In this information age, the misappropriation of resources is a disgusting, but very common thing. For example, Guo Jingming’s previous novel "How Much Do You Know About Flowers in Dreams" plagiarized Zhuang Yu’s novel "Circle Inside and Outside", although Guo Jingming apologized to Zhuang Yu through his personal Weibo, and said, "I will know how much flowers fall in my dreams." After the publication of this novel, all the online and offline royalties and all the income obtained after the summary calculation are clear, all compensation will be paid to Ms. Zhuang Yu." After accepting Guo Jingming's apology, Zhuang Yu proposed to establish an anti-plagiarism fund together.
The Internet not only makes the circulation of resources more convenient, but also expands the stolen resources from text to pictures and videos. But not everyone will be as lucky as Ms. Zhuang to get the compensation he deserves. Therefore, since it is impossible to completely prevent others from stealing resources, it becomes important to take anti-theft measures to prevent one's own resources from being misappropriated to a certain extent. So how to protect our resources from being misappropriated?
To know how to guard against theft, the first priority is to know when you have been stolen, otherwise you don't even know that you have been stolen, and you won't be able to talk about theft. Take a personal website as an example. You just uploaded a new picture that you took, but found that the website access speed is getting slower and slower. You thought that the new picture you took attracted a big wave of users, and you opened the background of the website to check the number of visitors today, but found that there were only a few people.
In this situation, I regret to tell you: Your website resources are very likely to be stolen by others! When you found out about this and hurriedly deleted these resources and wanted to slow down the server, you will find that your website still doesn't seem to be much faster. Check the access log and find that requests are still coming from all directions. . At this time, we can use anti-theft.
Common anti-theft methods
The most common anti-theft methods are as follows. Although these methods cannot completely solve the situation of resource theft, they can effectively reduce the impact of resource theft:
- Use Referer anti-leech
This method is the most common. For a simple example, when your website program receives a download request from the xx domain name, it will first determine the value of the Referer field in the request header. If it is a domain name that you know, that is, a domain name in the Referer whitelist you set, it is a legitimate request and you can download it, otherwise an error message will be returned.
- Use login authentication
This method is generally used on websites that need to log in, such as forums and communities. When a user accesses a resource, it is first judged whether the request is authenticated by login. If yes, the user can download it safely; if not, an error message will be returned.
- Use Cookie Verification
This method is similar to the above, which is to generate a dynamic cookie on the downloaded page. When processing a resource download request, first determine whether there is a correct cookie in the requested cookie. If there is, the user can download it legally, if not, an error message will be returned.
- Use graphic verification code
This method can prevent downloading of resources by non-human requests such as machine programs. I believe everyone has encountered it before, which is to select the correct picture from multiple pictures, otherwise it will not be passed. However, this method is easier to annoy normal users.
- Tampering with resource content
Like popular movies on the website, MP3, etc., compressed packages are generally relatively large, and these large compressed files have many places where data can be inserted. For example, MP3 has a tag area, zip has a remark area, any place in the content of the movie file, as long as some random bytes are dynamically injected into these places during the download process, the hash value of the entire file can be changed. Effectively prevent downloading tools from finding the door to download.
One-key anti-theft
All of the above methods require you to set up the resource and server locally. If you don't have the corresponding code knowledge, it will be a little difficult to operate. At this time, choosing to connect to a cloud service provider is a good choice. Most cloud service providers provide a variety of anti-theft methods. Take us and take the cloud as an example:
Watermark anti-theft
By adding a watermark to the resource screen, even if it is stolen, others can see the video source from the watermark when viewed. Another Paiyun provides two ways to add watermarks:
- The first is that when the file is uploaded to the cloud storage again, you can add the watermark parameter /watermark/url/<url> to add the image watermark. The same is true for the video, but the parameter becomes /wmImg/<watermark_img>, and the watermark image needs to be uploaded to the cloud storage service in advance. <url>, <watermark_img> represent the Base64 encoded characters of the watermark image path. For example, /watermark/url/L3BhdGgvdG8vd2F0ZXJtYXJrLnBuZw== means the picture /path/to/watermark.png is used as a watermark. If you want to know more, you can click ↓↓Read the original text↓↓
- Second, you can directly create a thumbnail version named [watermark] under the cloud storage service corresponding to the cloud console, and turn on the watermark function inside. Then use the form of "url + spacer + version number" to call the thumbnail version when accessing the picture, and you can see the set watermark when accessing the picture.
In addition to adding watermarks, Youpai console also supports the setting of multiple anti-theft chains (such as the Referer anti-theft chain mentioned above), and you only need to complete the relevant steps in the console according to the instructions to achieve the anti-theft effect.
IP black and white list
Paiyun provides access logs for all resources. Once a resource is found to be stolen, you can find the other party's server IP through the access log. After adding this IP to the blacklist, the other party will never be able to access any of your resources. That is to deny the other party's access.
Area access restriction
If the other party has a lot of IPs and cannot determine which one is specific, you might as well look at the regional access restrictions. This function can allow or prohibit end users in a specific area from accessing website resources, and supports configuration based on dimensions such as country/region, province, and operator.
Referer
This is the most common anti-leech method mentioned above, but it is very simple and convenient to use in the cloud again. You only need to open the Referer blacklist, then fill in the address of the website that has stolen your picture, and click OK. The picture stolen by the other party will not be displayed. And to find websites that have stolen pictures, you can also search through the cloud log function.
Token anti-theft chain
As mentioned above, the anti-leech chain cannot completely prevent the use of resources. If the hot chain server uses a dynamic IP, it will be very troublesome for us to block it; if the customer requests not to carry the Referer, then the Referer anti-leech chain will be skipped.
Token anti-theft chain can handle these problems. The access time limit of resource content is controlled by setting the Token key and cooperating with the expiration time of the signature. In this way, the user must carry the correct Token and can only access the link within the specified time, which can effectively prevent users from malicious requests and cause unnecessary losses.
Back-to-source authentication
We can also consider back-to-origin authentication, that is, configure an authentication server at the source site and set the authentication method. After that, each time the CDN edge node receives a request, it will return to the authentication server of the user's origin site for verification. After the verification is passed, it will be considered as a legitimate request, and the CDN will continue to provide services.
However, high-level anti-theft methods also mean an increase in the cost of anti-theft, and how to choose a suitable anti-theft chain is also particularly important. You can also "How to choose the anti- Internet brings us a rich entertainment life, making it more and more convenient for us to find our favorite resources, but we must remember to support the original version, support the original version, and embezzle other people's resources It infringes the intellectual property rights of others. If you are facing the theft of your own resources, in addition to using technical means to prevent it, you must also take up legal weapons to protect your legal rights whenever necessary~
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。