| LED Digest 2136: Protecting Code, Bandwidth, and Images |
|
|
|
================================================== The LED Digest Moderated Discussion List "Effective Online Advertising, Since 1997" pair Networks: The LED's Web Host Hosting and Domain Reg. from a Trusted Leader pair.com for Hosting | pairNIC.com for Domains ================================================== List Moderator: Published by: Adam Audette LED Digest adam, led-digest.com http://www.led-digest.com .............................................. April 11, 2006 Issue #2136 .............................................. .....IN THIS DIGEST..... ======= NEW ==================== --== Protecting Code ==-- ~ Claudiu Spulber "...someone told me that there might be ways to get the PHP code from a site..." ~ Phil Chave "Where you by chance born with the ability to write HTML?" ==== CONTINUING ================= --== Bandwidth Theft [was: Image Theft] ==-- ~ John Brumage "This should be fairly simple to implement..." ~ Derek Andrews "I would take a three step approach..." ==== BILLBOARD =================== --== The WayBack Machine ==-- ~ Tom Anson --== Unsubscribing from Spam - An Experiment ==-- ~ Tom Aman ========== NEW =================================== From: Claudiu Spulber Subject: Protecting PHP code? Given that protecting images / HTML pages is a hot topic these days, I thought of asking if a server based language like PHP offers source code protection. Our sites are created using PHP, and we're thinking on going to a system where we generate the license keys using PHP, thus those PHP files would contain very important information. I know that PHP is server based, so the client receives only the output, but someone told me that there might be ways to get the PHP code from a site and I wonder if that is true. I think that the only exposure you get is that the ISP has access to the PHP source files, and theoretically the code should be protected from a client that doesn't have access to the server. Any ideas if this is a myth or not? Thank you. Regards, Claudiu Spulber http://www.backup4all.com// http://www.novapdf.com// -------- new post - same topic --------- From: Phil Chave Subject: Image theft The image theft thread seems to have ventured off into other types of theft, including HTML, and I would ask all those people who bleat loudly about stolen code, where please did you learn your code from? Where you by chance born with the ability to write HTML? Did it come to you in a vision, like a prophet on the way to some divine meeting? No, you learned it from a book, or you peeked at the source code on dozens, even hundreds of other sites. I've got a surprise for you, that's how we all learned. You get the basics from a book, or software, and get the finesse from the poor souls who really were born to push code to its limit. Some of these even write sites and scripts that you can freely download and use to your hearts content. Don't be afraid to be the teacher now. Worrying about it will only give you an ulcer. A recent client turned up to our first meeting with a bag full of printed website pages of all his competitors. His idea was that I would nick all their designs, images and ideas, then cover it up by using encoding software to hide the source and stop other people stealing from HIM! That was a real short meeting and I can't quite remember whether I'd stopped laughing at him before, or after, I threw him out. Javascript your emails with as much variety as you can, or image them without the link, by all means, that's practical and time efficient, but why risk your rankings for a JavaScript blindfold that SE's can choke on? It's not worth all YOUR hard work. Regards Phil Chave (UK) http://www.distanthealer.co.uk ======== CONTINUING =============================== From: John "Zeke" Brumage Subject: Bandwidth theft > What I'd like to do is prevent someone from linking > to [my images] instead of copying them... Any help > in saving my bandwidth from theft would be greatly > appreciated. - Barb Radisavljevic, LED 2135 One simple solution for bandwidth theft is to only allow the image to be served when the referrer, that is, the website that calls your image, is an "approved" website. This should be fairly simple to implement. In PHP, the $HTTP_REFERER variable contains the URL of the requesting webpage.. Requests from your pages would return the image. Requests from unauthorized websites would return either nothing, or a tasteful graphic ad for your services. The .htaccess file might also be used. Christopher Heng has samples at: http://www.thesitewizard.com/archive/protectimages.shtml John Brumage disco legend zeke -------- new post - same topic -------- From: Derek Andrews Subject: Bandwidth theft > What I'd like to do is prevent someone on > MySpace.com from linking to this image. - Barb Radisavljevic, LED 2135 I think I would take a three step approach. First I would tell the owner of the MySpace site that using your bandwidth is not acceptable. A little