Programs: Lock up your servers against Fusker

[RawAlex]

I have spent a little time looking at fusker over the last couple of weeks, and I am shocked at the number of programs that are leaving their free gallery servers wide open.

There is NO good coming out of this. You might thing you are getting type in sales because people see the content and want more, but honestly, why would they?

http://www.fusker.lewww.com/index.php?query=trixieteen

There are more than enough images here for any sane tosser to get off. No need to pay you guys a thing.

It's frustrating when I start to see these guys in the top 10 on search engines.

Affiliate programs: LOCK UP YOUR FREE GALLERY SERVERS. Support your affiliates that support you.

Alex

[Boogie]

add

http://www.fusker.lewww.com/index.ph...y=sterlingcash

sterlingcash to that list. first one i checked, first one i found.


Some

ravenriley ones too:

http://www.fusker.lewww.com/index.ph...ravenriley.com

seems like a big problem to me. Give every gallery you got away for free in one spot with no links to your adds.

what is left for them to buy?

[cd34]

well, here's one problem -- if they turn off the referrer, the galleries still come up even when blocking 'fusker' urls.

Short of protecting the files through a more sophisticated method, blocking by referrer isn't going to do much except annoy those that don't know how to turn off the referrer.

If you block empty referrers, people surfing with privacy software won't see the images. I looked through, and it is apparant that they are posting sites that are indeed blocking referrers of some of my clients (and those clients have had anti-hotlinking in there for ages), but, the only reason they would be of any value is if they were expecting people that weren't passing the referrer.

Note: this is evidenced by all of the img.photobucket.com posts. They block anything that sends the fusker referer, yet, are quite prevalent in the listings.

[Chop Smith]

Thanks Alex. About 20% of my free hosted galleries are on that blood sucker and 3 or 4 HFS'. Asking them to remove them but probably will not do any good, so I am off to do some research.

[RawAlex]

cd, I think we get back to the old "lock up images to your own domain only". Most programs have their galleries on a single domain, so restrict image calls to that domain only, perhaps allowing yahoo and google through. Otherwise, there should be no reason for anyone else to be linking to those images. The only place they should be used is inside the freehosted gallery, called from the domain itself.

galleries.myprogram.com is the only place that calls the images legally. Everyone else is a hotlinker.

How hard is that?

Alex

[RawAlex]

let me clarify: if people are linking to THE GALLERY PAGES, you want them in. If they are calling the images directly, you don't.

Turn off the referer or not - if you are not calling the images from your gallery page on your own server, then block them.

html pages are fine - but fusker never links to html. They just want your jpgs.

Alex

[cd34]

RewriteCond %{HTTP_REFERER} !^$

This is the rule that becomes the problem.

If you allow the empty referrer, the image can be seen by the smart fusker surfers. However, if you don't allow it, guys running privacy software cannot see your gallery page.

The problem with allowing the good is writing a regexp that can't be exploited easily. If we're lax on the url specificity, they could simply insert google somewhere in their url and then it makes the rule 10x more difficult to construct.

It becomes a real quandry.

[Head Boy]

Do we still get credits for surfers with blanked referrers? If not, it would be better to discourage their use.

[raymor]

I've designed what should be a reasonably good solution
for this. It'd secure your images and shouldn't block anyone,
no matter if they have they block the referer or not.
It's a couple of scripts and a bit of creative .htaccess that
I'd need to just code up real quick if there's enough interest.
I'd sell my script installed and tested, sold per domain.
In order that I might know if this would be worth my while
to code up, test, and let people know about, what do you
guys and gals think would be a fair price for it that you'd
be willing to pay?

[Mr. Blue]

I read on another board that programs don't necessarily mind fusker grabbing their pictures. Still people are seeing the watermark on these photos, still seeing the URL, maybe they might type in the url and the program would get some type in traffic. That traffic would be all profit as they don't have to pay an affiliate. I guess that's the logic they're using when making the decision not to block fusker.

[Chop Smith]

About the same price as strongbox. If it works as well as strongbox, there should be a good market for it. Feel free to test it on my stuff

[RawAlex]

raymor, I think that wouldn't be a bad idea.

Sparky: I think that for affiliates and programs alike, people surfing with privacy software is just a waste of time anyway. These people are WAY to scared to even suggest to use a credit card online, so why bother?

Fusker also has links like this:
http://invis.free.anonymizer.com/htt...a/PHOT0500.jpg

They are using anonymizer to try to hide themselves.

People using this type of service have issues. Programs should not be sad to see them not be able to see content.

Alex

[Useless]

Quote:

Originally Posted by RawAlex

Sparky: I think that for affiliates and programs alike, people surfing with privacy software is just a waste of time anyway. These people are WAY to scared to even suggest to use a credit card online, so why bother?

I whole-heartedly agree. These surfers probably aren't even seeing our banners anyway because they have Norton blocking all advertising. I really don't mind if they don't see my images.

Quote:

Originally Posted by Mr. Blue

I read on another board that programs don't necessarily mind fusker grabbing their pictures. Still people are seeing the watermark on these photos, still seeing the URL, maybe they might type in the url and the program would get some type in traffic.

And George Bush will bring democracy to the Middle East.

