Antileech
Aim
A simple system for reducing bandwidth leech drastically for UNIX based systems serving large files across http.
Background
Running a large website for downloading videos posed numerous problems as more and more visitors came:
- Direct bandwidth 'theft' - static links from other websites to files
- Indirect 'theft' - benign links on web forums etc.
- Large bandwidth bills which could be avoided
Hence my desire to setup a rigid system for reducing "leeching".
System
This system uses 'symbolic links' (hence the need for a UNIX based system), a scripting language (I use PHP but the actual language is irrevelant), the Apache web server (also irrelevant) and 'cron' tasks.
Method
- Store actual content "out-of-reach" of web users, so in a directory outside your web directory
- Create unique symbolic links per file request in the web directory
- Delete symbolic links older than 3 minutes
- Add .htaccess directives to redirect bad links elsewhere (front page)
Implementation
As above, you need to store your data outside your web directory eg:
/home/user/ Your home directory /home/user/files/ Actual files stored here /home/user/public_html/ Your 'web' directory /home/user/public_html/files/ Where your links will go
For each file request, you will need a function to create a symbolic link. Here is an example of what I use (in PHP):
umask("0000");
$file=$_SERVER["QUERY_STRING"];
$dir=md5(crypt("random"));
mkdir("/home/user/public_html/files/$dir");
symlink("/home/user/files/$file",
"/home/user/public_html/files/$dir/$file");
$url="http://my.website.com/files/$dir/$file";
header("Location: $url");
exit;
The 'umask' statement is to ensure my cronned script will be able to remove the directory created by 'nobody' later. A better approach would be to use suPHP and keep permissions tight.
The 'md5(crypt())' generates a random (unique) string for the temporary download.
One can setup the above so that a script can run from a link:
<a href="download.php?avideo.mpg">Download 'A Video'</a>
- Creates a directory such as:
/home/user/public_html/files/ebdd2a8daf/ - Creates a symlink in this directory:
amovie.mpg -> /home/user/files/amovie.mpg
- Redirects the visitor to http://my.website.com/files/ebdd2a8daf/amovie.mpg
This will behave like the real video, even though the data itself is outside of the 'web' directory.
Now comes to 'cleaning up'. A simple script cronned every 5 minutes such as (PHP again):
$root="/home/user/public_html/download";
if ($handle = opendir($root)) {
while (false !== ($dir = readdir($handle))) {
if ($dir != "." && $dir != ".."
&& $dir != ".htaccess"
&& $dir !== "index.php") {
$made=filectime("$root/$dir");
$now=time();
$diff=($now-$made)/60;
if ($diff > 5)
system("rm -r $root/$dir");
}
}
closedir($handle);
}
All that is left is to make the index.php on /home/user/public_html/files/ a simple redirect to your front page, and a .htaccess with an ErrorDocument 404 pointing to your front page (or an anti-leech page - be imaginative).
Then you will have a compact system which will be creating symbolic links per request, which will only last 5 minutes, and are pretty unique.