Site whoring prevention? Site whoring prevention?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Site whoring prevention?

Started by samw5, March 14, 2006, 01:27:45 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

samw5

Ok, I've had some idiot friends that have just been whoring all my photos regardless of the access by simply retrieving the entire website!

I don't really care all that much but for the bandwidth consumption but I was wondering if this could be prevented somehow.

I have restriction on all my albums, everything works great as far as coppermine itself but if people simply get to the albums/batch_uploads/ folder they can whore anything they want... Now that's kinda dumb to have any kind of security if you're gonna be able to get the whole thing via website downloader tools.
Might as well make it public.

Anyways, was looking into the .htaccess stuff but the documentation is quite thin... Any tips?

Server is running on FC4.

Thanks,
Sam

Nibbler

Either disable indexes or place a blank index.htm or index.php in the folder.

samw5

already done that for most of them but what about if someone uses a program that caches the whole site. None of the index pages will do squad, they'll be able to dl whatever they want w/o any kind of account...

Joachim Müller

not true - if the permissions are set not to display all pics for anonymous users, then there will be no links pointing to the files that aren't suppossed to show up, so they won't get indexed nor downloaded by tools like Httrack (when indexes are turned off as suggested already).

samw5

Interesting. I'll try to disable indexes. I'm guessing that's a directory setting in the httpd.conf file. I'll have to do some research, I just got really paranoid for a second... thanks for easing my fears!

Joachim Müller


samw5

Excellent... works perfectly or at least it appears to do so with HTTrack and Lightning Download. Is there another program that could potentially work around this? Again not too concerned about it but I'd love to learn as much as I can about hardning Apache (and I know this probably isn't the right place to ask but I figured I would give it a shot).

In any case thanks a bunch for the help... Keep up with the awesome work!

Joachim Müller

no, afaik all offline copiers work the same way, as they're bound to do the same a human user browses the web, only faster. Stuff that isn't linked can't be copied, as they can't guess URLs.

oplok72

Hi! I am quite not good with this thing but I am interested about what you did to secure the folder.  My hosting is windows and can you tell me how would I apply this in windows environment? Thanks.

Quote from: samw5 on March 14, 2006, 06:35:19 PM
Excellent... works perfectly or at least it appears to do so with HTTrack and Lightning Download. Is there another program that could potentially work around this? Again not too concerned about it but I'd love to learn as much as I can about hardning Apache (and I know this probably isn't the right place to ask but I figured I would give it a shot).

In any case thanks a bunch for the help... Keep up with the awesome work!

Joachim Müller

On Windows with Apache, you will have to come up with a file named _.htaccess.
On Windows with IIS, there's a setting in the admin control that enables/disables indexes.
You'll have to find out details by asking your webhost for support, as this is not a coppermine issue.