topic

Protection of a site against uploading

There are such cases when the owner of a site does not wish, or cannot, give the site entirely to the visitors.

How it to make?

Let's result a simple example:

You have site on which, you publish wall-paper for a desktop. Total amount of a site - 500mb, attendance of 7000 hosts in day, the provisional traffic - 300Gb in a month or 10 Gb in day.

Let's add to these visitors 20 more person, downloaded your site entirely. We receive increase in the traffic on 10Gb either twice. Or in other words 0.28 % of visitors have created 50 % of the traffic. Not absolutely fairly, especially if you pay the traffic.

Ways of protection of a site from uploading

1. An interdiction on user agent

user agent - so the data which each browser passes the server are called. These data the operational system, the list of plug-ins and many other things can comprise such information, as type of a browser.

It is the most simple, but the least effective way. His advantage that whom superfluous you do not forbid, and lack that practical everyone download the agent can mask under standard browsers.

Example:

$agent = " ". $http_user_agent;

if (strpos ($agent, " disco pump ") ||

strpos ($agent, " offline explorer ") ||

strpos ($agent, "teleport") ||

strpos ($agent, "webzip") ||

strpos ($agent, "webcopier") ||

strpos ($agent, "wget") ||

strpos ($agent, "flashget") ||

strpos ($agent, " cis te ") ||

strpos ($agent, " dts agent ") ||

strpos ($agent, "webreaper") ||

strpos ($agent, "httrack") ||

strpos ($agent, " web downloader ")) {

die (" access denied ");

}

2. Restriction by quantity{amount} of the seen{overlooked} pages for the certain time interval.

Too disputable enough method. But it is necessary to understand, that the normal person cannot see{overlook} 60 pages for 1 minute. But on the other hand and download the agent can do{make} pauses between uploading of pages.

Even if you will not block download the agent absolutely then, strongly complicate uploading.

3. An interdiction with the help of the latent link.

Probably, one of the most correct methods. You should make the latent link to page, on which "alive" person will not pass, and download the agent and other robots will make it. ip the address with which is made viewing the latent page blocked, say, for 3 minutes.

The main lack is that you, thus, block search robots. To struggle with it it is possible in two ways:

* To check $http_user_agent. For this purpose it will be necessary for you to know how all search robots subscribe. Besides at such way download the agent can mask under the search robot. (see an example 2)

* To forbid ip the address it is possible not on the fact of loading of the latent page, and on the fact of loading of the picture established on latent page. Search robots usually do not request the image placed on pages, and download agents usually do{make} it.

Conclusions.

As you can see, a method which would work for hundred percent{interests}, no, and it is necessary to you something (or someone) to sacrifice. The code php a class which realizes protection against the uploading, described in the third method is below resulted.

flooders.inc.php:

class flooders {

var $filename;/* the Name of a file in which the list */is stored{kept}

/* Forbidden ip */addresses

var $timeout;/* Time on which it is made ban ip */

/* Addresses. By default - 600 (10 minutes) */

var $log;/* the Name of a broad gully - file. */

var $agents;/* the File - the list of the resolved{allowed} agents */

/* */

/* The designer - in parameters it is possible to specify the basic adjustments */

/* */

/* $filename - a name of a file in which the list */is stored{kept}

/* zabanennykh addresses. */

/* $timeout - time, in seconds, on which banitsja ip. */

/* */

/* An example: $f=new flooders ("ban.txt", 3600); */

/* */

function flooders ($filename = "flooders.txt", $timeout=600) {

$this-> filename = $ filename;

$this-> timeout = $ timeout;

$this-> agents=array ();

$this-> log = "";

}

/* */

/* Sets a name of a broad gully - file. If a name of a file empty, a broad gully - file */

/* Not ispol`hhuetsja */

/* */

function setlogfilename ($filename) {

$this-> log = $ filename;

}

/* */

/* Check ip addresses on a presence{finding} in a ban-sheet. */

/* */

/* If $http_errror == 0 returns true if ip */address

/* zabanen, and false if ip the address is resolved{allowed}. */

/* */

/* If $http_error == 404 and ip zabanen address it is deduced */

/* Standard page 404 of apache */server

/* */

/* If $http_error == 403 and ip zabanen address it is deduced */

/* Standard page 403 of apache */server

/* */

function check ($http_error=0) {

global $http_server_vars;

