If you are reading this, please get modern browser.
skip to main content | skip to main navigation | skip to secondary content

Script Theft

~ 24th July 2004. · 16:50 CET · permanent link · printer friendly ~

This morning i checked my stats, and i came across interesting web site which is linking to my web design section. Since nothing was there, just some internal links, i right clicked and saw that it’s in fact calling JavaScript file from my server. What courage this guy has!

Why it’s not working on his website?

Fortunately, when building this website, i set all CSS and JavaScript going through serverside (PHP) script which will not pass these files outside my website – some referrer conditioning (or any other you find more appropriate) and simple switch/case deploying. If willing trying save following as externals.php

<?php
$q=$_GET["q"];
if (strpos($_SERVER['HTTP_REFERER'], "http://www.yourdomain.com/") === false) {
	echo "/* Thanks for being interested in my work. Please contact me if you want to know more about how it's done. */";
} else {
	switch ($q) {
		case "css":
			header ("Content-type: text/css");
			readfile("style.css");
			break;
		case "js":
			header ("Content-type: text/javascript");
			readfile("script.js");
                // and even more cases if desired : )
	}
}
?>

and modify your HTML code somewhere in <head> section:

<link rel="stylesheet" type="text/css" href="http://www.yourdomain.com/externals.php?q=css" />
<script type="text/javascript" src="http://www.yourdomain.com/externals.php?q=js"></script>

Above is of course simplified version of the original script and it’s left to you to customize it however you want (hint: this page could send you an e-mail whenever conditions are not matched).

I’d be glad to hear how you solved yours.

3 Comments

  1. Pozdrav Mare,
    nije ti loše ovo predloženo rešenje, ali mnogo je bolje delovati u pravcu prevencije i time zaštititi ponekad skupi bandwidth. Rešenje je u izmeni HTACCESS fajla, a evo i kvalitetnog uputstva u vidu članka HTACCESS for Fun and Profit.

  2. Hvala! Ovaj način koji je opisan u tom članku nedorađen je za još jednu liniju u .htaccess datoteci, a više se može naći u članku na Webmajstori.Net.

    U osnovi kod oba se načina radi o detekciji preko HTTP_REFERER serverske varijable, međutim s PHP-om su otvorene i neke druge opcije, osim pukog blokiranja datoteka s određenim ekstenzijama, kao npr. slanje e-mail-a administratoru kad god skripta ne vrati traženu datoteku; zatim, može se prevenirati spremanje datoteke u cache browsera (posebno korisno za IE) itd, itd.

  3. i don’t have anything to contribute to this article, but i just came across your site and can’t go without saying how beautiful it is (and all of your others)…. excellent job.

Sorry, the comment form is closed at this time, but if you have anything to say, please send me a message.

* Please keep in mind that this is a personal web site and it does not reflect the position or opinion of my respective employers, organizations or partners.

Typetester – compare screen type Supported by Veer.

What is this?

A web log of Marko Dugonjić, web professional from Croatia. Topics covered:

Translate this site

German, Spanish, Italian, French or Japanese (via).

See you there!

Feel like buying a book?

Try with maratz.com aStore

Personal Network

.HR Community

Public profiles

mi3, QBN, Flickr, Last.fm, LinkedIn, Coolinarika, Croportal

Worth visiting

top of the page | skip to main content | skip to main navigation | skip to secondary content