Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's
Author Message
pureliving
Worker
Worker


Joined: Dec 01, 2008
Posts: 180

PostPosted: Wed Feb 18, 2009 3:09 pm Reply with quote

First of all we all know protecting our downloads is a vital thing to the majority, so whatever downloads module you are using, if you have leech protection then activate it for the folder your downloads are located in, then within your .htaccess file make sure the ruling #Deny from All is removed and the following is inserted:

RewriteEngine on
RewriteCond ${LeechProtect:/home/******/public_html/modules/Downloads/public/downloads:%{REMOTE_USER}:%{REMOTE_ADDR}:5} leech
RewriteRule .* Only registered users can see links on this board! Get registered or login!


Particularly if you use nsn gr downloads and have your downloads in a folder under Downloads/public/..../...., make sure the .htaccess file under your downloads contains the above, or similar if you use different protection.

xx Bless xx


Last edited by pureliving on Wed Feb 18, 2009 7:33 pm; edited 1 time in total 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Wed Feb 18, 2009 7:26 pm Reply with quote

That will not stop leeching fully. The only way to protect your files is to move tham above the public root.
 
View user's profile Send private message Send e-mail
pureliving
PostPosted: Wed Feb 18, 2009 7:59 pm Reply with quote

Wouldn't that actually make it easier to leech, as shorter URL's easier to work out, rather than longer extensions, i.e.

mywebsite.com/downloads/..... //* or whatever name of download directory.

or

mywebsite.com/modules/downloads/public/downloads/...../.....



A few years ago i used a online program that used to change a link to a random link, maybe this ability can one day be built into nsn gr downloads as part of RN, i'll let Montego decide.

In the sense that when a URL is written in add download, and save changes is pressed, the link that stores in the database, should randomly change to something different to prevent theft, when being accessed to download.

Or is there anything else i and others could use as protection against download theft?

Your advice is much appreciated.

xx Bless xx
 
Guardian2003
PostPosted: Wed Feb 18, 2009 8:13 pm Reply with quote

Yes, in theory, renaming the file by generating a long random filename at upload time can be beneficial and it is good practice to do so with anything that is uploaded.

What I meant by 'above the public root' was if for example your downalods directory is in your actually webroot like this;
username/public_html/downloads/
it is better to put your 'downloads' directory here
downloads/public_html/
as nothing can even get to that except the server.
 
pureliving
PostPosted: Wed Feb 18, 2009 8:29 pm Reply with quote

How would i then enter that as a link when adding a download URL to add download?
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Feb 18, 2009 8:36 pm Reply with quote

For security, you really would put the download in a non web-accessible area and then write a script to authenticate and pass the file download as requested. Many commercial scripts do this, but Nuke downloads is essentially the easy way with trivial amount of code. Smile

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Palbin
Site Admin


Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Wed Feb 18, 2009 9:16 pm Reply with quote

What about a script that is used to get the download then rename the directory?

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Wed Feb 18, 2009 9:17 pm Reply with quote

BTW, this thread here addresses download leaching and how to stop it with NSN GR Downloads.
Only registered users can see links on this board! Get registered or login!

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Palbin
PostPosted: Wed Feb 18, 2009 9:25 pm Reply with quote

That thread just scares me Smile
 
pureliving
PostPosted: Fri Feb 20, 2009 5:32 pm Reply with quote

Thanks Montego, the go.php modifications were an addition, although my question at hand still seems confusing to me.

Say for instance, if i was to follow the above security measures by Guardian and move my downloads folder under .......mydownloads/public_html/, how would i then write the link in the URL box, when i add downloads in nsn gr downloads, because usually it refers to something above /modules/Downloads/...... doesn't it?
 
montego
PostPosted: Fri Feb 20, 2009 6:04 pm Reply with quote

I have mine similar to this:

public_html/public/downloads/*

I have the .htaccess file in there with "deny from all". If you are on Apache, that effectively stops ALL direct linking to any download file you have in there.

Now, since public_html is really the root of my web site, so let us say my download file name is: mydownload.zip. The path I would use within the download set up is this:

/public/downloads/mydownload.zip

The only thing that I cannot do is the "check". But, I'll eventually fix that too. It has not deterred me from using this very effective method for almost 3 years now.
 
pureliving
PostPosted: Fri Feb 20, 2009 6:18 pm Reply with quote

Thanks so much for confirming Montego.

Thats exactly how my setup is now, although i must say, within my public .htaccess file i do have the deny from all rule, but in my downloads folder i am using leech protect rewrite method without the deny from all, does this matter not having this?, because as i stated previously having the deny from all rule in the downloads folder caused a conflict over no downloads being served.

xx Bless xx
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©