education can often go a long way. I don't know the circumstances, but it could be that they think this is acceptable in return for the publicity your book gets. Or you could ask them to link to your site in return for file hosting. If that gets you nowhere, file a complaint with MySpace. I am sure that they will take action against accounts behaving in this manner. If all that fails, move all your pictures to a new directory and upload new URL's to the book sites. Consider replacing the old urls with graphics that the offender may not want on their site. I'll leave their content to your imagination. Derek Andrews, woodturner http://www.seafoamwoodturning.com http://chipshop.blogspot.com - a blog for my customers ==== BILLBOARD =================================== From: Tom Anson Subject: WayBack I took a quick look at the WayBack Machine at archive.org (on the recommendation of Mike Banks Valentine and Carrie MacKenzie). Kind of interesting; but I noticed that the updates listed there (at least, for my site) are not very current. I've done some extensive updates on my website over the past year and a half, and none of them are even listed on this site. Tom Anson Anson Aromatic Essentials http://www.therapeutic-grade.com -------- new post - new topic -------- From: Tom Aman Subject: Spam experiment "Regarding Tom's Spam experiment, I think there's more to it than meets the eye. Let's remember that there's a (potentially) huge difference between Spam and UCE. "Real spammers will not include unsubscription options, will fake sender addresses, will relay via multiple servers, etc, etc, etc. "Most UCE that has unsubscription options is probably sent by business newbies who purchased a cheap list believing that the members "opted in" to receiving random crap." - Andreas Huttenrauch, LED 2135 Let us be clear on definitions. UCE is not necessarily SPAM. If I find your site has a lot of broken links and send you an email suggesting you might use (hopefully buy) my link checking software, that is UCE but it is not SPAM. It was sent only to you and was offered as a specific solution to an apparent problem or need. On the other hand, if I buy, beg or steal a list of thousands or millions of email addresses and blast out email trying to sell my software to you without knowing anything about your situation or needs, that is UBE (unsolicited bulk email) and is definitely SPAM. The apparent 'legit' spammers may well be newbies to the Internet or online stuff, these emails will include, often in very small print, information for unsubscribing at the end of the email. Very often, there will be two references, one unsubscribe link to opt out of the list of the particular organization using the list, a second to unsubscribe to all users of that list. I would guesstimate that about 10% of the SPAM I used to receive fell in this category. The other 'real' spammers used relays, fake or non-existant sender addresses, etc., etc., but many of these included an unsubscribe link. The link was often 'broken' (contained or was missing something) but the break was easily fixed so an unsubscribe could be sent. A typical 'broken' link would be 'http://domain/directory/remove'. This would be 'broken', but adding '.html' to the 'remove' would fix the link and the unsubscribe would then work. The obvious thinking of the spammer was that this would avoid legal problems; 'Whoops, we offered an unsubscribe but obviously we must have made a typo!!' (NOT) > Try getting Barracuda spamware... Also another > way is to change your e-mail... - R. Neilson, LED 2135 Barracuda spamware is yet another SPAM filter and my experience is that they all leave something to be desired but, if this it the route you want to go, try SpamRIP. It goes beyond the normal Bayesian filter and, in my testing, had the highest accuracy rate of all. And it is free. Changing your email will obviously work but that is not really a viable option for many of us. My email has remained unchanged for many years and there is no way I could guarantee to notify EVERYONE if I ever changed it. Too many people have it in their address book and I do not always have a record of them (several disk crashes, many are customers I have not had reason to contact for years, etc.) As for the Spam experiment, seems that most LEDers are not interested since I have only had two people express interest so far. I will be trying to find others to take part from other lists of which I am a member. Another update: 1. Hit a new low for the day on April 9 - only received 2 SPAM (previous low was 13) 2. Average per day is now 21.05 Tom Aman Aman Software http://www.cyberspyder.com ------------------------------------------------------- The LED Digest is sponsored by pair Networks: pair.com for Hosting | pairNIC.com for Domains © Copyright 1995-2006 Orange Wheel, LLC. All Rights Reserved. "Where's evil? It's that large part of every man that wants to hate without limit, that wants to hate with God on its side." - Kurt Vonnegut |
