Nice! I would like to see what your comments are about 90% of the other 'anti-leech' scripts out there. None of the scripts that I have seen have any taint checking nor 'use strict.'

What problem exactly were you trying to solve again?

The problem I want to solve is to stop other sites from using my bandwidth; they can link to my images, or zip files from their site, hence using my bandwidth for downloading files. This is not an 'authorization' issue. I also cannot use an Apache module since I do not have root access because my ISP is rather strict about who gets root access.

These two lines form the 'gatekeeper' aspect of the sub:

my $remote = remote_host();
return(0) unless grep /$remote/, @$hosts;
[download]

...reverse DNS lookup, I hadn't thought of that. I think what you're getting at is that I have to 'untaint' $remote.

my $remote = remote_host();
# a domain or an ip can be letters or numbers seperated
# with '.' and there must be at least one char followed
# by a '.' with at least one char following
$remote =~ /([A-Za-z0-9\.]*[A-Za-z0-9]+\.[A-Za-z0-9]+)/;
return (0) unless length($remote) > 3;
return (0) unless grep /$remote/, @$hosts;
[download]

...I haven't tested this yet, but am I on the right track?

--
hiseldl
What time is it? It's Camel Time!