The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 21, 2019, 01:44:40 AM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Preventing illegal downloads ?  (Read 3336 times)
Tom Strong
n00b
*
Offline Offline

Posts: 7


View Profile
« on: May 10, 2009, 04:27:30 PM »

Hi,

I'm about to start an online theme store and I need to know ways to stop illegal downloads. One way would be to generate a custom md5 based on the customer's paypal email and that would be his unique key. That key is going to be integrated in a dynamic download link that is valid only once. The Paypal IPN replies back and the user returns to the website after payment and downloads through that link. The key is goin' to be placed on the template along with a unique fingerprint. Random scrapping script to hunt down the morons.

Maybe I'm just exaggerating and there is a easy way to prevent the kids from ripping my work  Cry

Any advice is welcome for building my first online store!

Regards,
Tom Strong
Logged

No links in signatures please
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #1 on: May 10, 2009, 04:59:31 PM »

Hey Tom -

First off, I think it's important for you to grapple with the notion that no matter what you do, no matter how you do it, there will be some theft of your work. If there's a price on it, there will be some that take it without paying. It's an unfortunate reality in this biz. And IME, the harder you make it to duplicate/rip off, the more likely it is that people will want to break it. Take it from me, that's exactly how it is. Why exactly I'd know that is beyond the scope of this thread. But trust me on this one.  Roll Eyes

OK, with that said, let's get on with it.

First - are we talking all pictures, textual content, binary executables... what are we talking about here? What kind of price range? Are they themes for WP users, SMF...? The first place I'd begin to work through this is by analyzing the average hack-strength of my target audience. That strength should be in direct proportion to how hard you may want to protect. In other words, if your target audience is my mom, you don't even need to worry about anything. If it's some of the folks from the Syndk8 whom might be expected to put 100K websites up over the weekend, you may need to reevaluate your thinking a bit.

Next: the first real yuck you're going to run into is people that screw up their one-time download and want to do it again. It's inevitable and will cause you grief. Is it possible for you to create a user account, so that they can come up and download again without your intervention? Again, IME, the more you can place trust on the user the more they will like you and come back. The answer to prosperity here is not to spank all users because of some bad apples, but to be so friggin' good, trustworthy and easy that they keep coming back and you win (financially) by simply making lots of sales, not by stopping the few boneheads that will rip you off. And your single-download key plan, however strong and implemented, will equally piss people off, incentivise them to break you and make it feel (to regular Joes that just want to purchase it) that you are overly paranoid and you're too difficult to work with. They'll go elsewhere.

There are a few theme sites I've worked through that make their value proposition upgrades and currency - in other words, once I've purchased their product, I am eligible for their free upgrades - which always include yummy tidbits about how they've optimized the code more and more for the search engines etc. It's all BS, but from a marketing perspective, works pretty nicely. (I don't use any of them, but I subscribe and purchase just to watch how others are handling their business). This mechanism, more of a subscription than a single purchase, gives you a whole nuther level to your business: repeat customers and a base of people you can email when you have a new template. It's worth a think, in any case.

I guess, at the end of the day, the question: how much is it worth it to you to go to battle with kids that will make it their personal goal to break through what you have and use it ... especially since they would not purchase your wares (most likely) in any case? Would that time be better employed creating more templates for people that actually will become customers?

« Last Edit: May 10, 2009, 05:04:07 PM by perkiset » Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #2 on: May 10, 2009, 06:15:25 PM »

I have to echo Perks sentiment about deciding just how important it is to fight.

I do think you should spend "some" energy, but maybe there is a way to work within the construct of your shit being stolen.

First, how to protect your stuff.
Require a user account.
require they are logged in.
place your files in non-publicly accessible directory (above web root).

then use a code chunk like this:
Code:
if (isset($_SESSION['username']) and isset($_GET['file']))
{
$file = dirname(__FILE__).'/'.$GLOBALS['downloaddir'].'/'.$_GET['file'];
if (file_exists($file))
{
    header('Content-type: application/force-download');
    header('Content-Transfer-Encoding: Binary');
    header('Content-length: '.filesize($file));
    header('Content-disposition: attachment; filename="'.$_GET['file'].'"');
readfile($file);
}
}

this means at least the spiders and such cant get it.
obviously add whatever validations you need.
access rights in a database.

You cant prevent people from distributing the file, so instead work within that ruleset.
Since these are web templates, put whatever you can in them to get links back. There are tons of sites out there that have massive PR, and as such, can sell decent ad space, because of exactly this method.

One thing I had thought of to do, was a web template site, but I serve all the graphics. So, they can change whatever graphics they want, but most they would keep the same, and pull from my site. This means you could hide a bunch of actual text links and they will most likely miss them because of every single graphic would have my URL, so the links would get lost in the noise...

Basically though, there is no link that you can secure, without requiring login. And event then, people could share logins. But there is no reason to, since they already have the file, and can just post it to bittorrent sites.
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
Tom Strong
n00b
*
Offline Offline

Posts: 7


View Profile
« Reply #3 on: May 11, 2009, 11:52:37 AM »

First - are we talking all pictures, textual content, binary executables... what are we talking about here? What kind of price range? Are they themes for WP users, SMF...? The first place I'd begin to work through this is by analyzing the average hack-strength of my target audience. That strength should be in direct proportion to how hard you may want to protect. In other words, if your target audience is my mom, you don't even need to worry about anything. If it's some of the folks from the Syndk8 whom might be expected to put 100K websites up over the weekend, you may need to reevaluate your thinking a bit.

I'm going to sell themes for WP and Drupal. Price range between 40$ and 200$.

Next: the first real yuck you're going to run into is people that screw up their one-time download and want to do it again. It's inevitable and will cause you grief. Is it possible for you to create a user account, so that they can come up and download again without your intervention? Again, IME, the more you can place trust on the user the more they will like you and come back. The answer to prosperity here is not to spank all users because of some bad apples, but to be so friggin' good, trustworthy and easy that they keep coming back and you win (financially) by simply making lots of sales, not by stopping the few boneheads that will rip you off. And your single-download key plan, however strong and implemented, will equally piss people off, incentivise them to break you and make it feel (to regular Joes that just want to purchase it) that you are overly paranoid and you're too difficult to work with. They'll go elsewhere.

The one-time download seems a bit to much yea, I'll change it to forever and place a warning saying 'Downloading package blaBla for the 4th time', maybe some people will understand the message ?

There are a few theme sites I've worked through that make their value proposition upgrades and currency - in other words, once I've purchased their product, I am eligible for their free upgrades - which always include yummy tidbits about how they've optimized the code more and more for the search engines etc. It's all BS, but from a marketing perspective, works pretty nicely. (I don't use any of them, but I subscribe and purchase just to watch how others are handling their business). This mechanism, more of a subscription than a single purchase, gives you a whole nuther level to your business: repeat customers and a base of people you can email when you have a new template. It's worth a think, in any case.

I'll also use newsletters and hosting affiliates.  Smiley
Logged

No links in signatures please
Tom Strong
n00b
*
Offline Offline

Posts: 7


View Profile
« Reply #4 on: May 11, 2009, 11:58:38 AM »

I have to echo Perks sentiment about deciding just how important it is to fight.

I do think you should spend "some" energy, but maybe there is a way to work within the construct of your shit being stolen.

First, how to protect your stuff.
Require a user account.
require they are logged in.
place your files in non-publicly accessible directory (above web root).

then use a code chunk like this:
Code:
if (isset($_SESSION['username']) and isset($_GET['file']))
{
$file = dirname(__FILE__).'/'.$GLOBALS['downloaddir'].'/'.$_GET['file'];
if (file_exists($file))
{
    header('Content-type: application/force-download');
    header('Content-Transfer-Encoding: Binary');
    header('Content-length: '.filesize($file));
    header('Content-disposition: attachment; filename="'.$_GET['file'].'"');
readfile($file);
}
}

this means at least the spiders and such cant get it.
obviously add whatever validations you need.
access rights in a database.

