Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Attachment and avatar hotlinking protection (1.0.1) Details »»
Attachment and avatar hotlinking protection (1.0.1)
Version: 1.00, by fury fury is offline
Developer Last Online: Sep 2018 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 01-02-2003 Last Update: Never Installs: 12
 
No support by the author.

Support in this thread or by email (preferrably thread)

vBulletin 2.2.x (tested on 2.2.9)

Prevents people from linking to attachments and custom avatars on your forum from other sites.

Example:
Attachment hotlinking protection: Click and watch the redirection message. You are then taken straight to the post containing the attachment.

Custom avatar hotlinking protection: Click and watch the redirection message again. This time you are taken to the user's profile.

When the attachment is linked to via an img tag, it is shown as a red x in IE, or a torn paper in Mozilla.

Modifications:
2 file modifications
/forum/attachment.php
/forum/avatar.php
1 new template
redirect_wrongreferrer

Updates since 1.0:
Added custom avatar hotlinking protection

Modifications since last version:
2 file modifications
/forum/attachment.php
/forum/avatar.php
1 template modification
redirect_wrongreferrer

For upgrade instructions see the text file.

Note for people who have problems getting the avatar hotlinking protection to work: Try this code in the avatar.php modification instead of mine

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #32  
Old 01-03-2003, 06:29 PM
nuno's Avatar
nuno nuno is offline
 
Join Date: Oct 2001
Posts: 469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

odd indeed
Do you get the same error?
Reply With Quote
  #33  
Old 01-03-2003, 06:31 PM
fury's Avatar
fury fury is offline
 
Join Date: Oct 2001
Location: Indiana
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Nope. It just shows a red x in images and automatically redirects me (even with links from inside the site)
Reply With Quote
  #34  
Old 01-03-2003, 06:38 PM
nuno's Avatar
nuno nuno is offline
 
Join Date: Oct 2001
Posts: 469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ooh found the mofo
http://www.php.net/manual/en/functio...-reporting.php
Reply With Quote
  #35  
Old 01-03-2003, 06:41 PM
nuno's Avatar
nuno nuno is offline
 
Join Date: Oct 2001
Posts: 469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Set error_reporting to E_ALL in your php.ini and you will get a PHP error notice message.
Reply With Quote
  #36  
Old 01-03-2003, 07:30 PM
fury's Avatar
fury fury is offline
 
Join Date: Oct 2001
Location: Indiana
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

User error.

I left **DOMAINNAME** in there when redoing the modifications to avatar.php
Reply With Quote
  #37  
Old 01-05-2003, 08:40 AM
C.Birch C.Birch is offline
 
Join Date: Apr 2002
Posts: 459
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

erm let me see this stop's hotlinking by when someone views the file from out side of the domain there taken back to the profile page or post im i right?

Now lets look at this you got a forum for a group along with other sites about the same group some user's use more then one board.

Now lets say someone upload's a av to my board with this hotlinking code installed then they go to a other sites board and hotlink to the av on my board now whats going happen when that person views there profile of any posts they have made on that other board?

Yes they be taken back to my forums and so will any other person that views a post on that board that person has posted in.

great way to get hits but will not make you many friends.
Reply With Quote
  #38  
Old 01-05-2003, 08:02 PM
fury's Avatar
fury fury is offline
 
Join Date: Oct 2001
Location: Indiana
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you mean when someone enters the URL to the avatar in the custom URL box at another site? It won't even work because the contents of the avatar file will be text (the redirection message). The board (if it's vBulletin, anyway) would give an error message saying it's not a correct file type or something.

If they use an IMG tag to link to it, it will show up as a red X, and when someone drags the link to it into the address bar or puts a URL tag around it, it will link to the redirection notice and the profile page.

I don't see why protecting one's bandwidth from getting stolen without the person viewing the site it's getting stolen from is such a bad thing, unless you have hundreds of gigs to give away, but if it's not for you, then just don't install it. (holy run-on sentence batman!)

You don't have to attack the people that prefer to use it.
Reply With Quote
  #39  
Old 01-07-2003, 03:23 AM
fury's Avatar
fury fury is offline
 
Join Date: Oct 2001
Location: Indiana
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Damn

I had to uninstall this at my own site. It was causing avatars and attachments not to show up for people behind firewalls or using browsers that didn't send referrer info through links. Just letting you know in case any of your members speak up and say they're not seeing avatars or attachments.
Reply With Quote
  #40  
Old 01-07-2003, 10:56 PM
KuraFire's Avatar
KuraFire KuraFire is offline
 
Join Date: Oct 2001
Location: inside vB3's .php
Posts: 1,245
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I wrote a little bit of code that I stuffed at the very very top of avatar.php, attachment.php and journalpic.php (a self-written image send file much like the other two, used for my own Journal System)...

If you paste an avatar/attachment url in your browser directly, it works (which is much nicer for your bandwidth than _redirecting them to threads on your site_ ), if you use them on other sites however (as part of the HTML page), they won't work and the image you will see there is a fake no-deeplinking-image that you make yourself (mine says "No banana my friend!" ).

It checks the URL to match your own domain but in a more efficient way (the one from this hack can easily be spoofed, thus, it won't work then)

Notes:
a) the {0,15} at the (relative) start will match for subdomain(s) or lack thereof. If you have a subdomain longer than 15 characters, make the 15 number higher
(it also works for http://yourdomain.com, thus, without www. )
b) the path directive is a full path towards the image you'll be serving out, check your own host's settings to see what exactly you need to enter there

PHP Code:
if(isset($_SERVER['HTTP_REFERER'])){
    if(!
preg_match("'^(http://).{0,15}(YOURDOMAINHERE.com)'i"$_SERVER['HTTP_REFERER'])){
        
$path "/home/users/yourusername.com/html/YOURDOMAINHERE.com/YOURANTIDEEPLINKINGIMAGE.png";
        
$filesize filesize($path);
        
$fp fopen($path"r");
        
$attachmentinfo['filedata'] = fread($fp$filesize);
        
fclose($fp);
        
header("Cache-control: max-age=31536000");
        
header("Expires: " gmdate("D, d M Y H:i:s",time()+31536000) . "GMT");
        
header("Content-Length: $filesize");
        
header('Content-type: image/png'); // adjust this if you use a .gif or a .jpg (image/gif || image/jpeg)
        
echo $attachmentinfo['filedata'];
        exit;
    }

If you do it right, you can fully prevent deeplinking with this if you put it at the start of avatar.php & attachment.php (and any other image serving file you may be using) :up:

Any questions? PM me (I doubt I'll ever see this thread again if I don't get pm'd a question... )
Reply With Quote
  #41  
Old 03-01-2003, 12:26 AM
Sia Bani Sia Bani is offline
 
Join Date: Oct 2002
Posts: 67
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Wow, I'm really impressed with myself right now! I'm such a newbie, its ridiculous!

Here's an error in your attachment code:

"/showthread.php?s=".$session[sessionhash]."&threadid=".$redirectquery[threadid]."#post".$redirectquer

y[postid];
$redirecttype = "post";

The space from $redirectquer to y[postid] had it not working. I fixed that and all is good now!

Well done man!
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:16 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04536 seconds
  • Memory Usage 2,319KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete