XF 2.2 Avatar Scraping Prevention?

squirrel

New member
Hi,

is there a good solution to prevent someone from scraping user avatars? The avatar file names are sequential but is it possible to use random file names without serious drawbacks or hacking?

I'm going to create a lot of avatar images for users to choose from. It will take several days to create them. I wouldn't want someone to just steal all the avatars from my forum.
 

Lukas W.

Well-known member
I know, but it would be a lot more difficult to copy thousands of images if avatars had random file names.
Marginally, if any. But yeah, you can adjust the \XF\Entity\User entity to change the getAbstractedCustomAvatarPath() function to change your naming scheme. You can either use a static hash method there that's calculated on a non-changing aspect of the user object (e.g. their user ID), or you can add a new field to the entity to store a dynamically generated random value. It won't update any existing avatars, so you'll either have to do that manually or add an edge case handling in your code for that, and if you're using an importer from another forum software, you'll probably have to adjust it too.
 

squirrel

New member
Marginally, if any. But yeah, you can adjust the \XF\Entity\User entity to change the getAbstractedCustomAvatarPath() function to change your naming scheme. You can either use a static hash method there that's calculated on a non-changing aspect of the user object (e.g. their user ID), or you can add a new field to the entity to store a dynamically generated random value. It won't update any existing avatars, so you'll either have to do that manually or add an edge case handling in your code for that, and if you're using an importer from another forum software, you'll probably have to adjust it too.
Thank you!

How would somebody scrape avatars if those had random file names? Of course if one uses a scraping software it is possible to browse every thread automatically and download avatars but not every user even writes in the forums so their avatar isn't available for scraping.

When avatars have sequential file names they can be all downloaded with one simple command or browser extension regardless whether user has even posted anything.
 

Lukas W.

Well-known member
How would somebody scrape avatars if those had random file names? Of course if one uses a scraping software it is possible to browse every thread automatically and download avatars but not every user even writes in the forums so their avatar isn't available for scraping.
Sequentially progressing over the member list, or user profiles which are accessible in an incremental manner to name two possibilities of many.
 
Top