Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

less agressive "captcha" solution
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

less agressive "captcha" solution

donkodonko Member
in Help

hello i have a videoplayer which some people do scraping on it and get the video URL directly, i fixed this adding invisible google recaptcha v2 as validation but i get a % of false positive on people using tor or with bad ip reputation in order to complete challenges...

is there any free alternative very easy to complete for humans?

-cloudflare doesn't work-

Comments

  • yoursunnyyoursunny Member, IPv6 Advocate

    I build my own video delivery solution.
    Getting the URI of video files is of no use because no existing software can download the video.
    https://github.com/yoursunny/NDNts-video

    Thanked by 2Shot2 op23
  • emghemgh Member

    Any captcha solution will fuck over people having bad IP reputation, that’s the whole point of them.

    If you don’t want to make it harder for Tor users, basically the worst IPs there are abuse-wise, who exactly do you want to make it hard for?

  • eriseris Member
    edited January 2023

    Nginx

        location ~* ^.+\.(mp4|webm|mp3|ogg|ogv)$ {
            secure_link $arg_md5,$arg_expires;
            secure_link_md5 "$secure_link_expires$uri 'secret'";
            if ($secure_link = "") {
               return 403; 
            }
            if ($secure_link = "0") {
               return 403; 
            }
            expires     max;
            fastcgi_hide_header "Set-Cookie";
        }
    • php code:

    It is based on a Wordpress plugin but

        function secure_url($url, $path){
        $expires = time() + $this -> options['ttl'];
        $secret = $this -> options['secret'];
        $md5 = md5("$expires$path $secret", true);
        $md5 = base64_encode($md5);
        $md5 = strtr($md5, '+/', '-_');
        $md5 = str_replace('=', '', $md5);
        //var_dump($url . $path . '?md5=' . $md5 . '&expires=' . $expires);
        return $url . $path . '?md5=' . $md5 . '&expires=' . $expires;

    Source: https://github.com/jaapmarcus/nginx-secure-link

    I have developed it for a website that had the same issue. The URLs are valid for the TTL you can set. So they can use the url only for xx min

  • emghemgh Member

    @eris said:
    Nginx

        location ~* ^.+\.(mp4|webm|mp3|ogg|ogv)$ {
            secure_link $arg_md5,$arg_expires;
            secure_link_md5 "$secure_link_expires$uri 'secret'";
            if ($secure_link = "") {
               return 403; 
            }
            if ($secure_link = "0") {
               return 403; 
            }
            expires     max;
            fastcgi_hide_header "Set-Cookie";
        }
    • php code:

    It is based on a Wordpress plugin but

        function secure_url($url, $path){
        $expires = time() + $this -> options['ttl'];
        $secret = $this -> options['secret'];
        $md5 = md5("$expires$path $secret", true);
        $md5 = base64_encode($md5);
        $md5 = strtr($md5, '+/', '-_');
        $md5 = str_replace('=', '', $md5);
        //var_dump($url . $path . '?md5=' . $md5 . '&expires=' . $expires);
        return $url . $path . '?md5=' . $md5 . '&expires=' . $expires;

    Source: https://github.com/jaapmarcus/nginx-secure-link

    I have developed it for a website that had the same issue. The URLs are valid for the TTL you can set. So they can use the url only for xx min

    What about people streaming something for long?

    How does it stop anyone from scraping and downloading directly?

  • eriseris Member

    It doesn't how ever it will prevent user that share the urls directly with other users or posting it on a other website.

    Captcha doesn't prevent direct download either. I don't think it can really prevented. But it will stop the hotlinkig issue.

    If you setup the TTL to 15 min videos shorter the 15 min are no issues..

  • YmpkerYmpker Member
    edited January 2023

    I recently signed up somewhere that had a captcha saying "If you are human, do enter nothing in here". If this works indeed, that's really smooth imho.

  • eriseris Member
    edited January 2023

    How does it stop anyone from scraping and downloading directly?

    If I offer a video file for downloaded in it is always download able by the user. If not with browser I can do it with Videolan or via FFMEPG or any online tool.

    I have been hosting videos for a few websites and there 4 "problems"

    1. Users sharing the direct url with others via a forum/other website
    2. Downloading the vide and upload it to service "B" and share it
    3. Share the direct link with everybody else
    4. Scrape the whole server.

    x1. Will be prevented by this system if the TS wants he can also include the ip adress but after xx min the video url will return a 403 message
    x2. Won't be prevented but but his method will not either aslong the by cachaca by passes
    x3. Include IP or untill it blocks by the invalid of the url after xx min
    x4. This is not prevented but the only method To do that is by implement a rate limit / what ever..,

    If you want to prevent downloading use a DRM and pay xxxx dollars / month

    This is how I solved my issue and any body is able to (ab)use it if they want. And it worked for me and it achieved what I wanted to prevent it

Sign In or Register to comment.