Results 1 to 5 of 5
  1. #1

    * Prevent other sites from leeching my form?

    Hey guys I'm running a download site where user put in the link in the form field. I've found another third party site that make use of my site - which means, they added a field on their site but the download will be processed using my server. Anyway to prevent this? It's costing me bandwidth

  2. #2
    Join Date
    Jan 2004
    Location
    NJ, USA
    Posts
    288
    Quote Originally Posted by kohkindachi View Post
    Hey guys I'm running a download site where user put in the link in the form field. I've found another third party site that make use of my site - which means, they added a field on their site but the download will be processed using my server. Anyway to prevent this? It's costing me bandwidth
    So you're running a semi-proxy service for people? The file gets downloaded through your server, to the client?

    Anyways, there are multiple ways to remedy this.

    1. Check the referer when you're retrieving the link the user requests. If it's not coming from either http://mydomain.com or http://www.mydomain.com, then don't process anything and return to the page. People can fake where their referer is coming from, so it isn't foolproof. It is something you should check for to prevent though.

    2. Check against the session ID. Have the ID passed in the URL in the query string, and check if the value in the query string is the same as the user's current session ID. If it isn't, return to the page.
    Last edited by Doh004; 06-14-2009 at 10:55 PM.

  3. #3
    I'd recommend you checking here for a good PHP download script that supports what Doh004 is talking about

    http://www.hotscripts.com/category/p...nload-systems/

  4. #4
    Join Date
    Jun 2009
    Posts
    5
    Quote Originally Posted by kohkindachi View Post
    Hey guys I'm running a download site where user put in the link in the form field. I've found another third party site that make use of my site - which means, they added a field on their site but the download will be processed using my server. Anyway to prevent this? It's costing me bandwidth
    Don't go for 3rd party scripts. I think Session ID is the best procedure to prevent remote access. Create session on form page and verify session on download page.

  5. #5
    Ok thanks guys. That fellow really fake the referrer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •