Greetings All,
I've recently had a customer uncover a "user" who created several scoop
accounts on her website, uploaded some lovely images of Viagra pills and
medicine bottles via scoop's upload system, and then proceeded to
hotlink to them in some spam.
The lesson?
Don't let normal users have the ability to upload files on your scoop
site. Only grant the ability to upload to those you know and trust.
If you have been allowing uploads to random users, you might want to
check that your site hasn't already been abused. If you ain't got
Viagra pills, I'll bet you'll find at least one myspace weenie hiding
out instead*.
Cheers!
-----
Cory R. King
XLAN, Inc.
* No really, you do, trust me. Go ahead, grep your log files, I dare
you to. Even if you don't allow uploads, I'm positive you'll find at
least one myspace page leeching some (probably very large) image(s) of
yours. Adding the apache rewrite rule below cut Photographica's
bandwidth consumption by about 1/6'th!
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME}
.*jpg$|.*gif$|.*png$|.*php|*.mpg$|*.mp3$|*.mov$| [NC]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogfa\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?xanga\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?hi5\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?diaryhub\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://global-news-matrix\.blogspot\.com/ [NC]
# replace with your own image!
# make it have '.img' for an extension to stop infinite loops.
RewriteRule (.*) http://images.photographica.org/images/stophotlink.img
[R,L,Env=poach_attempt:1]
# log any f***ers who try!
CustomLog /local/media/logs/poachers_log combined env=poach_attempt
</IfModule>