Hello everyone, I've written a simple anti-leech script which will check the referral and either allow the download or deny it. Here is what I have so far: <?php $referer = $_SERVER['HTTP_REFERER']; $referer_parse = parse_url($referer); if($referer_parse['host'] == "mysite.com" || $referer_parse['host'] == "www.mysite.com") { // download... } else { header("Location: http://www.mysite.com"); exit(); } ?> PHP: Some people have a problem with this. For some it just redirects them to the home page insted of give them the download and for others it just works. My friend has told me something about some people not having referrals on or something like that which may cause the problem. So my question is: Is there another way around this and prehaps make it more secure? I hope I will be hearing from you PHP gurus soon!
if(eregi($_SERVER["HTTP_HOST"], str_replace("www.", "", strtolower($_SERVER["HTTP_REFERER"])))) { // download } else { // exit } PHP: Thats a quicker code. Now, regarding your question.. Yes, there are people that hide their referral URL using programs like privoxy or others.. For me, it sounds like this.. If he is not showing me where he came from, he dosen't deserve the download. So you need to forget about those 1% people that have the referer paranoia
Note, these scripts arn't fool-proof. I wrote a crawler not to long ago, and I was grabbing images using a function to download the files via socket and send a referer header - So watch out, if someone is dedicated to leeching, it is possible. Also, alot of download managers send fake referer headers now.
Yea, you can send fake referrer header information. Here's a tutorial I wrote for anti-leeching: http://www.icemelon.com/tutorials/14/Prevent_Hotlinking.htm It checks a session variable to see whether the downloader is a leecher.