educational

Alternative File Protection

Editor's Note: The process of protecting content from theft can involve several strategies and varying tactics to stay one step ahead of thieves. While the most basic method of using .htaccess protection can be enough in many cases, in others, such as when you have a non-Apache web server, other techniques need to be developed. Here's an idea to help you develop your own strategy.

The process of linking directly to an image, or hot-linking, can be a serious drain on a webmaster's hosting bill. A number of different sources can hot-link an image, for just about as many reasons. Other webmasters can link directly to an image on your page, deriving revenue from their sites while sending you the bill. Surfers can post images in forums, displaying your proprietary content for non-members to freely view. Even Google's image search spiders can place your member's section within a few keystrokes of the average surfer.

Many strategies exist to combat hot-linking, but my favorite is prevention through obscurity. In a nutshell, thieves can't steal what they can't find. This article will provide an outline of this method, as well as the quick hack our technical team has implemented to demonstrate its functionality.

The Shell Game
When a hot-linker places your image on another site, they do so by providing a URL to a specific location, in this case, your server. What happens if the file is subsequently deleted or moved? You guessed it: a broken image on the thief's page. What better way to pay back a hot-linker than to protect your images while simultaneously disrupting their efforts?

Edge Productions maintains a large network of sites, some of which include movies. Please excuse our design mess and take a look at www.honeyvids.com. The site offers videos of well known porn stars, including Aria Giovanni, Alex Arden, and Amber Michaels. Shortly after the site's launch, we began to notice a rapid increase in the bandwidth consumption that couldn't be accounted for. By doing further checks into our logs, we discovered sites in China that were linking directly to the movies, thereby circumventing our ads and offers, and costing us money. To prevent this from happening, we decided to rename the files. This took an effort on our part to pull webmasters off of other projects simply to rename files and then update the HTML code. The hot-linking stopped for perhaps a week, and then came back stronger than ever.

A Better Mousetrap
By taking a reactive approach, we put ourselves on the defensive, chasing after hot-linkers and sticking our fingers into the holes in the dam. One of our developers came up with the idea of getting proactive instead, suggesting we implement an automatic filename swapping system, and we quickly gave it the green light. The system works in five parts. The first portion of the program makes a backup of the existing files, in case of corruption or an unforeseen mistake in the code. The second step is to take an accounting of the current filenames, and to generate brand new ones using a random alphanumeric string. The next part of the program processes the files, changing filenames and updating the HTML. The fifth step is to log the efforts and allow for debugging, should the process fail. We added the program to the nightly crontab process on the server, and let it run. After 6 months of running with the automatic swapping system, hot-linking has been stopped in its tracks, and users haven't reported any significant problems.

If you were expecting sample code, however, you would be much better off building a similar system yourself. Our spaghetti code leaves something to be desired. Good luck!

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More