Author Topic: Unauthorised embedding  (Read 4204 times)

0 Members and 1 Guest are viewing this topic.

Offline robbieB

  • Member
  • *
  • Posts: 23
    • Royal Norfolk & Suffolk Yacht Club, Lowestoft, UK
Unauthorised embedding
« on: July 25, 2011, 05:35:15 AM »
I recently came across a phpBB site which had my Weather Flash screen embedded on a local weather page :shock:.

".....<param name="movie" value="http://....my_domain.../...directory.../WxFlash/Loader.swf">
<param name="quality" value="high">
<embed src="http://"....my_domain..../...directory.../WxFlash/Loader.swf" width=700 height=500 align="center" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash"></embed>....."

Is there any way of blocking this?



Davis Vantage Pro 2 Wireless (2006)
Davis Weather Envoy
VWS v14
Weatherlink v5.5.1
Weatherflash v1.2
Stardot Netcam MP
Windows XP Home SP2

Offline wxtech

  • Weather Equipment Technician
  • Forecaster
  • *****
  • Posts: 1587
  • USAF Weather Equipment Maintenance Tech (retired)
    • Lexington, Ga. Weather
Re: Unauthorised embedding
« Reply #1 on: July 25, 2011, 07:32:30 AM »
Imitation (copying) is sincerest form of flattery.  Just ask them to request your permission before using your property, and post a link back to your site.  
I wish my wx data to have the widest dissemination.  My station temperature has been mentioned on Atlanta TV, and I'm 70 miles away.
« Last Edit: July 25, 2011, 08:30:42 AM by wxtech »
Al Washington, Lexington, Ga.,  NWS Coop station=LXTG1, Fischer Porter, SRG, MMTS. 
CoCoRaHS=GA-OG-1. CWOP=CW2074.  Davis VP2+ WLIP 5.9.2, VP(original) serial, XP with serial port, VWS v14.01p0. ImageSalsa, Win8 all-in-one.
Selling used wx eqpt on EBay

Offline WeatherHost

  • Forecaster
  • *****
  • Posts: 1923
Re: Unauthorised embedding
« Reply #2 on: July 25, 2011, 08:12:55 AM »
Maybe with an .htaccess file.  If your webhost uses cPanel, some versions have hotlink blocking options.

But isn't the point of weather site to get the information out there?  I'd at least make sure they credit the information source site though.

Offline robbieB

  • Member
  • *
  • Posts: 23
    • Royal Norfolk & Suffolk Yacht Club, Lowestoft, UK
Re: Unauthorised embedding
« Reply #3 on: July 25, 2011, 08:34:29 AM »
Thanks both of you. Disseminate the data widely, yes (ours is published on the Weather Underground etc.) and we welcome people linking to the site. But the live weather info on Weather Flash serves to actually bring people to our site. If our WF screen is available elsewhere, we lose out.

I was wondering if there is some way of blocking it rather than wielding a big copyright stick. There's an open source java script which will block content from being loaded into any iframe on an alien site, but I don't think that will do the trick in this case. I'll look into the ht.access solution.

Thanks again.

robbie
Davis Vantage Pro 2 Wireless (2006)
Davis Weather Envoy
VWS v14
Weatherlink v5.5.1
Weatherflash v1.2
Stardot Netcam MP
Windows XP Home SP2

Offline DaculaWeather

  • It's a Jeep thing... you wouldn't understand.
  • WxElement panel
  • Forecaster
  • *****
  • Posts: 2954
  • SCCA EM #156
    • Dacula and Gwinnett County Georgia USA Weather
Re: Unauthorised embedding
« Reply #4 on: August 12, 2011, 01:51:36 PM »
Something else you can do is put all of the Flash code in a php file, then include the php on your page, that way they won't be able to view the code. Just move some of the code to a different location on your site and change your page to point to it there.

I WOULD send them an email though and ask them very nicely to remove your code from their site. If they don't, then I would take some more drastic measures.

Where's the site, I'd like to see what they've done?
Steve
Davis Vue, VWS, WDisplay, VVP, StartWatch CWOP 


Offline robbieB

  • Member
  • *
  • Posts: 23
    • Royal Norfolk & Suffolk Yacht Club, Lowestoft, UK
Re: Unauthorised embedding
« Reply #5 on: August 14, 2011, 02:23:58 PM »
Where's the site, I'd like to see what they've done?

http://www.mylowestoft.com/viewtopic.php?f=10&t=244

As you can see, it simply embeds the WF screen from my club site into the page.

