Old 24th May 2006, 10:01   #1
adrenalinic
Junior Member
 
Join Date: Mar 2006
Posts: 12
hidden/protect shoutcast web status page

Hi.
How can hidden or protect shoutcast status page to listeners??
at http://111.111.111.111:8000 ?

Thanks.
Josef
adrenalinic is offline   Reply With Quote
Old 24th May 2006, 10:08   #2
Evil Lu
Forum Maitresse
 
Evil Lu's Avatar
 
Join Date: Mar 2005
Location: I'm hiding under your bed
Posts: 2,974
You can't really and anyhow why would you? They're hardly going to do anything to it.
Evil Lu is offline   Reply With Quote
Old 24th May 2006, 12:13   #3
Nick@ss
Moderator
 
Nick@ss's Avatar
 
Join Date: Nov 2004
Location: Streamsolutions Headquarters
Posts: 11,953
This cannot be done with shoutcast but it can be done with icecast.

support to do this can be found in the icecast forums.
Nick@ss is offline   Reply With Quote
Old 24th May 2006, 12:14   #4
hackerdork
Forum King
 
hackerdork's Avatar
 
Join Date: Feb 2006
Location: Earth Circa sometime.
Posts: 3,297
ya you cant, because to listen to your stream in winamp, you simple open URL and type in 111.111.111.111:8000 , without it nothing... The DNAS is what is providing the webpage
If you blocked http to 111.111.111.111 your stream would break..

~ D

~ According to the ship's log we're down to our last 3000 vomit bags.It'll never be enough.
search the forums! don't PM me on how-to, or ask me to setup you system. you do it so you learn.
hackerdork is offline   Reply With Quote
Old 24th May 2006, 17:29   #5
SorceryKid
Senior Member
 
Join Date: Nov 2000
Posts: 294
This is kind of a long shot, but it may be possible to operate an HTTP proxy server on the same box.

Have it bind to both a public port on the NIC and the private port with the SHOUTcast server on localhost such that it can filter incoming and outgoing HTTP sessions accordingly. For example, if a Web browser (identified by user-agent of Mozilla/X.X) submitted a 'GET' request for the root Web directory), then it would be forbidden before it even reached the SHOUTcast server. This would likewise be a possible method you could use to password protect the SHOUTcast server from unauthorized listeners.

Again, this just a hypothetical setup. I've never tried it. And I would be interested to see if it could be accomplished.

Good luck,

--Randall

Executive Director, SWCI
www.smallwebcaster.org // Redefining Music Royalties for Small Webcasters

Legal Disclaimer: The information hereinbefore is not intended to constitute legal advice or consultation nor does it form a legally binding contract.
SorceryKid is offline   Reply With Quote
Old 24th May 2006, 22:18   #6
djrm.net
Registered User
 
Join Date: Mar 2004
Location: GLASGOW
Posts: 18
Send a message via ICQ to djrm.net Send a message via AIM to djrm.net
Quote:
Originally posted by SorceryKid
This is kind of a long shot, but it may be possible to operate an HTTP proxy server on the same box.

Have it bind to both a public port on the NIC and the private port with the SHOUTcast server on localhost such that it can filter incoming and outgoing HTTP sessions accordingly. For example, if a Web browser (identified by user-agent of Mozilla/X.X) submitted a 'GET' request for the root Web directory), then it would be forbidden before it even reached the SHOUTcast server. This would likewise be a possible method you could use to password protect the SHOUTcast server from unauthorized listeners.

Again, this just a hypothetical setup. I've never tried it. And I would be interested to see if it could be accomplished.

Good luck,

--Randall
we have this kind of setup... kind of.
Our servers are behind a proxy (and caching) server so requests are cached... usually find mega delays on our status pages but its ideal if there are many requests... our stream isnt affected (afaik)

theres another thing i would like to-do and that is block GET requests to all the pages (if the user-agent is Mozilla for example) as i have no need for users to be snooping around. i am currently working on this and i think it may be possible (and ideal)... but would shoutcast allow this?

if have found a few requests for /7.html (html stats) which is pretty annoying... these Ips have been blocked now.
djrm.net is offline   Reply With Quote
Old 24th May 2006, 23:17   #7
SorceryKid
Senior Member
 
Join Date: Nov 2000
Posts: 294
As was written:
> i am currently working on this and i think it may be
> possible (and ideal)... but would shoutcast allow this?

If you mean legally, I'm pretty sure that so long as you aren't falsifying your YP stats, then you should be fine. Of course, if you aren't listed in the directory (your server isn't set to public), then you can do whatever you want that doesn't violate with the license terms.

Once a "proxy wrapper" setup like this is accomplished, I know it would be helpful to a lot of people esp. if it is customized just for SHOUTcast with several much needed administrative controls like challenge-response listener authentication, cookie- and URL-based session management, and comprehensive access protection.

I've been waiting patiently for these very features since 2000. And yeah, if somebody is snooping /7.html behind your back, that can get pretty annoying.

--Randall
SorceryKid is offline   Reply With Quote
Old 20th June 2006, 16:28   #8
Jay
Moderator Alumni
 
Jay's Avatar
 
Join Date: May 2000
Location: Next Door
Posts: 8,942
Be advised that your listing on shoutcast.com could be in jeopordy if you do this. If your stats don't look kosher and during varification we are blocked from your stats page your listing could be banned. Just a friendly warning.
Jay is offline   Reply With Quote
Old 20th June 2006, 20:17   #9
hackerdork
Forum King
 
hackerdork's Avatar
 
Join Date: Feb 2006
Location: Earth Circa sometime.
Posts: 3,297
7.html is the public stats. hell the stream is on port 8000 which is where the admin stuff is also generated. so trying to block access to status page could fubar your stream as well.

leave well enough alone so you are not banned becasue you are hacking up the icy communication that yp.shoutcast.com uses to check your stream, which gets 7.html in the first place!

~ D

~ According to the ship's log we're down to our last 3000 vomit bags.It'll never be enough.
search the forums! don't PM me on how-to, or ask me to setup you system. you do it so you learn.

Last edited by hackerdork; 20th June 2006 at 20:43.
hackerdork is offline   Reply With Quote
Old 20th June 2006, 20:31   #10
djrm.net
Registered User
 
Join Date: Mar 2004
Location: GLASGOW
Posts: 18
Send a message via ICQ to djrm.net Send a message via AIM to djrm.net
Quote:
7.html is the last XX songs played.
no it aint. its a simple html version of public stats. ideal for importing into csv.

Quote:
so trying to block access to status page could fubar your stream as well.
i agree. not worth the effort tbh.

Quote:
that yp.shoutcast.com uses to check your stream, which gets 7.html in the first place!
yp.shoutcast.com doesnt use 7.html afaik.


Kind Regards,
Rico.
djrm.net is offline   Reply With Quote
Old 20th June 2006, 20:43   #11
hackerdork
Forum King
 
hackerdork's Avatar
 
Join Date: Feb 2006
Location: Earth Circa sometime.
Posts: 3,297
close enough.. mangle the html and like KXRM said you could get banned from being listed.

not worth the time nor headaches

~ According to the ship's log we're down to our last 3000 vomit bags.It'll never be enough.
search the forums! don't PM me on how-to, or ask me to setup you system. you do it so you learn.
hackerdork is offline   Reply With Quote
Old 20th June 2006, 20:57   #12
djSpinnerCee
Forum King
 
djSpinnerCee's Avatar
 
Join Date: Aug 2004
Location: Hollis, Queens/The Bronx, NYC
Posts: 3,549
I would guess that if one were to want to "hide" the DNAS status display, they probably wouldn't care too much about being [YP] banned either because their objective is to be more private, instead of more public.

* Recently, I've been getting a ton of hits by proxy testing scripts (ie: [http:89.52.18.231] REQ:"http://metagen.ath.cx/anon.php" (Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))) -- they're making requests to remote sites to see if the DNAS is capable of proxying requests -- to be honest I don't know what kind of response is returned, but the log does not show an error (ie: invalid resource request), so it may be a concern, especially in a high volume environment.
djSpinnerCee is offline   Reply With Quote
Old 20th June 2006, 21:19   #13
djrm.net
Registered User
 
Join Date: Mar 2004
Location: GLASGOW
Posts: 18
Send a message via ICQ to djrm.net Send a message via AIM to djrm.net
Quote:
Originally posted by djSpinnerCee
I would guess that if one were to want to "hide" the DNAS status display, they probably wouldn't care too much about being [YP] banned either because their objective is to be more private, instead of more public.

