how to prevent the hotlink

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
everydayrun
Forum Commoner
Posts: 51
Joined: Wed Jan 20, 2010 1:30 am

how to prevent the hotlink

Post by everydayrun »

i have created a form,which can look for the alexa ranking.but some people hotlink the looking for results from my site.how to prevent it. thank you.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: how to prevent the hotlink

Post by Apollo »

On the page with the form, set a session var with a random ID (e.g. uniqid(mt_rand(),true) or something). Include this ID as a hidden form field.

On the result page, check if the session var is set, and if the form data contains an ID, and if they match. If not, redirect back to the form.
Bind
Forum Contributor
Posts: 102
Joined: Wed Feb 03, 2010 1:22 am

Re: how to prevent the hotlink

Post by Bind »

It is possible to parse the form source for the random ticket value mentioned above, which also sets the session, then POST through your form with the value required, using cURL with a cookie container for instance.

I recommend a good manual image challenge-response mechanism like captcha/recaptcha for better form bypass/anti-automation security.
Post Reply