Site whoring prevention?

[samw5]

Ok, I've had some idiot friends that have just been whoring all my photos regardless of the access by simply retrieving the entire website!

I don't really care all that much but for the bandwidth consumption but I was wondering if this could be prevented somehow.

I have restriction on all my albums, everything works great as far as coppermine itself but if people simply get to the albums/batch_uploads/ folder they can whore anything they want... Now that's kinda dumb to have any kind of security if you're gonna be able to get the whole thing via website downloader tools.
Might as well make it public.

Anyways, was looking into the .htaccess stuff but the documentation is quite thin... Any tips?

Server is running on FC4.

Thanks,
Sam

[Nibbler]

Either disable indexes or place a blank index.htm or index.php in the folder.

[samw5]

already done that for most of them but what about if someone uses a program that caches the whole site. None of the index pages will do squad, they'll be able to dl whatever they want w/o any kind of account...

[Joachim Müller]

not true - if the permissions are set not to display all pics for anonymous users, then there will be no links pointing to the files that aren't suppossed to show up, so they won't get indexed nor downloaded by tools like Httrack (when indexes are turned off as suggested already).

[samw5]

Interesting. I'll try to disable indexes. I'm guessing that's a directory setting in the httpd.conf file. I'll have to do some research, I just got really paranoid for a second... thanks for easing my fears!

[Joachim Müller]

try using

Code Select Expand

Options -Indexesin a .htaccess file - more information: http://httpd.apache.org/docs/2.0/mod/core.html#options

[samw5]

Excellent... works perfectly or at least it appears to do so with HTTrack and Lightning Download. Is there another program that could potentially work around this? Again not too concerned about it but I'd love to learn as much as I can about hardning Apache (and I know this probably isn't the right place to ask but I figured I would give it a shot).

In any case thanks a bunch for the help... Keep up with the awesome work!

[Joachim Müller]

no, afaik all offline copiers work the same way, as they're bound to do the same a human user browses the web, only faster. Stuff that isn't linked can't be copied, as they can't guess URLs.

[oplok72]

Hi! I am quite not good with this thing but I am interested about what you did to secure the folder.  My hosting is windows and can you tell me how would I apply this in windows environment? Thanks.

Excellent... works perfectly or at least it appears to do so with HTTrack and Lightning Download. Is there another program that could potentially work around this? Again not too concerned about it but I'd love to learn as much as I can about hardning Apache (and I know this probably isn't the right place to ask but I figured I would give it a shot).

In any case thanks a bunch for the help... Keep up with the awesome work!

[Joachim Müller]

On Windows with Apache, you will have to come up with a file named _.htaccess.
On Windows with IIS, there's a setting in the admin control that enables/disables indexes.
You'll have to find out details by asking your webhost for support, as this is not a coppermine issue.