Discussion About Ways To Avoid Grabbers From Your Site

**GumSlone** · 25.04.11, 11:13

Originally posted by ViCkSy View Post

4. One more option is to allow rendering of page only if the referrer is our own domain only, otherwise dont render the page. But then again few phones and browsers dont support html referrers and then grabbers can also fake the referrer.

this one is not a very good idea because not all browsers send referrer informations.

another way is to put a captcha image for download page and block in it refferers from different domains.

**something else** · 25.04.11, 11:45

best way is use javascript to set a cookie ....
The coookie that is set has to be unique eg maybe a combination of time browser and ip and time details eg:

PHP Code:


<?

$data = time().$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'];

$encrypted = md5($data);

?>

then set cookie:

PHP Code:


<script language="javascript">

document.cookie =  'downloadcookie=<?=$encrpted?>; expires=Thu, 2 Aug 2001 20:47:11 UTC; path=/'

</script>

then later in page

PHP Code:


<?

if($_COOKIE["downloadcookie"]!=md5($data)){

?>

<no script>

Please Enable Javascript to complete your download

</no script>

<?

if(!isset($_COOKIE["downloadcookie"])){

echo 'Please enable Cookies to complete your download';

}

//maybe log ip address here to know whos trying to grab

}else{

echo "<a href="downloadlink">Download</a>";

}

?>

**ViCkSy** · 25.04.11, 12:19

this one is not a very good idea because not all browsers send referrer informations.

another way is to put a captcha image for download page and block in it refferers from different domains.

Yeah its quite good way....but then it might sometimes irritate regular visitors, as no one wants to wait or even post captcha everytime they download something.

best way is use javascript to set a cookie ....

Is, the reason we use javascript to set cookies, is that at server while grabbing wont support javascript and hence no cookie will be set? correct me if m wrong..

**something else** · 25.04.11, 12:22

yeah curl and getfilecontents dont support javascript making it impossible for the cookie to be set

.... and even if cookie is set via curl ... the cookie will be invalid

**ViCkSy** · 25.04.11, 12:26

Originally posted by something else View Post

yeah curl and getfilecontents dont support javascript making it impossible for the cookie to be set

.... and even if cookie is set via curl ... the cookie will be invalid

wowww...tats gr8...actually a good technique..
but m afraid..through this the download pages won't be available in search engines..also many phones (as mine is generally a mobile wapsite) don't support cookies/javascript.. it might create troubles for them

still overall a good way...

**something else** · 25.04.11, 12:34

yeah for mobiles it is a right pain in the @ss ..... some phones dont support javascript ...... many also dont support refferer making gums captcha idea also not work

its really a question of do you protect your files or do you limit your files from being downloaded..

even creating a login cant stop curl from grabbing your files.

i think there is very few phones that dont support javascript and cookies these days

would be intresting to know what phones dont support javascript

**ViCkSy** · 25.04.11, 12:43

yeah almost all modern phones do support javascript and cookies as well...but few too old phones...with lesser memory footprints..or some java based browsers dont support cookies and/or javascript..
For example opera mini or UCWEB browser, which actually are proxy browsers and serves each content from their own server so basically there is no client side processing capabilities available with these browsers..and hence no javascripts

**something else** · 25.04.11, 12:55

by looks of things both opera mini and UCWEB support javascript
does Opera mini support javascript? - Google Search
does UCWEB support javascript? - Google Search

Well limited javascript

**ViCkSy** · 25.04.11, 13:05

lets see...if we have more better ideas...also its troublesome..even to find if there is any grabber of our site or not....

**something else** · 25.04.11, 13:38

If someone really wants to grab your files ... they will .... even big sites like youtube cant stop people grabbing there video`s

Added after 25 minutes:

Another idea would be to limit the number of downloads per IP adresss per day

**GumSlone** · 25.04.11, 14:13

I have stopped almost all grabbers at xchanger with captcha. And i think its the best way.

**subzero** · 25.04.11, 15:44

Easy to do this

$match = $_SERVER['SERVER_NAME'];
$to = array("www.yourdomain.tld","yourdomain.tld");
foreach("$to as &$match");
{
Your file here sir!
}else{
You know your downloading from some one else work so BACK OFF BUDDY!
}

Sample lol

**khan** · 25.04.11, 16:08

lol allen this can be escaped by cUrl.

**subzero** · 25.04.11, 16:19

Or use in session lol

hide the links unless server session is a match and this can't be use in anywhere like iframe or curl or get contents

Discussion About Ways To Avoid Grabbers From Your Site

Discussion About Ways To Avoid Grabbers From Your Site

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment