Hotlinkers
» 16/01/2006, 11:20:34 / / / Subscribe
Always fun to catch them out. Problem is trying to stop them can cripple not only your own server but also anyone who you want to share your content with who you're more than happy to let hotlink it. In a perfect world you'd have everyone take a copy of your image or whatever but it just isn't practical, especially when that media might change. I recently suffered this problem, and still do. I still do because I'm still deciding on what to do. I can see by my log that someone has hotlinked the "pod" image from the music list of the right side. The request comes from a forum which is locked off and requires you to actually fax to the owners a copy of this to be authorised to log in (which is pretty heavy really). As you may or may not know it's written in Turkish, shame I have a friend who lived there for years, no problems in knowing what it says. Aside that we have some clever bod on myspace who has a "friend" who decided to hotlink the "the rising dragon" music image. You'd think people would get a life, get some eyesight and realise that the copyright logo at the bottom means in lamer terms: "Don't steal my stuff thanks", alas no.
So whats a geek to do?
Well I emailed the Myspace user and politely requested that they remove the comment that hotlinks my image. No response as yet but hey I'm a patient man. The forum which is hotlinking that is Turkish will fall foul of the power and Voodoo of Mod_Re-Write and below is the simple rule by which I will block them.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://[^./]*\.tek.org.uk [NC]
RewriteRule \.(png|gif|jpe?g)$ - [NC,F]
That added to my .htaccess file will basically block everyone that is not coming from my domain. No request outside of tek.org.uk can access images. This is all well and good but I have particular sites that I myself have hotlinked images too. Ratatak being one of them. So I can simply adjust the rule set slightly to allow ratatak to hotlink to my media content.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://[^./]*\.tek.org.uk [NC]
RewriteCond %{HTTP_REFERER} !^http://[^./]*\.ratatak.com [NC]
RewriteRule \.(png|gif|jpe?g)$ - [NC,F]
I can, of course, continue to add whomever I like to the ruleset.
The revolution is not coming hotlinkers. The resistance continues.
Technorati: blog security geek images
Comments:
#1. skeddy
16/01/2006, 17:39:05
#1. skeddy16/01/2006, 17:39:05
I used to (and still have) the same issue on my site. Sadly the sfotware behind the scene doesn't allow me to see which files are actually being hotlinked, but in the end I used the same Rewrite tips that you mentioned (In an earlier post too).
I had great fun redirecting anyone linking my images to a "This image has been stolen" image, wored rather nicely, the complaints came flooding in - ergo - don't steal my images !!
I was racking my brain trying to remeber the site that had their CSS Style taken and directly linked too. In the end she changed her's, and with the linked one changed it to Gay Pron. Nice way to wake up and see your website . . . . . .
#2. StatVoid
18/01/2006, 02:52:22
I hate when people hotlink shit but that hasn't happened to me yet, at least as far as I know, with my current site.
I'd hit that MySpace chick, though I find it funny she calls herself "TeK"...I think she ripped you off and is now shocked you caught her. She deserves a roundhouse kick to the face from Chuck Norris.
#3. tek
18/01/2006, 19:40:48
Sadly the sfotware behind the scene doesn't allow me to see which files are actually being hotlinked
Your raw server log should let you easily see! Yeah I kinda forgot I'd posted it before, oops
She deserves a roundhouse kick to the face from Chuck Norris.
Couldn't agree more but lets see if she just removes it first before I change it for something else that will force her to change it