Robbie
Davis Vantage Pro 2 Wireless (2006)
Davis Weather Envoy
VWS v14
Weatherlink v5.5.1
Weatherflash v1.2
Stardot Netcam MP
Windows XP Home SP2

Offline DaculaWeather

  • It's a Jeep thing... you wouldn't understand.
  • WxElement panel
  • Forecaster
  • *****
  • Posts: 2954
  • SCCA EM #156
    • Dacula and Gwinnett County Georgia USA Weather
Re: Unauthorised embedding
« Reply #6 on: August 14, 2011, 02:57:20 PM »
This code in your <head> tag will fix that:
<script type="text/javascript">
if (top.location != self.location)
top.location = self.location;
</script>
« Last Edit: August 14, 2011, 03:05:55 PM by DaculaWeather »
Steve
Davis Vue, VWS, WDisplay, VVP, StartWatch CWOP 


Offline robbieB

  • Member
  • *
  • Posts: 23
    • Royal Norfolk & Suffolk Yacht Club, Lowestoft, UK
Re: Unauthorised embedding
« Reply #7 on: August 14, 2011, 03:04:46 PM »
The code in your <head> tag will fix that:
<script type="text/javascript">
if (top.location != self.location)
top.location = self.location;
</script>

Thanks for that. I'll give it a go.

Robbie
Davis Vantage Pro 2 Wireless (2006)
Davis Weather Envoy
VWS v14
Weatherlink v5.5.1
Weatherflash v1.2
Stardot Netcam MP
Windows XP Home SP2

Offline TNETWeather

  • Kevin Reed (KrelvinAZ)
  • Senior Contributor
  • ****
  • Posts: 193
  • Davis Vantage Pro2+ with full FARS
    • TNET Weather - Mesa, AZ USA
Re: Unauthorised embedding
« Reply #8 on: August 14, 2011, 03:13:17 PM »
I don't think that is going to work.  The code being used by the MyLowestoff site is not including his web page (which has a head section), he is embeding the flash object only just like the OP does.

http://www.rnsyc.net/weathercam/WxFlash/Loader.swf

So if he adds the code you are talking about, it won't even be seen because they are not using the HTML page, just the flash object.

You would have to block referrers to the content instead that blocks access to the swf file.



All you need is Time, Aptitude and Desire ... and you can build just about anything...

Offline DaculaWeather

  • It's a Jeep thing... you wouldn't understand.
  • WxElement panel
  • Forecaster
  • *****
  • Posts: 2954
  • SCCA EM #156
    • Dacula and Gwinnett County Georgia USA Weather
Re: Unauthorised embedding
« Reply #9 on: August 14, 2011, 08:03:52 PM »
Ahh, I thought they were loading it in a frame. My bad.
I would put all the Flash code in a PHP file and include that file on your page. When you do that, put the Flash code in a different location so they won't know where to find it.
Steve
Davis Vue, VWS, WDisplay, VVP, StartWatch CWOP 


Offline TNETWeather

  • Kevin Reed (KrelvinAZ)
  • Senior Contributor
  • ****
  • Posts: 193
  • Davis Vantage Pro2+ with full FARS
    • TNET Weather - Mesa, AZ USA
Re: Unauthorised embedding
« Reply #10 on: August 14, 2011, 08:20:42 PM »
You can't hide it.  In order to render it, it has to be able to load the swf file. All you have to do is look at the source of the page and the same embed will be there in plain sight regardless of how you included it PHP or not.

The only way to block this is to use referrer blocks using mod_rewrite like you would for images.  You just add swf to the list of items checked for.  Unless you have a replacement SWF, they will most likely just get a blank object, but visitors to the page won't be able to view the embeded object.

All you need is Time, Aptitude and Desire ... and you can build just about anything...

Offline robbieB

  • Member
  • *
  • Posts: 23
    • Royal Norfolk & Suffolk Yacht Club, Lowestoft, UK
Re: Unauthorised embedding
« Reply #11 on: August 15, 2011, 02:08:28 AM »
I don't think that is going to work.  The code being used by the MyLowestoff site is not including his web page (which has a head section), he is embeding the flash object only just like the OP does.

Yes, that's right; my fault, I should have been clearer. It's the loader that is embedded.

