Skip to main content

Topic: anti-leech scripts etc. (Read 5260 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.
  • rjamorim
  • [*][*][*][*][*]
anti-leech scripts etc.
Quote
Quote
Koepi should use BitTorrent or something. I hate to download anything in his pages.

Elaborate. I never had a problem downloading anything from his pages and the speed has always been excellent too.

He uses one of those broken & lame anti-leech scripts that forces you to disable your firewall.
Get up-to-date binaries of Lame, AAC, Vorbis and much more at RareWares:
http://www.rarewares.org

  • dev0
  • [*][*][*][*][*]
  • Developer
anti-leech scripts etc.
Reply #1
I'm using a NAT device and it doesn't cause any problems here. Even behind various proxy configurations it has always worked perfectly.
"To understand me, you'll have to swallow a world." Or maybe your words.

  • rjamorim
  • [*][*][*][*][*]
anti-leech scripts etc.
Reply #2
Quote
I'm using a NAT device and it doesn't cause any problems here. Even behind various proxy configurations it has always worked perfectly.

The problem is triggered by software firewalls that block the referer field from the HTTP headers you send to the server.
  • Last Edit: 05 April, 2004, 03:40:06 PM by rjamorim
Get up-to-date binaries of Lame, AAC, Vorbis and much more at RareWares:
http://www.rarewares.org

  • polandro
  • [*]
anti-leech scripts etc.
Reply #3
So if you're using flashget or similar, just put the url of the page that the d/l link is on in the 'referrer' field/box and it works every time! 

...for me anyway.
  • Last Edit: 05 April, 2004, 04:25:28 PM by polandro

  • dev0
  • [*][*][*][*][*]
  • Developer
anti-leech scripts etc.
Reply #4
Or use non-b0rked application firewall software...
Enough flaming for today.
"To understand me, you'll have to swallow a world." Or maybe your words.

  • askoff
  • [*][*][*][*]
anti-leech scripts etc.
Reply #5
Quote
Or use non-b0rked application firewall software...

What could that be? Norton is qute good firewall afterall.

  • Doom9
  • [*]
anti-leech scripts etc.
Reply #6
I hardly ever post here but I cannot let this stand as it touches an area I myself are sensitive in.

Quote
He uses one of those broken & lame anti-leech scripts that forces you to disable your firewall.

Broken? Let me correct you.. your "privacy" tools are broken. They dont' actually protect your privacy, they just remove important header information. You don't need a referer removal, as you can easily achieve this using out-of-the-box means. Right click - open in new window, or right click - open in new tab will work just fine and not send a referer. I think you can even press control and click and that will open a new window as well. Referers are not really a privacy issue, what do you care of a webmaster knows where visitors come from? You cannot be traced more than one step, even if multiple sites were owned by the same entity, I doubt anybody would go to so much trouble as to match logs from different sites (and at least in my case, more often than not I open links in new tabs or go to sites that are not related so all effort would be in vain).

On the other side, as a webmaster who has to pay for his traffic (I doubt you'll find anyone that has to pay for hundreds of GBs per month would ever complain about such a measure), referers allow you to control who gets to use your bandwidth. If you don't do it, download managers use file search engines that will return them links to your site, and so even somebody who's not even trying to download from your site, gets sent to your place from another site (cos a search engine like filemirrors returns your site as download location for a particular file). The only other use I have from referers is seeing the 20 top sites where my visitors come from.. most of these links are from one of my mirrors or search engines.. it wasn't always like that. in the early days referers helped me to find leeches.. without those indications I'd have never been able to locate websites copying my content or trying to steal my downloads.

No anti-leech script I'm aware of forces you to disable a firewall (plus, a firewall is actually not supposed to remove referers.. does any real firewall - like the ones from Checkpoint et all do such a thing?, that's a "feature" that they sell you as a bonus, but it really doesn't do anything for you. I still have your IP when you come to my site, and from that I can get a geographical location and the name of your ISP, and I can also track which pages you're visiting. If you want to be truly anonymous, you have to use a proxy service like some German universities offer, where data is channeled through multiple anonymous proxies and where no connection data is logged. Everything else is just a farce.

I have three firewalls in a row (hardware, then two software firewalls since upgrading to WinXP SP2) but none of them has ever prevented me from any download
Go to www.doom9.org for the web\'s most comprehensive collection of DVD backup articles.

  • rjamorim
  • [*][*][*][*][*]
anti-leech scripts etc.
Reply #7
I personally run a site (among others) that consumes more than 50Gb of bandwidth per month. And I never blocked so-called "leechers". The reasons are:

-I don't abuse my site visitors with banners and pop-ups. There is absolutely no way I could get any income from my sites. So, it makes no difference for me if the user downloads the file directly from elsewhere or visits my pages before.

Also, I noticed allowing "leeching" sometimes increases my site's popularity. Some "leecher sites" are nice and, next to the direct link, they mention the url of the place the file is being obtained from.

You did that, when you direct-linked to Psytel AACenc on inf.ufpr.br/~rja00, some years ago. And I didn't mind one bit

-It is my opinion that users get very frustrated with an angry leecher message thrown at them when they inadvertedly click a link from elsewhere, or forget to disable referrer blocking on their software firewall. Not a nice way to present your site to a potential visitor, IMO.

Quote
download managers use file search engines that will return them links to your site, and so even somebody who's not even trying to download from your site, gets sent to your place from another site (cos a search engine like filemirrors returns your site as download location for a particular file).


Hehehe. Most of these same download managers (GetRight particularly, which, BTW, is from the creators of filemirrors) are able to fake referrer URLs.

Precisely:
http://pessoal.onda.com.br/rjamorim/getright.png

The same probably applies to FileZilla, FlashGet...

Regards;

Roberto.
Get up-to-date binaries of Lame, AAC, Vorbis and much more at RareWares:
http://www.rarewares.org

  • Doom9
  • [*]
anti-leech scripts etc.
Reply #8
Quote
I personally run a site (among others) that consumes more than 50Gb of bandwidth per month.
And do you have to pay for it? My site makes about 850 GB a month, that's not something you get with any regular hosting package. The number one download requires more bandwidth than your whole site  Imagine you had a 5 MB download, that was quite popular.. your traffic goes up like crazy when other sites link to it. And I'm sure if I, instead of hosting all audio and video tools you also carry, link to your site, you'd start to mind because you'd notice a considerable increase in traffic.

Quote
Also, I noticed allowing "leeching" sometimes increases my site's popularity. Some "leecher sites" are nice and, next to the direct link, they mention the url of the place the file is being obtained from.
You are obviously dealing with nicer webmasters than I have to. But then again your software archive is more specialized and selective than mine.

Quote
You did that, when you direct-linked to Psytel AACenc on inf.ufpr.br/~rja00, some years ago. And I didn't mind one bit
Must've been a long time ago.. it's been a long while since I've had a no direct links policy when it comes to software (there are some exceptions to the rule though, but none that are small and where the traffic would matter), so I'm hoping this was an honest oversight or had another important reason. Is the link still there?

Quote
Most of these same download managers (GetRight particularly, which, BTW, is from the creators of filemirrors) are able to fake referrer URLs.
Evil evil. Is it turned on by default (I'm a no DL manager user)?
Go to www.doom9.org for the web\'s most comprehensive collection of DVD backup articles.

  • rjamorim
  • [*][*][*][*][*]
anti-leech scripts etc.
Reply #9
Quote
And do you have to pay for it? My site makes about 850 GB a month, that's not something you get with any regular hosting package. The number one download requires more bandwidth than your whole site  Imagine you had a 5 MB download, that was quite popular.. your traffic goes up like crazy when other sites link to it. And I'm sure if I, instead of hosting all audio and video tools you also carry, link to your site, you'd start to mind because you'd notice a considerable increase in traffic.


