06
Oct
2008



Bookmark and Share

If you are a blogger you know how many difficulties we have to overcome. We have to keep our blog or website updated with fresh articles, guides and posts, we have to update our publishing platform (WordPress, Joomla etc.) with the latest hotfixes and versions which are regularly released, we have to keep the blog widgets updated, we have to protect our blog from hackers, spammers, malicious people and evil bots which try to pest our pages or destroy our work etc. We even have to protect our servers from bandwidth thieves who try to steal our bandwidth by hotlinking images and pictures belonging to our blogs on their blogs. Reading from Wikipedia “Inline linking (also known as hotlink, leeching, piggy-backing, direct linking, offsite image grabs and bandwidth theft) is the use of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located”. Simply said, a bandwidth thief copies an image’s link (such as: www.mysitetestme.com/public_html/wp-content/imagelocation/2008/05/myimage.jpeg) to paste it on a post belonging to his blog. In this way, when a reader opens that specific article to read it, the image will be downloaded not from the thief’s server, but from the server where the thief stole the link from. By doing this, the server, where the thief’s blog is hosted, will use very little bandwidth. Such a behaviour is performed when the server where a blog is hosted makes its webmaster pay more money after his blog overcomes a certain amount of data downloaded per day/week/month. If you are being victim of an hotlink you will see your blog using a large quantity of  bandwidth which is not justified by your blog’s traffic. To stop all this, it is just sufficient to place the following piece of code to your .htaccess file usually located in your server, in the public_html folder.

## STOP HOTLINKING ##
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?webtlk\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$ http://www.webtlk.com/wp-pictures/uploads/pics/dontstealfrome.jpe [L]

Thanks to this code, next time when a bandwidth thief will try to hotlink a file having the following extension: ico, pdf, plv, jpg, jpeg etc.(see the file extensions in the code)  situated in your blog, as a result he will only be able to display the following picture on his blog:

hotlink

In fact the last part of the code (RewriteRule  .*\.(ico|pdf|flv|jpg |jpeg|mp3|mpg|mp4|mov|wav|wmv|png |gif|swf|css|js)$ http://www.webtlk.com/wp-content/uploads/images/multimedia/nohotlink.jpe [L]) is  used to describe what files you don’t want to be hotlinked and what alternative picture you want to display in their place. Please note that the alternative JPEG image is using the extension jpe instead of jpg to prevent blocking your own replacement image. Also note that now every website trying to show pictures belonging to your blog will only be able to display the picture above. This is also true for legitimate websites such as www.feeburner.com. As a matter of fact Feedburner lets your readers burn your blog’s feeds thanks to its service. As a result, people interested in what you write will be able to display your articles and pictures using specific software or via e-mail. This is what happened to me. If you try to take my feeds you will see that I use Feedburner to dispatch them.  After I added the code to my .htaccess, people using Feedburner to display my posts started seeing the picture above, and that it was not nice to say the least. To solve this issue I added this other code to the original one:

RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/webtlk$ [NC]
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/~r/webtlk/~6/5$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.feedburner.com/.*$ [NC]

This is the final code:

## STOP HOTLINKING ##
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?webtlk\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/webtlk$ [NC]
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/~r/webtlk/~6/5$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.feedburner.com/.*$ [NC]
RewriteRule .*\.(ico|pdf|flv|jpg|jpeg|mp3| mpg|mp4|mov|wav|wmv| png|gif|swf|css| js)$ http://www.webtlk.com/wp-pictures/uploads/pics/dontstealfrome.jpe [L]

As you see, I allow Feedburner to take my pictures to display them along with my feeds. Of course you can add whatever site you like. If you managed to add this code to your .htaccess file and you want to see if it works, try this tool out and see what alternative image bandwidth thieves will display in their blog. Before using it don’t forget to empty your browser cache otherwise it will display the original images.




Related Articles Latest Articles
.