* Recently, I've been getting a ton of hits by proxy testing scripts (ie: [http:89.52.18.231] REQ:"http://metagen.ath.cx/anon.php" (Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))) -- they're making requests to remote sites to see if the DNAS is capable of proxying requests -- to be honest I don't know what kind of response is returned, but the log does not show an error (ie: invalid resource request), so it may be a concern, especially in a high volume environment.
nothing to worry about tbh... i get tons of requests too, the only thing that bugs me is the "legit" requests for 7.html... i dont know who would be request these and why.


runing some sniffers on my work network (10 public ips) shows some mad stuff... the amount of junk requests/traffic is unbelievable, but not of concern


Kind Regards,
Rico.
djrm.net is offline   Reply With Quote
Old 20th June 2006, 22:05   #14
djSpinnerCee
Forum King
 
djSpinnerCee's Avatar
 
Join Date: Aug 2004
Location: Hollis, Queens/The Bronx, NYC
Posts: 3,549
I have a feeling that bots and crawlers are getting better (more persistent) -- I get many hits on my /listen.pls from the MSNbot whereas the googlebot and yahoo slurp realize they should not read it and leave it alone after the first read.

Hits for /7.html indicate that the DNAS station page is being crawled by a bot of some kind (that maybe knows it's a DNAS?) for links, or a link exists for it somewhere -- probably nothing to worry about, but the question will remain as to where the link to the station page that starts it all came from? Many bots are stupid (compared to a human, browser or media player) and ignore content-types, many don't have mozilla as part of their user-agent, and some may just be "caught up" by accident after finding the YP-generated listen link in the SHOUTcast directory and are finding the station page by accident because they do have mozilla in their user-agent.

I have linked to my station page, both here and other places, so I kind of know where it comes from, hits on /llamacookie is another indication of a blind crawler because the link is not obvious.
djSpinnerCee is offline   Reply With Quote
Old 21st June 2006, 01:11   #15
SorceryKid
Senior Member
 
Join Date: Nov 2000
Posts: 294
I suspect that most anybody that tries to block access to the server stats interfaces doesn't want to be listed in the YP in the first place. When it comes to my server, I certainly feel that technical details like listener count and TTSL are nobody's business but my own.

--Randall

Executive Director, SWCI
www.smallwebcaster.org // Redefining Music Royalties for Small Webcasters

Legal Disclaimer: The information hereinbefore is not intended to constitute legal advice or consultation nor does it form a legally binding contract.
SorceryKid is offline   Reply With Quote
Old 21st June 2006, 15:44   #16
CraigF
Passionately Apathetic
Administrator
 
CraigF's Avatar
 
Join Date: May 2000
Location: Hell
Posts: 5,435
pray tell, what details on the status page are so important that they must not be public?

CraigF is offline   Reply With Quote
Old 21st June 2006, 15:58   #17
Nick@ss
Moderator
 
Nick@ss's Avatar
 
Join Date: Nov 2004
Location: Streamsolutions Headquarters
Posts: 11,953
listener stats... so djs dont get demotivated as only their 2 friends are listening and also competing stations dont get to see what there rival station has got

we get lots of requests to hide the stats but just switch them to icecast if they want it
Nick@ss is offline   Reply With Quote
Old 21st June 2006, 16:39   #18
djSpinnerCee
Forum King
 
djSpinnerCee's Avatar
 
Join Date: Aug 2004
Location: Hollis, Queens/The Bronx, NYC
Posts: 3,549
I think the debate about what should be on the public (sans authentication) status for the DNAS is probably moot -- the station page is not for a casual passer by, and it is not linked to by the YP -- the YP uses listener counts to "Rank" stations (it's the primary key), and many broadcasters totally depend on the YP so you can't have one without the other.

The other issue involves getting the simple stats by the station admin (they are useful and important to them in real time) -- the (standard HTTP) authentication lends itself to exposing the password (it is passed in plain text, no secure sockets), so authentication should not be necessary to get simple stuff like the listener count and current track info.

The real issue should be what "else" you need -- clearly, just a DNAS (and its built-in interface) is not a webradiostation in a box, and it shouldn't be thought of as one -- a website is necessary to put the DNAS server in context, and to hide it -- it's actually inappropriate to link to the DNAS station page even if you have no other site because once it gets linked to and found by search engines, you're pretty much done for because then it will really be public (the DNAS has no /robots.txt to tell bots "no"). People who are smart enough to find it on their own certainly know what they'll find there, so there's no use in complaining about it -- you can only hide so much.