You cant prevent people from distributing the file, so instead work within that ruleset.
Since these are web templates, put whatever you can in them to get links back. There are tons of sites out there that have massive PR, and as such, can sell decent ad space, because of exactly this method.

One thing I had thought of to do, was a web template site, but I serve all the graphics. So, they can change whatever graphics they want, but most they would keep the same, and pull from my site. This means you could hide a bunch of actual text links and they will most likely miss them because of every single graphic would have my URL, so the links would get lost in the noise...

Basically though, there is no link that you can secure, without requiring login. And event then, people could share logins. But there is no reason to, since they already have the file, and can just post it to bittorrent sites.

Thanks for the code, I'll use it  Wink You gave me nice ideas  Praise
Logged

No links in signatures please
NYDAz
Expert
****
Offline Offline

Posts: 212

The Night Stalker


View Profile
« Reply #5 on: May 11, 2009, 12:25:24 PM »

listen to this guys Tom ! They know their shit  Wink
Logged

what's up?
nop_90
Global Moderator
Lifer
*****
Offline Offline

Posts: 2203


View Profile
« Reply #6 on: May 11, 2009, 04:42:00 PM »

Hey Tom -

First off, I think it's important for you to grapple with the notion that no matter what you do, no matter how you do it, there will be some theft of your work. If there's a price on it, there will be some that take it without paying. It's an unfortunate reality in this biz. And IME, the harder you make it to duplicate/rip off, the more likely it is that people will want to break it. Take it from me, that's exactly how it is. Why exactly I'd know that is beyond the scope of this thread. But trust me on this one.  Roll Eyes
Prime example of softice. A system level debugger.
The guys from numega who made it where operating system gods.
Ironically the protection for it was non-existant almost Cheesy
Probably for the reason perks pointed out. (softice was used extensively for cracking)

Drupal/WP themes. Put a basic protection on it so joe idiot can not steal your themes.
Probably guys who can rip them off, probably will not have much interest in them.
As for loss, the guys who will rip them off, would not pay for them anyway. So all you lose is bandwidth.

Better to concentrate on quality of product vs protection.
I think on syndk8 autopligg must have pretty crappy protection on it (It is php pretty hard to protect)
Lots of people have bought the product.
When you are buying a product you are paying for user support, help desk etc.
Guy who could rip off autopligg, has no interest in that stuff, also if he could rip off autopligg he could make his own Smiley


Logged
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #7 on: May 12, 2009, 12:02:01 PM »

Yep they're all just bits.

It doesn't matter what you do, if I want your themes for free, I will get them. Fortunately, I don't want your themes for free, and if I found them useful I would pay you. Just saying though, you're better keeping it light. Make sure that whatever protection you put in place doesn't interfere with the user experience.
Logged

hai
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #8 on: May 12, 2009, 12:37:07 PM »

i 100% percent agree with V's point. If i want your shit, I will get it. And that was the reason for suggesting a different way to look at tackling the problem, which it seems got your wheels turning. so good!

Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #9 on: May 12, 2009, 04:30:22 PM »

It doesn't matter what you do, if I want your themes for free, I will get them.
"You're so hot tempered, darling. I would have groveled on the ground and begged for mercy."

Both VS and NBs are right in their candor and attitude. And they are akin to those that have similar (albeit most likely lesser) skillz, and certainly lesser well defined value frameworks.

Regarding your templates however, I already have them all, as well as a complete mirror of your private drive at home.
Thanks much, and welcome to The Cache.

Wink
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #10 on: May 12, 2009, 05:03:17 PM »

lol
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!