FOR ALL WM & CONTENT PROVIDERS

There is a site ripping program that may have spidered your site and be hotlinking every picture on your domain right now!

Bad part is that they are probably spoofing your domain & IP# so .htaccess is absolutely no protection at all. They have the full content of busty-amateurs.com hotlinked right now, and a lot of other sites too.

The link below explains the whole story….and what can be done about it. They didn't cover their tracks very well and they are in a very vulnerable position.

This link has all the info you need to shut these bastards down quick. Please follow through nail these thieves now!

http://www.snatchwagon.com/porngremlin/porngremlin.html

<font face="Verdana, Arial" size="2">Originally posted by e-van:
Bad part is that they are probably spoofing your domain & IP# so .htaccess is absolutely no protection at all.
</font>


Could you rephrase (or explain) this? It does not make much sense.

I dont know how true this "spoofing" for hotlinked images is, but I have heard of it being done before. Something like they have their domain.com/yourdomain.com/ so when the hotlink software sees this, they see "yourdomain.com" and thing its not being hotlinked. Not sure how true this is, but its what I have heard.Maybe someone knows more?

you cannot spoof an IP, but you can spoof an http_referer.

Paysites however, would not use such protection, they'd need a username/password to get inside?

The funny thing is this caltech is a university and these guys are tring to form a cult like orginazation within it. Why the hell would caltech allow such BS is beyond me but the porngremlin is down apparently.

<font face="Verdana, Arial" size="2">
you cannot spoof an IP, but you can spoof an http_referer.
</font>

Yes you can spoof an IP ....

Yes you can spoof an IP ....

true, but how would they implement that to hotlink images? spoofing-on-the-fly?
and on a side note, if you spoof an ip, you wouldn't get any response back, since response would be sent to the spoofed ip, not yours...

kanga

It is actually not so hard to prevent the problem with

domain.com/yourdomain.com/

Just make sure that your software checks that the referer value must start with http://yourdomain.com

and not simply rely on having http://yourdomain.com somewhere in the referer value.

http://bbs.adultwebmasterinfo.com/ubb/smile.gif

their software fools your server, either using a spoofed call, or through switching between several proxies until it finds one that hits.

This makes it very hard to stop them, maybe using a cgi scritp to serve the images. The list of domains that's on that page is just a sample, that comes from 300 sample pics they provide for free, but they claim to have 26,000 pics and growing.

they appear to have an spider which spiders several big TGPs (e.g. The Hun) and then goes on indexing all the pics in your domain.

Peace

Be practical Ali, in this context, they could not be spoofing the IP.

IP spoofing is an art, needing to get the correct check numbers and sending the packets at the right split second etc, all while DoS'ing the real IP so that the response saying "who are you?" does not get sent out.

no way they are doing this on 2bit porn sites.

If they see it as an Art they've perhaps done it http://bbs.adultwebmasterinfo.com/ubb/biggrin.gif

But you're right richard http://bbs.adultwebmasterinfo.com/ubb/wink.gif

Oh and the name is Much0S rich http://bbs.adultwebmasterinfo.com/ubb/biggrin.gif

It's only able to hit you if you use wildcards in your htaccess. I wondered when this would happen, too many people use this
*somthing.com/ to cover the lists.
So any domain like, http://www.hotlinkingscum-something.com/ could have full access to your content. If you're specific on your htaccess, then you're fine. Full addresses and IP's are the way to go =)