SHOUTcast is self-promoting (via the YP) and suitable for the beginner and the expert -- it's not designed for many of it's uses that include taking money from broadcasters (as in hosting) for its use or from listeners, so if it does not do those things well, it shouldn't be considered a problem with SHOUTcast -- it's just its nature -- the ability to add packages like a proxy or other front-ends to disguise the DNAS probably indicate that other solutions are probably called for -- remember, the DNAS is still just a caching HTTP server under the skin that is designed to give (relay) one file -- the source stream -- everything else is candy.
djSpinnerCee is offline   Reply With Quote
Old 15th January 2010, 04:24   #19
BornKillaz
Senior Member
 
BornKillaz's Avatar
 
Join Date: Jan 2010
Location: My Place
Posts: 109
I'm also looking for an answer to this.

It's unbelievable that ShoutCast does not provide an option to block access to this page.

<?php echo str_rot13("FUBHGpnfg QANF Ehyrf!"); ?>
BornKillaz is offline   Reply With Quote
Old 15th January 2010, 04:40   #20
NJK
FRYSK BLOED TSJOCH OP- FRISIAN
 
NJK's Avatar
 
Join Date: Sep 2003
Location: a real Frisian hometown
Posts: 15,534
why dig out a thread that has been dead for years
and the answer is already given by Nick

just switch to icecast that has this option.

Each Thursday a new show on Celtica Radio with Darkwave music.

WINAMPSHOUTCAST
NJK is offline   Reply With Quote
Old 15th January 2010, 05:58   #21
Nick@ss
Moderator
 
Nick@ss's Avatar
 
Join Date: Nov 2004
Location: Streamsolutions Headquarters
Posts: 11,953
Quote:
Originally posted by Jay
Be advised that your listing on shoutcast.com could be in jeopordy if you do this. If your stats don't look kosher and during varification we are blocked from your stats page your listing could be banned. Just a friendly warning.
i think this one is enough of a reason not to do it.
Nick@ss is offline   Reply With Quote
Old 15th January 2010, 07:25   #22
BornKillaz
Senior Member
 
BornKillaz's Avatar
 
Join Date: Jan 2010
Location: My Place
Posts: 109
Quote:
Originally posted by Nick@ss
i think this one is enough of a reason not to do it.
It sure is.
BornKillaz is offline   Reply With Quote
Old 16th November 2010, 09:56   #23
equate2010
Junior Member
 
Join Date: Nov 2010
Posts: 2
concealed element Listener Peak: to: xD

see how it is possible
http://72.20.7.120:8000/

others that also hesitate to leak it, such as fm radio stations ...
equate2010 is offline   Reply With Quote
Old 16th November 2010, 15:53   #24
Jkey
Forum King
 
Join Date: Jul 2004
Location: E*arth
Posts: 3,031
As long as your station remains private you will be fine.
If you decide to list however, with an altered dnas you will be banned from the yp!


/Warning done
Oh and http://72.20.7.120:8000/7.html to check listeners

So Long, and Thanks for All the Fish.
Jkey is offline   Reply With Quote
Old 16th November 2010, 16:30   #25
equate2010
Junior Member
 
Join Date: Nov 2010
Posts: 2
Quote:
Originally Posted by Jkey View Post
As long as your station remains private you will be fine.
If you decide to list however, with an altered dnas you will be banned from the yp!


/Warning done
Oh and http://72.20.7.120:8000/7.html to check listeners
Thank you.
which I will file to change the "Listener Peak"?
equate2010 is offline   Reply With Quote
Old 17th November 2010, 14:05   #26
Jkey
Forum King
 
Join Date: Jul 2004
Location: E*arth
Posts: 3,031
I can not tell you this because you are breaking the shoutcast terms of service.

So Long, and Thanks for All the Fish.
Jkey is offline   Reply With Quote
Old 17th November 2010, 16:03   #27
BornKillaz
Senior Member
 
BornKillaz's Avatar
 
Join Date: Jan 2010
Location: My Place
Posts: 109
Quote:
Originally Posted by Jkey View Post
I can not tell you this because you are breaking the shoutcast terms of service.
I believe he doesn't really care about it, so, it's OK!

<?php echo str_rot13("FUBHGpnfg QANF Ehyrf!"); ?>
BornKillaz is offline   Reply With Quote
Old 17th November 2010, 17:17   #28
Jkey
Forum King
 
Join Date: Jul 2004
Location: E*arth
Posts: 3,031
It shows either a lack of brain power or huge balls to turn up and wave around a hacked
sc binary on the official sc forums.

I will leave this thread to mods,it is their jurisdiction,and therefore none of my concern.

So Long, and Thanks for All the Fish.
Jkey is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Shoutcast > Shoutcast Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump