Advanced Stream Redirector

The Advanced Stream Redirector (ASX) format is used to store playlist of Windows Media files for a multimedia presentation using HTTP, RTSP and MMS streaming protocols.

ASF (Advanced Streaming Format) is a streaming media format developed by Microsoft. ASF files contain video, audio, slide shows and synchronized events for WMV files.

* The ASF file is media file, containing video, audio, etc.
* The ASX file is a metafile contains data about another file.

<asx version="3.0">
  <title>Video Live Stream</title>
    <title>SVNLabs Main Stream</title>
    <ref href="" />
    <param name="aParameterName" value="aParameterValue" />
    <title>SVNLabs Radio</title>
    <ref href="" />


PHP Advanced Stream Redirector


header("Content-Type: video/x-ms-asf;"); 

$title = isset($_REQUEST['title'])?$_REQUEST['title']:"";
$author = isset($_REQUEST['author'])?$_REQUEST['author']:"";
$file = isset($_REQUEST['file'])?$_REQUEST['file']:"";

echo "<asx version=\"3.0\">";
  echo "<title>".$title."</title>";
  echo "<entry>";
    echo "<title>".$title."</title>";
    echo "<author>".$author."</author>";
    echo "<ref href=\"".$file."\"/>";
  echo "</entry>";
echo "</asx>";



Video Overlay Ads

We can use overlay code to map video/image using DIV elements on main element.


Maturity is not when we start speaking BIG things But..Actually it is, When we start understanding small things.

Remote Secure Token

Remote Secure Token

Wowza Token
We already compiled FlowPlayer & JWPlayer for remote secure token in flex / flash files 😉 (hotlink protection)

Local Media Files
We already protected local files using .htaccess file media hiding logic 😉 (hotlink protection)

External Media Files
File can be protected both on server side and client side….

Server side: Media files can be protected from media server like wowza using security token addons

Client Side: Usually video/media files played using flash / flex based players so … if media links are hidden inside flash and also flash player files are protected from theft 😉

HTTP files like can be protected from hack using temporary PHP file that will be responsible for carrying external media file / link to flash player in encrypted version and temporary file will be using expired token as parameter or domain restriction. (Plain)
(top encrypted link can be passed to media player)

RTMP files ( rtmp:// ) are more secure inside flash player action scripts.

The fool proof security always inside Flash Players but I am still searching for iOS media security 🙁

Compile or build flowplayer or jwplayer to create secure token for wowza server

I think you already read our last article for wowza mediasecurity addon package

There are 2 methods to put secure token for video players like flowplayer or jwplayer…

1. Token inside javascript code (shared secret)
2. Token inside flowplayer or jwplayer source code (compile the token inside the plugin)

The shared secret known by the server and the client only. If you really want to keep this secret you need to follow 2nd option 😉

We need to install following software in order to work on Flowplayer Flash plugins:

Flex SDK

Java Development Kit (JDK) & Apache Ant

Flow Player

You can find all steps to compile Flow Player with secure plugin here


# you need to adjust following to point to your Flex SDK

# change following to point to .exe files when running on Windows
mxmlc_bin= D:/flex_sdk/bin/mxmlc.exe
compc_bin= D:/flex_sdk/bin/compc.exe
asdoc_bin= D:/flex_sdk/bin/asdoc.exe



Modify Secure Token here… flowplayer.securestreaming/src/actionscript/org/flowplayer/securestreaming/

private var _token:String = “#hv%h0#s@1”; // token that used for wowza server security 😉

Building the player
CD (change directory) to the flowplayer.core and execute ant at the command prompt:

> ant

If you see “BUILD SUCCESSFUL”, the build was successful and you have a working player located at flowplayer.core/build/flowplayer.swf.

Get more help here…

JW Player

You can find all steps to compile JW Player with secure token here

So, now the question is how to protect SWF (with token) files from hotlink, theft, download and Leech

Contact us to add SecureToken protection to JWPlayer and FlowPlayer for Wowza, Red5, FMS media files.

Email: svnlabs[at]
Mobile: +919928673578
Skype: svnlabs
MSN: svnlabs[at]

PHP Cloud

Introduction to the Zend Developer Cloud

PHPCloud help to Develop, Deploy and Manage PHP Applications in to Any Cloud (Amazon, Rackspace, RightScale, IBM SmartCloud) using Zend Application Fabric.



Skype4COM is an ActiveX component that represents the Skype API as objects, properties, commands, events and notifications. Skype4COM is used in ActiveX, Visual Studio, Delphi, PHP or JavaScript.

Download Skype4COM

You might read article on How can we use PHP to access shared library functions?

Useful Links:

Void.Bot is a proof of concept of a Skype bot that sits in Skype Group chats and does useful stuff.

PHP Skype API wrapper class is a PHP class library to access Skype (on Linux) via its API. With PHP DBus, this class library provides easy-to-use interfaces to manipulate Skype on Linux.

// Create a Skype4COM object:
$skype = new COM("Skype4COM.Skype");

// Create a sink object:
$sink =& new _ISkypeEvents ();
$sink->convert = $skype->convert();

// Connect to the sink:
com_event_sink($skype, $sink, "_ISkypeEvents");

// Create a conversion object:
$convert = $skype->convert;
$convert->language = "en";

// Start the Skype client, minimized and with no splash screen:
if (!$skype->client()->isRunning()) {
  $skype->client()->start(true, true);

Skype Tracer is a Windows (.exe) console-based application that lets you issue text-based Skype Desktop API commands to a running Skype client.

COM is an acronym for Component Object Model; it is an object orientated layer defines a common calling convention that enables to call and interoperate with code written in any other language. Not only can the code be written in any language, but it need not even be part of the same executable; the code can be loaded from a DLL, be found in another process running on the same machine.

Skype Developer Forum

Rackspace Cloud Load Balancers vs. Amazon Elastic Load Balancing

Rackspace Cloud Load Balancers Amazon Elastic Load Balancing
Support Chat/phone/ticket support available 24x7x365 To receive 24x7x365 support for Amazon EC2, you pay the greater of $400 per month.
Dedicated Public IP Address A dedicated IP address allows for use as a root record for a zone. When you create an ELB instance, you get a public DNS name; however, it’s not very user friendly and you will want to create a CNAME record in DNS to redirect to your URL.
Access Control List (ACL) Rackspace cloud load balancer has an ACL-based security model. Access control list feature is not available.
Connection Logging Logs are sorted, aggregated, and delivered hourly to Cloud Files™, which is perfect for users who need to perform tuning, inspection, or analysis. Connection logging feature is not available.
Connection Throttling Rackspace cloud load balancers have a connection throttling feature which imposes limits on the number of connections per IP address. Connection throttling feature is not available.
Selectable Algorithms Customize the behavior of your cloud load balancer with selectable algorithms, including: random, round robin, weighted round robin, least connections, and weighted least connections. ELB utilizes only a non-configurable round robin load balancing algorithm.
Advanced HTTP Health Monitoring Rackspace Cloud Load Balancers can use synthetic transaction monitoring to inspect an HTTP response code and body content to ensure the application or site is healthy. While HTTP and TCP-based health monitors are available, ELB does not permit users to define an acceptable status code or body regular expression to match against.
Shared IPs Shared IPs facilitates easier management and better IP utilization of load balancer configuration. ELB does not permit users to share a single IP address across multiple load balancers, but does allow for a single load balancer to support multiple port configurations.
Internal Virtual IPs Internal virtual IPs feature allows you to load balance internal services, without being penalized with external bandwidth charges. All ELBs are configured as public virtual IPs. An internal virtual IP option is not available.
SSL Termination Does not support SSL termination at the load balancer. Supports SSL termination at the load balancer.



Secure Token Plugin with PHP

You might read our old article on how-to-prevent-downloading-and-leeching-media-files

You can review below code to secure your media files to be downloaded other then media players 😉

Creating a Secure Token SWF for JW Player

Secure Token have time limit after that token expire to get media files.

var timestamp = +new Date();

flowplayer("player", "", {
plugins: {
    secure: {
        url: 'player/flowplayer.securestreaming-3.2.3.swf',

        timestamp: timestamp,

        token: '69964920064c0a7626e6c97997070fcd'

clip: {
    autoPlay: false,
    autoBuffering: true,
    duration: 30,
    urlResolvers: 'secure',
    baseUrl: ''
// Get the file from the server
function get_file(){
header('Content-Description: File Transfer');
header('Content-type: video/mp4');
header("Content-length: ".filesize($streamname));
header("Expires: 0");
header("Content-Transfer-Encoding: binary");
// Return secret to flowplayer for use
function get_secret(){

Update will patch security holes outdated versions have opened

Malware can be removed from hosting account, Updating your scripts will patch the security holes the outdated versions have opened.

Vulnerable Applications: Any of web application might infected from virus or malware.

For instructions on updating your WordPress instance(s) to the latest version (3.2.1), please see the link below:

Alternatively, you can download the full WordPress package here:

For instructions on updating your Drupal instance(s) to the latest version (6.22 or 7.8), please see the link below:

Alternatively, you can download the full Drupal package here:

More information on securing your PHP scripts can be found at

No, renaming the file will not keep your site safe from it being exploited again. As I noted in my previous response, if you wish to prevent your site from being hacked again through the exploit of the bookmarks script, you will need to disable, remove or secure the bookmarks.php file to prevent further exploits.

Update CPanel Script # /usr/local/bin/perl /usr/local/cpanel/3rdparty/quickinstall/scripts/

PHP Proxy Script

Glype web-based proxy provides a proxy service to users via a web browser. A proxy service downloads requested web pages bypassing censorship and restrictions and forwards to the user..

Glype Proxy Script

  • Free for personal use and affordable licensing options for commercial use.
  • Source Viewable and webmasters may modify the source code subject to the terms of the license.
  • Plug and Play. Simply upload, configure and go!
  • Admin Control Panel for easy management and configuration.
  • JavaScript Support provides increased compatibility with websites.
  • Skinable. A theme system allows for customization of your proxy.
  • Access Controls blacklist users by IP address and websites by domain name.
  • BlockScript™ Integration protects the proxy by blocking specificed countries, filtering companies, malicious traffic, bots and spiders, and more.
  • Unique URLs provide greater privacy by expiring URLs in the browser history at the end of a browsing session.
  • Plugins allow for easy installion of site-specific modifications. Useful for adding new functionality to websites.
  • Advanced Options let users change their user-agent and referrer, manage cookies, and remove JavaScripts and Flash.
  • The script requires PHP5 (or greater) with cURL enabled.

Proxy Script