Warptweet Posted June 1, 2008 Share Posted June 1, 2008 My website is warptweet.com, and I'm working on a new version. The new version is http://www.warptweet.com/a-new Can somebody try and download/steal a flash game from my site? I implemented some .htaccess to try and prevent hotlinking or downloading. Can somebody try and bypass this security, and give me suggestions on how to tighten the security? Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/ Share on other sites More sharing options...
cixdk Posted June 2, 2008 Share Posted June 2, 2008 My website is warptweet.com, and I'm working on a new version. The new version is http://www.warptweet.com/a-new Can somebody try and download/steal a flash game from my site? I implemented some .htaccess to try and prevent hotlinking or downloading. Can somebody try and bypass this security, and give me suggestions on how to tighten the security? I went to your site http://www.warptweet.com/a-new, clicked on Elastic Soccer. Looked at page source, pulled swf/elasticsoccer.swf from it went to http://www.warptweet.com/a-new/swf/elasticsoccer.swf then clicked File>Save Page As. Uploaded it to my site. http://cixdev.info/elasticsoccer.swf . Seemed to be real easy actually, I don't know much about how you can secure it though. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556032 Share on other sites More sharing options...
LooieENG Posted June 2, 2008 Share Posted June 2, 2008 I think he means try hotlinking to it Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556038 Share on other sites More sharing options...
cixdk Posted June 2, 2008 Share Posted June 2, 2008 http://cixdev.info/soccer.php is this hotlinking.. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556041 Share on other sites More sharing options...
kbh43dz_u Posted June 2, 2008 Share Posted June 2, 2008 yes but not working hotlinking. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556046 Share on other sites More sharing options...
Warptweet Posted June 2, 2008 Author Share Posted June 2, 2008 Yes, your hotlinking to my .swf file doesn't seem to work. But your first method seemed almost too easily exploited. I'll have to look more into .htaccess about this. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556095 Share on other sites More sharing options...
LooieENG Posted June 2, 2008 Share Posted June 2, 2008 http://ehwtf.com/hl.html Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556105 Share on other sites More sharing options...
LooieENG Posted June 3, 2008 Share Posted June 3, 2008 That's strange, it was working before cause I was playing it, but now it says forbidden. P.S. sorry for double-post, can't edit my last Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556110 Share on other sites More sharing options...
Warptweet Posted June 3, 2008 Author Share Posted June 3, 2008 Hehe, so it seems to work pretty well. I was editing my .htaccess file recently -- perhaps you tested it during the period of me opening the .htaccess files, temporarily allowing you to hotlink? Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556129 Share on other sites More sharing options...
blufish Posted June 3, 2008 Share Posted June 3, 2008 I just downloaded onto my desktop in one minute, I don't think you can stop many people from stealing it. If by hotlinking you mean, embeding a file hosted on your site, I just did it. If you want to make it so people can not use your games on their site, I reccomend speaking with the people who made www.nitrome.com they did it, but it's code inside the swf file, which you did not make and editing swf files requires a program which I have never been able to find for free. Nice site, like the template. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556140 Share on other sites More sharing options...
cixdk Posted June 3, 2008 Share Posted June 3, 2008 I think the hotlinking appears to work if you've previously loaded the swf file. However if you close your browser, re-open then go to your page it doesn't work. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556153 Share on other sites More sharing options...
blufish Posted June 3, 2008 Share Posted June 3, 2008 The contact link doesn't work... Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556157 Share on other sites More sharing options...
juliston Posted June 3, 2008 Share Posted June 3, 2008 site likes good. good design...... Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556166 Share on other sites More sharing options...
kbh43dz_u Posted June 3, 2008 Share Posted June 3, 2008 i don't think that you can prevent downloading! The swf file runns locally - so it is already on the visitors PC and there will always be a way to save it...! Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556287 Share on other sites More sharing options...
whiteboikyle Posted June 3, 2008 Share Posted June 3, 2008 Any Flash Game/Or Flash Movies can be always able to get.. Give me a site and guaranteed to get it.. When you visit a site with flash it saves it to a temp file on your computer.. so you can just get it from there and drag to your desktop.. then upload.. xD no way of securing it i think. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556325 Share on other sites More sharing options...
blufish Posted June 3, 2008 Share Posted June 3, 2008 I am currently working on an HTML confuzzler, I'll tell you how you can use it when I am finished. It should make it harder to hack. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556564 Share on other sites More sharing options...
kbh43dz_u Posted June 3, 2008 Share Posted June 3, 2008 I am currently working on an HTML confuzzler, I'll tell you how you can use it when I am finished. It should make it harder to hack. same way like already told. file/save/... and your site including the swf is stored on the local PC. just open the folder and copy the only file with ".swf" Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-556575 Share on other sites More sharing options...
blufish Posted June 3, 2008 Share Posted June 3, 2008 You could use a code confuser/obfuscator to make it hard for people to find where the file is... Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-557011 Share on other sites More sharing options...
Warptweet Posted June 3, 2008 Author Share Posted June 3, 2008 I think an HTML obfuscator would work well. I'm not really concerned about it being in a temporary folder. It's up to the user to delve into their OS system and find that mystical temporary file. However, I'm more concerned about the ridiculous ease of going to any flash game site and looking at the source, and easily leeching the file. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-557020 Share on other sites More sharing options...
blufish Posted June 3, 2008 Share Posted June 3, 2008 saving the .swf file as a .pop file or something will keep people from seeing into the system. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-557028 Share on other sites More sharing options...
Warptweet Posted June 3, 2008 Author Share Posted June 3, 2008 I've thought of two methods. 1) Making a flash program that my friend might be able to make to open the actual flash game file. That would only display the file source of the flash displayer, and not the game. 2) Make all the flash files renamed as .warp or something. When played, the system renames the file to .swf quickly, and immediately renames it to .warp or something after the game loads -- disabling the ability to download the game, unless you find the mystery extension. However, a goal and positive of my site is the speed and quickness of the design. I wouldn't want to hinder such an important positive for mere security reasons. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-557035 Share on other sites More sharing options...
blufish Posted June 4, 2008 Share Posted June 4, 2008 I've thought of two methods. 1) Making a flash program that my friend might be able to make to open the actual flash game file. That would only display the file source of the flash displayer, and not the game. 2) Make all the flash files renamed as .warp or something. When played, the system renames the file to .swf quickly, and immediately renames it to .warp or something after the game loads -- disabling the ability to download the game, unless you find the mystery extension. However, a goal and positive of my site is the speed and quickness of the design. I wouldn't want to hinder such an important positive for mere security reasons. How would you change from warp to swf to warp again? that sounds hard. some people like paul neave put flash files inside flash files. My obfuscator is almost finished, do you want to use it? Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-557153 Share on other sites More sharing options...
blufish Posted June 4, 2008 Share Posted June 4, 2008 You can use the obfuscator at: http://www.frozenoven.com/games/setup1455.php Hope you like it Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-557181 Share on other sites More sharing options...
Warptweet Posted June 5, 2008 Author Share Posted June 5, 2008 I like it, I tested it out and it works nicely. However, I can't seem to edit it in a way that I can implement it with my php. Location of Flash File: $flash_file Flash Width: $size[0] Flash Height: $size[1] And I use this code: <embed src='$flash_file' width='$size[0]' height='$size[1]' /> Are you able to hand-edit the translation for me, and make it compatible with my variables? Thanks for trying at least, your obfuscator works really well. Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-558009 Share on other sites More sharing options...
blufish Posted June 6, 2008 Share Posted June 6, 2008 I'll get right on it! Edit: Done! http://www.frozenoven.com/games/obfuscator.zip Link to comment https://forums.phpfreaks.com/topic/108275-try-leeching-a-game/#findComment-558814 Share on other sites More sharing options...
Recommended Posts