how to prevent the hotlink
Moderator: General Moderators
-
everydayrun
- Forum Commoner
- Posts: 51
- Joined: Wed Jan 20, 2010 1:30 am
how to prevent the hotlink
i have created a form,which can look for the alexa ranking.but some people hotlink the looking for results from my site.how to prevent it. thank you.
Re: how to prevent the hotlink
On the page with the form, set a session var with a random ID (e.g. uniqid(mt_rand(),true) or something). Include this ID as a hidden form field.
On the result page, check if the session var is set, and if the form data contains an ID, and if they match. If not, redirect back to the form.
On the result page, check if the session var is set, and if the form data contains an ID, and if they match. If not, redirect back to the form.
Re: how to prevent the hotlink
It is possible to parse the form source for the random ticket value mentioned above, which also sets the session, then POST through your form with the value required, using cURL with a cookie container for instance.
I recommend a good manual image challenge-response mechanism like captcha/recaptcha for better form bypass/anti-automation security.
I recommend a good manual image challenge-response mechanism like captcha/recaptcha for better form bypass/anti-automation security.