Tips on protecting eGoods
 

Is there anybody who has tips on the best way to protect your eGoods? Or do you believe the standard X-Cart setup for eGoods is good enough?

Re: Tips on protecting eGoods
 

There's nothing in the egood module that prevents people from posting a link on websites, message forums, etc. for download before the link expires. When I sold egoods (audio) I liked to watch my file not found errors and see who was distributing, usually a warning smartened them up and if not I banned them from the store. You could have some checking custom coded into the module to limit the number of downloads before they have to contact you for a new link.

Re: Tips on protecting eGoods
 

Thanks Jon,
Valuable information, do you have suggestions on where and how to store the eGoodies best protected?

Re: Tips on protecting eGoods
 

If you have a dedicated server you can store the files below your root directory and then they are completely unaccessible except by a download link. Otherwise store them in a folder with an .htaccess file that blocks access to them.

By doing this you will prevent direct access and then you just need to focus on protecting your download links from misuse.

Re: Tips on protecting eGoods
 

Jon has given you a lot of good suggestions. I have a module that implements these extra security measures for egoods:

Limit to a single IP
Limit to the same IP that made the original purchase
Limit the number of download attempts (clicks).

Also, it tracks the IP of all attempted downloads, and let you have a real-time view of all of the egoods download activity on your site. It also has the ability to disable a download link if you believe that the download link is being used for unauthorized downloads.

You can check it out here:

http://www.alteredcart.com/Download-Expander-p-1.html

Re: Tips on protecting eGoods
 

Thanks Jon, I figure I could store them below my store directory but can I then still access them through X-Cart? i.e. will it be able to see that?

Re: Tips on protecting eGoods
 

Hi Bill,
Thanks but no thanks ... I already use all of your excellent mods :)
I just want to be extra sure that I have taken all possible precautions.
Warwick (a.k.a. Pieter, remember? ;) )

Re: Tips on protecting eGoods
 

:oops: Forum names...I never know who anyone is.

Re: Tips on protecting eGoods
 

No Problem Bill, another chance to get your wonderful mods promoted :lol:

Re: Tips on protecting eGoods
 

Jon, can you explain a bit further? I don't have a dedicated server but do have cpanel access so I can get 'above' public_html. Is this what you mean? And if so how do I make it possible for X-Cart to access there? Thanks.

Re: Tips on protecting eGoods
 

Yes I mean "above" public_html. So if your path was:
/home/httpd/domain.com/public_html/

You would store the files in:
/home/httpd/domain.com/files/

You'd have to set permissions, change the listed file locations in x-cart, and maybe a few other server configurations for access, but I couldn't say for sure without trying it on your server and making changes until it works.

Re: Tips on protecting eGoods
 

:eek:

I see what you mean, I just don't understand it ... :)

... a bit too technical for me and do you think it is worth the trouble? Do you or somebody else have any experience with this i.e has implemented this to protect egoods?

Re: Tips on protecting eGoods
 

It is the ideal method but just putting them in a folder above public_html i.e. /home/httpd/domain.com/public_html/store/files/ will work if you have an .htaccess file in it denying access to the files. It's just a bit less secure because the .htaccess could get overwritten or deleted, etc., opening up the files.

Re: Tips on protecting eGoods
 

At this moment when you try to acces my 'http://www.mydomain.com/store/files' it's asking to login to my cpanel which -after me loggin in succesfully- results in a 403 forbidden page error ... secure enough?

Re: Tips on protecting eGoods
 

^ Yep.

Re: Tips on protecting eGoods
 

Thanks for the help Jon :)

Re: Tips on protecting eGoods
 

The reason you want your files under the hood: in case someone or something breaks your htaccess, you still have one line of defense, as it is impossible to get to the goods without a serious breach of server security.

I had a store selling digital goods many years ago (no longer in that business) and we shut down for 3 reasons:

1. our goods were posted to warez sites almost immediately;
2. our site was used by criminals to test credit card numbers -- they never downloaded product... they were simply trying to validate their stolen credit card numbers, then went on to steal from others... the FBI told me this was quite common -- that digital goods stores were used for this;
3. chasing the bad guys became our primary focus, not developing new content

So I shut it down. I licensed the content to another company, and now it's their problem.

Yes, there are better technologies in place today, but short of copy-protecting your goods (serial numbers, dongle, install codes), the server level protections are worthless, if you ask me.

Your products (if popular) will be kracked and uploaded somewhere if not protected.

The idea of restircitng IPs is good. Tracking downloads, etc... all good... BUT if the content is unlocked, you're open to exploitation from the bad guys.

Yeah, I'm angry that these crooks forced me out of business.....

Had I copy protected the content, I'd have had half a chance, as my traffic was substantial. But chargebacks, theft and fraud consumed me and my guys.

Yes, I blocked entire countries and range of IPs. But these crooks would get around that. They had CVV2 codes, exact billing name/address, etc...

Copy-protect your content!!!!!! Don't rely on servers or IP addresses... the honest customer will understand.

PS -- the alternative to copy protection is to NOT provide instant access to the egoods. Don't enable auto-capture... spend time and money manually verifying each transaction... then your anti-fraud processes will work. Unfortunately, if your product costs $15, you can't do that and stay in business.

Re: Tips on protecting eGoods
 

Great feedback carpeperdiem, very useful! I've send you a PM

Re: Tips on protecting eGoods
 

Because serials, dongles, and install codes have never been cracked?