Re: OP thieves you should be aware of... (Community)

Thread

Board Archives

	Bots
	Community
	General Discussion
	Sdk
	Wishlist
	Author Search

Site Features

	Citizens List
	Badges & Achievements
	Events Directory
	News and Articles
	Worlds List
	About Alphaworld
	Search Object Paths

Activeworlds Support

	Download Activeworlds
	Quickstart Tutorial

Historic Archives

	Truespace Archives
	Newsgroup Archives

Re: OP thieves you should be aware of... (Community)

Re: OP thieves you should be aware of... // Community

andras

Dec 14, 2004, 7:51am

[View Quote] > Someone is trying to use my OP for their world Loralyne, without my
> permission and without even asking me (beforehand, the log below is AFTER
> THE FACT). I have the following info and log copies, be on the watch world
> owners!
>

Securing your Object Path 101:

1, Password protect all your UNIQUE objects (or make the unique by adding some comments to them)
- this can be achieved by using Multizip (http://www.andras.net/tools.html) with the proper features selected
- never password such objects which came from public domain - that makes the password deciphering much simpler!!

2, Use a reliable and fast web host for your Object Path
- the OP is a heavy traffic website. Don't try to host it by yourself on ADSL or Cable connection. Those connections - though fast for your downloads - really slow when uploading!
one exception can be made - if your OP is rarely used, i.e. you have a small world with only a few visitors.

3, Select the "Enable Browser Referer" in the World Options/Options dialog!
- the AW browser will include the Referer http tag at each web access with a combination of the universe address:port and your world's name.

4, Configure your Object Path host
a, Windows IIS - I will not go into details because I don't remember them but be sure that directory listing is disabled
b, Apache - I'll give you a few tricks here how to secure against the leaching (unauthorized use of your site)
- if you have access to the Vhosts.cfg (the virtual host configuration) or your ISP is willing to make changes on it add the following lines to your config under your directory there:

#---- Securing agains ilegal use ---------------------------------
SetEnvIfNoCase Referer "aw://64\.94\.241\.250:5670/yourworld" proper_use
SetEnvIfNoCase Remote_Addr "your_IP_address" proper_use
Order deny,allow
Deny from all
Allow from env=proper_use
#-----------------------------------------------------------------
- if you can't do that, create a file called ".htaccess" (without quotes - but the leading '.' character is important!) and add the same stuff into that file above. Copy/ Upload the file onto each of your AW Object Path folder (avatars,models,textures,seqs,sounds )
Legend:
yourworld - the name of the world you are allow to access that path. You can have multiple lines or wildchars in it. E.g.:
SetEnvIfNoCase Referer "aw://64\.94\.241\.250:5670/storage*" proper_use
SetEnvIfNoCase Referer "aw://64\.94\.241\.250:5670/rhapsody" proper_use
your_IP_address - is your personal IP address, so you always be able to access those folders by a standard browser. It just simplifies your life - you still will be able to FTP into those folders :) E.g.:
SetEnvIfNoCase Remote_Addr "194\.152\.129\.*" proper_use
the example above enables my C IP subnet to access my stuff.
Explanation:
Apache can modify the access rights based on anything. In this case we enable only the AW browser (and your personal computer) to access the files IF the visitor is in your world. Any other attempt will lead to a denial of access effectively blocking unauthorized use of your OP.
Most likely you can do similar things in IIS - consult the appropriate documentations.

Hope this helps (comments/clarifications are welcome, flames are forwarded to /dev/null :),
--
Andras
"It's MY computer" (tm Steve Gibson)
P.S.: Mauz you can include this info on your web under worldrunning.html :)

Awportals.com · ProLibraries Live · Twitter · LinkedIn