It must be a way to protect images againt bulk download It must be a way to protect images againt bulk download
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

It must be a way to protect images againt bulk download

Started by allvip, March 21, 2014, 12:58:29 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

allvip

I searched all the forum and google but nothing.
Peoples are downloading all my images with WinHTTrack.
They don't even bother to browse my gallery.
No website is so ease to download like coppermine.WinHTTrack downloads it with no problem at all just the way it is on the sever.

WinHTTrack can be set to bypass robots.txt and .htaccess rules.
It must be a way:hide the urls of the full image,password protect the image path.
Something.


Αndré

There are several solutions to protect your images, even in our board.

Quote from: allvip on March 21, 2014, 12:58:29 PM
Peoples are downloading all my images with WinHTTrack.
They don't even bother to browse my gallery.
If they don't need to browse your gallery to get the image path and file names, I assume you've directory listing enabled. This is just an assumption, as you haven't posted a link to the affected gallery.

Quote from: allvip on March 21, 2014, 12:58:29 PM
WinHTTrack can be set to bypass [..] .htaccess rules.
I don't think so, at least for security related stuff.

allvip


allvip

If is about Options -Indexes in .htaccess...I don't see how that helps.

allvip

Just added the line Options -Indexes to .htaccess from gallery folder.

Αndré

Quote from: allvip on March 21, 2014, 01:57:41 PM
directory listing enabled? I don't see that in the config.
You cannot see it in the config, as it's no Coppermine setting, but a web server setting. That setting maybe doesn't matter in your case, as it seems that you've uploaded all pictures with Coppermine's upload forms, which create a blank index.php file in each (sub) directory in userpics (e.g. http://allvip.us/gallery/albums/userpics/10001/). This means they need to browse your gallery (at least some thumbnail pages), to find out the image path and file names. As you display a lot of thumbnails on one page (100), a script can download up to 100 images without the need to browse your gallery in the meantime.


Quote from: allvip on March 21, 2014, 12:58:29 PM
Peoples are downloading all my images with WinHTTrack.
How did you figured that out?


Quote from: allvip on March 21, 2014, 12:58:29 PM
It must be a way:hide the urls of the full image,password protect the image path.
e.g. http://forum.coppermine-gallery.net/index.php/topic,74870.0.html

allvip

Quote from: Αndré on March 21, 2014, 02:27:15 PM
How did you figured that out?

Coppermine statistics - browser - firefox,safari etc and WinHTTrack viewed 3000 pics  29% (actually bulk downloded not viewed).Something like this.I saw it last moth and I tryed to find a way to stop WinHTTrack but nothing stops it.I installed WinHTTrack and bypased my robots,txt and .htaccess.
Quote from: Αndré on March 21, 2014, 02:27:15 PM
e.g. http://forum.coppermine-gallery.net/index.php/topic,74870.0.html

I'll try the plugin.I hope it does not helps only if I ask users to log in to see the image.

Αndré

Quote from: allvip on March 21, 2014, 02:41:22 PM
bypased my [..] .htaccess
Please be more detailed what exactly was bypassed, i.e. post the content of your .htaccess file and tell us what exactly was bypassed.


Quote from: allvip on March 21, 2014, 02:41:22 PM
Coppermine statistics - browser - firefox,safari etc and WinHTTrack viewed 3000 pics  29% (actually bulk downloded not viewed).Something like this.
If it's displayed in the statistics, the tool actually browsed your gallery. Your gallery is completely accessible for guests, which also means that everyone can access (and save) your pictures. I currently don't get what the issue is. The recommended plugin, in fact no plugin, can prevent people to save the content you provide. That's how the internet works and is no Coppermine issue.

allvip

I added a rule to .htaccess for WinHTTrack and it was impossible for WinHTTrack to download.
WinHTTrack can be set to hide his identity and look like the user is browsing with firefox not WinHTTrack.
My rule against WinHTTrack was pointless. WinHTTrack start downloding again with no problem.

QuoteThat's how the internet works

I want peoples to download images but not bulk download all the images.One by one not all at once.
I want to make money with the gallery with google adsense and page views not to have fun with it.


allvip

If I download all the articles and pictures from zimbio.com to view them offline and have them all without browsing the website then zimbio stuff is waisting his time with google adsense.

allvip

Statistics today:HTTrack 2256 (0.1 %),eCatch    2 (0.0 %) etc.
like that every day.

Αndré

Either you allow people/bots/scripts to view your gallery or not. So what's your actual request?


Quote from: allvip on March 21, 2014, 03:05:27 PM
I want to make money with the gallery with google adsense
Even genuine visitors may have installed an ad blocker or disabled JavaScript completely. They also won't generate page views in Google AdSense.

allvip

Yes.Everyting is possible (disable javascript,ads) but bulk download is to much.

Nevermind.I will see if is something I can find against that or not.I think I already found something to hide image url.Maybe that works.

If I will find something I will post my solution.

Αndré

At the point your users see the pictures, they're already transferred to their computers, even if you disguise the URL or use whatever solution. Of course you could add some modification that allows to display a picture just each x seconds or view just x pictures per x time, but this just bugs your real visitors and it just tooks more time for bots to download your pictures.

phill104

#14
Indeed, the only way to prevent tools like winhttrack from accessing your server is to make all files read only by one group (on a server level) and use a script in the source code that chmods the files on the fly. Whinhttrack does not care what is running on a server and even if you try to block it using your robots.txt for example there are many other tools that will do the same scraping task instead.

This is not a coppermine issue but one that affects any website.

There are some links in this thread that deal with blocking httrack - http://forum.joomla.org/viewtopic.php?t=792083
It is a mistake to think you can solve any major problems just with potatoes.

allvip