Christoph M. Becker
3/20/2015 12:29:00 AM
Mel Smith wrote:
> Christoph said:
>
>> If you really want to prohibit the usage of download managers, you
>> should do this server side. So don't give a direct download link to the
>> file resource, but instead to a script that will pass the file contents
>> through. Signal the client that range requests are not supported by
>> sending Accept-Ranges: none, and respond with an appropriate 4xx status
>> code, if a Range header field is contained in the request.
>>
>> However, this would be OT for this newsgroup, if you won't use a server
>> side ECMAScript implementation to do it.
>
> Thanks -- I'll consider it.
>
> But, I'm still in the punishment phase -- i.e., I'm angry and don't want
> to play 'nice' anymore.
>
> I placed a new 'build' on my site this morning, and let my group know of
> its existence on our ng.
>
> Just a few minutes ago, I had the first 'sniff' by an abuser where he
> was (apparently) setting up for an attack tonite maybe, and where I
> substituted an 'O' in place of a '0' in the 'files' sub-dir, and of course,
> he got my '404' response. He's probably a bit confused now -- I hope. But,
> he'll see I tried to 'spoof' him, and he'll take action again tonite. If he
> had 'clicked'on the download, it would have worked correctly
>
> But soon (in a week or so), I'll be ready. Then *all* downloads will
> requirea 'click' to get them going not just 'Gets' by CURL .
Have you considered users who have JavaScript disabled, or for whom
JavaScript is not available at all? Have you considered that this first
"abuser" might have been on of these?
--
Christoph M. Becker