Robbie.
Davis Vantage Pro 2 Wireless (2006)
Davis Weather Envoy
VWS v14
Weatherlink v5.5.1
Weatherflash v1.2
Stardot Netcam MP
Windows XP Home SP2

Offline Cynjut

  • Senior Member
  • **
  • Posts: 59
    • Bellevue, NE local weather
Re: Unauthorised embedding
« Reply #12 on: August 15, 2011, 02:24:34 AM »
To be contrary, he is giving you credit and a link for the view.  From a Google Search perspective, you are getting two references for every view of that page.  Unless you're getting paid by the view and these SWF views don't count or you have some personal reason, I'd leave it alone.  You can spend a lot of time and energy trying to do something that may, ultimately, hurt your popularity in Google.  As long as you have good meta-tags and good referrers, the spiders will find you more often this way and boost your search order placement.

Offline DaculaWeather

  • It's a Jeep thing... you wouldn't understand.
  • WxElement panel
  • Forecaster
  • *****
  • Posts: 2954
  • SCCA EM #156
    • Dacula and Gwinnett County Georgia USA Weather
Re: Unauthorised embedding
« Reply #13 on: August 15, 2011, 06:11:36 AM »
Or fix your page up even more so that there is no question where the data is coming from.
Steve
Davis Vue, VWS, WDisplay, VVP, StartWatch CWOP 


Offline TNETWeather

  • Kevin Reed (KrelvinAZ)
  • Senior Contributor
  • ****
  • Posts: 193
  • Davis Vantage Pro2+ with full FARS
    • TNET Weather - Mesa, AZ USA
Re: Unauthorised embedding
« Reply #14 on: August 15, 2011, 03:15:38 PM »
To be contrary, he is giving you credit and a link for the view.  From a Google Search perspective, you are getting two references for every view of that page.  Unless you're getting paid by the view and these SWF views don't count or you have some personal reason, I'd leave it alone.  You can spend a lot of time and energy trying to do something that may, ultimately, hurt your popularity in Google.  As long as you have good meta-tags and good referrers, the spiders will find you more often this way and boost your search order placement.

Giving credit and stealing are two different things.

1) He didn't get authorization to steal the use of the result.  he is not using his bandwidth to do it, he is using the OP's bandwidth..

A lot of sites don't want you embedding their content.  Think MP3's, Images etc...

Not only did the OP pay for the weather station and its upkeep, but he also paid for the software, pays for his hosting and his time.  The offender is not assisting with any of that, just stealing data so his website has cool stuff on it.

He has apparently also been asked to stop.

2) Hotlink protection which is normally thought of for images can be done for just about any content and if done correctly is trivial to setup.

The OP has mentioned that he has made several .htaccess changes, but I suspect he is trying to block the offenders site, not prevent hotlinking.

Or fix your page up even more so that there is no question where the data is coming from.

And how does he do that?  The Offender is not showing the OP's website, only his objects.  Where are you going to put more info in the object (the SWF) that provides more details of where it is coming from?

It already has across the top of it "Real-Time data from the RNSYC weather station".
« Last Edit: August 15, 2011, 03:22:23 PM by TNETWeather »

All you need is Time, Aptitude and Desire ... and you can build just about anything...

Offline DaculaWeather

  • It's a Jeep thing... you wouldn't understand.
  • WxElement panel
  • Forecaster
  • *****
  • Posts: 2954
  • SCCA EM #156
    • Dacula and Gwinnett County Georgia USA Weather
Re: Unauthorised embedding
« Reply #15 on: August 15, 2011, 04:24:05 PM »
Next step?
Steve
Davis Vue, VWS, WDisplay, VVP, StartWatch CWOP 


Offline TNETWeather

  • Kevin Reed (KrelvinAZ)
  • Senior Contributor
  • ****
  • Posts: 193
  • Davis Vantage Pro2+ with full FARS
    • TNET Weather - Mesa, AZ USA
Re: Unauthorised embedding
« Reply #16 on: August 15, 2011, 05:18:57 PM »
Hotlink protection for SWF files

Placed in your .htaccess file...

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.rnsyc.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://rnsyc.net/.*$ [NC]
RewriteRule .*\.swf$ http://www.rnsyc.net/UnauthImage.gif [R]


This allows no referrer (meaning it is a direct hit) or referrers from your own site using www.rnsyc.net or rnsyc.net.  Any other referrer would be given the UnauthImage.gif instead of the SWF file.  You should have that image by name, or change it to an image that suits that purpose.

Since the offender is embedding the object in their page, the hit will be with a referrer link pointing to his page.  I would protect any SWF file on your webtree from the level of the .htaccess and down.

You could have the unauth return be another SWF file with some cute animated hotlink error message, but it would have to be located outside of the protected area OR you can exclude it in the rules above by adding:

RewriteCond %{REQUEST_URI} !^/UnauthImage\.swf$ [NC]

You can also block additional items by adding them like:

RewriteRule .*\.(gif|png|jpg|swf)$ http://www.rnsyc.net/UnauthImage.gif [R]

Same rules would apply to the unauth image.

You can test this by using a hotlink test page at: http://altlab.com/htaccess_tutorial.html

Planned on working with the OP if he wanted to work on this. Up to him.  Sent him a PM with my email and google chat addresses.
« Last Edit: August 15, 2011, 05:20:30 PM by TNETWeather »

All you need is Time, Aptitude and Desire ... and you can build just about anything...

Offline robbieB

  • Member
  • *
  • Posts: 23
    • Royal Norfolk & Suffolk Yacht Club, Lowestoft, UK
Re: Unauthorised embedding
« Reply #17 on: August 16, 2011, 06:24:40 AM »
Apologies for disappearing from the conversation: in a word, "Work".

I have hot link protection via CPanel, so last night I enabled it and listed the swf extension along with others. I then found WFlash wouldn't load on my own site(s) despite listing them as allowed URLs. So I went back to square one, disabling hot link protection. Now WFlash starts to load and to access the weather data, but no sooner has the live weather screen appeared than it is replaced by a blank, black screen. Since I have not made any changes to my WFlash files this must be a CPanel/host server issue, which I am now trying to sort out.

My thanks to all of you, and especially TNETWeather. I will follow up on the latest post and take advantage of the offer to help if I run into further problems. I like to get my own head round things as much as I can, but am all too familiar with failure  :lol:

Robbie

[EDIT: would you believe it (well yes, you would), the black screen is browser related, i.e. whatever hangover there is on the server is affecting Internet Explorer and Chrome, but not Firefox, Opera or Safari.]
« Last Edit: August 16, 2011, 08:06:40 AM by robbieB »
Davis Vantage Pro 2 Wireless (2006)
Davis Weather Envoy
VWS v14
Weatherlink v5.5.1
Weatherflash v1.2
Stardot Netcam MP
Windows XP Home SP2

Offline kray1000

  • Purveyor of wry
  • Forecaster
  • *****
  • Posts: 1332
    • http://www.roanokevalleyweather.com
Re: Unauthorised embedding
« Reply #18 on: August 16, 2011, 08:40:02 AM »
Apologies for disappearing from the conversation: in a word, "Work".

I have hot link protection via CPanel, so last night I enabled it and listed the swf extension along with others. I then found WFlash wouldn't load on my own site(s) despite listing them as allowed URLs. So I went back to square one, disabling hot link protection. Now WFlash starts to load and to access the weather data, but no sooner has the live weather screen appeared than it is replaced by a blank, black screen. Since I have not made any changes to my WFlash files this must be a CPanel/host server issue, which I am now trying to sort out.

My thanks to all of you, and especially TNETWeather. I will follow up on the latest post and take advantage of the offer to help if I run into further problems. I like to get my own head round things as much as I can, but am all too familiar with failure  :lol:

Robbie

[EDIT: would you believe it (well yes, you would), the black screen is browser related, i.e. whatever hangover there is on the server is affecting Internet Explorer and Chrome, but not Firefox, Opera or Safari.]

There are recent threads on here about a recent update with Flash causing problems with WeatherFlash (and other applications) not displaying.  Might be related.

http://www.wxforum.net/index.php?topic=12673.0

http://www.wxforum.net/index.php?topic=12694.0
Kevin Ray
Roanoke, VA

Wireless VP2, Stardot NetCam, ImageSalsa 2.0.12, MovieSalsa, Nexstorm, WASP2, Skymet, VWS14.01p33, WD 10.37N build 03

Offline robbieB

  • Member
  • *
  • Posts: 23
    • Royal Norfolk & Suffolk Yacht Club, Lowestoft, UK
Re: Unauthorised embedding
« Reply #19 on: August 16, 2011, 10:11:07 AM »
There are recent threads on here about a recent update with Flash causing problems with WeatherFlash (and other applications) not displaying.  Might be related.

http://www.wxforum.net/index.php?topic=12673.0

http://www.wxforum.net/index.php?topic=12694.0


Yes, might well be. Thanks for the tip off. Just a coincidence that I was playing about with hot link protection at the time.

Robbie
Davis Vantage Pro 2 Wireless (2006)
Davis Weather Envoy
VWS v14
Weatherlink v5.5.1
Weatherflash v1.2
Stardot Netcam MP
Windows XP Home SP2