How can I prevent another website from linking to my content?
April 6, 2005 11:20 AM Subscribe
How can I prevent another website from linking to my content (exe files, docs etc)? I want users to register on my site before providing it to them.
My site has trial software on it in the form of "exe" files. To find a trial you follow a link to the trial page. You must register on the site by creating a username/password. Once you've done this you are presented with a page that has links to all the available trials. Problematically, these are simply http downloads in the form http://www.mysite.com/trial/trial.exe and so on. If you've seen the link once you can copy it to your own page and download at will therby bypassing the need to create a user account.
Is there any technology I can buy or implement without breaking the bank that will protect my executable downloads? I'm thinking of referrer tags etc. My executable files are located at Yahoo hosting so I don't have root level access to the http server or anything. The main site is built in ColdFusion is that helps anything.
My site has trial software on it in the form of "exe" files. To find a trial you follow a link to the trial page. You must register on the site by creating a username/password. Once you've done this you are presented with a page that has links to all the available trials. Problematically, these are simply http downloads in the form http://www.mysite.com/trial/trial.exe and so on. If you've seen the link once you can copy it to your own page and download at will therby bypassing the need to create a user account.
Is there any technology I can buy or implement without breaking the bank that will protect my executable downloads? I'm thinking of referrer tags etc. My executable files are located at Yahoo hosting so I don't have root level access to the http server or anything. The main site is built in ColdFusion is that helps anything.
I'd change things up a bit. When somebody is authenticated, create a softlinked file that links to the .exe. That is, rather than send them to helloworld.exe, send them to 120391239.exe. Periodically clear out all of those aliased links (ideally, immediately after it's downloaded).
posted by waldo at 12:19 PM on April 6, 2005
posted by waldo at 12:19 PM on April 6, 2005
You could use a simple cgi script which checks for the cookie and, if present, passes the binary data to the user. If you simply re-direct then you'll show them where the exe is, but if the cgi acts as a conduit then they won't know. This also has the advantage that they can link to it and users who haven't registered will get your login page whilst the others get the file.
posted by ralawrence at 12:47 PM on April 6, 2005
posted by ralawrence at 12:47 PM on April 6, 2005
Response by poster: Ok, so I downloaded one of the PHP link protection scripts. Got it all working. Problem is, in IE everything looks fine. In Firefox, the Firefox "Save the Download" page shows you exactly what "hidden" directory that file is located in.
The script I looked at hid the directory from the user but FireFox went and displayed it - ouch. Before I investigate more scripts - is this normal?
posted by dhacker at 1:08 PM on April 6, 2005
The script I looked at hid the directory from the user but FireFox went and displayed it - ouch. Before I investigate more scripts - is this normal?
posted by dhacker at 1:08 PM on April 6, 2005
Sounds like it doesn't work I'm afraid. A lot of these scripts are quite easily circumvented if you look at the headers they send back (ie. they give away the actual location of the executable at the point of giving you the file)
posted by ralawrence at 1:49 PM on April 6, 2005
posted by ralawrence at 1:49 PM on April 6, 2005
Lemme understand this: you offer "trial" software for download. Presumably, if the user likes the trial version, her buys the "full" version from you, right?
But you don't want the free advertising that comes from users linking to your trial software? Links that will get people to download the trial version and then possibly buy the full version?
Why? If I link to your trial version on your page, you still see any connections in your server logs, so you can keep track of how often the trial has been downloaded.
If the problem is that you want people to see your page before they download your trial software, then check the "referrer" header to see if people downloading the .exe are coming from your site, and if not, redirect them to your site's homepage. Yes, referrer headers can be faked, but so what? If someone wants your trial that badly, let them have it: the trial is just a loss-leader you give away anyway, to make money off the full version.
But essentially, you're going to great trouble to prevent people from giving you the best kind of advertising, word of mouth recommendations, for free.
And why make people register? That's just a barrier to doing business with you. You want their money, not their usernames. Again, you're just making it more difficult for people who want to give you money, to give you money. Why are you sabotaging yourself?
posted by orthogonality at 1:57 PM on April 6, 2005
But you don't want the free advertising that comes from users linking to your trial software? Links that will get people to download the trial version and then possibly buy the full version?
Why? If I link to your trial version on your page, you still see any connections in your server logs, so you can keep track of how often the trial has been downloaded.
If the problem is that you want people to see your page before they download your trial software, then check the "referrer" header to see if people downloading the .exe are coming from your site, and if not, redirect them to your site's homepage. Yes, referrer headers can be faked, but so what? If someone wants your trial that badly, let them have it: the trial is just a loss-leader you give away anyway, to make money off the full version.
But essentially, you're going to great trouble to prevent people from giving you the best kind of advertising, word of mouth recommendations, for free.
And why make people register? That's just a barrier to doing business with you. You want their money, not their usernames. Again, you're just making it more difficult for people who want to give you money, to give you money. Why are you sabotaging yourself?
posted by orthogonality at 1:57 PM on April 6, 2005
I own a software company and I use this on my sites using ASP to stream the file directly from the server after users pay for it. The user never sees the location of the file and the link can check out to see if a cookie is set, etc.
If you have the ability to use an ASP page, it is very easy using the Response.BinaryWrite function. You can see a sample of this here.
If you must use PHP, I'm sure there is something similar but I'm just not familiar with it.
posted by aaronh at 6:33 PM on April 6, 2005
If you have the ability to use an ASP page, it is very easy using the Response.BinaryWrite function. You can see a sample of this here.
If you must use PHP, I'm sure there is something similar but I'm just not familiar with it.
posted by aaronh at 6:33 PM on April 6, 2005
Response by poster: Orthogonality, hey, thanks for clearing up my business model for me - I was having some trouble understanding what I was doing . . .
Lot's of problem with direct linking. First, we update versions often and I want to make sure people are getting the latest and greatest so their experience is valid. We often lose sales if someone experiences a software bug. Two, some crack sites link directly and I want to avoid this if at all possible. Three, our customer base is older and often have visual impairments. We provide lots of "hand holding" if they come directly through out site that we can't give them if they stumble on a direct link.
Take some care before you use the bold tag in the future.
posted by dhacker at 6:46 AM on April 7, 2005
Lot's of problem with direct linking. First, we update versions often and I want to make sure people are getting the latest and greatest so their experience is valid. We often lose sales if someone experiences a software bug. Two, some crack sites link directly and I want to avoid this if at all possible. Three, our customer base is older and often have visual impairments. We provide lots of "hand holding" if they come directly through out site that we can't give them if they stumble on a direct link.
Take some care before you use the bold tag in the future.
posted by dhacker at 6:46 AM on April 7, 2005
dhacker writes " Lot's [sic] of problem with direct linking. First, we update versions often and I want to make sure people are getting the latest and greatest so their experience is valid."
So create a url called latestandGreatestVersion.exe and when you come out with a new version, symlink that to the latest version. Change what's pointed to, not the pointer.
As for not wanting crackers to link directly, and hand-holding, just check the referrer header and redirect if it doesn't contain your domain name.
"Orthogonality, hey, thanks for clearing up my business model for me - I was having some trouble understanding what I was doing . . . Take some care before you use the bold tag in the future."
Yes, sarcasm aside, you were. And you're compounding that by shooting the messenger.
posted by orthogonality at 7:48 AM on April 7, 2005
So create a url called latestandGreatestVersion.exe and when you come out with a new version, symlink that to the latest version. Change what's pointed to, not the pointer.
As for not wanting crackers to link directly, and hand-holding, just check the referrer header and redirect if it doesn't contain your domain name.
"Orthogonality, hey, thanks for clearing up my business model for me - I was having some trouble understanding what I was doing . . . Take some care before you use the bold tag in the future."
Yes, sarcasm aside, you were. And you're compounding that by shooting the messenger.
posted by orthogonality at 7:48 AM on April 7, 2005
This thread is closed to new comments.
posted by fourstar at 12:05 PM on April 6, 2005