webgyrl Posted January 14, 2010 Share Posted January 14, 2010 Hi Everyone! I'm pulling my hair out dealing with thieves! LOL Over Christmas I found out that there are a lot of websites that somehow have crawled my site and are now offering my original music for free or paid downloads on their site as well as streaming and I am not involved in this process, however they are stealing my site bandwidth to do their deeds. They are essentially stealing my music and making profit off of it without my consent in some cases, in others they are just offering free downloads served up on my hosting dime! I was in touch with tech and we seem to have been able to block some of them, but there is one site offering multiple free downloads of my music that I can't seem to block. I have used the IP deny manager to deny their IP and I went back to test and I can still stream and download my music. I've emailed the site to ask to have my music taken off, but surprise, surprise I don't get a reply. I used whois.sc to find out who the site is but they seem to have a private server and I can't contact an abuse department. The villain in question is: http://www.mp3-codes.com/library/search/natalie+brown They seem to be doing this to thousands of artists. How can I block them from doing this or is it not possible to do so? And I know some artist give away their music and there are advocates of this way to promote. I do give some away in certain circumstances. I just think it's horrible for me, the artist who spent the time, money, brain power and creativity to create the intellectual property, to not be a part of that decision process. Thanks to anyone who can help me stop the pilfering! Thanks, Nat Quote Link to comment Share on other sites More sharing options...
mkdesigner Posted January 14, 2010 Share Posted January 14, 2010 WOW, Nat! I'm so sorry that is happening to you. I'll be watching this thread to see what all the gurus have to say since I've had some files pilfered on my design site that I had to move to a login area for paid customers to access my designs. Quote Link to comment Share on other sites More sharing options...
webgyrl Posted January 14, 2010 Author Share Posted January 14, 2010 Hi Marge, Sorry this is also happening to you. It's so very frustrating! I hope someone has an answer. Some of the sites I've been able to block or re-direct to a nice message that encourages people to buy instead of download for free. But this one site is just eluding me in terms of blocking it. Take care, Nat Quote Link to comment Share on other sites More sharing options...
OJB Posted January 14, 2010 Share Posted January 14, 2010 (edited) You could try something like this in a .htaccess file: > RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(mp3)$ http://www.google.com [L] Replace mysite\.com with whatever your domain name is, make sure you have the \ before the . so for example: yourdomain\.com or yourdomain\.net This will then forward any access to .mp3 files to google if the requests are not originating from your website. or probably a better way: > RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(mp3)$ - [F] This will send a 403 forbidden header. Edited January 14, 2010 by OJB Quote Link to comment Share on other sites More sharing options...
OJB Posted January 14, 2010 Share Posted January 14, 2010 Sorry, I should probably have noted that those rules will prevent direct access to your mp3s FROM EVERYWHERE but your site. Meaning if you have links to your own mp3s on any other site these will no longer work. Quote Link to comment Share on other sites More sharing options...
webgyrl Posted January 14, 2010 Author Share Posted January 14, 2010 Hi OJB! Thank you for that workaround using .htaccess! This is what I put in my file >## Begin Redirect For File Stealers RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?natalie-brown\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(mp3)$ http://www.natalie-brown.com/i-appreciate-you.html [L] ## End Redirect For File Stealers It's funny, now when I got to that site I referenced above, my songs stream but when I go to download my virus alerts go off like mad. Can you test above and go to the first song "Run Away" that shows up in that link I gave you and see if you can stream or download it? Thanks for the help. I hope this does the trick Nat Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted January 14, 2010 Share Posted January 14, 2010 Hi Nat, streamed for me but the download link brings up your appreciation page. Sucks that people resort to screwing others whether for profit or not. Quote Link to comment Share on other sites More sharing options...
webgyrl Posted January 14, 2010 Author Share Posted January 14, 2010 Hi Bruce! Thanks for checking. It's strange because that one file works but some of the others don't. I see two that are hosted on other sites, so I'll have to pull my music from them. But why would that command work for one Mp3 but not all of them? It is really frustrating getting screwed over like this. For a little Indie artist like me every paid download counts. When I see 14K downloads that were given without my permission that could have been a sale it's pretty devastating and a little deflating also. I don't understand why people think that this is OK to do. Thanks so much for the help. Quote Link to comment Share on other sites More sharing options...