My point is, if you are not getting income from unique visits (banners, popups, etc.), it makes no difference if the user reaches the file directly, or is greeted first by an anti-leech message and then starts browsing the site to download the file. He'll end up downloading it anyway and using the same amount of bandwidth.

Of course, if you want your users to see banners or pop-ups, forcing them to browse your site first is very justifiable.

About you linking to RareWares instead of hosting the apps: I think it wouldn't make much difference if you linked to the home page or directly to the file. Actually, my traffic would probably be even bigger if you linked to the home page, because then visitors might start finding other interesting apps and downloading them.

Quote
You are obviously dealing with nicer webmasters than I have to. But then again your software archive is more specialized and selective than mine.


True. And maybe I don't notice the webmasters that are direct-linking, since I don't check the bandwidth usage statistics often.

Quote
Must've been a long time ago.. it's been a long while since I've had a no direct links policy when it comes to software (there are some exceptions to the rule though, but none that are small and where the traffic would matter), so I'm hoping this was an honest oversight or had another important reason.


It was more than an year ago, if I remember correctly. And yes, you had a good reason: by that time people were still scared by Dolby threats and avoided hosting AAC binaries.

Quote
Is the link still there?


As far as I can see, no.

And there would be no problem, really. That file was (and still is) hosted in an uncapped (although relatively slow) host.

Quote
Evil evil. Is it turned on by default (I'm a no DL manager user)?


On GetRight, the screenshot I posted is the default configuration. I personally use the "Generated from download URL" setting. Dunno about other managers.

Regards;

Roberto.

BTW: Your links page is still pointing to rarewares.hydrogenaudio.org. Could you please replace it with www.rarewares.org? Thank-you.
  • Last Edit: 10 April, 2004, 01:23:14 PM by rjamorim
Get up-to-date binaries of Lame, AAC, Vorbis and much more at RareWares:
http://www.rarewares.org

  • saratoga
  • [*][*][*][*][*]
anti-leech scripts etc.
Reply #10
Quote
Quote
Or use non-b0rked application firewall software...

What could that be? Norton is qute good firewall afterall.

I disagree.  Its crappy and causes way more trouble then its worth.

Anyway theres no sense in blocking referers, because if you do it will break sites that depend on support for them while provideing you with no extra security.

  • askoff
  • [*][*][*][*]
anti-leech scripts etc.
Reply #11
Quote
Quote
Quote
Or use non-b0rked application firewall software...

What could that be? Norton is qute good firewall afterall.

I disagree.  Its crappy and causes way more trouble then its worth.

Well I guess that it depends on user and his/hers computer. It has never gave me any problems, exept this Koepi web page issue.

Quote
Anyway theres no sense in blocking referers, because if you do it will break sites that depend on support for them while provideing you with no extra security.

As I just said, Kopeis page is the only one where I'm having problems. www.doom9.org work fine and so does everything else. No whait DivX diggest also gave me some problems, but usualy they just offer link to original site only.

  • Doom9
  • [*]
anti-leech scripts etc.
Reply #12
Quote
My point is, if you are not getting income from unique visits (banners, popups, etc.), it makes no difference if the user reaches the file directly, or is greeted first by an anti-leech message and then starts browsing the site to download the file. He'll end up downloading it anyway and using the same amount of bandwidth.
Well, you do have a point bandwidth wise, though I think such messages also encourage some people to inform webmasters that direct links aren't okay. And in my case, I want people to see the mainpage regardless of traffic. I want them to see there's more to my site than just a download archive.. there's daily news and a lot of guides as well. Hence the frame reloading script I'm using, so that any external deep-links to documents are okay, but reload my frameset so people get to see what else there is on my site.

Quote
BTW: Your links page is still pointing to rarewares.hydrogenaudio.org. Could you please replace it with www.rarewares.org? Thank-you.
I've changed the link.
Go to www.doom9.org for the web\'s most comprehensive collection of DVD backup articles.

