How to prevent Automated download software
 

I have a web site to support listening music only. But there are some download softwares like Download Accelerator they can integrate to the browser (Internet Explorer) to get the link from web page content and enable users download files.

I did encrypt HTML code but could not.

Do you know how to prevent them by script (Javascript or any)?

Can I use Javascript to check Windows Registry to stop user if find any download program in there? If so how to do?

Thank you,

No, javascript cannot access the Windows Registry. And what if they're not using Windows? :)

If you've placed a file out there for download, they can get it. You could limit the number of requests/hour for a single IP, but that's about it.

If you let users download the music to their players, they can also redirect it to a file. The way some people try to get around this is by encrypting the payload and having special players that can decrypt it so that in theory, the payload is only useful to the application that can play it (and this app has no save function). In practice, because you are giving control of the decrypting software to someone else (so they can play the music), it only becomes a matter of time before someone reverse engineers the decoder.

I am using ActiveX of Windows Media Player on the web and disable users look at web content to get URL. But the Automated download software has broken up everything.

You have a good idea about having a own Player like Yahoo!music.

Do you know where to get a player script (Perl or Javascript) that can play WMA or MP3 files?

How do you "disable users look at web content"? Do you mean, disable viewing of source? I would hope you are aware that it is impossible to prevent people from viewing the source. Also, do NOT use ActiveX. Any sane windows user will have it disabled (I do on my windows box - if they want me to use ActiveX, I don't want their site) not to mention that mac and linux users are completely out of luck.

I put the player on a pop-up window with no status, menu, resizeable, address bar.e.t.c. I disabled users using keyboard and right mouse button. It is working now an I dont think people can break it easily, anyway, don't count some high-level Javascript guys :)

I think of another solution for my case is I will prevent music download from Apache configure (httpd.conf). Following this way, people would not be able to download via the web link like http://mysite/music/file.mp3

The set is (copied from http://www.serverwatch.com):

SetEnvIfNoCase Referer "^http://mysite/cgi-bin/" local_ref=1

<FilesMatch ".(mp3|wma)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>


With the set above, users should never download mp3 file from my local folder if they know the music file URL. They have to be under my Perl script and I would have a change to control their accesses.

Any idea?

Well, that's one option. All you can do is make it harder for people. Are you sure Download Accelerators don't send the referer header? I know I could certainly fake one. :) (i.e., netcat)

The best way has been found
 

keep secret..