Results 1 to 8 of 8

Thread: WSS Vulnerable to Image Scraping Software

  1. #1
    License owner
    Join Date
    May 2012
    Location
    UK
    Posts
    1,284

    Question WSS Vulnerable to Image Scraping Software

    I recenly discovered that WSS are vulnerable to image scraping software. The only way so far that I found to keep your wallpapers safe is to make use of the resolution drop-down box on your wallpaper details page as the image scrapers can't access the java drop-down box however the minute you do this Google bots can't access your high resolution wallpapers either in order to index them! Tough choice!

    I looked at some solutions e.g. honeypot AKA spider-web. There seems to be some awesome php scripts out there that will auto ad the offender's IP to a ban list in your .htaccess. This technique also involves your robot.txt file however there are claims that Google does not always follow their own rules which mean your honeypot trap may trap the Google bot if it does access your link trap and ignore your robots.txt

    Yes, these bots/scrapers can be blocked via your .htaccess by adding

    Code:
    RewriteCond %{HTTP_USER_AGENT} bot name [OR]
    RewriteCond %{HTTP_USER_AGENT} bot name
    RewriteRule ^.* - [F,L]
    and yes it works great however ONLY if the bot/scraper identifies themselves! After I implemented a block list in my .htaccess I found that some Fuc*ers still came through. Determined to come to the bottom of this I went out and bought a image scraper software to test how it works (wont mention name of software as it may give some ideas). I tested it on my site and yes my site blocked it due to what was in my .htaccess then I went to change the "User Agent" setting in the software to Mozilla/4.0 and I was able to steal my entire wallpaper collection (over 5000 wallpapers) in a matter of 4 minutes! So basically yes you can block them but if they disguise themselves as a valid user then they are coming in whether you like it or not!

    Andy, we need help! Pleaseeeeeeeeee!

    Maybe somehow, "IF more than 10 wallpapers from same IP are downloaded within 2 minutes and the requests does not come from any of these http://www.iplists.com/ block immediately! This may work, but how would you implement it?

    Any suggestions anyone?
    * Main Website: Check my profile (PM me for links to my other sites) - Warning | Adults Only!
    * Hosting: VPS Cloud Server at TMDHosting - Great 24hr Support and Superb up-time!
    * Ad Networks: ExoClick | JuicyAds | AdXpansion - They Convert Well + On-time Payouts!

    PORNTRA - Free HD Porn Sex Movies.

  2. #2
    License owner
    Join Date
    Jul 2010
    Location
    Sunny South Carolina
    Posts
    1,003

    Default

    I hate to burst your bubble Delta but no matter what you do you are not going to stop content scrapers. Plain and simple. All of our wallpapers are already being shared on torrent sites, forums and ect.... You take this stuff way too seriously man. If someone wants your wallpapers bad enough they will find a way no matter what. How many people do you think already took all your wallpapers? What do you think they did with them? No one saves 5000 wallpapers on their computers unless they are nuts. They use winrar or winzip, put them in an archive and share them all over the planet. Meet the internet......
    My Redneck YouTube Channel

    Need a logo or banner? PM Me!

    Just an old dude with his hobbies......

  3. #3
    License owner
    Join Date
    May 2012
    Location
    UK
    Posts
    1,284

    Default

    Quote Originally Posted by mystical View Post
    I hate to burst your bubble Delta but no matter what you do you are not going to stop content scrapers. Plain and simple. All of our wallpapers are already being shared on torrent sites, forums and ect.... You take this stuff way too seriously man. If someone wants your wallpapers bad enough they will find a way no matter what. How many people do you think already took all your wallpapers? What do you think they did with them? No one saves 5000 wallpapers on their computers unless they are nuts. They use winrar or winzip, put them in an archive and share them all over the planet. Meet the internet......
    winrar/winzip and torrent shares is the least of my worries! What you should be worried about is when all your images are re-posted on another site without your image titles been changed. After all most of your traffic is because of your time spent on titles and descriptions..do you want to share that with others? If so I'll be happy to also have all yours on my site
    Last edited by Delta12; 08-26-2014 at 10:27 PM.
    * Main Website: Check my profile (PM me for links to my other sites) - Warning | Adults Only!
    * Hosting: VPS Cloud Server at TMDHosting - Great 24hr Support and Superb up-time!
    * Ad Networks: ExoClick | JuicyAds | AdXpansion - They Convert Well + On-time Payouts!

    PORNTRA - Free HD Porn Sex Movies.

