avoid FLV hotlinking

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Zoiddy
Forum Newbie
Posts: 3
Joined: Sat Sep 05, 2009 3:40 am

avoid FLV hotlinking

Post by Zoiddy »

Hello,

i have got a problem: my .flvs are hotlinked and my bandwidth usage is at its limit. ATM, i use .htaccess to block the domains but i want to kill the problem at its root. I can not use .htaccess to do it because my flv player does not send the referrer. Know any free players with that feature ?

I googled and found two solutions (both commercial) and i'd like your opinion if they're worth the money (45$ the first, 199$ the second but comes also in a free script with message errors instead of a redirect) (or if you can tell me about any free script they are welcoome).

Cheers, :drunk:

Zoiddy
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: avoid FLV hotlinking

Post by kaisellgren »

And these two solutions are...?

Hotlink protection does not entirely eliminate your problem. Someone can place a video player on their site that sends the right referrer. Your best solutions are to have some kind of registration system to view videos, place hotlink protection and have some kind of client-size obfuscation, but there are no perfect way to stop bandwidth thieves.

I'm sure you have heard of Hulu.com? They have client-side encryption/obfuscation system that encrypts all AJAX calls. I'm not sure how many bits of bandwidth did they save, but streaming videos online means that people in general will be able to leech your bandwidth. The Internet was constructed in a such way so that we share stuff, not block.
Zoiddy
Forum Newbie
Posts: 3
Joined: Sat Sep 05, 2009 3:40 am

Re: avoid FLV hotlinking

Post by Zoiddy »

those solutions should avoid that (the link expires after a while).

i'm new, can i post the link to commercial stuff? sorry for the dumb question :oops:
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: avoid FLV hotlinking

Post by Eran »

Why not post the videos on youtube / vimeo and embed it on your site? that way you'll never experience a bandwidth problem
Zoiddy
Forum Newbie
Posts: 3
Joined: Sat Sep 05, 2009 3:40 am

Re: avoid FLV hotlinking

Post by Zoiddy »

it was like that at the beginning, but custom player gives more a professional look to the site, so we chose that direction
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: avoid FLV hotlinking

Post by cpetercarter »

The JW player can play YouTube videos, and looks very professional.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: avoid FLV hotlinking

Post by John Cartwright »

Some kind of challenge system perhaps.

A simple way would be setting a session key on the page that will be displaying the video, then create a script that will actually serve the video and have it check for the presence of this session key.

I would also recommend using YouTube instead.. their servers are far superior and will result in faster load times and reliability.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: avoid FLV hotlinking

Post by Eran »

Vimeo, by the way, allows custom players to be used with their PLUS package.
Post Reply