HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Leeching of attachments

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#68730 (In Topic #14591)
Avatar

Community saint

on private comcode pages and private download section

I’ve noticed lately that the number of attachment downloads from restricted (group membership required) comcode pages are disproportionate compared to the number of users having access to them. These downloads seem to increase daily,(Since my investigation I found out that many students re-download in class the same material several times, too lazy I suppose to find the original file in the computer. So this may explain the discrepancy) to  which raises my concern about bandwidth usage and dissemination of classroom material at the expense of my site.

Revising the site security setup, I found that the Anti-Leech option was disabled, which I promptly enabled.

Testing this issue, I found out that the Download section (members only)  now indicates a leeching attempt where there shouldn’t be (see attachment)
96 views (127 Kb)
while browsing the link outside the site gives free access to the same file which could be downloaded by anyone. However, clicking on (more) gives legitimate access to the download without error.

Furthermore, this did nothing to prevent downloading distributed links from private pages.:ninja:

I’m at a loss as to how to efficiently protect those files from non-members.


Last edit: by Jean
Back to the top
 
Posted
Rating:
#68804
Avatar

Fix for the bug (the template), and also browser caching support for downloads and attachments. I never thought of that before, but actually downloads are simple and static, so long as we use the last-modified date correctly in our cache code.

Attachment
» Download: DOWNLOAD_BOX.tpl (1.38 Kb, 108 downloads so far)
Attachment
sources/attachments.php
» Download: attachments.php (17 Kb, 89 downloads so far)
Attachment
sources/downloads.php
» Download: downloads.php (4 Kb, 110 downloads so far)


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#68805
Avatar

Just to clarify, the anti-leech is not like what most anti-leech scripts do. It is not based on referer checking (which actually wouldn't solve your problem), it is based on session-checking. The links to dload.php are unique/tied to your session and hence unsharable.

Kind of a clever trick. An alternative people could do of course would be to remove guest access to the download category.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#68857
Avatar

Community saint

Thank you Chris!

The attachment is now well protected from outside links.

However, the Download is showing these error messages: (cache was cleared beforehand)

From Go to Download:

Code

Fatal error: Call to undefined function get_download_sub_categories() in /...../site/pages/modules/downloads.php on line 378
From Add Download

Code

PHP ERROR [1] Call to undefined function nice_get_download_category_tree() in /...../sources/hooks/systems/ajax_tree/choose_download_category.php on line 92 (version: 6.1.1, PHP version: 5.2.9, URL: /web20/cms/index.php?page=cms_downloads&type=ad)
Back to the top
 
Posted
Rating:
#68858
Avatar

Rats, somehow I had attached the wrong file.

Attachment
sources/downloads.php
» Download: downloads.php (24 Kb, 109 downloads so far)


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#68859
Avatar

Community saint

Thanks, Chris!

No more errors.

BTW, I love what you did to ocPortal's Forums here!:thumbs:

Indeed, quite an awesome look!:cool:
Back to the top
 
Posted
Rating:
#68868
Avatar

Community saint

Jean said

BTW, I love what you did to ocPortal's Forums here!:thumbs:

Indeed, quite an awesome look!:cool:
Gotta second that. I was posting and submitted …looked, what happened? looking very good, maybe a fresher look.


Art and Imagination
of David L Friend

http://davidlfriend.com

  My Art Gallery
powered by ocPortal
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: