|
|
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
2005-03-27, 10:43 PM | #1 |
Took the hint.
|
Programs: Lock up your servers against Fusker
I have spent a little time looking at fusker over the last couple of weeks, and I am shocked at the number of programs that are leaving their free gallery servers wide open.
There is NO good coming out of this. You might thing you are getting type in sales because people see the content and want more, but honestly, why would they? http://www.fusker.lewww.com/index.php?query=trixieteen There are more than enough images here for any sane tosser to get off. No need to pay you guys a thing. It's frustrating when I start to see these guys in the top 10 on search engines. Affiliate programs: LOCK UP YOUR FREE GALLERY SERVERS. Support your affiliates that support you. Alex |
2005-03-28, 12:18 AM | #2 |
I like to blog :)
Join Date: Sep 2003
Posts: 1,050
|
add
http://www.fusker.lewww.com/index.ph...y=sterlingcash sterlingcash to that list. first one i checked, first one i found. Some ravenriley ones too: http://www.fusker.lewww.com/index.ph...ravenriley.com seems like a big problem to me. Give every gallery you got away for free in one spot with no links to your adds. what is left for them to buy? |
2005-03-28, 12:50 AM | #3 |
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
well, here's one problem -- if they turn off the referrer, the galleries still come up even when blocking 'fusker' urls.
Short of protecting the files through a more sophisticated method, blocking by referrer isn't going to do much except annoy those that don't know how to turn off the referrer. If you block empty referrers, people surfing with privacy software won't see the images. I looked through, and it is apparant that they are posting sites that are indeed blocking referrers of some of my clients (and those clients have had anti-hotlinking in there for ages), but, the only reason they would be of any value is if they were expecting people that weren't passing the referrer. Note: this is evidenced by all of the img.photobucket.com posts. They block anything that sends the fusker referer, yet, are quite prevalent in the listings.
__________________
SnapReplay.com a different way to share photos - iPhone & Android Last edited by cd34; 2005-03-28 at 01:16 AM.. Reason: additional notes |
2005-03-28, 01:25 AM | #4 |
Eighteen 'til I Die
|
Thanks Alex. About 20% of my free hosted galleries are on that blood sucker and 3 or 4 HFS'. Asking them to remove them but probably will not do any good, so I am off to do some research.
|
2005-03-28, 01:36 AM | #5 |
Took the hint.
|
cd, I think we get back to the old "lock up images to your own domain only". Most programs have their galleries on a single domain, so restrict image calls to that domain only, perhaps allowing yahoo and google through. Otherwise, there should be no reason for anyone else to be linking to those images. The only place they should be used is inside the freehosted gallery, called from the domain itself.
galleries.myprogram.com is the only place that calls the images legally. Everyone else is a hotlinker. How hard is that? Alex |
2005-03-28, 01:38 AM | #6 |
Took the hint.
|
let me clarify: if people are linking to THE GALLERY PAGES, you want them in. If they are calling the images directly, you don't.
Turn off the referer or not - if you are not calling the images from your gallery page on your own server, then block them. html pages are fine - but fusker never links to html. They just want your jpgs. Alex |
2005-03-28, 01:45 AM | #7 |
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
RewriteCond %{HTTP_REFERER} !^$
This is the rule that becomes the problem. If you allow the empty referrer, the image can be seen by the smart fusker surfers. However, if you don't allow it, guys running privacy software cannot see your gallery page. The problem with allowing the good is writing a regexp that can't be exploited easily. If we're lax on the url specificity, they could simply insert google somewhere in their url and then it makes the rule 10x more difficult to construct. It becomes a real quandry.
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
2005-03-28, 03:00 AM | #8 |
Hello, is this President Clinton? Good! I figured if anyone knew where to get some tang it would be you
Join Date: Feb 2005
Location: England
Posts: 442
|
Do we still get credits for surfers with blanked referrers? If not, it would be better to discourage their use.
|
2005-03-28, 03:12 AM | #9 |
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
|
I've designed what should be a reasonably good solution
for this. It'd secure your images and shouldn't block anyone, no matter if they have they block the referer or not. It's a couple of scripts and a bit of creative .htaccess that I'd need to just code up real quick if there's enough interest. I'd sell my script installed and tested, sold per domain. In order that I might know if this would be worth my while to code up, test, and let people know about, what do you guys and gals think would be a fair price for it that you'd be willing to pay? |
2005-03-28, 03:40 AM | #10 |
Searching for Jimmy Hoffa
Join Date: Jan 2005
Location: Long Island, NY
Posts: 771
|
I read on another board that programs don't necessarily mind fusker grabbing their pictures. Still people are seeing the watermark on these photos, still seeing the URL, maybe they might type in the url and the program would get some type in traffic. That traffic would be all profit as they don't have to pay an affiliate. I guess that's the logic they're using when making the decision not to block fusker.
|
2005-03-28, 03:33 AM | #11 |
Eighteen 'til I Die
|
About the same price as strongbox. If it works as well as strongbox, there should be a good market for it. Feel free to test it on my stuff
|
2005-03-28, 03:34 AM | #12 |
Took the hint.
|
raymor, I think that wouldn't be a bad idea.
