Videos hotlink protection

It will be grate if vshare had this feature for video protection.

The best video protection that i have seen on a video web site is at freeviewmovies.com.

• - you can't download their videos.
  - you can't see where they have hosted their videos.
  - change video hosting without embed problem
  - flv video player is free
  - use RTMP video streaming

Is the total video protection site. No one can hotlink your videos even steal your videos. :lol:

Dose someone know what kind of encryption do they use?

they player code on their site:

Code:

---

<div id="video_area"><h6>You must install Macromedia Flash to see this player.</h6></div>
                                <script type="text/javascript">
                                var so = new SWFObject('/flv/flvplayer_new.swf','mpl','675','500','8');
                                so.addVariable('config','/flv/skin/config.php?id=19599');
                                so.addVariable('height','500');
                                so.addVariable('width','675');
                                so.addParam('allowscriptaccess','always');
                                so.addParam('allowfullscreen','true');
                                so.addParam('wmode', 'transparent');
                                so.write('video_area');
                                </script>

---

This is their embed code

Code:

---

<embed width="450" height="370" src="http://freeviewmovies.com/flv/flvplayer.swf" FlashVars="config=http://freeviewmovies.com/flv/skin/ofconfig.php?id=19545" quality="high" bgcolor="#000000" name="flvplayer" align="middle" allowScriptAccess="always" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" allowFullScreen="true"/>
<div style="width:450px;text-align:center;font-weight:bold;">Teen Porn</div>

---

From the above code they are calling the video with a php file and the video ID. The PHP file is a XML file and if you enter the "http://freeviewmovies.com/flv/skin/ofconfig.php?id=19545" you wil get this code.

Code:

---

<config>
?
<file>
rtmp://content.freeviewmovies.com/freeviewmovies_vod/
</file>
<id>A23113/A23113</id>
<autostart>true</autostart>
<backcolor>0x000000</backcolor>
<frontcolor>0xff6600</frontcolor>
<lightcolor>0xff6600</lightcolor>
<screencolor>0x000000</screencolor>
<link>http://www.freeviewmovies.com/test.php?do=embed</link>
<linkfromdisplay>true</linkfromdisplay>
<linktarget>_self</linktarget>
<logo>http://www.freeviewmovies.com/images/fvm.png</logo>
<volume>75</volume>
<autostart>false</autostart>
<usefullscreen>true</usefullscreen>
<searchbar>false</searchbar>
<thumbsinplaylist>true</thumbsinplaylist>
<recommendations>http://www.freeviewmovies.com/flv/reco.php</recommendations>
</config>

---

I'll work on this and see what I can find.

I am close to a breakthrough!!!

If you achieve that it will be a grate feature for vshare. :D Vshare will be one step ahead form the other scripts.

Before giving a status update, I would like to point out some technical facts here:

The site that you have listed is using RTMP streaming with player/server file "shifting." To explain this more:

Quote:

---

Originally Posted by RAMMSTEIN

- you can't download their videos.

---

This is not correct. You can download their videos. However, you can't download them conventionally (as in typing in a URL and downloading it to your computer). Rather, you have to use a RTMP recorder. There are several free ones out there. A note of fact, if it can be played (or displayed) in a browser window, it can be downloaded. There is no way to prevent this. You can deter it, but not prevent it.

Quote:

---

Originally Posted by RAMMSTEIN

- you can't see where they have hosted their videos.

---

Actually, you can. It's right in front of you. The video in your post is located at rtmp://content.freeviewmovies.com/freeviewmovies_vod/. The file is located in the A23113 directory. However, due to "shifting," your browser only reports the file as A23113. This is incorrect. The real file has a .flv extension. The "shifting" is to prevent other people from directly linking to the stream.

Quote:

---

Originally Posted by RAMMSTEIN

- change video hosting without embed problem

---

The shifting that they are using is controlled via the server and the player itself. Thus, you can put the player on any site and it would play any video on their system. The files will not play outside of their player.

Quote:

---

Originally Posted by RAMMSTEIN

- flv video player is free

---

No, their player isn't free. They are running on a custom FLV player. It may be the JW player that has been compiled specifically for their use.

Quote:

---

Originally Posted by RAMMSTEIN

- use RTMP video streaming

---

Yes, they are using RTMP streaming.

Ok, here is where I am at so far:

1. I have created a working proof of concept for RTMP streaming using vShare. It works with the JW Player (4.1 and above) as well as Agriya.
2. You have the ability to do true streaming of the video. This will tremendously cut down bandwidth usage (more so than using lighttpd).
3. Because streaming is done through a different protocol and server software, you can completely disallow web access to the flvideo directory. Thus, people could not directly link to the FLV files at al.
4. Method works with both forms of embedding (object and iframe).

What still needs to be done:

1. Stream Security - I'm still working on a way to protect the actual stream. As it stands right now, someone could put up a different player on another site and use your stream to play videos outside of your player. I'm working to prevent this.
2. Multi-server Support - Because the files have to be stored on the streaming server, multi-server setups would require streaming server software setup on your secondary servers (which isn't a problem to do). To do this, the streaming URL needs to be dynamic. This is very simple to do. I just have to do it.

I was trying to download one of their video but i couldn't make it. I used Bit recorder and Replay Media Catcher but non of those program worked. :shock:

I think this site is the best steaming protection site i have seen so far.

Nice work bplex, i am curious what will you do. :D

One question: Will use RTMP streaming or lighttpd.

I was able to download a video using Orbit.

As for the streaming, it will be RTMP. Lighttpd is not true streaming (as the file still downloads). Rather, it allows for seeking.

They are not preventing hotlinking with rtmp. When a site allow users to embed video, it is always possible to hotlink.

Next version will have support for lighttpd, we already have it done on

http://video.bizhat.com/view/723/nice-parking/

The video url will expire after specified time. This is is only possible on dedicated or vps, not on shared.

On shared, we will try some php based script to prevent hotlinking.

Yeah, I've already got lighttpd working on my current installation today. Works great.

The issue of hotlinking, for me, may be a bit different from others. I don't mind someone embedding my videos on their sites or whatnot. What can, however, become a problem is if someone runs their own player and link to my files directly. That's what I believe most of us here would like to avoid. Using RTMP (and even lighttpd), there are ways to secure the file such that it can only be called from certain players (or your sites player in particular). This is what I am trying to accomplish now.

Quote:

---

Originally Posted by bplex

The issue of hotlinking, for me, may be a bit different from others. I don't mind someone embedding my videos on their sites or whatnot. What can, however, become a problem is if someone runs their own player and link to my files directly. That's what I believe most of us here would like to avoid.

---

This can happen to any site that allow hotlinking.

Quote:

---

Originally Posted by bplex

Using RTMP (and even lighttpd), there are ways to secure the file such that it can only be called from certain players (or your sites player in particular). This is what I am trying to accomplish now.

---

I see some site pass video id to FLV player and it fetches the url. Anyone with a proxy to monitor access or having flash decompiler can break it.

Quote:

---

Originally Posted by admin

This can happen to any site that allow hotlinking.

---

Duh... This is what we are trying to avoid. The problem is that disallowing hotlinking doesn't actually disallow hotlinking anymore. Newer browsers such as Firefox 3 and IE 8 (beta) pass referrer information without having to actually be on the site. When those browsers become more prominent, this will almost negate any efforts to prevent hotlinking with methods currently in place. Thus, people like myself are finding new ways to help prevent hotlinking.

Quote:

---

Originally Posted by admin

I see some site pass video id to FLV player and it fetches the url. Anyone with a proxy to monitor access or having flash decompiler can break it.

---

Yeah, but at this point, we are talking about users who know what they are doing. No hotlinking protection is going to be fool proof. People are always going to be able to get around blocks and such. The issue is not trying to make something that is fool proof. Rather, we are trying to come up with something that prevents people from being able to do it easily. As I stated before. Anything that can be read or displayed by a browser can be copied. What we are trying to do is come up ways to make it harder to copy.

Quote:

---

Originally Posted by bplex

What we are trying to do is come up ways to make it harder to copy.

