Hey guys I'm running a download site where user put in the link in the form field. I've found another third party site that make use of my site - which means, they added a field on their site but the download will be processed using my server. Anyway to prevent this? It's costing me bandwidth

Hey guys I'm running a download site where user put in the link in the form field. I've found another third party site that make use of my site - which means, they added a field on their site but the download will be processed using my server. Anyway to prevent this? It's costing me bandwidth

So you're running a semi-proxy service for people? The file gets downloaded through your server, to the client?

Anyways, there are multiple ways to remedy this.

1. Check the referer when you're retrieving the link the user requests. If it's not coming from either http://mydomain.com or http://www.mydomain.com, then don't process anything and return to the page. People can fake where their referer is coming from, so it isn't foolproof. It is something you should check for to prevent though.

2. Check against the session ID. Have the ID passed in the URL in the query string, and check if the value in the query string is the same as the user's current session ID. If it isn't, return to the page.

I'd recommend you checking here for a good PHP download script that supports what Doh004 is talking about :)

http://www.hotscripts.com/category/php/scripts-programs/file-manipulation/download-systems/

Hey guys I'm running a download site where user put in the link in the form field. I've found another third party site that make use of my site - which means, they added a field on their site but the download will be processed using my server. Anyway to prevent this? It's costing me bandwidth

Don't go for 3rd party scripts. I think Session ID is the best procedure to prevent remote access. Create session on form page and verify session on download page.

Ok thanks guys. That fellow really fake the referrer :s