community/users/ancient/rik/hgb/index.php my cpanel has a place for htaccess construction to stop hotlinking and it seemed to say everything looked ok
|
|
|
#87788
02/21/2004 12:31 PM
|
Joined: Feb 2001
Posts: 2,285
Old Hand
|
Old Hand
Joined: Feb 2001
Posts: 2,285 |
Bring back this old topic. AA, I see your banana is still being stolen. :rolleyes: So, if I wanted to use the Apache htaccess dealie, how would I write it if I wanted to excluse a directory in my domain. I need at least one directory so I can post images. Thanks for the help!
|
|
|
#87789
02/21/2004 2:30 PM
|
Joined: Jan 2003
Posts: 3,456 Likes: 2
Master Hacker
|
Master Hacker
Joined: Jan 2003
Posts: 3,456 Likes: 2 |
Originally posted by Stilgar: So, if I wanted to use the Apache htaccess dealie, how would I write it if I wanted to excluse a directory in my domain. I need at least one directory so I can post images. Thanks for the help! This is exactly what I want. I want to prevent hotlinking of the images inside my graemlins, avatars, graphics, and ubb directory, but I want to allow hotlinking from my webroot
|
|
|
#87790
02/21/2004 3:14 PM
|
Joined: Jan 2000
Posts: 5,833 Likes: 20
UBBDev / UBBWiki Owner Time Lord
|
UBBDev / UBBWiki Owner Time Lord
Joined: Jan 2000
Posts: 5,833 Likes: 20 |
Good to know other people make use of this. I'd include mine but it's about 3 pages long... I have it for: exe|zip|c|jpg|gif|bat|tar|gz|tgz but with numerous allowed sites (including the IP for my site since it's dedicated (I work for the host so why not lol)). Your instructions are about the same as I have in the KBASE at HostNuke lol.
|
|
|
#87791
02/21/2004 3:31 PM
|
Joined: Jan 2000
Posts: 5,833 Likes: 20
UBBDev / UBBWiki Owner Time Lord
|
UBBDev / UBBWiki Owner Time Lord
Joined: Jan 2000
Posts: 5,833 Likes: 20 |
Keep in mind that users who use security suites or right click and choose save as will in most cases error out since their browser will send a blank referrer. To allow these users you use the line: RewriteCond %{HTTP_REFERER} !^$ The only way to actually allow them is to allow blank referrers but that'll leave your info open to people who just choose save as from remote locations ...
|
|
|
#87792
10/26/2004 7:35 AM
|
Joined: Oct 2004
Posts: 1
Junior Member
|
Junior Member
Joined: Oct 2004
Posts: 1 |
Hey there,
reviving this topic again, I would like to know following:
I have set up a wiki (mediawiki 1.3) for University, which has the purpose to get the materials we use at certain seminars. The wiki itself is restricted enough, so you cannot see pages w/o logging in and you can't create accounts for yourself. Okay, now the thing is: when you upload the pdfs, the directories in ..[wiki-folder]/images are created somehow randomly, like images/1/1f/file.pdf, so I cannot create .htaccess files for each folder, only for images (i dont know, where the files go before uploading them and it would be lots of work to do it for each folder separately).
I tried the codes that were posted before, but it was still possible to get the files without being logged in.
So, how do I limit downloading the pdfs to clicking on the wiki-links?
almost resigning,
Aeris
|
|
|
#87793
10/26/2004 9:48 AM
|
Joined: Jan 2000
Posts: 5,833 Likes: 20
UBBDev / UBBWiki Owner Time Lord
|
UBBDev / UBBWiki Owner Time Lord
Joined: Jan 2000
Posts: 5,833 Likes: 20 |
RewriteCond %{HTTP_REFERER} !^https://www.yoursite.tld [NC] RewriteCond %{HTTP_REFERER} !^https://yoursite.tld [NC] RewriteRule [^/]+.(pdf)$ - [F] That should work for your use. Note that the RewriteCond %{HTTP_REFERER} !^$ should only be used if you want "blank referrers" to be allowed access (basically someone pasting the URL into their browser).
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 1,157
Joined: July 2001
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|