- Linux, Apache, PHP, Hotlinking
- Posted by ken.dennis@gmail.com on January 16th, 2006
Webmasters,
I've got a couple websites that are funny pictures and just stupid
content, but I'm having a problem with a lot of people hot-linking the
images to message forums and things like that. It's not really a
problem right now, but if it gets excessive it could really put a dent
in my bandwidth.
Does anyone have any methods they use to stop these sort of
interactions?
As mentioned in the subject line, I currently run a Linux box with
apache web server, with primarily php as the framework on the sites.
I'd appreciate your thoughts and comments on the matter,
--
Ken
http://KenDennis-RSS.homeip.net/
- Posted by hug on January 16th, 2006
"ken.dennis@gmail.com" <ken.dennis@gmail.com> wrote:
If the graphics are in a publicly-accessible directory I do believe
that apache will serve them up like toast. I don't know offhand how
one would send an inline graphic in the html-stream, if that was
possible you could check ip-addr on the server side and snag the
graphic from a private directory if you so chose. Not much help,
sorry. An alternative approach is to put the sites into private
directories, but that might be self-defeating.
--
http://www.ren-prod-inc.com/hug_soft...action=contact
- Posted by David Dorward on January 16th, 2006
ken.dennis@gmail.com wrote:
http://allmyfaqs.net/faq.pl?Prevent_bandwidth_theft
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
- Posted by William Tasso on January 16th, 2006
Fleeing from the madness of the . jungle
hug <contact_info@sig_line.clickit> stumbled into news:alt.www.webmaster
and said:
trivial in IIS/ASP/vbScript and probably in PHP/whatever too.
IIS-6/ASP.Net includes the ability to create a 'handler' to intercept and
process requests.
Yes - completely bonkers.
The traditional solution to the O/Ps query is to suggest researching what
can be achieved in the Apache config file - or .htaccess if you must.
I'm sure some kind soul will come to the aid of the party - I do believe
the solution is extremely trivial to implement and is mostly effective
with only a few leech attempts actually getting through. Alternatively a
trawl of the archive will probably produce the desired result.
--
William Tasso
Save the drama
for your Mama.
- Posted by Ad Libitum on January 16th, 2006
On Mon, 16 Jan 2006 16:33:03 +0000, David Dorward <dorward@yahoo.com>
wrote:
I'm trying to do the htaccess method described there using:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^[http|nttp].*$
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?cynode.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|png)$ http://www.cynode.com/bad.jpg [R,L]
when i test it on another domain I get the red x instead of bad.jpg
and in my error logs i see:
client denied by server configuration: /home/site/public_html/bad.jpg
So what did I do wrong? =)
--
My own business always bores me to death; I prefer other people's.
Oscar Wilde | admin @ cynode.com
- Posted by ken.dennis@gmail.com on January 16th, 2006
Ad Libitum,
You are in better shape than me. I don't even have the mod_rewrite
modules on my system. It's not that I don't have it enabled in the
httpd.conf, I just don't have the actualy module files that need to be
loaded.
Guess I'll have to look in to that too
--
Ken
- Posted by Matt Probert on January 16th, 2006
On 16 Jan 2006 07:13:13 -0800, "ken.dennis@gmail.com"
<ken.dennis@gmail.com> wrote:
The following .htaccess file in the sub-directory containing images
(.gif and .jpg files), prevents hot linking of those images:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER}
!^http://(www\.)?probertencyclopaedia.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
Naturally you will want to change probertencyclopaedia.com to your own
domain name!
Regards
Matt
--
The Probert Encyclopaedia
Over 235,000 definitions and descriptions
http://www.probertencyclopaedia.com
- Posted by Duende on January 16th, 2006
On 16 Jan 2006 Matt Probert wrote in alt.www.webmaster
Why?
--
D?
- Posted by Rastus on January 16th, 2006
We are assuming he wants his own site to be able to display the funny
pictures and not proberts encyclopedia.
That .htaccess basically says:
"Block access to all these image file types to everyone... unless the
referrer code in the web browser is <this domain>". Unless you include your
own domain then your page won't even be able to link to the images.
- Posted by Rastus on January 17th, 2006
Also be aware this sort of thing is critical for adult web sites - and you
will also want to block "syphon" type user agents as well as other sites
hotlinking. There are also scripts out there that will blow right through
..htaccess so you can never rest easy assuming your htaccess file is going to
take care of the shop.
The only way I have found of combating fusker script using sites is to
contact them directly (and in a polite businesslike tone) give them a list
of your domains and ask them to cease and desist or you will regretably have
to lodge DMCA against their Google listing. Most hardcore hotlinking sites
are hosted outside of DMCA jurisdiction but everyones Google listing is
DMCA'able and nearly everyone will shit at the prospect of losing it.
I had a .htaccess protected server being hotlinked to the tune of 33mbps
once and the above tactic worked well - where there was no viable technical
way to combat the script (given the specs of the server and the volume of
traffic).
