Answer the question
In order to leave comments, you need to log in
How to protect the picture server from spam downloads?
Hello. I'm making a project, previously photos were uploaded locally in the project folder. Now we need scalability. Decided to transfer images to the cloud. There will be a separate server for downloading and uploading (to save traffic. Clouds). I would like to upload photos from the front of the application to the picture one, and from there immediately move them to the cloud, but I can’t think of a sensible scheme for uploading, or rather, to upload only from my applications, maybe some kind of key or something to apply that can you advise?
Answer the question
In order to leave comments, you need to log in
No way. In any case, if you have a strong desire, all your defenses will be revealed.
The maximum that can be done is to complicate the reverse engineering of the operation protocol of your image service.
1. If you want to protect yourself from left-handed downloads, at least first you need to set a ceiling for downloading images from an ip address. But given the free proxies, this will not be a problem for pests.
2. The next step, which will help to weed out spammers well, is to block all countries where there are no users. For example, if you have users from Russia - put cloudflare and check in the firewall, or on the backend from the country header.
3. OK. We go further. Did I say something about reverse engineering? Oh yes.
Do you want no one to be able to load pictures right off the bat? Please - make a communication protocol between the boot server and the client. What exactly is the protocol? At least the transfer of any key during boot. What's the key? Yes, any, the main thing is that it be unique for each download. Here you can cheat with key generation, obfuscate the code, apply encryption, HMAC, and so on, which will make it very difficult to unravel the key generation.
4. Well, the last way is captcha. Where without her. With frequent downloads from ip - we throw him a captcha. Let it pass. If you want, you can put a captcha on each download. It will hurt the users, so what to do.
Finally. It is impossible to completely protect against spam downloads.
IP blocking? Proxy.
Country blocking? Proxies from target countries.
Complicated key generation? Reverse engineering.
Captcha? Antigate.
All in all - it will spoil the fans to spoil the server as much as possible. The point here is not to completely protect the application, but to make it as inconvenient as possible for pests to spam on the server.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question