---

Yes that is true because are videos are not protected at all. Every user can see where the flv is hosted when he open the player source and they make a download link easy. Every week i have to change the video folder name due to this issue and i do not allow embed code for that. :(

Just another status update on where I am at:

Quote:

---

Originally Posted by bplex

1. Stream Security - I'm still working on a way to protect the actual stream. As it stands right now, someone could put up a different player on another site and use your stream to play videos outside of your player. I'm working to prevent this.

---

As of right now, I have created a simple method to protect the stream. It's not 100% fool proof. Someone could probably still record the stream (or download the file using programs like Orbit). However, directly linking to the stream would be difficult to do. I'm still working to find a method of securing the stream from the RTMP side of things... well, at least a free method. This would provide greater security against hotlinking. It would probably not add any for those who wish to actually download the file.

Quote:

---

Originally Posted by bplex

2. Multi-server Support - Because the files have to be stored on the streaming server, multi-server setups would require streaming server software setup on your secondary servers (which isn't a problem to do). To do this, the streaming URL needs to be dynamic. This is very simple to do. I just have to do it.

---

Haven't touched this yet, but, as I stated before, this should be fairly simple to do.

As of right now, setting up all of this isn't going to be simple. Straightforward, but not simple. When I'm actually done with everything, I'll probably start a new topic and leave this one for the official hotlink protection that we have been hearing about for 2.7.

Don't you think they are just running a Flash streaming server?

They are. That is what RTMP is.

i would like to ask something.It is possible to make FTP accounts if you have a RTMP server because if you can't the RTMP server is not a solution. Thee reason is that you can not have multiserver feature.


A good way for the file protection is this ( i found this at a online geme site )

Built-in Anti-Hotlinking / Hotlink Protection :: Over the past months the act of hotlinking games has been a growing concern for online arcade owners and we made it one of our top priorities to come up with a powerful solution. Tested in IE 6.0-7.0, FireFox and even Netscape, the built-in hotlink protection module has done its job. When activated, instead of displaying the actual filename of the game being played, phpAS will display a uniquely generated name each time the game is loaded, thus not allowing hotlinkers to link to your game files.

Their PHP code to protect the swf file

Code:

---

<?php
session_start();)
error_reporting(0);

$code = $_GET['code'];
if ($code != $_SESSION['playcode'])
exit;

include ("./includes/config.php");

$gameid = $_GET['gameid'];

$sql_query = "SELECT * FROM games WHERE gameid = $gameid";
        //store the SQL query in the result variable
                    $result = mysql_query($sql_query);
                    if(mysql_num_rows($result))
                    {
                    //output as long as there are still available fields
                    while($row = mysql_fetch_array($result))
                    {
                   
                    $gamefile = $row['gamefile'];
                    $gamelocation = $row['gamelocation'];
                          }
        }

    if ($gamelocation == 1)
    $gameurl = $gamefile;
         
    else
    $gameurl = "./games/files/".$gamefile;


    $file_extension = strtolower(substr(strrchr($gamefile,"."),1));
    switch ($file_extension) {
            case "swf": $ctype="application/x-shockwave-flash"; break;
            case "wmv": $ctype="application/x-mplayer2"; break;
            default: $ctype="application/force-download";
    }
    header("Content-Type: $ctype");

   
echo file_get_contents($gameurl);

$_SESSION['playcode'] = "gameover";

?>

---

A demo protected game is here. http://www.247arcade.com/games/970/w...sion-mode.html

RTMP is not an appliance. It's a software that you run on your server. You can FTP to it like any other server. The code that you have below is only a portion of the code. The code that I have written is similar to what you posted. I will be posting my solution in the next couple of days.

Quote:

---

Originally Posted by bplex

RTMP is not an appliance. It's a software that you run on your server. You can FTP to it like any other server. The code that you have below is only a portion of the code. The code that I have written is similar to what you posted. I will be posting my solution in the next couple of days.

---

Thank you bplex I will really appreciate a solution for this!:)

Ok guys:

After working on this for over a week, I have finally ironed out the kinks and have created a working RTMP setup for vShare. Please note that a step-by-step on this is going to take some time as the setup is not quite as easy as other systems. I will be opening another post for people who would like to do something like this and will explain more about this in that posting.