$ip1 = $ http_server_vars ["remote_addr"];

$ip2 = $ http_server_vars ["http_x_forwarded_for"];

$ip1=str_replace (":", "_", $ip1);

$ip2=str_replace (":", "_", $ip2);

$curtime=time ();

$d = file ($this-> filename);

if (! is_array ($d)) {print " the Mistake of reading from a file " ". $this-> filename. "". "; return (false);}

$found=false;

for ($i=0; $i <count ($d); $i ++) {

$e=explode (":", $d [$i]);

if ($e [1] == $ip1 ** trim ($e [2]) == $ip2 ** $e [0] + $this-> timeout> $curtime) {$found=true; break;}

}

if ($http_error == 404 ** $found == true) {

header (" http/1.0 404 not found ");

die (" nnnn

not found

nthe requested url ". $http_server_vars ["request_uri"] ". was not found on this server.

n ". $http_server_vars ["server_signature"] ". n ");

}

if ($http_error == 403 ** $found == true) {

header (" http/1.0 403 forbidden ");

die (" nnnn

forbidden

nyou do not have permission to access ". $http_server_vars ["request_uri"] ". non this server.

n ". $http_server_vars ["server_signature"] ". n ");

}

return ($found);

}

/* */

/* Additions ip addresses in a ban-sheet */

/* */

function ban () {

global $http_server_vars;

$agent = " ". $http_server_vars ["http_user_agent"];

for ($i=0; $i <count ($this-> agents); $i ++) {

if (strpos ($agent, $this-> agents [$i])) return;

}

$ip1 = $ http_server_vars ["remote_addr"];

$ip2 = $ http_server_vars ["http_x_forwarded_for"];

$ip1=str_replace (":", "_", $ip1);

$ip2=str_replace (":", "_", $ip2);

$curtime=time ();

$d = file ($this-> filename);

if (! is_array ($d)) {print " the Mistake of reading from a file " ". $this-> filename. "". ";}

for ($i=0; $i <count ($d); $i ++) {

$e=explode (":", $d [$i]);

if ($e [1] == $ip1 ** trim ($e [2]) == $ip2) unset ($d [$i]);

}

if (need_add) {

if (! empty ($this-> log)) {

$fw=fopen ($this-> log, "at");

if ($fw) {

fputs ($fw, date (" y-m-d h:i:s ") ". [". $ip1. "|". $ ip2. "]". $ agent. "n");

fclose ($fw);

}

$d [] = $curtime. ":". $ip1. ":". $ip2. "n";

}

$fw = fopen ($this-> filename, "wt");

if (! $fw) {print " the Mistake of recording in a file " ". $this-> filename. "". "; return;}

foreach ($d as $e) fputs ($fw, $e);

fclose ($fw);

}

function addalowagent ($agent) {

$this-> agents [] = $agent;

}

Examples of use

Example 1

This code should be established on the latent page:

include "flooders.inc.php";

$f=new flooders ();

$f-> ban ();

This code should be established in the top part of all pages of a site:

include "flooders.inc.php";

$f=new flooders ();

$f-> check (404);

Example 2 - not forbidding known search robots.

This code should be established on the latent page:

include "flooders.inc.php";

$f=new flooders ("/tmp/ban.txt");

$f-> addalowagent ("stackrambler");

$f-> addalowagent ("googlebot");

$f-> addalowagent ("yandex");

$f-> addalowagent ("aport");

$f-> addalowagent ("msnbot");

$f-> addalowagent ("fast-webcrawler");

$f-> addalowagent ("slurp/cat");

$f-> addalowagent ("aspseek/1.2.10");

$f-> addalowagent ("cnsearch");

$f-> setlogfilename ("/tmp/ban.log");

$f-> ban ();

This code should be established in the top part of all pages of a site:

include "flooders.inc.php";

$f=new flooders ("/tmp/ban.txt");

$f-> check (403);