hello guys,

I am hosting a download website, but I would like a feature that can prevent people from doing massive downloads.

You know, there is a program call 'teleport pro' out there that can teleport files of certain type from a website to your hard drive. In teleport, all you need to do is to give it the main page's URL, and it will download all the links it found within the specified domain to your hard disk. The user can just sit back and relax. (No webmasters want their visistors to relax!!! )


But teleport has some limitations too. It works only when you have direct links to your files, it can not parse scripts like javascript. or asp...

for example, when teleport sees this URL:

http://www.ok.com/archieve1.zip

It will download the files automatically. However, if you use a script like .jsp or .asp, or .cgi to redirect the download, teleport will failed.

That means, teleport won't be able to download this file

http://www.ok.com/download.asp?archieve1.zip



All my downloadable files currently resided on my site are direct links, so I would like to find some cgi program or script that can prevent massive downloads using programs like teleport. They have to manually click on a link to download a file! This is important because if I don't have this feature setup, then there will be bandwidth over-usage problem. One of my visitors once teleported more than 3GB of files from my server in one day!!!


Any ideas?

I am only suggesting this as something that might work, not that I've tried it, or tested it.


a php script that read the get/push arguments and parsed out the filename could pass back the file something like this:


$realfiledir = "/home/myaccount/hiddenfiles/";
$fp=fopen($realfiledir . $filename,"rb");
fpassthru($fp);
flush();



i'm still learning the neat things php can do, but this seems logical. the only other thing to watch out for is parsing the filename to make sure a malicious user doesn't include "..", or something like that that will let him trapse around wherever he wants to and download your files.

see: stripslashes, and htmlspecialchars man pages on www.php.net/manual

One thing you can do is pretty simple. The following PERL script will allow you to download something directly, though the user will never see the direct link:

#!/usr/bin/perl

print "Content-type: archive/zip\n";
print "Location: $testfile\n\n";


---------------

Just make sure the $testfile variable contains the URL you want to be downloaded. This is just a test script.

For a more useful download script, you could access it like this:

http://www.yourdomain.com/cgi-bin/download.cgi?file=something.zip

And just pass the content of the "file" variable to the script.

If you can program in PERL, it's relatively simeple. If not, just email me at webmaster@grsites.com and I'll help you out. I did this kind of thing with one of my sites, I can just give you the script and adapt it to your needs.

For any good scripts on these matters, take a look at these sites:
http://www.hotscripts.com
http://www.cgi-resources.com

Lot's of goodies to be found there :)

Try this only it hasn't been tested. Just thought it up....

Call it as http://www.yourdomain.com/download.php?download=file.zip

download.php


<?php
$ftp = "ftp://ftp.yourdomain.com/files"; // Location of Files
if ($download) {
header ("Location:$ftp/$download");
} else {
echo "There is no file to download.";
}
?>


This would try to download the file at ftp://ftp.yourdomain.com/files/file.zip

Just keep in mind, before using "AS IS" any of the script provided above, that they are really dangerous if you do not act any control of the arguments passed to the script itself.
What I mean is that the first script above (and many others you can find on the net) may suffer a possibile exploit: if you pass the argument as ../../etc/passwd (or something similar, mainly it depends on which dir you are in) you can give the attacker the system password file... your sysadmin wouldn't be so happy... :D

Bye bye,

wht, you might consider blocking the use of teleport...

following rewrite statements (may be placed in .htaccess) exclude teleport and some other email sniffing agents give them the page problem.html instead of the real requested file/page...


RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport*28 [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector
RewriteRule ^.*$ problem.html [L]

iplexx,

In the line,


RewriteCond %{HTTP_USER_AGENT} ^Teleport*28



What does "*28" mean? Is it a version number? If it is, this means I can only block certain version of teleport, right?

BTW,

I found some scripts on http://www.hotscripts.com. They are cool. Is PHP better than perl? I know perl spawns a new process for each new request.

ad 1.
you can go without *28 and it will work fine.

the htaccess blocks are based on the HTTP_USER_AGENT, which is send by most webbrowser and robots, so you can exclude/include specific versions of browser/robots easily; but keep in mind that the user agent string can be tweaked (regedit, software setting) or at leasted be removed (any privacy software)

ad 2.
you can run PHP as cgi or perl module, like Perl too.

IMHO PHP is easy to learn, easy to code and powerfull without the need to install additional modules/libs. Simply, for me PHP is the way to go.

I don't know for performance, maybe someone else can elaborate on that?

Just use a .htaccess file.

Originally posted by iplexx
wht, you might consider blocking the use of teleport...



RewriteCond %{HTTP_USER_AGENT} ^Teleport*28 [OR]



Just remember that Teleport Pro users can modify a setting that will make Teleport appear as Netscape or IE ...