Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Details »»

Version: 1.00, by Guru Guru is offline
Developer Last Online: Feb 2004 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 02-23-2002 Last Update: Never Installs: 29
 
No support by the author.

I've hacked my attachment.php script to prevent users from posting an attachment on my board, and then using the HTML to display it somewhere else. This prevents people from posting a pic on your board, then using your bandwidth to place that pic elsewhere. It is a tiny code change.

I've substituted my own logo, (LOL), but you can replace that with anything, or just use the "exit;" line to eliminate the pic entirely.

In attachment.php, right after:
PHP Code:
require("./global.php"); 
Add the following code:
PHP Code:
// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url parse_url($_SERVER['HTTP_REFERER']); 
$checkurl strtolower($url["host"]); 
if (! 
strstr($checkurl"yourdomain")) {

    
// Remove this code if you just want to break the image
    // Substitute my Logo
    
header("Content-Type: image/gif"); 
    
$filename "/usr/public_html/grafix/logo.gif";
    
$image fread(fopen($filename,"r"),100000); 
    echo 
$image
    
fclose($image);
    
// End Substitute my Logo

    
exit; 

Change yourdomain to your actual domain name, and the logo URL to what you want to replace the cross-linked image with.

NOTE: Changed to use the full path in "$filename = ..." to get this to work on some servers.

ANOTHER: See this post in this thread for a modification that works on Win32 servers: https://vborg.vbsupport.ru/showthrea...895#post297895

AGAIN: If you modify avatar.php similarly, you can prevent people from cross-linking your avatars: https://vborg.vbsupport.ru/showthrea...893#post303893

UPDATE: The parse_url line is slightly different to use the new PHP syntax.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #82  
Old 01-14-2003, 12:11 AM
Savant's Avatar
Savant Savant is offline
 
Join Date: Oct 2002
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

test
http://www.procreatica.com/forum/att....php?postid=88
Reply With Quote
  #83  
Old 02-05-2003, 10:11 PM
Link14716's Avatar
Link14716 Link14716 is offline
 
Join Date: Jun 2002
Location: Georgia, USA
Posts: 2,519
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Beautiful.

[high]* Link14716 installs.
[/high]

http://www.vggmn.com/forums/attachme...?s=&postid=148
Reply With Quote
  #84  
Old 02-10-2003, 01:26 PM
Sweet Cheeks's Avatar
Sweet Cheeks Sweet Cheeks is offline
 
Join Date: Mar 2002
Location: Carson City, Nevada
Posts: 173
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Very cool, works great on 2.2.9 :banana:
Reply With Quote
  #85  
Old 02-10-2003, 06:03 PM
Sweet Cheeks's Avatar
Sweet Cheeks Sweet Cheeks is offline
 
Join Date: Mar 2002
Location: Carson City, Nevada
Posts: 173
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ack!!! Could this be due to Firewalls people have installed on their machines? aranoid:


So far I have had 3 users that are getting the replacement image (the one that says you arent supposed to link outside the site) on the avatar areas and for anything that is attached

This is very strange, any ideas? Here's the entire code I am using:





// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url = parse_url($HTTP_REFERER);
$checkurl = strtolower($url["host"]);
if (! strstr($checkurl, "belliesandbabies.com")) {

// Remove this code if you just want to break the image
// Substitute my Logo
header("Content-Type: image/gif");
$filename = "http://www.belliesandbabies.com/bandwidtherror.gif";
$image = fread(fopen($filename,"r"),100000);
echo $image;
fclose($image);
// End Substitute my Logo

exit;
}
Reply With Quote
  #86  
Old 02-11-2003, 01:56 AM
zootsuit's Avatar
zootsuit zootsuit is offline
 
Join Date: May 2002
Location: CA
Posts: 63
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

test

http://www.talkhardonline.com/forum/...p?postid=97785
Reply With Quote
  #87  
Old 02-11-2003, 01:57 AM
zootsuit's Avatar
zootsuit zootsuit is offline
 
Join Date: May 2002
Location: CA
Posts: 63
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

sweet.

Reply With Quote
  #88  
Old 02-11-2003, 02:27 AM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by ~*Julie*~
Ack!!! Could this be due to Firewalls people have installed on their machines? aranoid:


So far I have had 3 users that are getting the replacement image (the one that says you arent supposed to link outside the site) on the avatar areas and for anything that is attached

This is very strange, any ideas? Here's the entire code I am using:
<snip>
As far as I can determine, this happens with IE 6.0 users only. And, it may be fixed in a service pack. I think it's because this version of IE doesn't submit the "REFERER" header correctly. Does anyone know the answer?
Reply With Quote
  #89  
Old 02-11-2003, 10:06 AM
Sweet Cheeks's Avatar
Sweet Cheeks Sweet Cheeks is offline
 
Join Date: Mar 2002
Location: Carson City, Nevada
Posts: 173
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Guru


As far as I can determine, this happens with IE 6.0 users only. And, it may be fixed in a service pack. I think it's because this version of IE doesn't submit the "REFERER" header correctly. Does anyone know the answer?
We troubleshooted this and anyone on my site using the Norton Firewall had to disable the "Script Blocking" part of the firewall, now everything is working great :
Reply With Quote
  #90  
Old 02-19-2003, 06:49 PM
Francis96se Francis96se is offline
 
Join Date: May 2002
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

test

Reply With Quote
  #91  
Old 03-15-2003, 02:42 AM
Gutspiller's Avatar
Gutspiller Gutspiller is offline
 
Join Date: Dec 2001
Posts: 1,046
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I can't get this to work, can somebody give me the exact code if my website were http://www.TheForumz.com and my image was in http://www.TheForumz.com/images/bandwidth_stealer.gif
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:41 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05270 seconds
  • Memory Usage 2,315KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete