How can I stop someone from stealing my images?

[draggar]

I got the block working but not the re-direct to a different image working.

This is what I have at the beginning of the .htaccess (there is also a #BEGIN Wordpress & #End WordPress - should I put it in there?)

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?(my_domain)\.com/ [NC]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?(blocked_domain)\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ (warning_file_location) [L]

The red has been changed from what they were - the black is exactly what it was. The domains do NOT have the TLD in them.

I've tried http://www.domain.com/dir/file and /dir/file in line #5 (RewriteRule) and I've also tried with and without line #2. Line #3 the main offender is a subdomain, I've tried it with and without the subdomain.

Edit: I also tried it w/o line #4.

I have it set to this now:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?(domain)\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /(dir)/(file).jpg [L]

The block is working but not the redirect.

 

[POLiSH]

hmm let me look.

---------- Post added at 07:19 PM ---------- Previous post was at 07:06 PM ----------

I'm not sure why it is not working. You can replace the last line with below, it will throw them a
403 forbidden and no bandwith will be used. I'll keep testing it though.


RewriteRule . - [F]


POLiSH

 

[draggar]

The block is working, now on the offending site it shows a broken link image. I was hoping to have it redirect to the "don't steal my bandwidth" image.

It doesn't matter if redirected image is stored on the same site, right? (I did try though Photobucket and it didn't help, though).

/img is where the file is stored

This is the whole .htaccess:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?[COLOR=#ff0000](domain)[/COLOR]\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /img/[COLOR=#ff0000](file)[/COLOR].jpg [L]




# BEGIN WordPress
<IfModule mod_rewrite.c>


RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]


</IfModule>


# END WordPress




ErrorDocument 404 /index.html

I've moved the rewrite lines in before, in, and after the #wordpress part. I've also had it before and after the code that is in the #wordpress part, also.

 

[POLiSH]

are you clearing your browser cache

 

[draggar]

For a moment I felt really stupid but I cleared this PC completely out and it's still not working on the offender's site. Just a broken image link.
I have verified the file location and name several times, too.

 

[POLiSH]

replace with this : RewriteRule .(gif|jpe?g|png|bmp)$ /img/(file).jpg [L,NC]

 

[Gerry]

I am still curious if images will not appear if I "copy screen".

 

[draggar]

replace with this : RewriteRule .(gif|jpe?g|png|bmp)$ /img/(file).jpg [L,NC]

Didn't help, still shows as a broken image on the offender's site.

I am still curious if images will not appear if I "copy screen".

I'm not worried about that, it's the bandwidth theft I'm worried about. There is one offender who is hotlinking an image and I'm getting about 1000 hits a day for it.

 

[POLiSH]

Each server is different so I would maybe advise your hosting companies help in the matter. Coding various depending on what is running. Sorry I could not help .

 

[draggar]

They said they got it working but I don't see it on their test site nor the offender's. 2 computers - one though work's network and the other though an aircard. Both IE8. I'll have to check it when I get home.

 

[POLiSH]

you can also run a ipconfig /flushdns to clear out anything on your network side.

 

[draggar]

Nada, I tried his site in Chrome, IE, and FF and I don't see anything.

Does someone else want to test his site?

http://loutro.com/dog.html

What do you see on the image?

Edit: NM - some FB friends of mine said that they see a broken image, too.

 

[POLiSH]

I see a small image...

 

[draggar]

I see a small image...

Of what?

 

[draggar]

After a few days of emailing back and fourth with tech support I get this:

########## Begin Message ##########
Dear Client,

We offer a product against hotlinking, which extends the protection to movies. Using .htaccess rules the only protection you can do is for images. Here is more information on the module:

The problems caused by "hotlinking" are well known: excessive bandwidth consumption & costs, violation of copyrighted material, lack of control in managing the browsing experience of visitors, etc. A synonym for this problem, "deeplinking", is often used to describe the undesirable effects of serving up a hotlinked resource for which the content server owner gains no benefit (i.e. no advertisements displayed, no "eyes" on the intended page, etc).

The most common remedy for preventing hotlinking usually relies on a check of the HTTP Referer request header. The Refering domain value is compared against the serving domain or a list of trusted domains. In the Apache world, this is commonly done with setenvif and mod_rewrite rules in .htaccess files or the main Apache config files. Similar Referer-checking approaches are often done with scripts (cgi, php, etc). The Referer header is -not- a reliable request header, is easily spoofed, and does not address URL copying or direct type-ins. Other approaches to stopping hotlinking rely on cookies or javascript events that are easily circumvented or disabled. The same can be said for periodic shuffling or randomized renaming of content directories and/or files -- hotlinking bots and spiders can easily and quickly work out the new hierarchy structure. Still other competitive script products or modules/*SAPI filters that attempt to stop hotlinking often have serious drawbacks: exce
ssive CPU/memory consumption or incompatibility with load-balanced clusters.

The AHL module uses custom Apache configuration directives to customize and adjust the protection behavior. Some of these directives are universal across all virtualhosts on the server and can only be set in the main httpd.conf section by the administrator (e.g. root).

Designed as a high-performance Apache module, AHL is a unique approach to hotlink defense that is not susceptible to the problems mentioned above. The module has nominal CPU/memory impact under normal operation, remains fully effective in clustered setups, and is not easily spoofed or bypassed.

If you are interested in this, let us know. As far as for the image, I can confirm it shows a broken image.

Regards,

Nice, so I'm assuming they disabled it in .htaccess so they can have someone sign up for this service at a $20 setup fee and $10 a month.

 

[tattoos]

Just on the off chance... Do you have cPanel? http://www.cpanel.net/media/tutorials/hotlink.htm

Cheers
James

 

[JuniperPark]

Find a horrendously nasty porn image and have the redirect load it.

Back when 'goatse' was online I used to use that. Those people never hotlinked anything again.

If you don't know what goatse is, don't ask here, just go Google it.