Home » Php » Site Idea: .exe to .zip/.tar etc – PHP

Site Idea: .exe to .zip/.tar etc – PHP

Posted by: admin February 23, 2020 Leave a comment

Q(Question):

Most people at work can’t download executables with some IT security software.

Is there a site that you know that will enclose an executable from a link to a zip file to download.

If one doesn’t exist, I’ll make a site tonight and host it (down the road, I’m getting new servers and moving locations)

My Plan:
1. Provide the link to the exe on the internet
2. Download the file to a very limited folder or partition with read-only access to the file.
3. With php, enclose the file using one or more zip software (tar, gzip, biz)
4. Provide the link to the user to download.
5. Accept donations 🙂

Any thoughts on security or viability, etc?

I think it’s a niche market and it will catch on quick.

Thanks,

Dan

A(Answer):

That’s a good idea. I guess there should be no executing the program once downloaded on your server, so there should be no risk. Just trying to think, "how could I destroy your site" and work backwards from there. Once it’s downloaded on your server you should restrict access to that folder so no one can run it by simply going to its address.

Another idea would be to catalogue downloaded and zipped programs so when a user gives a URL which has already been done, it can simply use the file already made, rather than downloading another one?

Do you plan on having a size limit? People could probably abuse it by using it to download movies and big programs to save them from doing all the downloading and kill your server?

Also, if your site is flagged as a potential virus or malware source, you could have that blocked as well by most work filters defeating the whole point?

A(Answer):

Interesting idea, indeed.

To overcome the possibly of the server’s IP being blacklisted, you might look into having the system being distributed (and distributable). That is, allow users to host the application from their own servers, be it at home, etc. Of course, this compromises the source code and your ownership of it. You could overcome this by, say, developing the application as compiled C for cgi execution, or even develop an extension for PHP, again in compiled C.

Nevertheless, it is an interesting idea, and, as far as I have seen, a unique one.

The only problems I can see: possible issues with hosting executables that have copyright laws on them disallowing the distribution of them; many simultaneous downloads of large files – that’ll be quite costly; the security of the executables on the server.

As The Servant suggested, you could provide a catalogue of popular downloads and search functionality within the application.

Another possible area for this application could be a proxy. For a user to provide the link to the file he/she wants compressing, the user needs to know the address of it. What if the user finds that, when he/she accesses a site to look for this address, the site is blocked. Then he/she cannot get the address. You may incorporate a proxy to allow for this situation.

Mark.

P.S. Sounds like a cool project 🙂

A(Answer):

Great feedback guys, as always.

My responses:

1. Security: yes I think it would be in a non www accessible folder on a partition with no execution permitted.

2. Catalog: I thought about it, then again it might not be a good idea for a few reasons that out-weigh the good:
a. Some applications don’t include the version number in the file name so when a new version comes along, it’s the same link but different file.
b. Limited disk space at the moment.
c. I would have to do clean up.
d. Markus also mentioned copyright laws that prohibit distribution.

3. Abuse/Size: I have Limited disk space and limited bandwidth, I would have to definitely put a cap on size. Maybe 500MB? I don’t see a lot of exec movies. Most programs aim to have a very small exec anyway. This is good for the essential tools you need at work: Firefox, RegexBuddy, TextPad, NetBeans, GoogleDesktop, etc.

4. Proxy: This idea came about from going around a corporate IT firewall that allows zip downloads but not anything that ends in exe. (I could not download Firefox…I Know! Horrific right?). This same security program also blocks proxies. Even google/translate of web pages is blocked for me. So I think this would kill the original purpose of it if my site ends up categorized and black listed as a proxy.

Also, if a site is blocked, it’s blocked. One can find a proxy, if it’s allowed by the user’s company (highly doubt it).

Like most everything else I do, it will be open source. So I’m not worried about distributing the source code. One can install this on their own home server.

I’ll try to have a one-pager up this weekend.

Thanks guys!

Dan

A(Answer):

Looking forward to it 🙂

Maybe a publicly accessible repo?

A(Answer):

sure, sourceforge?

In the mean time, think of a good name for it besides my unimaginative exe2zip.

Cheerio!

Dan

A(Answer):

@dlite922

I prefer googlecode to sourceforge. The new design for sourceforge is blinding (and not in the good way)!

I’ll have a think of some names 🙂

A(Answer):

Dan, can I recommend having a smaller than 500MB limit to start off with if you’re worried about bandwidth etc? I mean honestly, if it’s for exe’s that you’re downloading, it’s not likely to be more than 100MB, and if it is, and your work is still blocking it, it probably should be done more formally by the IT dept. as it’s not just a quick file? As I’m sure you’re well aware, you could have a 50-100MB limit for starters, see if people get up there, and if you had forums or suggestions you could increase it or make that a premium service.

Also for the name, I’m an engineer, so everything must be functional for me, but try and have the function in the name somehow. exe2zip is boring, but I would google exe to zip converter, which would bring up exe2zip before "Xe Zipper" <–Actually I like this name (pronounced "zee zipper"), and it’s my non-functional suggestion 😉

A(Answer):

@Markus, I’ll test out googlecode then. I haven’t used it before.

@Servant, Functional is good but functional and catchy is awesome.

