I'm trying display a bunch of e-learning videos. However, I don't want them to be downloaded. Or, at worse, make it hard to download them. Tried a few things like a website file protection rule but still have not been successful. Any ideas out there?
Thanks
clem
Related
I'm using a program called ShareX which will upload screenshots I take to my web dir via ftp example: https://website.com/screenshots/
I need a way to block search engines and everyone else from browsing the screenshots dir and showing up in google images etc but have direct links work fine when I upload a screenshot to share with someone. (https://website.com/screenshots/screenshot01.jpg)
I don't upload anything super sensitive but would like the piece of mind that its off limits to everyone who doesn't know the direct path to an actual image.
Thanks for any help with this.
Disable directory indexes (assuming you're running Apache)
# .htaccess file in your screenshots/ directory
Options -Indexes
Use a robots.txt. Every reputable search engine will obey it.
Use a CAPTCHA (a little extreme in my opinion).
We have a web application with over 560 pages. I would like a way to catalog the site somehow so that I can review the pages (without having to find each on in the menu or enter the URL). Be very glad for ideas on the best way to go about this.
I'd be happy to end up with 560 image files or PDFs, or one large PDF or whatever. I can easily put together a script with all the URLs, but how to pull those up and take a snapshot of some sort and save that to a file or files is where I need help.
The site is written in Java (server) and javascript (client).
I found a great plugin for Firefox that made this relatively painless. The plugin is called Screenshot Pimp (hate the name, love what it does). It takes a snapshot of your browser contents and immediately saves it to a file on your hard drive.
So then I wrote a script that would pull each page up in an IFrame with the URL showing above that, and took snapshots of each page. It took a couple hours to cycle through the whole set of 560+ pages, but it worked great, and now I have a catalog of all the pages.
I am in the process of replicating a current website. The existing site has a .swf for the header, and I've copied the code exactly as it is on the current site (obviously changed the location of the .swf file). The problem I'm having is that it won't load in the new site. I've looked all over for "Movie not loaded" issues, but most of them are resolved with things like out of date flash player. My flash player is obviously capable of handling the exact same .swf on their existing site, and I'm about to pull my hair out. lol
Any help would be appreciated!
P.S. I'm recreating the site in asp.net if that helps anyone.
Thanks,
Mike
Check if the SWF was trying to reference any external files on the server like images or XML. Sometimes the paths to these may be hard-coded into the SWF and would need the file to be re-exported with the updated paths (or just don't change the path to this file)
Thanks. I actually put in the static url of where it's located on the existing site and it worked fine. I'm not really sure what I did wrong, but it's working.
We have our application stored on our server, it is an .exe file. The download page is only accessible from our site - using cookie authentication in PHP. I know there are better methods but there is a long story behind this...so I'm moving on. The issue is that the actual url of the .exe has been leaked and is appearing on other websites. What is the best method to protect a link to a file, not the page itself. That is where I'm having issues. I can make it difficult to get to the download page (with the link) but don't know where to begin to make sure the link is only accessible from our site... Is .htaccess (preventing hotlinking) the best way to go?
Yes, .htaccess is probably best. Find any online post about protecting images from hotlinking, the first in my google search looks like a nice and easy auto-generator you can use. Just change the image extensions to exe, or keep them if you want them protected too.
I want to let users (i.e. anyone who signs up for an account) upload and download video and text documents. I have been researching the security issues regarding letting users upload files, but everything I can find on the subject assumes that users will only upload images.
Are there any security issues specific to letting users upload videos and text documents? Is security a lot more difficult when users can upload files at video size? Are there any particular file extensions I should look out for?
The problem is this: If you let users upload videos, images and text files, some of them will try to upload viruses, server-side scripts and other malicious code. Such code will then expose your site's users to what ever 'bad things' those users uploaded, within the context of your own site.
If you allow such uploads, you must be very careful that you are only saving files of the actual types you planned on - and not by looking at the file extension, either. You also must make sure those files are placed in locations where execute/script permissions are disabled.
Virus checking is a must - but it is not at all enough. A PHP script may not set off virus warnings at all, but that same script could reveal vital information for your site, or cause other bad things to happen if executed.
You must examine the content of the files - never rely on the extension or MIME type reported by the client. Those can easily be faked.
Serve your downloads from a location for which you have disabled the execution of server side code. This is all you need to do to protect yourself from server side exploits. Relying on file extensions or other such things are all hacks.
If you want to fully protect your users (and indirectly your website) as well, you'll need to run the files through a suitable virus scanner. It is possible, and there are real-life examples of doing so, to exploit video decoders and such software to run arbitrary code. But if you start walking down that line, you could also argue that certain text strings might set off weird behavior in certain software, and that starts getting silly. Luckily, the people who write virus scanners will have done most of the work for you. So:
Never execute that what is uploaded
If you feel it's needed, virus scan them as well.
You can virus check each file that is uploaded. If you look at most web based email clients you will see when you upload a file they are checked by McWhoever. In generally you shouldn't let them upload exe files but checking the extension is a very basic (unreliable) method.
It's quite hard to make an upload REALLY secure.
There are quite a lot of things to check - the file extension is just one part of it. Here are few things which have to be at least checked:
file extension (as you've already mentioned)
mimetype
filesize
depending on the users: maybe check the uploads with ClamAV ...
To answer your question here is a meta attack:
bad guy uploads a binary to your
server, perhaps tricking your
filters by compressing file and
changing extension to .avi
exploit bug in a CGI script to
decompress avi from #1
exploit bug in another CGI to
execute file from #2 -> backdoor
installed
backdoor accessed and rootkit
installed to hide all evidence of steps
1,2,3
Some variation on the above is what typically happens when servers are compromised.