Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 11-02-2003, 04:42 PM   #1 (permalink)
Junkie
 
zero2's Avatar
 
I need help w/ securing a website

I have a website, and I need to have some sort of way of protecting it's content.

It's sort of like you need to be a regestered member of a group or forum in order to access information on the website.

It needs to have a login and password page, and it needs to be able to log in ip address so that multiple users cannot use the same password and login. The files also need to be password protected too, so that it is not possible to download a file if they don't have a password.

I know it sounds a little extreme, but I really think I need these features.

So how would I go about this, what would I need to research in order to implement this?
zero2 is offline  
Old 11-02-2003, 04:50 PM   #2 (permalink)
Fear the bunny
 
Location: Hanging off the tip of the Right Wing
Your hosting company may have a user panel where you can do this; mine does. Email them and ask.
__________________
Activism is a way for useless people to feel important.
BoCo is offline  
Old 11-02-2003, 04:52 PM   #3 (permalink)
Fear the bunny
 
Location: Hanging off the tip of the Right Wing
I should add that if they don't offer these features, then go to Gigabean.com for your hosting. They're awesome, with tons of scripts, protections and other stuff you may find useful.

I have a package that gives me 500MB of space and 20GB bandwidth per month for only $13.95.
__________________
Activism is a way for useless people to feel important.
BoCo is offline  
Old 11-04-2003, 10:41 AM   #4 (permalink)
beauty in the breakdown
 
Location: Chapel Hill, NC
Yeah, what you are talking about basically is .htaccess controls. You need to find out if your host lets you do this. With a .htaccess file, you can password a directory, with as many or few users as you want, and everything in that directory is protected. Its basically that little popup window that you see in most sites that are password protected.
__________________
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws."
--Plato
sailor is offline  
Old 11-04-2003, 11:26 AM   #5 (permalink)
"Officer, I was in fear for my life"
 
hrdwareguy's Avatar
 
Location: Oklahoma City
Like sailor said, you can use an htaccess file to keep the username and password in. But I'm sure we've all seen sites like that with username and passwords listed on crack sites.

Another approach would be to keep your login info in a database such as mySQL. Then using PHP, JSP, ASP, something like that, you could requre them to enter a username and password on the main page. Check this against the values in the database and if they match, you're in. Much harder to crack this than the htaccess file.
__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today
hrdwareguy is offline  
Old 11-04-2003, 01:07 PM   #6 (permalink)
Junkie
 
zero2's Avatar
 
I guess I should describe the problem, I have a website, with content that I want to protect. I posted my website on another forum with a link to this content which we'll call for ex. a collection of mp3s.

After doing that, I have found that my website is getting overloaded, with people trying to download my stuff.

I have even been told that people have come across my website in other forums too.

The material on the website was only meant for the members of the forum that I gave my link too, however, somehow my files are ending up on other forums.

Now because most people use download managers, it's easier to just post a direct link to the file instead of going to the website.

Which is why I need some sort of security. When I was thinking about security measures, the first thing that came to mind was how porn sites deal with security, while not perfect, at least it will keep some of the leechers away.

It sounds like htaccess is something that I should look into.

I just want to thank everyone for replying, I didn't really know where I would start looking up info for my problem, thanks again for your help BoCo, sailor420, and hrdwareguy.
zero2 is offline  
Old 11-04-2003, 02:02 PM   #7 (permalink)
Huggles, sir?
 
seretogis's Avatar
 
Location: Seattle
zero2: You can google "htaccess" for a ton of hits with different tutorials and such. For example, here's one:

http://www.freewebmasterhelp.com/tutorials/htaccess/

If you are unable to do this, or want a more comprehensive password protected system, check out: http://celerondude.com/index.php?a=s&id=1

The above linked is an "uploader script" which allows you to password-protect content and allow others (or just yourself) to up load through a web-form. It may or may not be what you're looking for.
__________________
seretogis - sieg heil
perfect little dream the kind that hurts the most, forgot how it feels well almost
no one to blame always the same, open my eyes wake up in flames
seretogis is offline  
Old 11-04-2003, 03:54 PM   #8 (permalink)
Loves my girl in thongs
 
arch13's Avatar
 
Location: North of Mexico, South of Canada
Also, there are several Php scripts that will controll directory access so that a link can only be downloaded by going to a front page first, thus defeating hotlinking.
StileProject is a good working example. They use dynamic directories and (i think) php that redirects direct file access requests to a front page. You could then password the front page and effectivley kill the bandwidth drain.
__________________
Seen on an employer evaluation:

"The wheel is turning but the hamsters dead"
____________________________
Is arch13 really a porn diety ? find out after the film at 11.
-Nanofever
arch13 is offline  
Old 11-04-2003, 08:56 PM   #9 (permalink)
Junkie
 
zero2's Avatar
 
With htaccess, suppose there was a mole at the site, as long as they have a valid username and password, wouldn't anyone who was given that username and password have access to my site and could direct link so long as they had valid username and password?

Lets say I made accounts for ex. Joe, Kate, Mary, and Todd.

Each of them have their own usernames and passwords.

Suppose Todd's ip address is 64.765.543.9 and his username is leech and password is leech.

Is it possible, when Todd logs in that his ip address gets loged in, into a database.

Now suppose Todd is the mole around the forum, and he decides to be a smart -@$$ and posts my website along w/ his username leech and password leech.

With htacess, is there a way of preventing this.

Like for instance is there a way where if for ex. Chi got the password and username from Todd, and his ip address is 10.12.456.89, when he tries to download, his ipaddress is checked against login and username in the database and the system locks him out, because it doesn't match Todd's ip address of 64.765.543.9.

If possible is it possible to make a username and password expire after the session is over, meaning after they logout or complete their download?

Once again, thanks for the advice seretogis and arch13, I've learned so much, at least now know what I'm facing in terms of solutions.

Last edited by zero2; 11-04-2003 at 08:59 PM..
zero2 is offline  
Old 11-04-2003, 10:08 PM   #10 (permalink)
Huggles, sir?
 
seretogis's Avatar
 
Location: Seattle
You could do the above with PHP, or pay someone to do it for you.
__________________
seretogis - sieg heil
perfect little dream the kind that hurts the most, forgot how it feels well almost
no one to blame always the same, open my eyes wake up in flames
seretogis is offline  
Old 11-05-2003, 03:37 PM   #11 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
Are you hosting it with IIS

If you are its simple

Open the IIS service and select the folder/file you want to protect

Right click and select properties

Select the tab file security or directory security

Hit edit on the anonymous access

Unselect anonymous access,

Then create a new account for your system that will be the account that you can give out.

Then tweak the security level of the new account till you like it. And you’re done.
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
 

Tags
securing, w or, website


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 04:16 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360