This guy is stoling my fastdl, what can i do?

ElleVen · **Author**

Hi reddits... jk
This guy : http://steamcommunity.com/id/dangelino / https://forums.alliedmods.net/member.php?u=269870
was stoling a fastdl from gflclan.. (proof : https://forums.alliedmods.net/showthread.php?t=282457 )
And now is stealing it from me!
what can i do?
reply me here or on steam by clicking my signature!

Edit:
Resolved
fix:

Quote:

<?php
$key = $_GET['src'];

// Client will try to download maps/ze_FFVII_Mako_Reactor_p8.bsp.bz2, then redirect the query to this

// If your server is linux, use this, or windows, change other path :-)
$filedl = '/home/public_html/blabladl/csgo'.$key;

if(!send_attachment(mb_basename($key), $filedl))
{
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
header("Status: 404 Not Found");
}

function send_attachment($filename, $server_filename, $expires = 0, $speed_limit = 0) {

// 서버측 파일명을 확인한다.

if (!file_exists($server_filename) || !is_readable($server_filename)) {
return false;
}
if (($filesize = filesize($server_filename)) == 0) {
return false;
}
if (($fp = @fopen($server_filename, 'rb')) === false) {
return false;
}

// 파일명에 사용할 수 없는 문자를 모두 제거하거나 안전한 문자로 치환한다.

$illegal = array('\\', '/', '<', '>', '{', '}', ':', ';', '|', '"', '~', '`', '@', '#', '$', '%', '^', '&', '*', '?');
$replace = array('', '', '(', ')', '(', ')', '_', ',', '_', '', '_', '\'', '_', '_', '_', '_', '_', '_', '', '');
$filename = str_replace($illegal, $replace, $filename);
$filename = preg_replace('/([\\x00-\\x1f\\x7f\\xff]+)/', '', $filename);

// 유니코드가 허용하는 다양한 공백 문자들을 모두 일반 공백 문자(0x20)로 치환한다.

$filename = trim(preg_replace('/[\\pZ\\pC]+/u', ' ', $filename));

// 위에서 치환하다가 앞뒤에 점이 남거나 대체 문자가 중복된 경우를 정리한다.

$filename = trim($filename, ' .-_');
$filename = preg_replace('/__+/', '_', $filename);
if ($filename === '') {
return false;
}

// 브라우저의 User-Agent 값을 받아온다.

$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$old_ie = (bool)preg_match('#MSIE [3-8]\.#', $ua);

if(strpos($ua,"Half-Life 2") !== false)
{
if (preg_match('/^[a-zA-Z0-9_.-]+$/', $filename))
{
$header = 'filename="' . $filename . '"';
}

$header = "filename*=UTF-8''" . rawurlencode($filename) . '; filename="' . rawurlencode($filename) . '"';

if (!$expires)
{
header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
header('Expires: Sat, 01 Jan 2000 00:00:00 GMT');
}

// 캐싱이 허용된 경우...

else {
header('Cache-Control: max-age=' . (int)$expires);
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + (int)$expires) . ' GMT');
}

// 이어받기를 요청한 경우 여기서 처리해 준다.

if (isset($_SERVER['HTTP_RANGE']) && preg_match('/^bytes=(\d+)-/', $_SERVER['HTTP_RANGE'], $matches)) {
$range_start = $matches[1];
if ($range_start < 0 || $range_start > $filesize) {
header('HTTP/1.1 416 Requested Range Not Satisfiable');
return false;
}
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes ' . $range_start . '-' . ($filesize - 1) . '/' . $filesize);
header('Content-Length: ' . ($filesize - $range_start));
} else {
$range_start = 0;
header('Content-Length: ' . $filesize);
}

// 나머지 모든 헤더를 전송한다.

header('Accept-Ranges: bytes');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; ' . $header);

// 출력 버퍼를 비운다.
// 파일 앞뒤에 불필요한 내용이 붙는 것을 막고, 메모리 사용량을 줄이는 효과가 있다.

while (ob_get_level()) {
ob_end_clean();
}

// 파일을 64KB마다 끊어서 전송하고 출력 버퍼를 비운다.
// readfile() 함수 사용시 메모리 누수가 발생하는 경우가 가끔 있다.

