image hotlinking protection anyone - GoFuckYourself.com

RazorSharpe · 06-11-2004, 02:49 PM

I realize that image hotllinking can be stopped using mod_rewrite but an increasing number of users now use a firewall as standard. These firewalls don't pass any HTTP_REFERRER info which is needed for mod_rewrite to work.

I toyed with the idea of using mod_rewrite for allowing access whether HTTP_REFERRER info is passed or not:

<!-- CODE SAMPLE
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif¦jpe?g¦png)$ - [NC,F]
<!--

This solution, to a large extent, negates the purpose of having image anti-hotlinking in the first place.

Does anyone out there know of an apache module that will effectively circumvent the obvious problems with mod_rewrite and that lends itself to protecting images more effectively? Possibly a binary that maps the server and works with static or dynamic html files. Obviously the protection mechanisms need to contained on the server and have no dependencies on client generated headers or other such data.

Any suggestions etc would be very appreciated.

RazorSharpe · 06-11-2004, 04:43 PM

Adult Site Traffic · 06-11-2004, 05:17 PM

Quote:

Originally posted by RazorSharpe
... but an increasing number of users now use a firewall as standard.

True. However, IMO the threat of a small number of users who could possibly access the material is far outweighed by the vast majority of users who would be redirected by trying to view hotlinked content.

There are ways to work those re-directed users to your advantage notwithstanding the number of visitors the hotlinking site would lose due to the surfer being redirected or further jerked around.

If the majority of users viewing hotlinked material were to be whisked off to somewhere less pleasant, then I would think it would be to the hotlinker's advantage to pass on that material and find a more unsuspecting target.

AST

RazorSharpe · 06-11-2004, 06:45 PM

I'm not aware of any possible way to "re-direct" visitors who view hotlinked files.

The only possible way is is the hotlinks link like this:

http://domain.com/hotlinkedpic.jpg

users clicking on the above could be redirected, but most pic hotlinkers simply do this:
<img src="http://domain.com/hotlinkedpic.jpg">

there's no way to redirect it when the hotlinked images is embedded in his web page. The most we can o is show a broken image or show an alternative image. which brings me back to how do we prevent this from happening to legitimate users who are behind firewalls or whose ISP's use a proxy.

There's got to be a way, surely!

TheSwed · 06-11-2004, 06:47 PM

I use this http://www.internet-hosting-report.c...v2_hotlink.htm and its works

jimmyf · 06-11-2004, 06:59 PM

RazorSharpe
don't know if this is any help?

Just an image don't think you can redirect someone. The FBI might know how, them and other Gov. agencies they put tracking stuff in images, this i do know. called web bugs. how they catch Pedo's sometimes

If someone is hotlinking images what I've done is make an htm give it the name of the image. image.jgp and rename it image.htm

I know for some reason google and others some how can get past my past my htaccess

RazorSharpe · 06-11-2004, 07:03 PM

TheSwed, I don't use c-panel. Does doing that create an htaccess file or write the rules directly to httpd.conf or some other conf file?

I'm thinking it will be using the same mod_rewrite rules I mentioned above, which are not any good these days as far as I'm concerned.

Thanks anyway mate.

latinasojourn · 06-11-2004, 07:08 PM

if you have good stuff people will always want to hotlink your images.

let 'em.

just put "? www.yourwebsite.com" on all your images.

RazorSharpe · 06-11-2004, 07:09 PM

Jimmyf, that could get to be quite a daunting task when you're faced with literally tens of thousands of images. Creating files, renaming, etc. seems like a full time job

Isn't there anything out there can generate timed/expiring urls on the fly. generate them every x seconds and they expire every 2 minutes or something like that.

I honestly can't believe people have been able to create a movie hotlinking software that is more reliable than the image protection scripts out there currently!

RazorSharpe · 06-11-2004, 07:13 PM

latinasojourn, the major factor behind me trying to find a solution is to save bandwidth. Having a copyright on the images isn't helping me achieve that objective. Most hotlinkers are of chinese, korean, turkish origin. My copyright on the images is hardly going to do me any good with most of the people that visit the hotlinkers sites.

jimmyf · 06-11-2004, 07:25 PM

Quote:

Originally posted by RazorSharpe
Jimmyf, that could get to be quite a daunting task when you're faced with literally tens of thousands of images. Creating files, renaming, etc. seems like a full time job

Isn't there anything out there can generate timed/expiring urls on the fly. generate them every x seconds and they expire every 2 minutes or something like that.

I honestly can't believe people have been able to create a movie hotlinking software that is more reliable than the image protection scripts out there currently!

1. I wasn't dealing with tens of thousands, just thousands and what I did was make 100 of them copied 2 a folder rename them pasted'em again over and over, once you have'em.
2. I would think if you could find a programer that is very good with math he could do it. Had one but he's retarded now, he's into golf, refuses 2 program any more. to do below.

(Isn't there anything out there can generate timed/expiring urls on the fly. generate them every x seconds and they expire every 2 minutes or something like that.)