OJB Posted January 14, 2010 Share Posted January 14, 2010 I get a 403 forbidden on every page of your site now Quote Link to comment Share on other sites More sharing options...
webgyrl Posted January 14, 2010 Author Share Posted January 14, 2010 (edited) OJB Oooops. How would that happen? I have been blocking IPs and ranges of IPs like a mad fool. Should I go and undo all of them and then let you know and you can check again? Thanks, Nat PS. I can see all my site pages... leading me to beleive your IP is the the range of blocked ones. Edited January 14, 2010 by webgyrl Quote Link to comment Share on other sites More sharing options...
webgyrl Posted January 14, 2010 Author Share Posted January 14, 2010 OJB, Could this block of rules: >## Begin Redirect For File Stealers RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?natalie-brown\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(mp3)$ http://www.natalie-brown.com/i-appreciate-you.html [L] ## End Redirect For File Stealers Be interfering with this block of rules in the .htaccess file? >RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://natalie-brown.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://natalie-brown.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://new2.natalie-brown.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://new2.natalie-brown.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.natalie-brown.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.natalie-brown.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.new2.natalie-brown.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.new2.natalie-brown.com$ [NC] RewriteRule .*\.(mp3)$ http://www.natalie-brown.com/i-appreciate-you.html [R,NC] I did some stuff within cPanel. Just want to make sure I'm not doing something that is clashing. I have deleted the deny IP addresses, so check and see if you can access the pages of my site now. Thanks, Natalie Quote Link to comment Share on other sites More sharing options...
OJB Posted January 15, 2010 Share Posted January 15, 2010 (edited) I still receive a 403. That larger block of rules does the same as the first one (more or less). > RewriteCond %{HTTP_REFERER} !^http://(.+\.)?natalie-brown\.com/ [NC] What that does is tests if the referer to the file being served is from: http://natalie-brown.com http://www.natalie-brown.com and in fact http://ANYTHINGATALLHERE.natalie-brown.com So that covers all your subdomains. The one thing it doesn't do is cover any directories within those subdomains. So I would change it to: > RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?natalie-brown\.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(mp3)$ http://www.natalie-brown.com/i-appreciate-you.html [R,NC] However if you can see your site and I can't then I probably am within your IP block range. No worries hahaha. Edit: Having just said that I now appear to have access to your site. But I can also download direct from that MP3 site you linked to at the top. Edited January 15, 2010 by OJB Quote Link to comment Share on other sites More sharing options...
webgyrl Posted January 16, 2010 Author Share Posted January 16, 2010 (edited) Hi OJB, I deleted all the blocked IPs. I still am having the issue with that site above and I didn't change my htaccess file. I'm tried to attach my .htaccess file but I don't seem to have permission to do that. Would sending you a PM to mail it help? I'm glad you can see the site. But yeah, wow, this file stealing stuff is getting me down. I think most other sites are blocked out but this one. It's just I don't need another thing to monitor and it's getting to be a headache. LOL Thanks so much for all your help! Edited January 16, 2010 by webgyrl Quote Link to comment Share on other sites More sharing options...
OJB Posted January 16, 2010 Share Posted January 16, 2010 Hey Feel free to PM me and I can send you my email address and I will have a look over it for you no problem. OJB Quote Link to comment Share on other sites More sharing options...
OJB Posted January 16, 2010 Share Posted January 16, 2010 I just tried downloading from the link you provided in the first post and it seems to be working, forcing a download of your i-appreciate-you.htm file instead. However I noticed that the "I Wonder" track seems to have been uploaded and is downloadable from this site: http://blog.macjams.com/?m=200806&paged=3 Not sure if you are associated with this site in any way but its a heads up. Also 'You're Mysterious' seems to have found its way onto: >http://www.fileden.com/files/2009/6/17/2480511/Youre%20Mysterious.flv.MP3.mp3 Currently fileden seems to be down for me so I can't access the site or the mp3, but it might be worth seeing if you can contact them and get it removed? Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted January 16, 2010 Share Posted January 16, 2010 I got redirected to fileden.com when I tried OJB´s link above so it can probably not be downloaded/listened to directly through that link. Quote Link to comment Share on other sites More sharing options...
