Announcement

Collapse
No announcement yet.

How to: Protect avatars and attachments using mod_rewrite

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MRGTB
    replied
    If you use cPanel, you can use the tool setting in that to add the rewrite rules needed to stop image hot-linking in 2 seconds flat.

    As far as your "attachments" go, why are you not storing all of them one level above your public_html directory (none accessible web area). A place where they cannot be hot-linked from.

    Leave a comment:


  • Trevor Hannant
    replied
    You may wish to post this where people will be looking for it rather than the vB2 forum?

    Leave a comment:


  • Boofo
    replied
    How do you set that up to only allow image linking from a certain directory on your site?

    Leave a comment:


  • kalisekj
    replied
    Here you go everyone Correct Code and Help

    This will block the Hotlinking and show your Image on the other persons site of your choosing.


    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://206.217.207.142.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://freeonlinemoviesforum.com.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.freeonlinemoviesforum.com.*$ [NC]
    RewriteCond %{REQUEST_URI} !^.*leech2\.gif$ [NC]
    RewriteRule .*\.(gif|GIF|jpg|JPG|png|PNG|jpe|JPE|jpeg|JPEG|bmp|BMP|php|PHP)$ http://www.freeonlinemoviesforum.com/leech2.gif [R,L]


    The People Having their attachments disappearing on their site is bc You were using this Line

    RewriteRule attachment.php http://www.denzoforums.com/link.html [R]

    When I tried that line or any variation it stopped showing the attachments on my own site.

    Leave a comment:


  • FD929
    replied
    I don't have any fancy nono.gif to taunt people but this works for me:
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?website\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule .*\.(mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe|jpe?g|gif)$ - [F]
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?website\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule attachment.php [F]
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?website\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule image.php [F]

    Leave a comment:


  • John Campbell
    replied
    bump on the confirmation part?

    Leave a comment:


  • John Campbell
    replied
    light bump

    Leave a comment:


  • John Campbell
    replied
    Is there a simple confirmed way to do this? I would like to get this set up on my server.
    I have found a few sites with me images.

    I have vb 3.0.3 Please and thank you.

    Leave a comment:


  • sabret00the
    replied
    regarding this, if i put the .htaccess file for the images in my smilies and avatar folders but i want the hotlink/bad image to be in my forum root will i incur a problem?

    Leave a comment:


  • turkforum
    replied
    Ok i read all of these posts none seems to work

    My attachments are stored as file based

    they are all stored above the Public_html directory.
    under the FILES directory
    /home/forum/files/

    the attachments extentions are
    .attach for atachments
    .thumb for thimbnails

    Now can some one over here help us out how to protect these files from being downloaded BY DOWNLOAD MANAGERS such as DAP and flashget
    I wanna use mod_rewrite

    Leave a comment:


  • kiengio
    replied
    but i save avatar in file system. Not in database.
    How to fix it.

    Leave a comment:


  • RHarbison
    replied
    Originally posted by G3MM4
    I am new to vBulletin, and I'm alarmed by the fact that it's possible for someone to steal my bandwith in this way.
    By the way, this is nothing specific to Vbulletin. Bandwidth theft is an issue no matter what program you're using. If you have a website that has photos on it, you're vulnerable to bandwidth theft unless you take measures to prevent it. Running Vbulletin doesn't make you any more at risk.

    Leave a comment:


  • G3MM4
    replied
    Originally posted by neonplaq
    To keep it simple, you can use the options provided within vbulletin to stop outside links from downloading attachments from your forum. In the vb admin, Usergroups/Usergroup Manager... Edit the "Unregistered / Not Logged In" group. Under "Forum Viewing Permissions", set "Can Download Attachments" to "NO". This will prohibit guests and outside links from downloading attachments.

    As for the Avatars, I wouldn't worry much about them... Even if someone links from the outside, they tend to be very small in size and have little effect on bandwidth/data-transfer. Images and other files attached to postings tend to be the bigger problem, which the above setting in vb will take care of.

    Good luck with your site!
    Thank you. But if it's that easy, then how come there are so many posts in this thread asking for code or whatever to stop this sort of thing happening? Also should I apply the settings that you've described to all the usergroups?

    Leave a comment:


  • neonplaq
    replied
    Originally posted by G3MM4
    I am new to vBulletin, and I'm alarmed by the fact that it's possible for someone to steal my bandwith in this way. Is there any way of completely disabling the use of attachment uploading/downloading? I want to be able to use avatars without worrying about some b**tard stealing my bandwith, but I don't understand anything to do with PHP etc. I'm a complete n00b. When I read this thread, it was just garble to me... can someone take me through the process step by step in layman terms?
    To keep it simple, you can use the options provided within vbulletin to stop outside links from downloading attachments from your forum. In the vb admin, Usergroups/Usergroup Manager... Edit the "Unregistered / Not Logged In" group. Under "Forum Viewing Permissions", set "Can Download Attachments" to "NO". This will prohibit guests and outside links from downloading attachments.

    As for the Avatars, I wouldn't worry much about them... Even if someone links from the outside, they tend to be very small in size and have little effect on bandwidth/data-transfer. Images and other files attached to postings tend to be the bigger problem, which the above setting in vb will take care of.

    Good luck with your site!

    Leave a comment:


  • G3MM4
    replied
    I am new to vBulletin, and I'm alarmed by the fact that it's possible for someone to steal my bandwith in this way. Is there any way of completely disabling the use of attachment uploading/downloading? I want to be able to use avatars without worrying about some b**tard stealing my bandwith, but I don't understand anything to do with PHP etc. I'm a complete n00b. When I read this thread, it was just garble to me... can someone take me through the process step by step in layman terms?


    Leave a comment:

Related Topics

Collapse

Working...
X