Check Referrer To Prevent Linking Yours From Other Sites Check referrer with Php and Mysql

[P0T33n 0]

Check Referrer Using Php To Prevent People Linking To Your Downloads From Other Sites

 

Ever find that found some people are listing items, images and tuts and linking directly to the download url (those that are like my photoshop tutorial.php?id=0), which is a .php to count the number of downloads. To prevent this, you can add a piece of code to the download pages that checks which page referred them to the download page: if it's my domain, it downloads the file normally, if it's not, it will redirect to my home page instead.

 

Important: Not all browsers log referrers, so this won't work depending on the browser the visitor uses and this method can be also bypassed, but it will work for for the major part of visitors.

 

<?php$yoursite = "yoursite.com"; //Your site url without http://$yoursite2 = "www.yoursite.com;; //Type your domain with www. this time$referer = $_SERVER['HTTP_REFERER'];//Check if browser sends referrer url or notif ($referer == "") { //If not, set referrer as your domain$domain = $yoursite;} else {$domain = parse_url($referer); //If yes, parse referrer}if($domain['host'] == $yoursite || $domain['host'] == $yoursite2) {//Run your dowloading code here normally} else {//The referrer is not your site, we redirect to your home pageheader("Location: http://yoursite.com");exit(); //Stop running the script}?>

Hope some one finds this usefull!!

 

Notice from electriic ink:

P0T33n, in the future please ensure that your topic titles and descriptions are as descriptive as possible and that you put all your code in [-CODE-] tags. Thank you.

Edited August 21, 2006 by BuffaloHELP (see edit history)

[Plenoptic 0]

That is pretty useful I might have to try it sometime. Hopefully I can adjust it to work on all browsers and make it more secure. I would post a comment on the page saying that those who have reached the page from the wrong area can visit the site that way people know the link they got wasn't from the creator of the download or whatever. I can use this for my download system. Nice tutorial.

[Dooga 0]

Referals can be changed, which means that this sometimes doesn't work.

[Florisjuh 0]

This is a nice and usefull script, thanks for sharing it. Leeching is a pretty big problem nowadays seeing every website 'hotlinks like hell' while traffic is very important seeing content can be found everywhere nowadays.

[Sprnknwn 0]

Nice tutorial. I?ll definitely bookmark it, maybe it?ll be useful in the near future. Thanks.

[delivi 0]

great script, will help a lot in saving the precious bandwidth.

[Soby 0]

What is the file that I want to put on the server is hosted on a different webserver. Can it check referers for that too?

[iGuest 3]

Bad script,very bad. If I put in my reffer : "> ,then this site with this script is vulnerable to XSS-reply by Number.49

[hitmanblood 0]

Well, this is useful script for web statistics but not for the prevention of unwanted download. So you should check it it may be as starting point for some other more secure scripts.But as this script is very easily defeated it is not very secure. So be careful when imposing this script to your site. And another thing I personally never use open source scripts that are widely available for important security parts of my sites.***--this is after edition--***there is also one thing is referral is entered as blank that is as you can make custom user agents then you may be able to enter the site and make it work in unwanted way. This is important fact.

Edited June 13, 2008 by hitmanblood (see edit history)

[iGuest 3]

PHP Referer check/redirect mostly useful.Check Referrer To Prevent Linking Yours From Other Sites

While not foolproof, this script is now being used in my wife's website, http://www.tiffany.pro/. What this script helps us do is prevent the average and most advanced folks from copying the pages that contain copyright work. We deployed the use of the jQuery thickbox plugin and a bit of javascript highlighting disabling functions. There are 2 ways to overcome this to copy the text, but the chances of people doing this are unlikely. The steps only took a half hour or so to take, and now she can self publish her work without worry that search engines and others will go out of their way to copy the text, where it might find it's way around the rest of the web.

I think the author of this script, as it saved me the trouble of writing a custom script.

-reply by Nicholas Maietta