Videos hotlink protection

[RAMMSTEIN]

It will be grate if vshare had this feature for video protection.

The best video protection that i have seen on a video web site is at freeviewmovies.com.

• - you can't download their videos.
  - you can't see where they have hosted their videos.
  - change video hosting without embed problem
  - flv video player is free
  - use RTMP video streaming

Is the total video protection site. No one can hotlink your videos even steal your videos. :lol:

Dose someone know what kind of encryption do they use?

they player code on their site:

Code:

<div id="video_area"><h6>You must install Macromedia Flash to see this player.</h6></div>
				<script type="text/javascript">
				var so = new SWFObject('/flv/flvplayer_new.swf','mpl','675','500','8');
				so.addVariable('config','/flv/skin/config.php?id=19599');
				so.addVariable('height','500');
				so.addVariable('width','675');
				so.addParam('allowscriptaccess','always');
				so.addParam('allowfullscreen','true');
				so.addParam('wmode', 'transparent');
				so.write('video_area');
				</script>

This is their embed code

Code:

<embed width="450" height="370" src="http://freeviewmovies.com/flv/flvplayer.swf" FlashVars="config=http://freeviewmovies.com/flv/skin/ofconfig.php?id=19545" quality="high" bgcolor="#000000" name="flvplayer" align="middle" allowScriptAccess="always" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" allowFullScreen="true"/>
<div style="width:450px;text-align:center;font-weight:bold;">Teen Porn</div>

From the above code they are calling the video with a php file and the video ID. The PHP file is a XML file and if you enter the "http://freeviewmovies.com/flv/skin/ofconfig.php?id=19545" you wil get this code.

Code:

<config>
?
<file>
rtmp://content.freeviewmovies.com/freeviewmovies_vod/
</file>
<id>A23113/A23113</id>
<autostart>true</autostart>
<backcolor>0x000000</backcolor>
<frontcolor>0xff6600</frontcolor>
<lightcolor>0xff6600</lightcolor>
<screencolor>0x000000</screencolor>
<link>http://www.freeviewmovies.com/test.php?do=embed</link>
<linkfromdisplay>true</linkfromdisplay>
<linktarget>_self</linktarget>
<logo>http://www.freeviewmovies.com/images/fvm.png</logo>
<volume>75</volume>
<autostart>false</autostart>
<usefullscreen>true</usefullscreen>
<searchbar>false</searchbar>
<thumbsinplaylist>true</thumbsinplaylist>
<recommendations>http://www.freeviewmovies.com/flv/reco.php</recommendations>
</config>

[bplex]

I'll work on this and see what I can find.

[bplex]

I am close to a breakthrough!!!

[RAMMSTEIN]

If you achieve that it will be a grate feature for vshare. :D Vshare will be one step ahead form the other scripts.

[bplex]

Before giving a status update, I would like to point out some technical facts here:

The site that you have listed is using RTMP streaming with player/server file "shifting." To explain this more:

- you can't download their videos.

This is not correct. You can download their videos. However, you can't download them conventionally (as in typing in a URL and downloading it to your computer). Rather, you have to use a RTMP recorder. There are several free ones out there. A note of fact, if it can be played (or displayed) in a browser window, it can be downloaded. There is no way to prevent this. You can deter it, but not prevent it.

- you can't see where they have hosted their videos.

Actually, you can. It's right in front of you. The video in your post is located at rtmp://content.freeviewmovies.com/freeviewmovies_vod/. The file is located in the A23113 directory. However, due to "shifting," your browser only reports the file as A23113. This is incorrect. The real file has a .flv extension. The "shifting" is to prevent other people from directly linking to the stream.

- change video hosting without embed problem

The shifting that they are using is controlled via the server and the player itself. Thus, you can put the player on any site and it would play any video on their system. The files will not play outside of their player.

- flv video player is free

No, their player isn't free. They are running on a custom FLV player. It may be the JW player that has been compiled specifically for their use.

- use RTMP video streaming

Yes, they are using RTMP streaming.

Ok, here is where I am at so far:

1. I have created a working proof of concept for RTMP streaming using vShare. It works with the JW Player (4.1 and above) as well as Agriya.
2. You have the ability to do true streaming of the video. This will tremendously cut down bandwidth usage (more so than using lighttpd).
3. Because streaming is done through a different protocol and server software, you can completely disallow web access to the flvideo directory. Thus, people could not directly link to the FLV files at al.
4. Method works with both forms of embedding (object and iframe).

What still needs to be done:

1. Stream Security - I'm still working on a way to protect the actual stream. As it stands right now, someone could put up a different player on another site and use your stream to play videos outside of your player. I'm working to prevent this.
2. Multi-server Support - Because the files have to be stored on the streaming server, multi-server setups would require streaming server software setup on your secondary servers (which isn't a problem to do). To do this, the streaming URL needs to be dynamic. This is very simple to do. I just have to do it.

[RAMMSTEIN]

I was trying to download one of their video but i couldn't make it. I used Bit recorder and Replay Media Catcher but non of those program worked. :shock:

I think this site is the best steaming protection site i have seen so far.

Nice work bplex, i am curious what will you do. :D

One question: Will use RTMP streaming or lighttpd.

[bplex]

I was able to download a video using Orbit.

As for the streaming, it will be RTMP. Lighttpd is not true streaming (as the file still downloads). Rather, it allows for seeking.

[admin]

They are not preventing hotlinking with rtmp. When a site allow users to embed video, it is always possible to hotlink.

Next version will have support for lighttpd, we already have it done on

http://video.bizhat.com/view/723/nice-parking/

The video url will expire after specified time. This is is only possible on dedicated or vps, not on shared.

On shared, we will try some php based script to prevent hotlinking.

[bplex]

Yeah, I've already got lighttpd working on my current installation today. Works great.

The issue of hotlinking, for me, may be a bit different from others. I don't mind someone embedding my videos on their sites or whatnot. What can, however, become a problem is if someone runs their own player and link to my files directly. That's what I believe most of us here would like to avoid. Using RTMP (and even lighttpd), there are ways to secure the file such that it can only be called from certain players (or your sites player in particular). This is what I am trying to accomplish now.

[admin]

The issue of hotlinking, for me, may be a bit different from others. I don't mind someone embedding my videos on their sites or whatnot. What can, however, become a problem is if someone runs their own player and link to my files directly. That's what I believe most of us here would like to avoid.

This can happen to any site that allow hotlinking.

Using RTMP (and even lighttpd), there are ways to secure the file such that it can only be called from certain players (or your sites player in particular). This is what I am trying to accomplish now.

I see some site pass video id to FLV player and it fetches the url. Anyone with a proxy to monitor access or having flash decompiler can break it.