/    Sign up×
Community /Pin to ProfileBookmark

Verification logo

Copy linkTweet thisAlerts:
Nov 11.2015

I would like to place a verification logo / stamp on a few of our affiliate websites so that visitors can see that the site is verified. My concern is that if I place a standard jpeg, it could easily be copied by other website owners and used and their site’s.

I thought of two options thus far but still isnt 100% foolproof

[LIST=1]

  • The image is linked to a page on our site where there is a list of verified sites.


    • [/LIST]
    [LIST=1]

  • When the image is clicked the visitor is taken to our page. Our page checks who the referer was and based on that it either displays “verified” or “not verified”.


    • [/LIST]

    Is there any other more secure way of doing this so that the verification stamp doesn’t get hijacked?

    to post a comment
    Full-stack Developer

    6 Comments(s)

    Copy linkTweet thisAlerts:
    @Kevin2Nov 11.2015 — First things first: Anything you have on a page is "stealable". There is no foolproof way of securing an image or other content. If someone wants it bad enough they'll find a way to get it. That out of the way, you can make it more difficult to get. One method is to use your image as a CSS background image for the link:
    [code=html]<a href="verify.htm" class="verify"></a>[/code]
    CSS
    .verify {
    background-image: url('/images/verify.jpg');
    width: 90px;
    height: 90px;
    display: inline-block;
    }

    Now, even that nowhere close to foolproof. All it does is keep that image from getting right-clicked on or selected with a mouse. If someone doesn't want to look through your CSS and find the path to the image all they really need to do is [B]ALT+PRTSC[/B], paste into an image editor, crop out all but the image, save, done. Yeah, it's that easy.
    Copy linkTweet thisAlerts:
    @NogDogNov 11.2015 — ...all they really need to do is [B]ALT+PRTSC[/B], paste into an image editor, crop out all but the image, save, done. Yeah, it's that easy.[/QUOTE]

    What he said. ?
    Copy linkTweet thisAlerts:
    @solantisauthorNov 11.2015 — Hence my question guys.. What other ideas or technology is available to have something more secure? Or at least Semi secure?
    Copy linkTweet thisAlerts:
    @Kevin2Nov 12.2015 — Well, I thought my previous post was pretty clear. Apparently not.

    You CANNOT code against someone who does the Print Screen routine shown above. You just can't. Get over it and move on.

    There are ways of keeping other sites from "hotlinking" the image using .htaccess but that's a different (and searchable) subject. And it doesn't prevent outright theft of the image.

    If it's so important to you to not have that image used by someone else don't publish it. That's the ONLY way it won't be "stolen" if someone really wants it. On the other hand, not having it on your website may impact how users interact. Your choice. Which is more important?
    Copy linkTweet thisAlerts:
    @jedaisoulNov 12.2015 — Further to the above comments...

    Your first query concerned protecting the image itself, and as has been said, that simply cannot be done. To display an image a browser has to download it. Anything downloaded can be copied/saved/reused (quite apart from the screen print alternative already mentioned).

    Your second query concerned creating a verification link. It is possible to include such a link in YOUR site(s) that does such verification, but, equally, someone could put code in THEIR site to imitate the verification process!!!
    Copy linkTweet thisAlerts:
    @NogDogNov 12.2015 — You could have a link to a verification page on your site that would look at the HTTP_REFERER request header and see if it's from a valid domain. The 2 problems with that would be that it might fail for users accessing the web via a proxy, and a malicious user could point it to their own validation page designed to look just like yours. (An astute, in-the-know user might recognize that it's the wrong domain, but most probably would not.)

    The only thing I can think of right now that makes much sense would be that it link to a page that lists valid referer domains, and maybe output what it "thinks" is the referring domain based on the HTTP_REFERER header, and let the user figure it out themself -- though you still have the issue of someone linking to a counterfeit page (should there actually be some reason it's worthwhile for them to bother?).
    ×

    Success!

    Help @solantis spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 5.15,
    whats_new: community page,
    up_next: more Davinci•003 tasks,
    coming_soon: events calendar,
    social: @webDeveloperHQ
    });

    legal: ({
    terms: of use,
    privacy: policy
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: @AriseFacilitySolutions09,
    tipped: article
    amount: 1000 SATS,

    tipper: @Yussuf4331,
    tipped: article
    amount: 1000 SATS,

    tipper: @darkwebsites540,
    tipped: article
    amount: 10 SATS,
    )...