[RESOLVED] [HELP] Getting hotlinking site URL?

[aqeelsfolio]

Is it somehow possible to get the url of the page that is hotlinking that .swf??

[Ray Beez]

Check your server logs. That's one way.

You could have some code that silently hits a PHP script on your server, send "URL" to it.

[aqeelsfolio]

Check your server logs. That's one way.

You could have some code that silently hits a PHP script on your server, send "URL" to it.

server logs are showing no referer becasue they are loaded by flash player not that website page.

yes i can post "_url" silently to php script on my server, but that "_url" will only tell the the url of the .swf (which is my site), but I need the url of the page that is hotlinking .swf hosted on my website.

[Fall_X]

This could be bad advice, maybe you can do something a lot simpler, I haven't looked into this much, but you could try getting document.location through javascript interfacing, and then send it to a php script with flash. Just a thought.

[tonypa]

Sadly there is no easy and simple way to read url of html page into swf.

[aqeelsfolio]

This could be bad advice, maybe you can do something a lot simpler, I haven't looked into this much, but you could try getting document.location through javascript interfacing, and then send it to a php script with flash. Just a thought.

How can I do javascript interfacing in flash, do you mean that "fscommand"?
But that webpage is not mine, i can only do things in .swf.

[Fall_X]

It might be a bit complicated, and there might be other (better) ways, but you could try something like this. Using getURL you can execute javascript in the user's browser. However, as far as I know, this can not return anything to the swf directly. Thankfully, javascript can also interact with flash (the other way round), as described here : http://www.permadi.com/tutorial/flashjscommand/
Now, you'd need a way to find the swf's name in the browser for this to work, but I can imagine that by looping through all objects and seeing if they have a certain property (using GetVariable), you can find the right object. There may be an easier way too, don't know. After you find the swf, you can send it a variable with the document.location.
So to make it all work, your swf should contain a one-line string (with the javascript that finds the swf, gets the location, and sends it to the swf), and pass this string to the browser using getUrl("javascript:"+browserCheckScript); or something like that.

Your javascript-string can also just check the document.location, and if it's not the one you intended, you can change it to your site, which should also store the referer in your logs. This way, you won't have to bother finding the swf object with javascript.

Note : I have not tried any of this myself, and it's a bit clumsy, but it might work

[Fall_X]

Here you go, just tested it and seems to work fine in IE, Opera and Firefox :

Code:

getURL("javascript:if(top.location!='http://myUrl'){top.location='http://myUrl';}","_top");

[aqeelsfolio]

Thanks Fall_X and thanks everyone, with little modifications, It worked!! now I managed to make a database of hotlinking sites.

[Squize]

Perhaps link to this thread in the protection sticky guys ? If it worked, and it's knowledge everyone can use, let's share it

Squize.

[Fall_X]

Off course, you might as well turn off hotlinking on the server
Ooh, just thought of another way, if turning off hotlinking is not option : you place your swf in a directory that's not accessible through web browsers, and then make a php script that does the security (checking the referer), sends the right contenttype header, and then opens the swf file and outputs its contents. If the security routines fail, you send another swf displaying a message that users should play it on your site.
No client-side javascript required here, but it is dependant on browsers setting the referer header correctly (so it might be a good idea to allow an empty referer too).

[tonypa]

Interesting that calling javascript to detect hotlinked swf fails in Flash9 because of security reasons:

A navigate operation attempted to evaluate a scripting pseudo-URL, but the containing document (usually an HTML document in a browser) is from a sandbox to which you do not have access.

You cannot navigate the special windows "_self", "_top", or "_parent" if your SWF file is contained by an HTML page that has set the allowScriptAccess to "none", or to "sameDomain" when the domains of the HTML file and the SWF file do not match.