Quote:
|
Are you viewing the site within an external frame ? are you using an antivirus software (I read that might be one cause) ?
|
No I am not using anything out of the ordinary. I used Firefox and opened a new window. I understand what you're doing you're checking the referrer field to see if it contains the site. The problem with the referrer is that it can be altered in anyway the client wants. It is not something to rely upon. Also spiders do not set the referrer for pages typically. Here is an example from the google cache:
http://209.85.229.132/search?q=cache...gl=uk&ie=UTF-8
on how one of your pages looks so they must be quite a few that see the site like this. When you open a new browser window by default the referrer is blank/empty. I also block the referrer and UA when I surf. UA is blocked because I don't want the server to know the version of browser I use (obviously by having the real UA exposed you have a risk surfing as the server may know a weakness of the browser version and attempt to exploit it). I also block the referrer because I do not want you, or anyone else to know where I come from or where I go to. Scripts, Cookies are typically blocked unless I trust the site.
If you want to protect your images my suggestion is to use a watermark. There are addons at least for osc that I know of and presumably for zen too that do just that.
Another method is cold-linking where the images are located outside the web-space then you have a php script that analyzes the request and if it is acceptable it presents the right thumbnail by loading and resizing the image. It is more advanced and there is no way the original can be accessed via the web directly and can be used in conjunction with watermarks. You can identify the ISP from the IP and act accordingly. For instance IPs coming from hosts or sites are highly questionable for hotlinking. So watermarks can protect your images, cold-linking can preserve your server's bandwidth.
Quote:
|
I should set up a filter so that only text is accepted. Do you know who to do that ?
|
I believe zen has the zen_db_prepare_input and zen_db_input functions while osc has the tep_db_prepare_input and tep_db_input functions to filter the data before inserting them in the database or send them back to the client. If you expect an integer just the (int) cast should do but to insert strings the pair of functions mentioned should take place. The first of the pair should take care against data filtering the 2nd should take care against db injections (it includes the mysql_real_escape_string).