So finally i have a solid solution against image site rippers. So solution consists of two components mod_rewrite and php with mysql. Perhaps i will paste .htaccess first. It’s adopted to copper-mine gallery.

RewriteCond %{REQUEST_FILENAME} .*jpg$|.*bmp$|.*jpeg$|.*gif$|.*png$ [NC]
RewriteCond %{REQUEST_FILENAME} albums [NC]
RewriteCond %{REQUEST_FILENAME} !thumb [NC]
RewriteCond %{REQUEST_FILENAME} !normal [NC]
RewriteCond %{REQUEST_FILENAME} !userpics [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteCond %{HTTP_USER_AGENT} !google [NC]
RewriteRule ^(.*)$ fullsize.php?path=%{REQUEST_FILENAME}

In generally this rules passes all requests to full size images to script witch decides can we give it to browser or not. Besides it passes request from google.
So all check logic can be done in php and mysql part.
Script content:

#config
$time_window_seconds=35;
$max_hits_per_ip_per_window=2;

define(’IN_COPPERMINE’, true);
require(’include/init.inc.php’);
cpg_db_query(”INSERT INTO ipleechcheck (ip,hittime) VALUES (’{$_SERVER[’REMOTE_ADDR’]}’,'”.time().”‘)”);
cpg_db_query(”DELETE FROM ipleechcheck WHERE hittime < “.(time()-$time_window_seconds).” “);
$result = cpg_db_query(”SELECT count(*) as total FROM ipleechcheck WHERE ip = ‘{$_SERVER[’REMOTE_ADDR’]}’ “);

if (mysql_num_rows($result) === 1) {
$row = mysql_fetch_assoc($result);
$IPCount = $row[’total’];
}

if( $IPCount > $max_hits_per_ip_per_window )
{

header(’HTTP/1.1 503 Service Temporarily Unavailable’);
header(’Status: 503 Service Temporarily Unavailable’);
header(’Retry-After: 3600′);
header(’X-Powered-By:’);
echo ‘

Service Temporarily Unavailable

The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.

‘;
exit;

} else {
$fileName = $_GET[’path’];
if (file_exists($fileName))
{
$extension = end(explode(’.',$fileName));

switch (strtolower($extension)) {
case ‘png’:
header(’Content-type: image/png’);
echo file_get_contents($fileName);
break;

case ‘jpg’:
case ‘jpeg’:
header(’Content-type: image/jpeg’);
echo file_get_contents($fileName);
break;

case ‘bmp’:
header(’Content-type: image/bmpg’);
echo file_get_contents($fileName);
break;

default:
break;
}
}

}
?>
Check interval - $time_window_seconds=35;
Max request in 35 seconds - $max_hits_per_ip_per_window=2;

So generally we have a solid blocking script. I did not used sessions because lechers in each request starts new session.
Mysql table create structure:

CREATE TABLE IF NOT EXISTS `ipleechcheck` (
`id` bigint(20) NOT NULL auto_increment,
`ip` varchar(255) NOT NULL,
`hittime` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;


This entry was posted on Tuesday, January 29th, 2008 at 8:35 pm and is filed under HTTP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.