How to stop image hotlinking


Published on

How to stop image hotlinking

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to stop image hotlinking

  1. 1. 1 How to Stop Image Hotlinking by Counter-Punching with Free Advertising As bloggers we take great pride in our work.. spending hours upon hours late into the night bashing away at our keyboards on our latest posts. One of the most satisfying and rewarding things for us is to receive pingbacks from other bloggers linking to our articles. Which is basically a pat on the back saying ‘This is a cool post which I think adds value and I’m going to link to it‘. And we do the same.. linking back to other blogger’s articles. However the Internet is a bit like the wild west. There are a lot of unscrupulous characters out there who copy your work and claim it as their own. Plagiarism. Some of these methods include,  Copy and paste  Copying source code and pasting  RSS scraping Just to name a few.. There is another method which this post looks at, which is hotlinking. Hotlinking is when someone links directly to a file (eg image, audio, video, PDF, etc) that sits on your webserver. The problem with this is that they are stealing your bandwidth.
  2. 2. 2 Every time someone views this image or file on the hotlinker’s article, it needs to be downloaded from your webserver. And this chews into your monthly bandwidth quota.. that you pay for. Also, it puts extra strain on your server’s resources which can result in having to pay your ISP more money to upgrade to a higher plan, allowing for more resource allocation, or bandwidth/CPU throttling. RSS scraping is when a program reads (scrapes) your website, creates an RSS feed.. which then gets re-published somewhere else on the Internet. Often people will scrape a whole heap of websites, re-publish them all on a blog, whack on a heap of Google Adsense ads, sit back and watch the money roll in. Everything is automated. Plagiarised This happened to me the other day. I got a heap of pingbacks for some posts of mine and went to check them out. Upon visiting the other site I was shocked to find that an entire post of mine had been copied. Looking further around this site I found probably 15 posts of mine that were an exact copy. I wasn’t too happy. For those who don’t know you can do a Whois lookup on any domain,
  3. 3. 3 Often you will be presented with the owners name, address, phone number and most importantly in this situation, their email address and Internet Service Provider (ISP), which can help when contacting them. Lucky this site had a contact page with the owner’s email address. So I emailed the guy telling him he had plagiarised, provided links of his and the original posts of mine and told him to remove them or I would contact his ISP and let them know he was stealing my content. A few hours later I got a genuine apology from the guy saying he was testing out RSS scraping and that he would take down the posts. If this happens (or has happened) to you there is no guarantee that they will remove your posts.. and even if you contact their ISP, it could take a long time for them to respond. Ways to Fight Back I wanted to be proactive on this, so I did some searches on Google and found a few ways to fight back, 1. Ban via IP address 2. Ban via IP address range 3. Ban via http_referrer 4. Modify your .htaccess file to prevent hotlinking None of these methods are 100% fool-proof.. but they do act as a good deterrent and are a step in the right direction when fighting back against content theft.
  4. 4. 4 I didn’t want to ban via IP address as their address could be dynamic, meaning every so often their IP address will be recycled and the address I banned could be given to a genuine user. This could be achieved by using the WP-Ban WordPress plugin. I didn’t want to ban via http_referrer (blacklisting the offending site eg,, as there may be many other sites doing the same thing. I wanted to widen my scope by preventing people linking to my images (hotlinking). This is done by modifying or creating a file called .htaccess and placing it in the root directory of your website. What this does is it prevents other websites from linking to files (ie images) on my webserver.. and when they do, they are redirected to my own custom image. Before we get started you need to make sure that,  you have an Apache webserver  mod_rewrite enabled  support for .htaccess If you are unsure whether you can create or modify .htaccess files check with your web host. Create a Custom Image I have heard of other bloggers using images from shock sites as an aggressive deterrent.. if you don’t know what I’m talking about just search for shock sites in Wikipedia! Initially I was tempted to go this way, but wanted to remain professional and create a clean image. Then it hit me.. why not create an image with my URL on it? That way I am killing two birds with one stone, 1. the hotlinked image will be replaced by my custom image 2. my web address will be freely advertised around the internet Visitors to those sites will see my images and more than likely come directly to my site!
  5. 5. 5 This is the image I created, When you create your own image, make sure you rename its extension to jpe (you will see why shortly). I named my image nohotlink.jpe I have a directory on my server called /pictures, which is where I uploaded nohotlink.jpe to.
  6. 6. 6 Create a .htaccess File After doing a little bit of homework I created the following .htaccess file, RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+.)? [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !bing. [NC] RewriteCond %{HTTP_REFERER} !blogcatalog. [NC] RewriteCond %{HTTP_REFERER} !facebook. [NC] RewriteCond %{HTTP_REFERER} !feed. [NC] RewriteCond %{HTTP_REFERER} !feeds2. [NC] RewriteCond %{HTTP_REFERER} !google. [NC] RewriteCond %{HTTP_REFERER} !linkedin. [NC] RewriteCond %{HTTP_REFERER} !msn. [NC] RewriteCond %{HTTP_REFERER} !networkedblogs. [NC] RewriteCond %{HTTP_REFERER} !read. [NC] RewriteCond %{HTTP_REFERER} !rss. [NC] RewriteCond %{HTTP_REFERER} !search?q=cache [NC] RewriteCond %{HTTP_REFERER} !space. [NC] RewriteCond %{HTTP_REFERER} !yahoo. [NC] RewriteCond %{HTTP_REFERER} !zilla. [NC] RewriteRule .*.(jpe?g|gif|bmp|png|jpg)$ /pictures/nohotlink.jpe [L] I will explain what these rows mean..  RewriteEngine On = tells Apache to turn the rewrite engine on  RewriteCond %{HTTP_REFERER} !^http://(.+.)? [NC] = allows my own site “” to link to my images.. the [NC] code means “No Case” or not case-sensitive o For this line you would put you own domain in – RewriteCond %{HTTP_REFERER} !^http://(.+.)? [NC]  RewriteCond %{HTTP_REFERER} !^$ = allows viewing images from blank referers, which is important because some browsers won’t send referers, even if the image is linked on your own website  The next lines allow search engines like bing, google, msn, yahoo to link to my images o I also allowed rss feed readers to link to my images o I also allowed other sites such as facebook, linkedin, myspace, blogcatalog, networkedblogs to link to my images o Here you can add as many different domains as needed  RewriteRule .*.(jpe?g|gif|bmp|png|jpg)$ /pictures/nohotlink.jpe [L] = the last line forbids any website not listed above from linking to these files, if they do they will be redirected to nohotlink.jpe o You will need to specify the path where you custom image sits.. mine is located at /pictures/nohotlink.jpe o The [L] code basically means this is the Last line
  7. 7. 7 [Edit - If you have strong experience with .htaccess files or regular expressions and are reading this post.. please review my code above.. and if it can be improved please let me know by leaving a comment!] Upload Your .htaccess File Your .htaccess file needs to be uploaded to your website’s root directory. The next thing you will want to do is see if it actually works.. I would recommend emptying your browser’s cache first. Now visit the offending website and see if all the hotlinked images have now been replaced by your custom image. You could also use Feedburner to uncover additional sites that are republishing your content that you may not be aware of. Feedburner If you have connected your RSS feed up to Google’s free service Feedburner (an RSS management service).. you can take advantage of one of its traffic analysis tools to help you find potential sites that have scraped your content. Uncommon Uses shows where your content is being re-published. Click on the Analyze tab.. then click on Uncommon Uses, Show the Stats for the last 30 days.. and you will be presented with a list of referrers that are re-publishing your RSS feed,
  8. 8. 8 Click on one of the links under a referrer, Now you will be direct to a page that is re-publishing your content.
  9. 9. 9 Counter-Punching with Free Advertising If you have correctly setup your .htaccess file.. then any of your images that have been hotlinked (anywhere on the internet) will now be replaced with your custom image, Here are a couple of live examples (at the time of publishing this post),   documents/ Counter-punching.. with free advertising!
  10. 10. 10 The Social Media Guide The Social Media Guide provides helpful advice and tips on connecting you to others, through the use of social media and social networks. The Social Media Guide is an authoritative source on current and emerging social media tools and platforms. The current explosion in social media technologies has made it easier than ever to connect with friends, groups, customers and networks with similar interests, from all around the world. Businesses can benefit greatly by using social media to market their product, strengthen brand recognition and attract new customers. My aim is to show you how social media can be used, to connect with more people faster, by providing clear and simple solutions. The Social Media Guide will show you how to extend your reach deeper into the social web, and connect with more people. This material may be shared with everyone, not sold for profit and not modified in any way. Regards, Matthew Tommasi www: email: twitter: @socialguide facebook: