Preventing unwanted downloads - Website Analytics - Tracking and Logging forum at WebmasterWorld - WebmasterWorld

Forum Moderators: DixonJones

Message Too Old, No Replies

Preventing unwanted downloads

mikeph

1:42 am on Oct 11, 2003 (gmt 0)

10+ Year Member

I've just started providing free-to-try shareware software on my site. Gots lots of pirate attacks and linking to my site driving bandwidth up.
First I made a straight redirect link from my web site to a straight file hosting site for the .zip file. Then I quickly tried to learn CGI and to use .htaccess to block unwanted downloaders. This forum and others has helped really well. [I can sleep at night knowing I can financially survive from high bandwidth charges.]

I now use a mixture of controls in .htaccess:
1. setenvifnocase Referer "^http://([^/]*)badguy\.com" DenyIt etc.....
2. deny lots of IP addresses - deny from 202.72. etc....
3. limit get - deny from .sillysite.cable.ru etc. ....

These are working well now, but I am still getting downloads using my redirected destination site as the Referrer.
e.g.
somekindofcablehost.countrysay.it - - [09/Oct/2003:07:11:30 -0400] "GET /mysoftware.zip HTTP/1.1" 403 220 "http://myname.myhostingsite.com" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
...where [myname.myhostingsite.com...] is my redirected download site.

I am also not getting any success stopping non-referers with setenvifnocase Referer "^-$" DenyIt

The difficulty now is that goodguy download referers use other countries' cable links to download my stuff, so I can no longer use a straight ban on a particular country.

I would be pleased if anyone could offer me help here.

jdMorgan

1:59 am on Oct 11, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

mikeph,

Welcome to WebmasterWorld [webmasterworld.com]!

Try:


SetEnvIfNoCase Referer "^-?$" DenyIt

^$ catches blank referrers, and ^-$ will catch a "faked" blank referrer. ^-?$ catches both.

You should be able to block those referrers from your download server. You normally refer to it, but it need not refer back to you.

Other than that, you'll just have to keep checking your logs, or go for a more sophisticated login-based approach.

Jim

mikeph

5:39 am on Oct 11, 2003 (gmt 0)

10+ Year Member

Thank you. [Hmmm.. these little signs are very important.]

I gather then that

SetEnvIfNoCase Referer "^-?$" DenyIt

will deny no referers and "fake referers" and that "fake referers" are using my domain name e.g. referer as "http://myname.myhostingsite.com" as their own reference?

Mike

BlueSky

8:25 am on Oct 11, 2003 (gmt 0)

10+ Year Member

That will only stop referrers who use a blank or dash not ones faking your site name. When good guys want to download the shareware software, does the redirected destination show up as the referrer for them too?

mikeph

9:37 pm on Oct 11, 2003 (gmt 0)

10+ Year Member

First, thanks members for such a good forum, and for the high level of toleration for the numerous novices, who raise the same questions every month!
------
Referer from all the 'good guys' is always from a recognised address from themselves: e.g. "http ... goodware.com"

All the bad guys want to download 10 to 20 at once. 95% [of the ones who are on my case] are now blocked, except the ones who use my redirected site name.

What worries me is, that if I manage to cut all the bad guys down to 2 or 3, and don't keep an eye on the logs for a couple of nights [or even go away for 4 days], one of them can run up huge bandwidth.

At present I track the IPs they come from and ban the addresses surrounding those IPs. This is not good but gives me some peace.

Receptional

5:23 pm on Oct 13, 2003 (gmt 0)

Don't mean to be nosy about things above my station, but have you considered an alternative low-tech approach:

1) Instead of having the downloads on the site, you have them on an autoresponder, sent by Email to whoever wants it.

2) If they don't fill in a webform properly, the autoresponder doesn't send the file.

3) You could always do a type in these "random letters" trick like the overture does with its bid price monitoring tool to block non-humans (presumably if bandwidth is an issue it IS non humans.

So... no precious files on your website = no reason to attack the server.

Dixon.

mikeph

6:52 pm on Oct 13, 2003 (gmt 0)

10+ Year Member

I have had similar suggestions before from other forums. Looks like I will have to move in that direction. Well, here we go again - learning more code!

Thanks to all.