Sparky: I think that for affiliates and programs alike, people surfing with privacy software is just a waste of time anyway. These people are WAY to scared to even suggest to use a credit card online, so why bother? Fusker also has links like this: http://invis.free.anonymizer.com/htt...a/PHOT0500.jpg They are using anonymizer to try to hide themselves. People using this type of service have issues. Programs should not be sad to see them not be able to see content. Alex |
2005-03-28, 07:41 AM | #13 | ||
Certified Nice Person
|
Quote:
Quote:
That is flawed thinking on the sponsor's part. There are sooo many pics on Fusker and such a large variety, it offers much more content than many paysites (perhaps all). Type-in traffic from Fuskerers is as plentiful as exit link traffic, I'm sure. I'd fire my marketing & promotions person if he/she told me that I'd make money by allowing hotlinking without any real text & banner advertising to go along with it.
__________________
Click here to purchase a bridge I'm selling. |
||
2005-03-28, 10:12 AM | #14 | |
Searching for Jimmy Hoffa
Join Date: Jan 2005
Location: Long Island, NY
Posts: 771
|
Quote:
When I started surfing for porn in the early 90's, lol, it was a pain in the ass to find good free porn and I bought a few memberships to avoid the annoyance of it...now there's so much free porn it kind of amazes me at times when people do buy memberships. |
|
2005-03-28, 07:50 AM | #15 |
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
Besides the problems with Fusker type sites there is the problems with password type sharing sites. Many paysites rely on only htaccess to protect their member's area which also allows site ripping. When Angel added Strongbox to her site sign ups almost doubled as they could no longer get access from the password sites and her member's area could no longer be ripped.
|
2005-03-28, 10:07 AM | #16 |
Life is good
|
StrongBox is fantastic, no doubt.
Fusker? I'm at a lost. I recented added htaccess to my hosted gallery server to only allow the images to be pulled from the hosted gallery domain for the most part. I hate these fuckers. It is INSANE INSANE INSANE that some of the big programs don't just shut these fucking leaches down. They can do it in a day easily. A few of them get together and send some letters out to the hosts and registrars on the same day. Why don't they do that? |
2005-03-28, 10:13 AM | #17 |
NYC Boy That Moved To The Island
|
I think we should work on one problem at a time
if asll webmasters protected their images 99% of these cock suckers would be fliping burgers the first thing you should upload to a new domain is your htaccess file. I keep mine on my desktop ready to go at a moments notice _________________________________________ ErrorDocument 404 yourdomain.com/ ErrorDocument 403 yourdomain.com/ RewriteEngine on RewriteOptions inherit RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com [NC] RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com [NC] RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com [NC] RewriteRule .*\.(asf|mpg|mpeg|wmv|avi|rm|gif|jpe|jpg)$ yourdomain.com/ [NC,R,L] AddType text/x-server-parsed-html .html
__________________
Accepting New partners |
2005-03-28, 10:26 AM | #18 |
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
Tommy besides the fact that your htaccess uses wild cards which makes it very insecure Fusker type sites often do not provide any referral information.
|
2005-03-28, 10:35 AM | #19 |
Nothing funnier than the ridiculous faces you people make mid-coitus
|
This was our topic at OTB on Saturday.. MML is such a trend setter..
|
2005-03-28, 10:39 AM | #20 | |
Vagabond
|
Quote:
|
|
2005-03-28, 10:44 AM | #21 | |
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
|
Quote:
There's nothing insecure about his wildcards, which allow for subdomains. The regex is correct in that it allows members.yourdomain.com without allowing hacker.com/yourdomain.com. If you can actually come up with any possible insecurity related to that use of wildcards please ket me know exactly what that would be, as for the last 7 years noone has found one. |
|
2005-03-28, 10:40 AM | #22 |
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
How about linkchecker software? Some TGP software doesn't send a referrer and would thus get a forbidden and possibly remove the gallery. I don't know about the software being used by freesite/linklist software.
I have a way to do it with a mod_perl filter that would be rather robust, wouldn't require cookies or anything -- wouldn't get involved in passing the file, it would purely insert itself in the handler to verify that it should accept or decline the link. I could write a DSO to do it, but, I would think that 99% of the people probably cannot insert modules into their apache config. Even mod_perl is iffy, but, it would be about the highest performance method I can think of. I can think of a method using PHP, but, since I cannot insert a php script into the request handler, mod_perl seems like the most portable and high performance option. The problem is, no matter what method is used, there is either a simple reliance on some piece of data somewhere that can be easily circumvented. But, if we make it hard enough for enough people, combined with other efforts, it might make it worthwhile. And regrettably, anyone using an edge cache won't be able to prevent hotlinking which might be why the big-boys allow hotlinking.
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
2005-03-28, 10:46 AM | #23 |
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
In Tommy's example you can hotlink by putting the page in a directory called "yourdomain.com"
|
2005-03-28, 11:25 AM | #24 | |
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
|
Quote:
the regex, which says: ^http:// First, http:// ([a-z0-9-]+\.)* then allow letters, numbers, and dots (but not slashes or anything else) yourdomain.com then your domain name. http://hacker.com/yourdomain.com would not match the second atom of the regex, which allows only letters, numbers, and dots, but not the slash that would have to come between hacker.com and yoursite.com. |
|
2005-03-28, 11:30 AM | #25 |
Vagabond
|
Raymor, the one sparky posted will go through.
|
|
|