webgyrl Posted January 16, 2010 Author Share Posted January 16, 2010 I just tried downloading from the link you provided in the first post and it seems to be working, forcing a download of your i-appreciate-you.htm file instead. However I noticed that the "I Wonder" track seems to have been uploaded and is downloadable from this site: http://blog.macjams.com/?m=200806&paged=3 Not sure if you are associated with this site in any way but its a heads up. Also 'You're Mysterious' seems to have found its way onto: >http://www.fileden.com/files/2009/6/17/2480511/Youre%20Mysterious.flv.MP3.mp3 Currently fileden seems to be down for me so I can't access the site or the mp3, but it might be worth seeing if you can contact them and get it removed? Yes, I had uploaded I Wonder to MacJams. I'm pulling all my tracks from there as i type this. I hope they get deleted from their database also. I could not access the FileDen link. I wonder if it's gone? I used to go around asking for takedowns on those hosting services, but they never seem to get back to me. It's getting to the point that fighting piracy is a part time job and I'm *supposed* to be doing other things (like making more music for people to setal!). Sheesh. I don't know if this is even worth the fight. Seems people can steal IP if they want to no matter what. Quote Link to comment Share on other sites More sharing options...
webgyrl Posted January 16, 2010 Author Share Posted January 16, 2010 Thanks for checking Thomas. Hope you are well Quote Link to comment Share on other sites More sharing options...
pickupman Posted January 18, 2010 Share Posted January 18, 2010 Natalie, Another issue looks like you should fix, is prevent directory listing. Login into cPanel go down to the bottom under Advanced section, and click on Index Manager. Click okay to select the default folder. From the folder tree click on your audio folder. On the following screen, choose "No Indexing" radio box and hit okay. Right now if you type in your address pointing to the audio folder, all of the folders and files are shown. This allows anyone to be able to download or access all of the content under this folder. Or you can upload a blank index.html file into all of your subdirectories, so the files are not shown. In regards to using .htaccess, it seems you are on the right track. Check if your audio folder also has a .htaccess file as subdirectories override the one in your webroot. If you can't get it working using .htaccess, you may consider using php and mysql database to handle the process. For I site I am working on, a user can upload a file (ie. image or mp3). The files are uploaded to random folders and added to a database. I use a php script that calls a file id (ie. http://www.natilie-brown.com/mp3/1), checks the user/referrer, gets the file location from the DB, and then streams the file to the browser. It would be very difficult for a user to ever guess the real filename and real directory to hotlink the file. This approach is transparent to the user, and offers a level of authentication. Quote Link to comment Share on other sites More sharing options...
webgyrl Posted January 19, 2010 Author Share Posted January 19, 2010 Hi pickupman, Thank you for all that excellent info. I have done the blank index.html to a few directories that I want to protect, but also I have used the Cpanel Index Manager. Thank you very much for pointing that out to me. I find it interesting that the indexing is allowed considering I have a robots.txt file in place that Disallows access to certain directories. Does this mean that the robots.txt file does not work to disallow them? Or is this robots file for some other purpose? I think for now all is working with the .htaccess file. The PHP/MySQL solution is very interesting. How can I get hold of that script with instructions, or is it something you privately developed? I am also looking into a solution that OJB suggested via message regarding using a service like SoundCloud to host the files and I embed a widget. I am trying to find out right now what their level of security is on any Mp3 content uploaded to their site. Thanks again to everyone. This is an excellent primer on protecting certain content on a site and I think it will be useful to others seeking to do the same. Thanks, Nat Quote Link to comment Share on other sites More sharing options...
pickupman Posted January 22, 2010 Share Posted January 22, 2010 I find it interesting that the indexing is allowed considering I have a robots.txt file in place that Disallows access to certain directories. Natalie, Glad to see you taking a couple of steps to protect yourself. As for a robots.txt, just prevents a search engine crawling your site/directories. That doesn't mean, someone who knows the url to just type it in. Index listing is default of Apache webserver. If a index.html, index.htm, or index.php is not found, the directory is printed. This can be handy in some cases. I have Apache running on my computer at home. I have password protected a folder, and can login and retrieve any file from that folder. Yes, I wrote the php script myself. Here's a link that outlines the same idea. MP3 Streaming Script Since you are already using php & mysql running Mambo, you wouldn't need much more to put this into place. Upload files using a script that stores the info in the DB. Use php to create a cookie, check for valid cookie. If cookie is valid, get a file name from the DB, and stream to user. Let me know if you would like some help. Quote Link to comment Share on other sites More sharing options...
webgyrl Posted February 1, 2010 Author Share Posted February 1, 2010 Let me know if you would like some help. Just sent you a PM! Thanks! Quote Link to comment Share on other sites More sharing options...
webgyrl Posted February 8, 2010 Author Share Posted February 8, 2010 Just wanted to take a moment out to thank pickupman on the form for all the help with getting a solution for protecting my Mp3 files. That script is a great one Joe, maybe you should consider making it for sale somewhere as a lot of artists would benefit by your work. Thanks again! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.