[ElleVen]

Hi reddits... jk
This guy : http://steamcommunity.com/id/dangelino / https://forums.alliedmods.net/member.php?u=269870
was stoling a fastdl from gflclan.. (proof : https://forums.alliedmods.net/showthread.php?t=282457 )
And now is stealing it from me!
what can i do?
reply me here or on steam by clicking my signature!


EDIT :
Resolved

fix :

Quote:

<?php $key = $_GET['src']; // Client will try to download maps/ze_FFVII_Mako_Reactor_p8.bsp.bz2, then redirect the query to this // If your server is linux, use this, or windows, change other path :-) $filedl = '/home/public_html/blabladl/csgo'.$key; if(!send_attachment(mb_basename($key), $filedl)) { header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); header("Status: 404 Not Found"); } function send_attachment($filename, $server_filename, $expires = 0, $speed_limit = 0) { // 서버측 파일명을 확인한다. if (!file_exists($server_filename) || !is_readable($server_filename)) { return false; } if (($filesize = filesize($server_filename)) == 0) { return false; } if (($fp = @fopen($server_filename, 'rb')) === false) { return false; } // 파일명에 사용할 수 없는 문자를 모두 제거하거나 안전한 문자로 치환한다. $illegal = array('\\', '/', '<', '>', '{', '}', ':', ';', '|', '"', '~', '`', '@', '#', '$', '%', '^', '&', '*', '?'); $replace = array('', '', '(', ')', '(', ')', '_', ',', '_', '', '_', '\'', '_', '_', '_', '_', '_', '_', '', ''); $filename = str_replace($illegal, $replace, $filename); $filename = preg_replace('/([\\x00-\\x1f\\x7f\\xff]+)/', '', $filename); // 유니코드가 허용하는 다양한 공백 문자들을 모두 일반 공백 문자(0x20)로 치환한다. $filename = trim(preg_replace('/[\\pZ\\pC]+/u', ' ', $filename)); // 위에서 치환하다가 앞뒤에 점이 남거나 대체 문자가 중복된 경우를 정리한다. $filename = trim($filename, ' .-_'); $filename = preg_replace('/__+/', '_', $filename); if ($filename === '') { return false; } // 브라우저의 User-Agent 값을 받아온다. $ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $old_ie = (bool)preg_match('#MSIE [3-8]\.#', $ua); if(strpos($ua,"Half-Life 2") !== false) { if (preg_match('/^[a-zA-Z0-9_.-]+$/', $filename)) { $header = 'filename="' . $filename . '"'; } $header = "filename*=UTF-8''" . rawurlencode($filename) . '; filename="' . rawurlencode($filename) . '"'; if (!$expires) { header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0'); header('Expires: Sat, 01 Jan 2000 00:00:00 GMT'); } // 캐싱이 허용된 경우... else { header('Cache-Control: max-age=' . (int)$expires); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + (int)$expires) . ' GMT'); } // 이어받기를 요청한 경우 여기서 처리해 준다. if (isset($_SERVER['HTTP_RANGE']) && preg_match('/^bytes=(\d+)-/', $_SERVER['HTTP_RANGE'], $matches)) { $range_start = $matches[1]; if ($range_start < 0 || $range_start > $filesize) { header('HTTP/1.1 416 Requested Range Not Satisfiable'); return false; } header('HTTP/1.1 206 Partial Content'); header('Content-Range: bytes ' . $range_start . '-' . ($filesize - 1) . '/' . $filesize); header('Content-Length: ' . ($filesize - $range_start)); } else { $range_start = 0; header('Content-Length: ' . $filesize); } // 나머지 모든 헤더를 전송한다. header('Accept-Ranges: bytes'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; ' . $header); // 출력 버퍼를 비운다. // 파일 앞뒤에 불필요한 내용이 붙는 것을 막고, 메모리 사용량을 줄이는 효과가 있다. while (ob_get_level()) { ob_end_clean(); } // 파일을 64KB마다 끊어서 전송하고 출력 버퍼를 비운다. // readfile() 함수 사용시 메모리 누수가 발생하는 경우가 가끔 있다. $block_size = 16 * 1024; $speed_sleep = $speed_limit > 0 ? round(($block_size / $speed_limit / 1024) * 1000000) : 0; $buffer = ''; if ($range_start > 0) { fseek($fp, $range_start); $alignment = (ceil($range_start / $block_size) * $block_size) - $range_start; if ($alignment > 0) { $buffer = fread($fp, $alignment); echo $buffer; unset($buffer); flush(); } } while (!feof($fp)) { $buffer = fread($fp, $block_size); echo $buffer; unset($buffer); flush(); usleep($speed_sleep); } fclose($fp); // 전송에 성공했으면 true를 반환한다. return true; } else { // If some people tried with access to fastdl, block it(You can set any URLs to redirect) die('<script>location.href=\'http://meatspin.com/\'</script>'); return false; } } function mb_basename($path) { return end(explode('/',$path)); } ?>

[chuj]

Check if it currently works:
https://forums.alliedmods.net/showthread.php?p=1572227

[henk717]

I have send you a friend request so i can assist you hardening your downloads.
The solutions may not work depending on the source engine game you run, i have only tested my own method on Half-Life 2 Deathmatch and it has proven to be effective.

[ElleVen]

Quote:

Originally Posted by chuj Check if it currently works: https://forums.alliedmods.net/showthread.php?p=1572227

Since he knows arledy my fastdl that plugin is useless now but i will install it anyways

[shanapu]

change the fast DL directory of your fastdl to a new one and keep the old one this guy is useing.
upload corrupt files to your old fastDL so the thief get a fucked fastDL.
if user connect to his server and get corrupt files and cant play, his reputation getting lost, no one will connect on his server again.

its not a solution, just a payback

this going to be a cat & mouse game... so may you must change your fastDL more often to break him.

[ElleVen]

Quote:

Originally Posted by chuj Check if it currently works: https://forums.alliedmods.net/showthread.php?p=1572227

doesent work on csgo but i resolved anyways by hiding the fastdl whit some events

[sneaK]

Quote:

Originally Posted by ElleVen doesent work on csgo but i resolved anyways by hiding the fastdl whit some events

Some events? Would you mind sharing how to obfuscate fastdl?

[Zilor]

Use this methoed (.htaccess) to protect your server. Just allow your server ips and ditch every other connection.

Quote:

Originally Posted by Spunkie Yes you will want to use this for true protection of your fastdl server. For any decent web host try this one first Code: RewriteEngine On RewriteCond %{HTTP_REFERER} !^hl2://xx\.xx\.xx\.xx RewriteRule .* - [L,F] For shitty outdated webhost without the mod_rewrite enabled try using this one. Code: SetEnvIfNoCase Referer ^hl2://xx\.xx\.xx\.xx allow_download Order Deny,Allow Allow from env=allow_download Deny from all If you need to do the same for your replay folder use this Code: RewriteEngine On RewriteCond %{HTTP_USER_AGENT} !^Half-Life\ 2$ RewriteRule ^(.*)$ $1 [F] Use this for real map stealing protection but beyond that I'm still going to use this plugin to troll would be bandwidth thief's.

[Neuro Toxin]

Interesting.

Would the referer be* hl2:// for csgo?

[asherkin]

Quote:

Originally Posted by Neuro Toxin Interesting. Would the referer be* hl2:// for csgo?

It is hl2 for every other game, doubt CS:GO changed it.