Hello Webmasters! I have a Indian mp3 download site. My site offers mp3 songs from Indian movies, it is absolutely free. The site url is http://musicmirchi.net I was successfully operating my site for past few year, now I am facing a strange problem. Suddenly my site has started getting average downtime of 45%!!! We have checked the script - It is working absolutely fine. We contacted server people many times - They claim that everything was fine. We changed the server and again the same problem! We contacted the server people (new server) - they claimed that more than 20 different sites are using direct download links from my website. They are stealing my BW and hard work of many years! I have already activated hotlink protection from cpanel, still it is not effective. Please suggest me what should I do? Is there any solution?
You can add into your site a script that will check the referring link, and if the referring link isn't from your domain, deny it. <?php echo $HTTP_REFERER; ?> Code (markup):
Try this then, just a variation of what I suggested. http://forums.devarticles.com/php-development-48/php-download-php-check-referer-5924.html Also, please let me know how it didn't work and why, just saying "it doesn't work" doesn't help anyone.
i'm sure htaccess can stop hotlinking, there's probably wrong with the .htaccess statements try the statements below RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ To stop hotlinking from specific outside domains only RewriteEngine On RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR] RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR] RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC] after that You should redirect them to a 403 Forbidden error page
i use a variation - if above makes difficulties - here adapted to your site / hotlinked files you may remove the un-used file extensions mp4 / wav i added then only for the purpose of example syntax if you have several music file formats for download. above disallows hot-linking from all others except your site. since G/Y and MSN have no need to store/cache music files, there is no need for site-wise hotlink protection but more useful a general hot-link deny you check the hotlinking sites - search your logs to find them - make sure you have nothing in your cache from a previous visit - hence before visiting a hot-linking site always empty each time your browser cache.
Require registration to access files. Require a valid email address be used to register. Reject any requests for files where the URL does not contain the registrants email & password. http://site.com/file?mp3=file_id&email=them@host.com&pass=1234567890 Reject any requests for non-existant email/password combinations. Auto-ban accounts that have high rates of traffic in relation to average numbers. Do not put this in place untill you have the system in place long enough ot get a baseline. If users don't post their links for other people to use, they have nothing to worry about.
Hotlinking protection is difficult without registration or captcha download, as the Referrer header is actually coming from the browser (client side) and can thus be spoofed. Actually, it is really trivial to spoof. But, as you tried hotlinking protection already, I guess that they are not simply 'linking' to your content, as that would be caught, as 'normal users' don't have spoofed browsing (and they don't know what it is). You already added registration, but another technique is to add a simple 3 letter captcha before downloading a file, or even a 3 letter once every hour per user. Assuming they are direct(hot)linking the content you can use serverside generated Javascript which, in turn, generates the download url for the user. Make sure you have random urls / md5 urls for the actual mp3s anyway and then generate stuff like; aoiwfjeiojwowfjaiwjofiwoifej() { var a= "/"+""+"u"+"r"+""+"l"+"/"+"x"+"y"+"z"; return a + ".mp3"; } and let the php generate variations on that. Not really difficult to do, but really a pain to hack for a machine. For a human it is easy ofcourse, but probably too much work. And yet another, quite solid method, if they are not simply linking, but actually proxying the downloads, is using mod_evasive to make sure the same IP is not downloading too much in one go. There are other ways to do that as well; for instance, program it in PHP.
i posted this in another thread, but this thread seems to have more attention and info. Any suggestions to the best way to block my proxy would be greatly appreciated I have seen this script in many other forums. Does this script only work with Apache. From my small amout of experience, apache is the only web server program that has an htacess file, iis6 does not. I have a cgi script i want blocked only to me and my friends. If this is the correct script, do i put it in my nph-proxy.pl(and if in here what line does it go on) or do i put it in 1 of my .asp pages. my site is based off of .asp. any help would be greatly appreciated. Also i do not use php and really dont want to so any fixes using php would not work.