  • Bonzi
  • [*][*][*][*]
anti-leech scripts etc.
Reply #13
Quote
I still have your IP when you come to my site, and from that I can get a geographical location and the name of your ISP, and I can also track which pages you're visiting. If you want to be truly anonymous, you have to use a proxy service like some German universities offer, where data is channeled through multiple anonymous proxies and where no connection data is logged. Everything else is just a farce.

Ok, what really important is that people figure out how to protect themselves from any intrusion of privacy.  But is there any other way for users to protect themselves other than doing this?  I have never bothered before with such things but about 1 month or so ago while visting one of message boards I frequent, one of the mods revealed my location to the world which kind of scared me.  I won't mention which board but it wasn't doom9.  But it got me thinking that maybe I should be a little more careful  Luckly I do live in a big city and all so if someone wanted to find me it would be tough.  Is there any way to be sure that you can browse *completely* anonomously?
  • Last Edit: 11 April, 2004, 12:32:02 AM by Bonzi

  • Andavari
  • [*][*][*][*][*]
anti-leech scripts etc.
Reply #14
Quote
Quote
I still have your IP when you come to my site, and from that I can get a geographical location and the name of your ISP, and I can also track which pages you're visiting. If you want to be truly anonymous, you have to use a proxy service like some German universities offer, where data is channeled through multiple anonymous proxies and where no connection data is logged. Everything else is just a farce.

Ok, what really important is that people figure out how to protect themselves from any intrusion of privacy.  But is there any other way for users to protect themselves other than doing this?

With so many security exploits that constantly need patched in the Windows family of operating systems it's no surprise to me that people would try to mask as much info as possible, including removing referrer information. "Some" people may see a script do one harmless thing that makes a site work, or protects a site and may immediately think it's some security issue and bark virus, or trojan.

I can only speak for myself; I do not initially trust any website right off the bat since there are so many that can install whatever the hell they like automatically without my consent.
Complexity of incoherent design.

  • Artemis3
  • [*][*][*][*][*]
anti-leech scripts etc.
Reply #15
I don't see the benefit of said scripts since it doesn't help with the bandwitdh issue. Its also against the spirit of the www, attempting to twart external linking.

People that believe things on the web "belong" solely to a site, are not being realistic at all. Just like "copy protection", such scripts can always be bypassed by the determined, and will only cause annoyances to regular users.

Servers that face bandwidth problems should address the issue for what it is. For example, i like an apache module that limits connection per IP (limitipconn). This helps with certain download helper apps that divide a file in many small parts and downloads them simultaneously (it may cause some NAT issues).

There is also the powerful tool of BitTorrent for "very popular downloads".

And finally, you can always limit the bandwith allowed. A site could release a .torrent for a certain popular file, and allow a bandwidth limited direct download, for instance.

I think something more bittorrent like but more transparent will emerge for normal web browsing and flle downloading, simply because its more efficient for everyone. The traditional server/client model seems to be gradually shifting in favor of more decentralized methods. Interesting times indeed
She is waiting in the air

  • rjamorim
  • [*][*][*][*][*]
anti-leech scripts etc.
Reply #16
Quote
People that believe things on the web "belong" solely to a site, are not being realistic at all.

These people don't believe the files hosted belong to the site. They do believe that the bandwidth being used belongs to it. You can't argue with that.

Quote
Servers that face bandwidth problems should address the issue for what it is. For example, i like an apache module that limits connection per IP (limitipconn). This helps with certain download helper apps that divide a file in many small parts and downloads them simultaneously (it may cause some NAT issues).


There are countless problems with your argument

1)Limiting connection according to IP won't limit people from leeching. The real usefulness of such module is to help distribute bandwidth equally for servers using slow pipes. Keeping people to use download helpers to their full potential will only make users download the file slower, it won't change your bandwidth bill a bit.