This app is probably going to be for me and my engineer colleagues at work (and of course you guys can use it to if you need it) so I don’t think i’ll publish it…yet.

Those limited server and bandwidth…well I don’t even have that just yet. (I bought a house and haven’t moved in yet, so my server is sitting my basement right now) So i’ll probably limit it to like 50MB or something, whatever works for me at this time. But this will be a config option and if the source code is taken to a real host, it can be easily changed.

I started and I’m about 30% done.

Dan

PS: Googled "exe to zip": lots of results for the opposite of this: zip->exec but nothing the other way. the name could get lost but I have no choice. Unless any other awesome names come up, exe2zip it is.

A(Answer):

@dlite922

what about “Echse”? (german for lizard, pronounced [ɛksə], like exe)

A(Answer):

lizard…hmmm I’m trying to think of a design.

The current one I have at the moment is something simple:, here’s a screen shot of what I’m wasting my time with.

a zipper idea zipping up the page.

Simple to use: paste the link, click the button. One could add functionality by "clicking the zipper" changes the "zipper", ie to tar, bzip, gzip etc.

very web 2.0-ish right?

A(Answer):

@dlite922

let me cite Natalie Cole: very – close – second…

A(Answer):

I know it freakin’ sucks.

It’s 2:00 AM here, gi’me a break.

My design sense never took off, but you got to admin the zipping up the page of binaries is a genius idea.

Forget the shiny floor, horizon or mismatching fonts, those can be deleted.

A(Answer):

@dlite922

it’s 9 o’clock and I’ve not had my daily dose of puns yet.

A(Answer):

got to admit*

I can’t even spell right 🙂 and you’re worried about puns.

You guys have a great day, I’m goin’ to bed!

A(Answer):

@dlite922

I like it 🙂

Maybe clicking on ‘ZIP’ would bring up the other options to the right of it.

Hold on, I’ll whip up an edit of it.

Actually, I won’t bother – not in a design frame of mind. 🙁 But I’m sure you get the idea. The user clicks on ‘ZIP’ and then (possibly) some nice javascript scrolls the other options down from the top, ‘TGZ’, ‘RAR’, etc. When the user selects one, the option is changed behind the scenes.

A(Answer):

@Markus

Yep! Have you heard of SmoothMovement.js?

http://safalra.com/web-design/javasc…ooth-movement/

I use it every time I want the flash-type effect on a page.

But I’m not going to get carried away with the UI, let me get the function to work, then I can enhance the user experience.

Dan

A(Answer):

@dlite922

Looks good. Never worked with it – bookmarked it now though 😀

Yeah, get the library done and then worry about the pleasantries!

A(Answer):

I struggle with designs too. Simpler the better, as long as you have some contact way! I hate having to copy email addresses and it’s much easier (I find) to message from their site.

Once you have an Alpha up, we can have a go and test it for you and then go with suggestions. Until then, just focus on the alpha code (don’t worry about the looks) and then after you get the code nice and efficient with all the functionality you want, you can design it around the functions.

A(Answer):

UPDATE:

@Servant: Ya…I’m not a designer but I seem to be comfortable working backwards. I always design my gui and see what function it needs, then code those functions.

Hope this link works:
http://exe2zip.designsbydan.com/

I don’t want my email out there as text. I can have a contact page but for what? doesn’t work? too bad :)… at least for now.

contact page => captcha => read people’s emails != I have no time now.

But like I said, let’s get it up and get your suggestions in, we’ll figure those out later.

Dan

A(Answer):

How about simple email obscurification with javascirpt? Or html encrypting them? But yes, I hear you about the not caring if it doesn’t work. Atleast have a thread on a forum (maybe Bytes) just so that you can keep suggestions coming in. I reckon it’ll be good, and could take off 😉

A(Answer):

Hey guys, work came up this weekend but I’m at the end of the function. It successfully downloads the file and zips it to a non web directory.

Can anyone write what the headers would be for a zip file. If so I’ll copy and paste it, output the file and see if it works tonight.

This is what I’ve got so far


header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="your_exe.zip"');
header('Content-Transfer-Encoding: binary');
readfile('example.zip');

good enough?

Dan

A(Answer):

Maybe a content-length header (filesize())? Otherwise, looks good.

A(Answer):

Oh yes. forgot that one. Thanks.

Dan

A(Answer):

@dlite922

How is this going, btw?

A(Answer):

It’s been a busy week for me, but it really has like less than 15 minutes of work left. I’m going to quit being lazy and finish it up quick. Plus any time needed to get GoogleCode setup and upload it there. (~30 minutes)

Will post back later with a link to it. It’s night time where you are, so it will be when you wake up.

Dan

A(Answer):

UPDATE:

hey guys. I sort of finished it. I mean it’s at a point where it needs debugging and improvements.

http://code.google.com/p/exe2zip/

Things it needs

1. better validation to allow specific files (.exe, .jpeg, .jpg) because I can’t even look at URLs to images

2. Find out why when I download it only gives me part of the zip file (ie corrupt zip file)

3. Make other compress types work (tar, bzip)

4. Make error message display nicely (edit css/html) somewhere on the page.

etc. I’m sure you guys can think of many more.

Try it here:
http://exe2zip.designsbydan.com/

^
Don’t expect that to be up 24/7

I’ll be glad to upload any new versions or modifications of this.

Dan