That is flawed thinking on the sponsor's part. There are sooo many pics on Fusker and such a large variety, it offers much more content than many paysites (perhaps all). Type-in traffic from Fuskerers is as plentiful as exit link traffic, I'm sure. I'd fire my marketing & promotions person if he/she told me that I'd make money by allowing hotlinking without any real text & banner advertising to go along with it.

[Mr. Blue]

Quote:

Originally Posted by Useless Warrior

And George Bush will bring democracy to the Middle East.

That is flawed thinking on the sponsor's part. There are sooo many pics on Fusker and such a large variety, it offers much more content than many paysites (perhaps all). Type-in traffic from Fuskerers is as plentiful as exit link traffic, I'm sure. I'd fire my marketing & promotions person if he/she told me that I'd make money by allowing hotlinking without any real text & banner advertising to go along with it.

lol, that's pretty much what I thought. I've always believed that the industry would do better if they limit the amount of free porn they give away. It's the one thing I noticed most coming from mainstream pages to adult pages. A lot of adult pages give way too much away.

When I started surfing for porn in the early 90's, lol, it was a pain in the ass to find good free porn and I bought a few memberships to avoid the annoyance of it...now there's so much free porn it kind of amazes me at times when people do buy memberships.

[Cleo]

Besides the problems with Fusker type sites there is the problems with password type sharing sites. Many paysites rely on only htaccess to protect their member's area which also allows site ripping. When Angel added Strongbox to her site sign ups almost doubled as they could no longer get access from the password sites and her member's area could no longer be ripped.

[Ramster]

StrongBox is fantastic, no doubt.

Fusker? I'm at a lost. I recented added htaccess to my hosted gallery server to only allow the images to be pulled from the hosted gallery domain for the most part.

I hate these fuckers. It is INSANE INSANE INSANE that some of the big programs don't just shut these fucking leaches down. They can do it in a day easily. A few of them get together and send some letters out to the hosts and registrars on the same day. Why don't they do that?

[Tommy]

I think we should work on one problem at a time

if asll webmasters protected their images 99% of these cock suckers would be fliping burgers

the first thing you should upload to a new domain is your htaccess file.
I keep mine on my desktop ready to go at a moments notice

_________________________________________

ErrorDocument 404 yourdomain.com/
ErrorDocument 403 yourdomain.com/

RewriteEngine on
RewriteOptions inherit

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com [NC]
RewriteRule .*\.(asf|mpg|mpeg|wmv|avi|rm|gif|jpe|jpg)$ yourdomain.com/ [NC,R,L]

AddType text/x-server-parsed-html .html

[Cleo]

Tommy besides the fact that your htaccess uses wild cards which makes it very insecure Fusker type sites often do not provide any referral information.

[docholly]

This was our topic at OTB on Saturday.. MML is such a trend setter..

[swedguy]

Quote:

Originally Posted by Cleo

Fusker type sites often do not provide any referral information.

It has nothing to do with the site. A site can not turn off the Referer's, only the surfer can do that.

[raymor]

Quote:

Originally Posted by Cleo

Tommy besides the fact that your htaccess uses wild cards which makes it very insecure Fusker type sites often do not provide any referral information.

Take another look at that regex.
There's nothing insecure about his wildcards,
which allow for subdomains. The regex is
correct in that it allows members.yourdomain.com
without allowing hacker.com/yourdomain.com.
If you can actually come up with any possible
insecurity related to that use of wildcards
please ket me know exactly what that would
be, as for the last 7 years noone has found one.

[cd34]

How about linkchecker software? Some TGP software doesn't send a referrer and would thus get a forbidden and possibly remove the gallery. I don't know about the software being used by freesite/linklist software.

I have a way to do it with a mod_perl filter that would be rather robust, wouldn't require cookies or anything -- wouldn't get involved in passing the file, it would purely insert itself in the handler to verify that it should accept or decline the link. I could write a DSO to do it, but, I would think that 99% of the people probably cannot insert modules into their apache config. Even mod_perl is iffy, but, it would be about the highest performance method I can think of. I can think of a method using PHP, but, since I cannot insert a php script into the request handler, mod_perl seems like the most portable and high performance option.

The problem is, no matter what method is used, there is either a simple reliance on some piece of data somewhere that can be easily circumvented. But, if we make it hard enough for enough people, combined with other efforts, it might make it worthwhile.

And regrettably, anyone using an edge cache won't be able to prevent hotlinking which might be why the big-boys allow hotlinking.

[Cleo]

In Tommy's example you can hotlink by putting the page in a directory called "yourdomain.com"

[raymor]

Quote:

Originally Posted by Cleo

In Tommy's example you can hotlink by putting the page in a directory called "yourdomain.com"

No, you can't. Try it. It allows only that which matches
the regex, which says:
^http:// First, http://

([a-z0-9-]+\.)* then allow letters, numbers, and dots (but not slashes or anything else)

yourdomain.com then your domain name.

http://hacker.com/yourdomain.com would not match the
second atom of the regex, which allows only letters, numbers,
and dots, but not the slash that would have to come between
hacker.com and yoursite.com.

[swedguy]

Raymor, the one sparky posted will go through.