vb.org Archive
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Stop Users from Cross-linking Attachments (https://vborg.vbsupport.ru/showthread.php?t=35399)

Guru 02-23-2002 10:00 PM
I've hacked my attachment.php script to prevent users from posting an attachment on my board, and then using the HTML to display it somewhere else. This prevents people from posting a pic on your board, then using your bandwidth to place that pic elsewhere. It is a tiny code change.

I've substituted my own logo, (LOL), but you can replace that with anything, or just use the "exit;" line to eliminate the pic entirely.

In attachment.php, right after:
PHP Code:
require("./global.php"); 
Add the following code:
PHP Code:
// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url parse_url($_SERVER['HTTP_REFERER']); 
$checkurl strtolower($url["host"]); 
if (! strstr($checkurl"yourdomain")) {

    // Remove this code if you just want to break the image
    // Substitute my Logo
    header("Content-Type: image/gif"); 
    $filename "/usr/public_html/grafix/logo.gif";
    $image fread(fopen($filename,"r"),100000); 
    echo $image
    fclose($image);
    // End Substitute my Logo

    exit; 

Change yourdomain to your actual domain name, and the logo URL to what you want to replace the cross-linked image with.

NOTE: Changed to use the full path in "$filename = ..." to get this to work on some servers.

ANOTHER: See this post in this thread for a modification that works on Win32 servers: https://vborg.vbsupport.ru/showthrea...895#post297895

AGAIN: If you modify avatar.php similarly, you can prevent people from cross-linking your avatars: https://vborg.vbsupport.ru/showthrea...893#post303893

UPDATE: The parse_url line is slightly different to use the new PHP syntax.

Dade 02-24-2002 07:49 PM
Excellent hack, most useful! Keep up the good work/hacks

nafae 02-24-2002 07:54 PM
so, just making sure, this hack will, if someone goes to say http://www.stealsomeonesbandwidthbyp...heirserver.com and links to a pic on http://www.yoursite.com it will replace the pic with one of your choice such as "image hosted by coderforums.net"?

Guru 02-24-2002 08:00 PM
Yep. That's it exactly.

Tim Wheatley 02-24-2002 08:08 PM
Can you add more than one domain? For example do I need to add forum.racesimcentral.com AND www.racesimcentral.com, or just put racesimcentral.com?

if (! strstr($checkurl, "racesimcentral.com")) {

Right?

Tim Wheatley 02-24-2002 08:20 PM
Never mind I checked and found racesimcentral.com is enough. :)

Guru 02-24-2002 08:51 PM
You can substitute "yourdomain" for just a part of your domain name. If you have ".com" and ".net" mapped to the same forum, then you could use just the base portion of you domain name. For example: yourdomain.com and yourdomain.net would be protected by just putting yourdomain in the check line.

Tim Wheatley 02-24-2002 09:49 PM
wow thanks :)

nafae 02-24-2002 11:03 PM
mm this is a great hack! I am going to install now and shall tell you how it works out :)

nafae 02-24-2002 11:26 PM
works great as far as I can tell!

Just testing :)

http://www.coderforums.net/attachment.php?postid=252

Lionel 02-25-2002 07:03 AM
it does not work for me in 2.21. I am able to view attachment from dreamweaver and from anywhere

Guru 02-26-2002 01:44 AM
Try to view the attchment from a site that is not related to yours... look at nafae's post, above...

voogru 02-26-2002 02:57 AM
Testing
https://vborg.vbsupport.ru/

Guru 02-26-2002 03:03 AM
Quote:
Originally posted by voogru
Testing
http://forums.voogru.com/attachment.php?s=&postid=1954
heh heh...

Guru 02-26-2002 03:07 AM
Hey! Post your own variations here! We'd all like to see.

lifesourcerec 02-26-2002 05:19 AM
I rather not :) Rated R label... teach those pesky bandwidth stealers a lesson. ;)

I was thinking of using my avatar and use the text "You want your ear bit off too??"

Lionel 02-26-2002 03:55 PM
Quote:
Originally posted by Guru
Try to view the attchment from a site that is not related to yours... look at nafae's post, above...
I tried the same. It will not work. Unlucky me.

