WordPress.org

Ready to get started?Download WordPress

Forums

Don't be a bandwidth leech... (5 posts)

  1. Samuel Wood (Otto)
    Tech Ninja
    Posted 7 years ago #

    I noticed that I was getting a lot of referrer traffic from one site in particular, and took a look. I didn't notice any links to my page from that site, so I had a peek at the source code.

    Appearantly, this guy copied a line from my page that linked to a Javascript file so he could use the visual effect on his own site. What really annoys me is that the line in question was added by the WP-Wetfloor plugin and it said so as a comment. Instead of simply finding the plugin himself, he not only copied the line, but the comment as well...

    Anyway, I created a file called leech.js with this content:
    alert("BANDWIDTH LEECH! Please do not steal other people's bandwidth!");

    Then I added this to my .htaccess file:
    # this should teach him not to leech bandwidth
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} badsite\.com [NC]
    RewriteRule .*/reflection.js /leech.js [L]

    Now when you go to his page, the first thing that happens is an annoying popup with that message.

    Note that I could be much more evil and include any javascript code I want in that leech.js file. I could completely rewrite his entire site with another one. I could redirect his visitors elsewhere. I could even steal his cookies and gain admin access to his site by stealing his password.

    So this is just a friendly reminder to everybody to be careful when they link to code on other sites. :D

  2. DWRZ
    Member
    Posted 7 years ago #

    hilarious, i almost wish that could happen to me just so i could do that

  3. Alex Cragg
    Member
    Posted 7 years ago #

    even better, otto could give us a link to the site in question and we could all see his corrupted site!!!:-D

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 7 years ago #

    I wrote that 4 months ago. The guy noticed the popup after about a month or so, and stopped using the hotlink to me. So I removed the code from .htaccess and don't remember what the site was now.

  5. drmike
    Member
    Posted 7 years ago #

    Hmm, I wonder if I can do that with image calls. I'm just blocking them currently but this may work out better.

    I'm assuming that reflection.js is the script being leeched, right?

    What;s really bad is the leech could have just loaded the script into their browser and saved it themselves.

Topic Closed

This topic has been closed to new replies.

About this Topic