$block_size = 16 * 1024;
$speed_sleep = $speed_limit > 0 ? round(($block_size / $speed_limit / 1024) * 1000000) : 0;

$buffer = '';
if ($range_start > 0) {
fseek($fp, $range_start);
$alignment = (ceil($range_start / $block_size) * $block_size) - $range_start;
if ($alignment > 0) {
$buffer = fread($fp, $alignment);
echo $buffer; unset($buffer); flush();
}
}
while (!feof($fp)) {
$buffer = fread($fp, $block_size);
echo $buffer; unset($buffer); flush();
usleep($speed_sleep);
}

fclose($fp);

// 전송에 성공했으면 true를 반환한다.

return true;
}
else
{
// If some people tried with access to fastdl, block it(You can set any URLs to redirect)
die('<script>location.href=\'http://meatspin.com/\'</script>');
return false;
}
}
function mb_basename($path) { return end(explode('/',$path)); }
?>

SkumTomteN · *Last edited by SkumTomteN; 05-19-2016 at 15:30.*

Change the url of the fastdl, or let your hosting company know about this.

Black Rose · 05-19-2016 , 15:36 Re: This guy is stoling my fastdl, what can i do?

Quote:

Originally Posted by SkumTomteN

or let your hosting company know about this.

What are they going to do about it?

fysiks · *Last edited by fysiks; 05-19-2016 at 20:09.*

You put it on the public internet. Everybody can access it (and that's the only way it can work).

Potato Uno · 05-19-2016 , 21:50 Re: This guy is stoling my fastdl, what can i do?

I think you can check the user agent of the connecting client and see where they are being redirected from (it should have your server IP on it if they are legitimately connecting).

(And no, I don't know how to do this, but I vaguely remember hearing this from elsewhere on these forums.)

Black Rose · 05-20-2016 , 04:05 Re: This guy is stoling my fastdl, what can i do?

I guess if you place the files out of access and stream them using php. Not sure if that's possible though.

ILUSION · *Last edited by ILUSION; 05-20-2016 at 09:58.*

Nothing. You can check the user-agent using .htaccess in order to prevent the "download link" but if it is settled in his sv_downloadurl so there is nothing to do.

stoneyschillhouse · 05-20-2016 , 19:28 Re: This guy is stoling my fastdl, what can i do?

I've been setting up my FD with .htacces and with chmod.

Do you compress the files with bz2 ?

If you want, I can give you my htacces and the right permissions tomorrow (my time is now 01:2

So you can only download maps if you are download it via the game (server)

How you setup your FD ?

Manual (your own http server) or via GameHost ?

Kia · 05-22-2016 , 12:10 Re: This guy is stoling my fastdl, what can i do?

Quote:

Originally Posted by fysiks

You put it on the public internet. Everybody can access it (and that's the only way it can work).

Pretty much sums it up. If you want to restrict certain IPs to access your files you can use a .htaccess file.

Shooting King · 05-22-2016 , 15:24 Re: This guy is stoling my fastdl, what can i do?

Quote:

Originally Posted by fysiks

You put it on the public internet. Everybody can access it (and that's the only way it can work).

Not really

@OP, if you really want to restrict FDL for your clients only, Make a list of IPs you want to give access to. This can be dynamically done using Amxmodx Sockets through which you can send the ip of client connected to your HLDS (from client_connect forward) to your webserver/fdlhostserver which listens (using php or similar lang) add them to DB. Now make a gateway script on your webserver (using php or similar) which will check client ip and verify with IP in db. In such way you can restrict access to your FDLHost.

Make a cronjob to remove ips from DB after certain timelimit or the better way, use amxmodx sockets again to send player ip (on client_putinserver() meaning download is completed and Fdl is no longer required) to webserver's lisentscript to make the script remove the player ip from db.