LanciaStratos 02-26-2002 09:55 PM
This is an awesome, money-saving hack! Thank you very much! I'm going to give it a shot right here...my new image is a giant orange logo with my URL... :D

http://forums.gtplanet.net/attachmen...&postid=125055

Sidd 02-26-2002 10:23 PM
http://www.pakdef.info/forum/attachm...926&fullpage=1

testing

amsch 02-28-2002 03:42 PM
just a test
http://20ishparents.com/boards/attac...&postid=265730

amsch 02-28-2002 03:44 PM
again

Guru 03-01-2002 12:43 AM
If you post or send me the code snippet that you added, I'll try to help you figure out what is wrong.

Guru 03-01-2002 01:46 AM
This substitutes my logo, as it should, with my browser:

http://adultadventurers.com/vbulleti...?postid=133823

Lionel 03-01-2002 01:57 AM
I replaced the http with full filepath and it is working.
thanks.testing

Remi 03-01-2002 09:29 AM
How do you use this nice hack if you have four different domain names :D

and is it posible to add your IP to the domains list :D

Thanks

merk 03-01-2002 11:55 AM
you can modify this, and just
PHP Code:
echo "this image can only be linked from yourdomain.com";
exit; 
takes up less bandwidth than using an image :)

Guru 03-01-2002 01:36 PM
Quote:
Originally posted by Remi
How do you use this nice hack if you have four different domain names :D

and is it posible to add your IP to the domains list :D

Thanks
PHP Code:
if (false === strpos($checkurl"firstdomain") || 
    false === strpos($checkurl"seconddomain")) { 
IPs would require a different test...

Remi 03-01-2002 05:58 PM
Thank you very much Guru, is that the right way to add a third domain, Please correct me.

if ((false === strpos($checkurl, "firstdomain") ||
(false === strpos($checkurl, "seconddomain") ||
(false === strpos($checkurl, "thirddomain")) {

Sorry I don't know PHP :o

Guru 03-02-2002 12:51 AM
Quote:
Originally posted by Remi
Thank you very much Guru, is that the right way to add a third domain, Please correct me.

if ((false === strpos($checkurl, "firstdomain") ||
(false === strpos($checkurl, "seconddomain") ||
(false === strpos($checkurl, "thirddomain")) {

Sorry I don't know PHP :o
That should work for as many domains as you want to include.

dyt4 03-09-2002 10:15 PM
just testing too ;)

http://forum.dyt4concept.com/attachment.php?postid=5117

opus 03-10-2002 10:17 AM
how would i add this to work with my avatars?

Guru 03-11-2002 02:03 AM
Avatars are attachments, as far as I know...

lifesourcerec 03-11-2002 02:20 AM
Quote:
Originally posted by Guru
Avatars are attachments, as far as I know...
I like the http redirect better which works for me. Just upgraded to v2.2.4 and forgot the line for it. What's the code for thr http?

xug 03-11-2002 10:21 AM
test

http://www.xboxusersgroup.com/forums...=&postid=35322

http://www.xboxusersgroup.com/forums...ine=1018936815

SaintDog 03-11-2002 10:32 AM
Nice hack, here is a test of what shows on mine, just for anyone that wishes to view it.

http://www.bbaddons.com/forums/attac...p?s=&postid=37

SaintDog

Tommy Boy 03-11-2002 01:37 PM
Nice hack! Please correct me if I'm wrong though, if you have set that only registered users can view attachments on your board, then most people would get the login screen anyway, right?

JTMON 03-11-2002 07:26 PM
Quote:
Originally posted by Tommy Boy
Nice hack! Please correct me if I'm wrong though, if you have set that only registered users can view attachments on your board, then most people would get the login screen anyway, right?
This hack seems very cool except for the above statement, plus, isn't putting a different picture that gets served up just like the other one would defeating the purpose a little?

Guru 03-12-2002 05:09 AM
Nobody wants to steal the bandwidth to serve an ad for my site...

Guru 03-12-2002 05:11 AM
Quote:
Originally posted by Tommy Boy
Nice hack! Please correct me if I'm wrong though, if you have set that only registered users can view attachments on your board, then most people would get the login screen anyway, right?
Is that a standard option?

JTMON 03-12-2002 11:22 AM
Quote:
Originally posted by Guru

Is that a standard option?
Yes, it is.

BTW Mods, quoting a post with a quote seems not to work?


All times are GMT. The time now is 02:18 PM.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01348 seconds
  • Memory Usage 1,821KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_php_printable
  • (8)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete