How can I prevent another website from linking to my content?
April 6, 2005 11:20 AM   Subscribe

How can I prevent another website from linking to my content (exe files, docs etc)? I want users to register on my site before providing it to them.

My site has trial software on it in the form of "exe" files. To find a trial you follow a link to the trial page. You must register on the site by creating a username/password. Once you've done this you are presented with a page that has links to all the available trials. Problematically, these are simply http downloads in the form http://www.mysite.com/trial/trial.exe and so on. If you've seen the link once you can copy it to your own page and download at will therby bypassing the need to create a user account.

Is there any technology I can buy or implement without breaking the bank that will protect my executable downloads? I'm thinking of referrer tags etc. My executable files are located at Yahoo hosting so I don't have root level access to the http server or anything. The main site is built in ColdFusion is that helps anything.
posted by dhacker to Technology (11 answers total)
 
You can always use .htaccess authentication, it's very simple to set up. As part of whatever authentication process you'll be presenting to the user, you can either hand them out a username-password that's generic to all your downloads, or give them something unique while also adding it to your server's .htaccess files. Here's a quick runthrough:

http://www.menet.umn.edu/homes/protect.html

On preview: ah. I see you don't control your own hosting. Well, the above option may still be viable, depending on what kinds of things you can do on the server. If you can FTP files in and out, you could still swing the .htaccess authentication.
posted by odinsdream at 11:35 AM on April 6, 2005


It sounds like you want a link protection script. Here are some available scripts in PHP or in CGI. This will allow you to do things like check "to see if the person has a cookie from your site" and allow you to "to randomly alter all the filenames."
posted by fourstar at 12:05 PM on April 6, 2005


I'd change things up a bit. When somebody is authenticated, create a softlinked file that links to the .exe. That is, rather than send them to helloworld.exe, send them to 120391239.exe. Periodically clear out all of those aliased links (ideally, immediately after it's downloaded).
posted by waldo at 12:19 PM on April 6, 2005


You could use a simple cgi script which checks for the cookie and, if present, passes the binary data to the user. If you simply re-direct then you'll show them where the exe is, but if the cgi acts as a conduit then they won't know. This also has the advantage that they can link to it and users who haven't registered will get your login page whilst the others get the file.
posted by ralawrence at 12:47 PM on April 6, 2005


Ok, so I downloaded one of the PHP link protection scripts. Got it all working. Problem is, in IE everything looks fine. In Firefox, the Firefox "Save the Download" page shows you exactly what "hidden" directory that file is located in.

The script I looked at hid the directory from the user but FireFox went and displayed it - ouch. Before I investigate more scripts - is this normal?
posted by dhacker at 1:08 PM on April 6, 2005


Sounds like it doesn't work I'm afraid. A lot of these scripts are quite easily circumvented if you look at the headers they send back (ie. they give away the actual location of the executable at the point of giving you the file)
posted by ralawrence at 1:49 PM on April 6, 2005


Lemme understand this: you offer "trial" software for download. Presumably, if the user likes the trial version, her buys the "full" version from you, right?

But you don't want the free advertising that comes from users linking to your trial software? Links that will get people to download the trial version and then possibly buy the full version?

Why? If I link to your trial version on your page, you still see any connections in your server logs, so you can keep track of how often the trial has been downloaded.

If the problem is that you want people to see your page before they download your trial software, then check the "referrer" header to see if people downloading the .exe are coming from your site, and if not, redirect them to your site's homepage. Yes, referrer headers can be faked, but so what? If someone wants your trial that badly, let them have it: the trial is just a loss-leader you give away anyway, to make money off the full version.

But essentially, you're going to great trouble to prevent people from giving you the best kind of advertising, word of mouth recommendations, for free.

And why make people register? That's just a barrier to doing business with you. You want their money, not their usernames. Again, you're just making it more difficult for people who want to give you money, to give you money. Why are you sabotaging yourself?
posted by orthogonality at 1:57 PM on April 6, 2005


orthogonality speaks the truth.
posted by grouse at 2:23 PM on April 6, 2005


I own a software company and I use this on my sites using ASP to stream the file directly from the server after users pay for it. The user never sees the location of the file and the link can check out to see if a cookie is set, etc.

If you have the ability to use an ASP page, it is very easy using the Response.BinaryWrite function. You can see a sample of this here.

If you must use PHP, I'm sure there is something similar but I'm just not familiar with it.
posted by aaronh at 6:33 PM on April 6, 2005


Orthogonality, hey, thanks for clearing up my business model for me - I was having some trouble understanding what I was doing . . .

Lot's of problem with direct linking. First, we update versions often and I want to make sure people are getting the latest and greatest so their experience is valid. We often lose sales if someone experiences a software bug. Two, some crack sites link directly and I want to avoid this if at all possible. Three, our customer base is older and often have visual impairments. We provide lots of "hand holding" if they come directly through out site that we can't give them if they stumble on a direct link.

Take some care before you use the bold tag in the future.
posted by dhacker at 6:46 AM on April 7, 2005


dhacker writes " Lot's [sic] of problem with direct linking. First, we update versions often and I want to make sure people are getting the latest and greatest so their experience is valid."

So create a url called latestandGreatestVersion.exe and when you come out with a new version, symlink that to the latest version. Change what's pointed to, not the pointer.

As for not wanting crackers to link directly, and hand-holding, just check the referrer header and redirect if it doesn't contain your domain name.

"Orthogonality, hey, thanks for clearing up my business model for me - I was having some trouble understanding what I was doing . . . Take some care before you use the bold tag in the future."

Yes, sarcasm aside, you were. And you're compounding that by shooting the messenger.
posted by orthogonality at 7:48 AM on April 7, 2005


« Older travel to Rio de janeiro   |   the case of the disappearing taskbar Newer »
This thread is closed to new comments.