  4. #4
    License owner
    Join Date
    Jul 2010
    Location
    Sunny South Carolina
    Posts
    1,003

    Default

    Quote Originally Posted by Delta12 View Post
    winrar/winzip and torrent shares is the least of my worries! What you should be worried about is when all your images are re-posted on another site without your image titles been changed. After all most of your traffic is because of your time spent on titles and descriptions..do you want to share that with others? If so I'll be happy to also have all yours on my site
    What is stopping someone from downloading your wallpapers one at a time with your description and putting it on another wallpaper site? Again if someone wants it bad enough they will take it. See my point?
    My Redneck YouTube Channel

    Need a logo or banner? PM Me!

    Just an old dude with his hobbies......

  5. #5
    License owner
    Join Date
    May 2012
    Location
    UK
    Posts
    1,284

    Default

    Quote Originally Posted by mystical View Post
    What is stopping someone from downloading your wallpapers one at a time with your description and putting it on another wallpaper site? Again if someone wants it bad enough they will take it. See my point?
    Sorry mate, cant agree with you there Again... downloading 1 image with title and description at a time is not a worry to me at all! If someone has the time to do that with 9000 wallpapers then he deserves to have them! Does it not even bother you slightly that an image scraper can download over 5000 wallpapers in 4 minutes with a single click? I want to at least know that I have made the effort so that it ain't too easy for content thief's.
    * Main Website: Check my profile (PM me for links to my other sites) - Warning | Adults Only!
    * Hosting: VPS Cloud Server at TMDHosting - Great 24hr Support and Superb up-time!
    * Ad Networks: ExoClick | JuicyAds | AdXpansion - They Convert Well + On-time Payouts!

    PORNTRA - Free HD Porn Sex Movies.

  6. #6
    License owner
    Join Date
    Jul 2013
    Location
    Romania
    Posts
    145

    Default

    I am using this in .htaccess file:

    Options -Indexes
    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} ^Baiduspider [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Sogou [NC]
    RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
    RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
    RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
    RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
    RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
    RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
    RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Zeus
    RewriteRule ^.* - [F,L]


    Also this will help you to protect images from hotlinking:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?example\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://site-where-image-lives.com/image.gif [L]


    One important thing to note is that the 'replacement image' cannot be on a folder that is protected by the hotlinking.
    Use of an image site such as imgur.com is recommended.

  7. #7
    License owner
    Join Date
    Jul 2013
    Location
    Romania
    Posts
    145

    Default

    Here is the code that I'm using on nwallpapers.com:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?nwallpapers\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/qX4w7.gif [L]

    Go to http://altlab.com/hotlinkchecker.php and add a test image from my site, like this one http://www.nwallpapers.com/wp-conten...-wallpaper.jpg and you will see there an image that told you Do NOT HOTLINK IMAGES...

    If you add Options -Indexes in your .htaccess file than direct access to images folders will be restricted.

    Hope this will help you !
    Funny Images Script + Nexa Wallpapers Theme - demo and details on Wordpress Wallpaper Site Templates

  8. #8
    License owner
    Join Date
    May 2012
    Location
    UK
    Posts
    1,284

    Default

    Quote Originally Posted by markos24ro View Post
    Here is the code that I'm using on nwallpapers.com:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?nwallpapers\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/qX4w7.gif [L]

    Go to http://altlab.com/hotlinkchecker.php and add a test image from my site, like this one http://www.nwallpapers.com/wp-conten...-wallpaper.jpg and you will see there an image that told you Do NOT HOTLINK IMAGES...

    If you add Options -Indexes in your .htaccess file than direct access to images folders will be restricted.

    Hope this will help you !
    You obviously did not read my first post in this thread

    Most of us have what you have in your .htaccess HOWEVER if the bot/scraper is disguising themselves as a valid user by changing the "User Agent" then your block list is USELESS!!

    The bot I just used is listed in your .htaccess and I was STILL able to get ALL your wallpapers and titles in a matter of seconds!!!

    nwallpapers.jpg

    Don't worry I deleted them This was just to demonstrate that your .htaccess block list is useless if I change the User Agent in the bot settings
    * Main Website: Check my profile (PM me for links to my other sites) - Warning | Adults Only!
    * Hosting: VPS Cloud Server at TMDHosting - Great 24hr Support and Superb up-time!
    * Ad Networks: ExoClick | JuicyAds | AdXpansion - They Convert Well + On-time Payouts!

    PORNTRA - Free HD Porn Sex Movies.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •