A hotlinking example:
theif.ext wants to add some pictures
to his website. theif.ext predicts
that thousands of people will view
these pictures every day. theif.ext
knows he does not have enough
bandwidth to host these pictures
from his own site.
theif.ext finds another website
that has the same picture files, say
victim.ext. theif.ext hotlinks the
pictures from victim.ext's website
by adding the following html code to
his gallery.html page.
<img src="http://victim.ext/image1.jpg">
<img src="http://victim.ext/image2.jpg">
etc...
theif.ext is now hotlinking
pictures from victim.ext's website.
Even though the pictures show up
when going to theif.ext/gallery.html,
the data that is being transferred
to your web browser is coming from
victim.ext's website.
It is not uncommon for the victim
to run out of bandwidth due to
hotlinking.
What can be done to prevent
hotlinking?
To stop hotlinking you can use a
web host that provides an easy
to use interface to mange hotlinking
protection.
If your host does not have such
an interface, you may stop
hotlinking of your images from other
sites by using a .htaccess file. The
following code will cause an image
called nohotlinking.gif2 to be
displayed instead of your images.
RewriteEngine
On
RewriteCond %{HTTP_REFERER}
!^http://(.+\.)?your-site\.com/
[NC]
RewriteCond %{HTTP_REFERER}
!^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$
/images/nohotlinking.gif2 [L] |
Notes:
-
The
first line of the above code
begins the rewrite.
-
The
second line matches any requests
from your-site.com url.
-
The [NC]
code means "No Case".
-
The
third line means allow empty
referrals.
-
The last
line matches any files ending with
the extension jpeg, jpg, gif, bmp,
or png. This is then replaced by
the nohotlinking.gif2 file in your
images directory. This gif image
is using the extension .gif2
instead of .gif to prevent
blocking of your own replacement
image.
To stop hotlinking only from
specific domains such as myspace.com,
blogspot.com, and livejournal.com,
place this code in your .htaccess
file.
RewriteEngine
On
RewriteCond %{HTTP_REFERER}
^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER}
^http://(.+\.)?blogspot\.com/
[NC,OR]
RewriteCond %{HTTP_REFERER}
^http://(.+\.)?livejournal\.com/
[NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$
/images/nohotlinking.gif2 [L] |
If you are worried bout your
nohotlinking.gif2 image using up all
of your bandwidth, you can display a
403 Forbidden error code
instead of an image. Replace the
last line with the following:
|
RewriteRule
.*\.(jpe?g|gif|bmp|png)$ - [F] |
|
