 |
|
 |
 |
If you are one of the many thousands of webmasters who pay for your web hosting,
you will no doubt have come across a rather evil practice known as hotlinking.
Quite simply, a hotlinker will use HTML to directly link to objects on your
server, thus allowing him/her to use your bandwidth, but without the
inconvenience of ever having to pay for it. If you own a website with a
lot of images or files on it, for example, this can be very costly as it sucks
away your bandwidth without giving you a single visitor to your actual HTML site in
return. Now, however, you can fight back with a little bit of server-side
wizardry.
To stop hotlinkers in their tracks, all you need is a server
running Apache with .htaccess files enabled, and a little known module installed
called mod_rewrite.
All of these things are very common in modern web hosting setups, and can be
installed pretty easily if they are not there initially anyway. With
all these pieces in place, simply create a file called .htaccess (if you
use notepad, beware it doesn't add a .txt extension onto the end) that contains
the following code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
Be sure to replace yourdomain.com with your own domainname and save the
file. Now upload the file to the main directory of your website, or the
specific subdirectory you want to protect. Remember that the settings in
this file will affect any directory you put it into and all subdirectories
branching off from it, but not any parent directories. Also make sure you
upload this file in ASCII and not binary, and CHMOD it to 644 or you'll run into
problems. If you don't know how to CHMOD, just download a decent FTP program
like CuteFTP, right click on the file, and
select 'change file attributes' or somesuch - that does the same (essentially it
just allows the file to be readable by the server but not by any joe public with
a browser).
The aforementioned code will just display a broken link if
anything but a webpage on your domain refers to it. If you want to be a bit more
evil, however, and display an alternate image of your choice instead, use this
code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/diehotlinker.jpg [R,L]
Just do the same as before and replace yourdomain.com and
diehotlinker.jpg with your own settings. Now just upload your new evil image
and kiss goodbye to those annoying hotlinkers. Just make sure you
configure it correctly before you do anything too nasty though, or you might
send your own legitimate visitors some unpleasant images. They might never
forgive you for sending them something from
www.goatse.cx... :p
- Tutorial written by Man1c M0g
| |  | |  | | Last 5 User Comments | | |
User: supafly (#36682)
Date: Wed Jan 17, 2007. 16:58:49 | Post #8 of 8 |
|
I have a question hope it's ok to post but if you had a website that is like
fernandoalonsofan.com/gallery how would you write that in? (is totally cluless when it comes down to things like this) |
Reply to this post |
|
|
Handy tutorial, though I wouldn't call mod_rewrite "a little known module". It is very useful however, and anyone with a decent web host can access it. On many turnkey systems it will be part of your web control panel, so just because you don't have telnet access don't think this method is out of bounds to you! |
Reply to this post |
User: entity (#18272)
Date: Sun Sep 04, 2005. 09:54:09 | Post #6 of 8 |
|
OK, but do I have to add the '\' to the image to appear when some one hotlinks my images? |
Reply to this post |
|
|
Well, in your code you have:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?forums.biorust.com(/)?.*$ [NC]
whereas the actual code is supposed to be:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?forums\.biorust\.com/.*$ [NC]
Notice the missing ? and the forward slash before every fullstop in the domain/subdomain name? Syntax in this file is, i'm afraid, very important. My advice is to use my example as a template and build on it stepwise from there. When something stops working, then you know where you have gone wrong... ;) |
Reply to this post |
User: entity (#18248)
Date: Sat Sep 03, 2005. 12:38:59 | Post #4 of 8 |
|
Quote from Man1c M0g:
My advice is to check absolutely everything. Check the image URL to make sure that it works independantly of the script, check the exact spelling of the file (Linux is case sensitive), ensure that you are running Apache, and make sure the image itself isnt in the directory thats being excluded from outside referrers! :)
PS. If this still doesn't work, post your code here so we too can take a peek and perhaps work out what's going wrong... |
OK I still can't figure out whats wrong, so I'm gonna post up the whole code so you can see if you can see if theres anything I can change
ErrorDocument 301 http://entity.thehostmansion.com/301error.php
ErrorDocument 302 http://entity.thehostmansion.com/302error.php
ErrorDocument 400 http://entity.thehostmansion.com/badsyntax.php
ErrorDocument 401 http://entity.thehostmansion.com/unauthpage.php
ErrorDocument 403 http://entity.thehostmansion.com/forbiddenpage.php
ErrorDocument 404 http://entity.thehostmansion.com/404error.php
ErrorDocument 405 http://entity.thehostmansion.com/405error.php
ErrorDocument 408 http://entity.thehostmansion.com/408error.php
ErrorDocument 415 http://entity.thehostmansion.com/415error.php
ErrorDocument 500 http://entity.thehostmansion.com/500error.php
ErrorDocument 501 http://entity.thehostmansion.com/501error.php
ErrorDocument 502 http://entity.thehostmansion.com/502error.php
ErrorDocument 503 http://entity.thehostmansion.com/503error.php
ErrorDocument 504 http://entity.thehostmansion.com/504error.php
ErrorDocument 505 http://entity.thehostmansion.com/505error.php
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?entity.thehostmansion.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?neoseeker.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?spirasdestiny.ffultima.net(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?s3.invisionfree.com/Spiras_Destiny(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?hotmail.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?finalgaming.net(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?network.finalgaming.net(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?forums.biorust.com(/)?.*$ [NC]
RewriteRule \.(gif|bmp|png|PNG|css|htm|html|php)$ http://entity.thehostmansion.com/hotlink.jpg [R,L]
redirect /scripts http://www.stoptheviruscold.invalid
redirect /MSADC http://www.stoptheviruscold.invalid
redirect /c http://www.stoptheviruscold.invalid
redirect /d http://www.stoptheviruscold.invalid
redirect /_mem_bin http://stoptheviruscold.invalid
redirect /msadc http://stoptheviruscold.invalid
RedirectMatch (.*)\cmd.exe$ http://stoptheviruscold.invalid$1
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
order allow,deny
deny from all
|
It's a big file I know, but please help |
Reply to this post |
--- View Entire Thread --- |
|
|
|
|
|
|
TUTORIALS SUBMENU