5 Comments to “How to protect your blog from hotlinking (bandwidth thief)”

  1. Web Talk Says:

    Hello there,
    your comment was caught by Akismet so I hadn’t seen it.
    It looks like you are having a serious issue in your blog and despite I am not an expert as far as servers and databases are concerned I can tell you that you should ask for help to Bluehost. They have a very efficent support.
    Visit thiese threads from Bluehost support to have an idea of the error you are experiencing:
    http://www.bluehostforum.com/showthread.php?t=14774
    http://www.bluehostforum.com/showthread.php?t=13724
    http://www.bluehostforums.com/showthread.php?p=61348

    I advice you to submit a ticket or just live chat with them

    1.How can I clean up my error log and stop spammers coming again? I seem to have a huge list of them.
    Use Akismet. If it is not sufficent ban the IP of spammers themselves
    go to your .htaccess and type: deny from xxx.xxx.xxx

    2.What kind of plugin should I use? Is the Ask Apache plugin easy to use, or worthwhile?
    Use Akismet plugin

    3.Should I ask my webhost (Bluehost) to do something about this, or am I on my own?
    yes, write to them right away

    4.I have incoming links flow to my dashboard, but they’re always gone after only a few minute. This makes me sad and I’m going crazy trying to fix things.
    Ban them right away!

    As a general rule update your wordpress to the latest version.
    Place a php.ini file in every folder located inside your public_html. If you dont have it ask the support to place a copy of that file in your folders

  2. Balisugar Says:

    Hi, Webtalk,
    How are you ? I hope you don’t mind my coming again to you for help.

    I have strange error logs in my server like this:

    [Wed Nov 12 01:13:00 2008] [error] [client 222.127.251.167] Usage: file [-bcikLnNsvz] [-f namefile] [-F separator] [-m magicfiles] file…, referer: http://

    [Wed Nov 12 01:13:02 2008] [error] [client 213.163.41.42] PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so’ – /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so: undefined symbol: compiler_globals in Unknown on line 0, referer: http://

    Wed Nov 12 01:13:06 2008] [error] [client 57.67.17.100] PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so’ – /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so: undefined symbol: core_globals in Unknown on line 0, referer: http://

    That’s just a sample…there are many entries like that, with different url and ips referer. From what I’ve read, those things are spam or hacking? I don’t really understand the difference. I don’t often play around with my server because I’m afraid of making some fatal mistake.

    In my blog, I use “Easy Ban” plugin to try and stop them. I just type in the names, not the IPs. It seems too hard to ban all the IPs, in case I make mistakes, especially with many similar-looking IPs from users in Indonesia. But the error log’s still there.

    I’m not too worried about my bandwith, as such, since I believe I have quite a lot. But these things are very annoying. I’ve read also that we can stop them with .htaccess. I’m very careful with that file, again, in case I get something wrong. I don’t know enough about it.

    When my blog got hit by canonical duplicate content, I just copy and paste from other people’s blogs..

    This is my current .htaccess

    RewriteEngine on
    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress
    RewriteCond %{HTTP_REFERER} !^http://www.balisugar.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.balisugar.com$ [NC]
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ – [F,NC]

    order allow,deny
    allow from all

    My questions are:

    1.How can I clean up my error log and stop spammers coming again? I seem to have a huge list of them.
    2.What kind of plugin should I use? Is the Ask Apache plugin easy to use, or worthwhile?
    3.Should I ask my webhost (Bluehost) to do something about this, or am I on my own?
    4.I have incoming links flow to my dashboard, but they’re always gone after only a few minute. This makes me sad and I’m going crazy trying to fix things.

    I’m sorry, Webtalk, to bother you again. I feel comfortable asking you my questions. I hope you don’t mind.

  3. MZ Says:

    Dear Web Talk,

    the purpose of doing so because I want to link it back to my website..
    or any idea with a link when user click on it by using a gif file type..

    many thanks for your fast respone!

  4. Web Talk Says:

    try this (not tested):
    ## STOP HOTLINKING ##

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mysite.com [NC]
    RewriteRule \.(swf)$ hotlink.swf [NC,L]

    Apart from this I dont know how to help you as far as swf files are concerned. But why do you want to put a swf file? The whole point of this article is to diminish bandwidth theft. Swf files are heavy and they can increse the amount of bandwidth thieves use (at least at the beginning). The main idea is to substitute the pic or everything else with a light image…

  5. MZ Says:

    hi,

    May I know how do I change the “hhttp://www.webtlk.com/wp-pictures/uploads/pics/dontstealfrome.jpe” to a swf instead of jpg?

    Thanks, and your blog is helpful to me =)


Copyright © 2007-2017 | Sitemap | Privacy | Back To Top
Best screen resolution 1280x800 or higher.
Web Talk is best viewed in Firefox.

Stat