jdownloader Thread

[chrda]

Just want to inform peeps about this tool being used by some people.

Its a tool to download from ours sites without having to look at our ads etc.

So for the admin, is there a way to disable access to this tool?

Capctha might solve some, but its annoying for the customer

Maybe an option on captcha that it only show the first time for the user, or that it shows randomly for all.

Its mainly beening used on big releases, so you get high bw usage, and no income in form of ads.

Correct me if i am wrong, just want a thread on the topic.

[amon]

Jdownloader is able to bypass captcha.Meaning it shows it to user and the user is able to enter it without logging on the site.

[olesjas]

I have a lot experience with it. This software sucks a lot.

You should use animated captcha images like this and put the code behind the animation:
// Edit: See post below
or
limit the amount of connections per ip to avoid leeching.

There are no other solutions, and there will be no other solutions since jDownloader acts like a normal browser.

[olesjas]

works like a charm, bots can't pass

[chrda]

You got a quick howto, how to implement that kind of captcha?

[PBI]

Yea some make a demo on how to add that becors it very easy just dl for free and i thing in 1.8 make it so it cant download whit out pay for it

[olesjas]

It's not that easy. Also generating this kind of captchas use 500% more ressource. Captcha filesize is 250kbyte, instead of 25kbyte. Your load will raise up.

You have to split an animated gif into frames, put captcha text in background and merge frames to new gif. New captcha = new animation.

[chrda]

Sounds like a job for sibsoft to implent

[peterdays]

how about setting up a php cron to create an animated captcha image every minute or two. Save the image and save the image text on mysql. all users would then get that image for 1 minute.

[olesjas]

no. if only a single user pass the captcha manually with jdwnloader (by typing), the captcha will be saved in a database. other users dont need to enter this captcha anymore.

evil hu?^^

[admin]

What about recaptcha?

[olesjas]

i made bad experience with recaptcha. they are just too heavy for some users... based on google-analytics data i can say that i got 40% less "free downloads" and not more "premium sales" when recaptcha is active.

recaptcha is going a wrong direction... bad readability and still not 100% safe. image: you're a free-downloader and there are several filehosting-mirrors available, would you choose the filehosting service with captchas like this:



ask yourself. it can't be good for your users experience. they will use rapidshare or another service...

[Matts]

with recaptcha it just make users hard to recognize the words. even if recaptcha is used (hotfile use it); jdownloader grab it to a window where user is asked to type the captcha and on entering it the users are allowed to download.. still bypassing the ads.

if jdownloader act like browser then i geuss there would be no workaround since it is hard to differentiate normal users from jdownloader user.

some nasty ideas for anyone?

[jack]

Small tip for site owners being harrassed by JD.

Visit http://svn.jdownloader.org/repositories/browse/jd/trunk/src/jd/plugins/hoster and look for the plugin made for your website.

You will find that the source code has many words that will throw up errors on JD. For example, if the text 'File not found' exists on your page, JD gets confused and exits the download.

Basically, JD acts as a browser and so it can bypass most things. Use that against it. A browser reads your HTML source so anything you put into it will be read by JD.

Make a list of these terms (file not found, wait for xx days etc.) and then after every JD update check if it works with you website. If yes, then add one of the terms from the list and voila! problem solved.

Make the JD updates page your browser home page and if you are excessively obssessive like me, then make their repository page your home page. This way, you will learn of changes before they have even been released as updates. So, you will be able to make their updates useless even before it has been released.

Now for the main part, adding the text. Either use <font style=visibility:hidden....> or make it the same colour as your background.

Get imaginative, dont be restricted to text. Create hidden buttons which will redirect to a page with an IP logger. This way you will come to know which users are using JD and then you can send them a 'polite' email.

Turn JD's advantages into its weaknesses. Also, make only the minimum changes needed to block JD, don't fire all your weapons at once.

Do this for 2 weeks and if your site is fairly popular, you will notice your users filling the JD boards with 'plugin not work, i hope you fix' like it's their birth right to use a bot. You will also notice the admins getting angry. Their anger will show in their update notes - 'The admin of this site does not like us'. Too bad for them...

Go gung ho on them for a few weeks and they will drop your site completely or stop updating the source. There are hundreds of ways to block them but if I reveal it here, it becomes public. It would be nice if the XFS admins could limit this thread to customers only so you can freely discuss your blocking techniques and pool them. It will be really fun to watch more than 10 sites failing on JD everyday. It will take up so much of their time, that they will either drop support or start charging for the software (unlikely).

As far as captcha is concerned, recaptcha is one that will remain 100% secure always because even the JD guys use it in their search area on the forum. I think they come with a refresh button so, unreadability should not be a problem. Also, you should think about how much the free downloads are worth ? If someone cannot enter a captcha and doesn't want to buy a premium membership to bypass that, then do you think he will ever pay money to use your service ? Ad revenue will not make up for bandwidth costs in most cases (on a per user basis).

If you have any questions, other than personal ones (like asking for my website name), then feel free to ask them here.

Also, if you care about Alexa rankings, you should let JD run wild for a while as it helps get your rank up.

[chrda]

Thanks good info, just what i needed.

Ill try it out, and see how popular ill become