I have mp3 files placed on my webserver in the public folder (I am placing it in public folder so that player on my site can access those files), I'm not concerned if a user is able to download an MP3 which he might be able to view, while player is playing that file, however I am also taking care that he is not able to view the direct url to the file. But I want to protect those files from a site grabber software, so that some1 can't steal all the files placed on the server.
The other part of the question is: what is the scope of site grabbing software, can I block them just by turning indexes off for my directories, or can they also have access to files whose urls are not embedded in page ?
Please help
I am afraid that it's impossible to prevent a user from getting your file. In order to play an audio file, the users web browser has to download it to their local machine.
You could prevent a standard-compliant web grabber from grabbing the file by using a robots.txt or the rel="nofollow" property on hyperlinks, but the interpretation of these is client-sided, so it's possible for the grabber to just ignore them when it feels like it (I once wrote a webgrabber which doesn't even look at these. That was mostly out of laziness, not out of malicious intent).
tl;dr: When you don't want people to download a file, don't put it on the Internet.