One of the good things about moving from 1and1 is that I now have access to an excellent web stats package(s). 1and1 stats were garbage (in fact, we had to install our own), but the new host (asmallorange) are not so. Perhaps the first thing I noticed is that my old image gallery sure was getting a lot of hits — 600 a day. Wow, my pictures sure must be awesome! Who is linking to me and what accolades do they bestow upon them?
Upon reviewing the logs, I notice a trend. Most of the hits to the website look like so:
/albums/underwater/uw2.jpg
Http Code: 200 Date: Jan 09 12:23:58 Http Version: HTTP/1.1 Size in Bytes: 3491
Referer: http://profile.myspace.com/index.cfm?
fuseaction=user.viewprofile&friendid=XXXXXXX
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; YPC 3.2.0; SV1; .NET CLR 1.0.3705)
Strange eh? So what to do…
No pageviews, no browsing around. These people just take the image(s) and run. Wikipedia says that hotlinking
is the placing of a linked object, often an image, from one site in a page belonging to a second site. The second site is said to have an inline link to the one where the object is located. It is used for such activities as linking images from personal home page storage into the online diary of the person controlling the personal home page.This has sometimes been controversial because it is possible that the site where the object is stored and from which it is retrieved will not like the new placement or will consider it to be bandwidth theft. This term refers to the unauthorized use of someone else’s bandwidth. Inline linking to an image stored on another site increases the bandwidth use of that site, even though their site is not being viewed in its intended form. Since bandwidth is a commodity, unauthorized use can increase the maintenance costs of the website hosting the image, hence the term bandwidth theft.
Ok the emphasis was mine. So in effect, a whole boatload of people are stealing from me. They use my nice pretty pictures of http://gallery.maxpower.ca/sunsets and underwater bubbles to make their online journal look good. These pictures aren’t that good, and as a result these people’s crappy blogs are still horrid. Filled with people linking to amazon wish lists, favourite movies, and sexual surveys. And who could forget the insightful commentary: “I’m a simple girl. Im kind of the shy type, unless im drunk or just hyper lol” or “mY nAmE iS JesSE, iM a pReTty laId baCk gUy wHO liKeS tO chIlL oUt!..”
So what to do? Well I didn’t want to take down my gallery, and I didn’t want to rename files, and I wanted to punish the thefts. So I googled for hotlinking and found this little tidbit of a .htaccess file from Pixel2life. I added it to my htaccess file and it worked! [The code is at the end of this post] Now, to think of an image….
Over at pwntlinkers I found a kindred spirit. The welcome message made me feel that this isn’t an isolated case:
Welcome to PwntLinkers, dedicated to bringing the hate to the noob hotlinkers out there. Especially the ones on MySpace. Especially the ones that crash my browser with their stupid videos and music and crap. Hate.
This guy likes to steal pictures off of the offenders website modify them and then use htaccess rules to make them show up in place of the hotlinked image. Very smart, except I don’t have the time for that kind of game. There are a lot of people stealing my images. So instead of defacing their images with crude drawings of genitalia (which I highly approve of) I decided to make their website as unreadable as possible.
Using an image editing program, I created an animated gif (1000 x 1000) pixels wide that alternated bewteen all white and all black. You can see it here [be aftaid]. For some reason, it flashes quite slowly on my site, but over at myspace it goes quite fast. It makes it really hard to read their webpage I think.
Who knows how long it will take them to figure out what is happening. Hotlinking is pretty dangerous thing to do, because I could in theory redirect their image request to a page that contains some kind of exploit (say, maybe the wmf one) that installs a rootkit on everyone’s pc that visits (as long as they aren’t patched up). Or I could redirect them to a huge image that takes forever to load. The possibilites are endless. Regardless, myspace and Xanga users: your free ride is over.
The code:
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://([^.]+\.)?mainsite\. [NC]
RewriteCond %{HTTP_REFERER} !^http://([^.]+\.)?site2\. [NC]
RewriteCond %{HTTP_REFERER} !^http://([^.]+\.)?site3\. [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteCond %{REQUEST_URI} !^/stophotlink\.gif$
RewriteRule \.(gif|jpg|png)$ /stophotlink.gif [NC,L]
28 Jan 06
9:44 am
The idea is good, but you can also piss off people who seriously don’t have a clue that what they’re doing is wrong in any way.
Which is why personally I decided to switch from a pic with a not so friendly message (read; rude) to a nice looking one with my url. I’ve found that this way they tend to stop hotlinking and give me proper linkage instead. So this way it’s a win/win situation.
23 Feb 06
12:49 am
At first I was nice, then they didn’t stop. So now they view the gif. Even 1 month later, that flashing gif is getting hammered. Thanks for the comment.
09 Mar 06
8:39 pm
Where do you put the code?
09 Mar 06
8:45 pm
Stick it in your .htaccess file. This is found in your root directory.
03 Jun 06
8:55 pm
Thanks for your comment on my Blog.
I agree with you. I have also sent so many nice messages, but not a single one complied. A lot of the people actually got rude when I asked them nicely not to hotlink my stuff.
You have no choice but to take matters into your own hands.
13 Jul 06
9:36 am
One solution to not being rude but neverthless forcing people to understand what they are doing would be to, instead of returning a simple and single image, make a small program that:
1. See if image being stolled is not already on cache
2. If not in cache read the image being stolled else return cached one and end here
3. Add copyright and warning message info to the image red
4. Cache it
5. Return new cached image and end here
First time the image is stollen the cache is made and this will impact a little on the server but all the subsequent times it will be faster and you will be promoting your quality images, your brand and still warning about the infamous rober too
Best.
04 Aug 06
12:40 pm
Apparently, this little shit thinks hotlinking is “wrong,” but does it “anywayz”:
http://mcpuggington.livejournal.com/552065.html#cutid1
[Hotlinked image since blocked.]
Yeah, real cool, kid. U R so funny LOL ROFLMAO.
05 Aug 06
2:23 am
[...] Over at the Inside Windows Marketplace blog someone (I believe a MS employee) has linked to my website. Normally this would be a good thing. The MSDN blogs get quite a bit of traffic and some of that traffic would bleed over to my page. Unfortunately they didn’t include a hyperlink to my site but included a graphic that resides on my site, this is called hotlinking. Now I’m not upset that they are “stealing” my image because (as you can see) it is simply a screenshot. But their site gets a lot of traffic. Every time they have a visitor their server is telling the the visitors browser to pull the image form my sever. As of this writing serving images to their visitors accounts for 12% of my bandwidth. That is 12% of my costs are paying for them to have visitors. Doesn’t seem right does it? I’ve sent a farly freindly note adking the blogger to remove the image. If they fail to comply I’m going to have to take drastic measures. [...]
22 Aug 06
2:12 am
Hi Deepthought - Thank you very much for these tips. I run an online photo gallery, and this stuff will come in very useful.
Regards,
John
03 Oct 06
1:28 am
Great idea……I replace the image with porn and then report sites like MYSPACE for allowing porn to be veiwed publicaly. I don’t blame the users as much as I blame the the companies that allow it. Whenever I had a hotlinking issue with a “real” hosting company, 9 times out of 10 they would remove the image or delete the account. Fight fire with gasoline on this one. MYSPACE should pay for this not the idiots that use it.
15 Oct 06
4:34 pm
I like to do this with my images. Otherwise you can end up spending a lot of bandwidth just for other users benefits.
24 Jun 07
6:59 am
I was having a problem with a person using an image from my site as part of his “Signature” file on an adult/porn chat forum. The image he was linking to was not porn, just something to pump up his ego, a Rambo avatar type image for his signature. He made dozens of messages, which was then viewed by dozens of readers there. Needless to say I was getting hundreds of hits on the image in question. The adult site didnt give a damn if I changed the image to porn and neither did the bandwidth thief. I had to make the attack very personal, since custom GIFs with info about bandwidth theft had no effect either.
I created an animated GIF with text saying that this person was also known as “Beagle F__ker”, and that he s__ked c__k and swallowed. This got comments from other users mocking him. When a few of his target females also commented, the hotlink dissapeared from his signature file. Did he reform? Nope… he just hotlinked to an image at another site.
His hotlink to my site is gone but those comments from others still remain as a reminder to him… he is a real dim bulb.
26 Sep 07
1:11 pm
Very interesting. I did not know bandwith could be stolen this way,
David
26 Sep 07
1:13 pm
Thanks for sharing the story. I did not know that bandwith could be stolen.