In this information age, resource theft is a very disgusting, but very common thing. Before, for example, guo jingming’s novel never flowers in never dreams “plagiarism” circle “of the zhuang yu novel, while guo through personal weibo apologized to zhuang yu, and said” would put the flowers in the dream after the publication of the novel online all royalties and summarize all profits after clear, full compensation for ms zhuang yu “. Zhuang Yu accepts Guo jingming’s apology and proposes to set up an anti-plagiarism fund together.

The Internet not only facilitates the distribution of resources, but also expands the resources stolen from text to pictures, videos and so on. But not everyone will be as lucky as Zhuang to receive the compensation they deserve. Therefore, since we cannot completely prevent others from stealing resources, it becomes important to take anti-theft measures to prevent our resources from being stolen and used to a certain extent. So how do we protect our resources from being stolen?

To know how to burglarize, the most important thing is to know when you are burglarized, otherwise you don’t know you have been burglarized, and there is no way to talk about burglarizing. Take a personal website for example. As soon as you upload a new photo you took, the site slows down. You think your new image is attracting a lot of users, so you go to the background of the site to check the number of visitors today, only to find that there are only a few.

Encounter this situation, very sorry to tell you: your website resources are very likely to be stolen by others! When you discover this, and hurriedly delete these resources, want to let the server slow down, you will find that your website still does not seem to be much faster, check the visit log, you will find that requests are still coming in from all directions. That’s when we can use anti-theft.

Common ways to guard against theft

The most common ways to guard against theft are the following. Although these methods cannot completely solve the situation of resource theft, they can effectively reduce the impact of resource theft:

  • Use Referer to prevent theft

This method is the most common. For a simple example, when your application receives a download request from the xx domain, it determines the value of the Referer field in the request header. If it is a domain name you know, that is, the domain name in the Referer whitelist you set, it is a legitimate request, you can download it, otherwise an error message will be returned.

  • Using login Authentication

This method is generally used for websites requiring login such as forums and communities. When a user accesses a resource, the user checks whether the request is authenticated by login. If so, users can download it safely; If not, an error message is returned.

  • Using Cookie authentication

This method is similar to the above, which is to generate a dynamic Cookie on the downloaded page. Before processing the resource download request, check whether there is a correct Cookie in the request Cookie. If it does, the user can legally download it. If it does not, an error message will be returned.

  • Use graphic captcha

This method prevents the downloading of resources by machine applications that are not “human” requests. I believe you have also encountered, is to choose the right picture from a number of pictures, otherwise not to pass. This approach, however, tends to annoy normal users.

  • Unauthorized modification of resource content

Like popular movies on the website, MP3, etc., compressed packages are generally relatively large, these large compressed package files are a lot of places to insert data. For example, MP3 has a tag area, ZIP has a remarks area, movie file content in any place, as long as the process of downloading dynamic injection of some random bytes to these places, you can make the hash value of the entire file changed, can effectively prevent the download tool to find the door to download.

Shot cloud a key anti-theft

All of the above methods need to be set up locally on the resource to the server, if you do not have the corresponding code knowledge, it will be a little difficult to operate, this time to choose access to cloud service providers is a good choice. Most cloud service providers provide a variety of ways to guard against theft. Take us as an example:

The watermark guard against theft

By adding a watermark in the resource screen, so that even if stolen, others can see the source of the video from the watermark. There are two ways to add watermarks:

  • First, you can add the watermark parameter /watermark/ URL/to a file when uploading it to the cloud storage. The same is true for video, except that the parameter is changed to /wmImg/<watermark_img>, in which the watermarked image needs to be uploaded to the cloud storage service in advance. <watermark_img> represents the Base64 encoded character of the watermark image path. Such as watermark/url/L3BhdGgvdG8vd2F0ZXJtYXJrLnBuZw said = = / path/to/watermark. The PNG this image as a watermark. For more information, click ↓↓ to read the original ↓↓

  • Second, you can create a thumbnail version of the cloud storage service named “[Watermark]” and enable the watermark function in the cloud storage service. Then through the form of “URL + spacer + version number”, call the thumbnail version when accessing the picture, you can see the watermark set when accessing the picture.

In addition to adding watermarks, youracket console also supports setting various anti-theft chains (such as Referer anti-theft chain mentioned above), and only need to complete relevant steps in the console according to the instructions to achieve anti-theft effect.

IP blacklist and whitelist

Youpaiyun provides access logs of all resources. Once resources are found to be stolen, you can find the server IP address of the other party through access logs. After adding this IP address to the blacklist, the other party will never be able to access any of your resources. That is, to deny access.

Area access restriction

If the other party has multiple IP addresses and can’t tell which one it is, look at regional access restrictions. This function allows or forbids terminal users in a specific area to access website resources, and can be configured by country, region, province, and carrier.

Referer hotlinking prevention

This is the most common anti-theft chain mentioned above, but it is very simple and convenient to use in the cloud. You only need to open the Referer blacklist, and then fill in the address of the website that has stolen your picture, click OK, and the stolen picture of the other party will not be displayed. And search for stolen pictures of the website, you can also take cloud log function to query.

Token hotlinking prevention

As mentioned above, anti-leasehold cannot completely prevent resource theft and use. If the leasehold server uses dynamic IP, it is very troublesome for us to ban it. The customer requests not to carry the Referer, so the Referer anti-theft chain will be skipped.

Token anti-theft can deal with these problems. You can set the Token key and the signature expiration time to control the access duration of resource content. In this way, the user must carry the correct Token and can access the link only within a specified period of time. In this way, the user can effectively prevent unnecessary losses caused by malicious requests.

Back to the source authentication

You can also consider source authentication, that is, configuring an authentication server on the source site and setting the authentication mode. After receiving the request each time, the CDN edge node will return to the authentication server of the user source station for verification. Only after the verification is passed can it be considered as a legitimate request and CDN will continue to provide services.

But high-level anti-theft means that the cost of anti-theft also means that how to choose their own anti-theft chain is particularly important. ** The Internet brings us rich entertainment life, let us find the right resources more and more convenient, but must remember to support the original, support the original, stealing other resources is a violation of other people’s intellectual property rights. If you are faced with the situation of their own resources stolen, in addition to the use of technical means to prevent, when necessary, also want to take up legal weapons to safeguard their legitimate rights and interests oh ~

Recommended reading

How to quickly fix Ansible project layout in production environment?

Server side rendering basics