2)Usage of apache modules depends on the server administrator. If your account is on a very limited bandwidth server, it's most likely you aren't on a dedicated server - therefore, it's out of your hands to enable it or not.

3)This doesn't help the bandwidth usage issue at all.

Quote
There is also the powerful tool of BitTorrent for "very popular downloads".

And finally, you can always limit the bandwith allowed. A site could release a .torrent for a certain popular file, and allow a bandwidth limited direct download, for instance.


Again, a flawed argument.

1)BitTorrent only works optimally for large files - ISOs, movies, etc. 90% of the files hosted by RareWares, for instance, are smaller than 500Kb. For a recent example of bittorrent experiment gone useless, check foobar2000.org.

2)BitTorrent requires that you are server administrator to set up a tracker. Again, if you are so concerned about limiting your bandwidth usage, you probably aren't running a dedicated server and can only hope the server admin will accept your request to set up a tracker. Considering BitTorrent is often associated with illegal p2p distribution... tough luck.

Quote
I think something more bittorrent like but more transparent will emerge for normal web browsing and flle downloading, simply because its more efficient for everyone. The traditional server/client model seems to be gradually shifting in favor of more decentralized methods. Interesting times indeed


Wild speculation won't help our problems now.

Now, I've been thinking about this issue a lot lately. I've been kinda forced, since a %$&#! kraut started stealing about 2Gbs from RareWares daily. Even though I don't like anti-leech measures, that was a case of either setting up an anti-leech or seeing my bandwidth bill shoot through the roof.

So my take on anti-leeching now is this: I will only set up mod_rewrite anti-leech on a per-case basis. I won't set it so that only people coming from RareWares can access the files, like sites usually do. IMO, it's valid that small sites, or people using web boards, link to my files. People using web boards often don't have anywhere to upload to, and small sites usually run on a very limited bandwidth quota. Fair is fair.

But I get very pissed when big sites like audiograbber.de direct-link to my files - and don't even give me credit! There are absolutely no links to rarewares.org  there - although, amusingly, there are links to Mitiok. This is another example of a site, although a small one this time, that directly links to rarewares without giving us credit (interestingly, they link to foobar2000.org's home page, but direct-link to rarewares neverthless. I wonder who is the fine, fine lad running that site...). That makes me quite mad.

Another decision I took is that I won't present the visitor with a nasty-looking "LEECHER!!!!" message. It's not his fault, for sure. People coming from these leechers are silently redirected to rarewares' main page. Hopefully from there they'll find what they were looking for.

These are some examples of nice sites linking to RareWares:
http://www.mpex.net/software/download/lamedll.html
http://www.cestfacile.org/telechargements.htm

To end this long rant, an image that speaks for itself:
http://pessoal.onda.com.br/rjamorim/bandwidth.png

On April 12th, Audiograbber.de started direct-linking to RareWares.
On April 14th, I started using the anti-leech measure.

Regards;

Roberto.
Get up-to-date binaries of Lame, AAC, Vorbis and much more at RareWares:
http://www.rarewares.org

  • Toe
  • [*]
anti-leech scripts etc.
Reply #17
Quote
2)BitTorrent requires that you are server administrator to set up a tracker. Again, if you are so concerned about limiting your bandwidth usage, you probably aren't running a dedicated server and can only hope the server admin will accept your request to set up a tracker. Considering BitTorrent is often associated with illegal p2p distribution... tough luck.

Actually, there's several PHP-based trackers out there that will run fine on a shared host....

  • Jan S.
  • [*][*][*][*][*]
anti-leech scripts etc.
Reply #18
Quote
1)BitTorrent only works optimally for large files - ISOs, movies, etc. 90% of the files hosted by RareWares, for instance, are smaller than 500Kb. For a recent example of bittorrent experiment gone useless, check foobar2000.org.

AFAIK foobar doesn't use torrent anymore because of lack of a stable tracker.
Beta versions use torrent though. There are no problems with the idea itself.