AgentCash · 06-11-2004, 07:42 PM

Depending what images you want to protect you can use PHP sessions. This won't work with TGP galleries, as most places won't list you, but it's an easy way to better protect your images on other pages.

http://www.htmlcenter.com/tutorials/...s.cfm/159/PHP/

latinasojourn · 06-11-2004, 07:57 PM

Quote:

Originally posted by RazorSharpe
latinasojourn, the major factor behind me trying to find a solution is to save bandwidth. Having a copyright on the images isn't helping me achieve that objective. Most hotlinkers are of chinese, korean, turkish origin. My copyright on the images is hardly going to do me any good with most of the people that visit the hotlinkers sites.

ok.

if this is a BW problem then do a daily check on your domains' stats and note the accesses of specific popular images. run geek tools and see the origination of the offending IPs.

then block those specific IP ranges or domains from accessing your domain.

or you can change specific file names which will 404 the hits which you should redirect to a signup page.

06-11-2004, 02:49 PM	#1
RazorSharpe Confirmed User Industry Role: Join Date: Aug 2001 Location: Scotland Posts: 2,238	image hotlinking protection anyone I realize that image hotllinking can be stopped using mod_rewrite but an increasing number of users now use a firewall as standard. These firewalls don't pass any HTTP_REFERRER info which is needed for mod_rewrite to work. I toyed with the idea of using mod_rewrite for allowing access whether HTTP_REFERRER info is passed or not: <!-- CODE SAMPLE RewriteCond %{HTTP_REFERER} . RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC] RewriteRule \.(gif¦jpe?g¦png)$ - [NC,F] <!-- This solution, to a large extent, negates the purpose of having image anti-hotlinking in the first place. Does anyone out there know of an apache module that will effectively circumvent the obvious problems with mod_rewrite and that lends itself to protecting images more effectively? Possibly a binary that maps the server and works with static or dynamic html files. Obviously the protection mechanisms need to contained on the server and have no dependencies on client generated headers or other such data. Any suggestions etc would be very appreciated. __________________ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

06-11-2004, 04:43 PM	#2
RazorSharpe Confirmed User Industry Role: Join Date: Aug 2001 Location: Scotland Posts: 2,238	Bump __________________ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

06-11-2004, 06:45 PM	#4
RazorSharpe Confirmed User Industry Role: Join Date: Aug 2001 Location: Scotland Posts: 2,238	I'm not aware of any possible way to "re-direct" visitors who view hotlinked files. The only possible way is is the hotlinks link like this: http://domain.com/hotlinkedpic.jpg users clicking on the above could be redirected, but most pic hotlinkers simply do this: <img src="http://domain.com/hotlinkedpic.jpg"> there's no way to redirect it when the hotlinked images is embedded in his web page. The most we can o is show a broken image or show an alternative image. which brings me back to how do we prevent this from happening to legitimate users who are behind firewalls or whose ISP's use a proxy. There's got to be a way, surely! __________________ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

06-11-2004, 06:47 PM	#5
TheSwed Confirmed User Join Date: Feb 2004 Location: Sweden. Posts: 3,483	I use this http://www.internet-hosting-report.c...v2_hotlink.htm and its works __________________ Cheap Viagra and Cialis Erectionpills

06-11-2004, 06:59 PM	#6
jimmyf OU812 Join Date: Feb 2001 Location: California Posts: 12,651	RazorSharpe don't know if this is any help? Just an image don't think you can redirect someone. The FBI might know how, them and other Gov. agencies they put tracking stuff in images, this i do know. called web bugs. how they catch Pedo's sometimes If someone is hotlinking images what I've done is make an htm give it the name of the image. image.jgp and rename it image.htm I know for some reason google and others some how can get past my past my htaccess __________________ Epic CashEpic Cash works for me Solar Cash Paysite Plugin Gallery of the day freesites,POTD,Gallery generator with free hosting

06-11-2004, 07:03 PM	#7
RazorSharpe Confirmed User Industry Role: Join Date: Aug 2001 Location: Scotland Posts: 2,238	TheSwed, I don't use c-panel. Does doing that create an htaccess file or write the rules directly to httpd.conf or some other conf file? I'm thinking it will be using the same mod_rewrite rules I mentioned above, which are not any good these days as far as I'm concerned. Thanks anyway mate. __________________ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

06-11-2004, 07:08 PM	#8
latinasojourn Confirmed User Join Date: Oct 2003 Posts: 3,191	if you have good stuff people will always want to hotlink your images. let 'em. just put "? www.yourwebsite.com" on all your images.

06-11-2004, 07:09 PM	#9
RazorSharpe Confirmed User Industry Role: Join Date: Aug 2001 Location: Scotland Posts: 2,238	Jimmyf, that could get to be quite a daunting task when you're faced with literally tens of thousands of images. Creating files, renaming, etc. seems like a full time job Isn't there anything out there can generate timed/expiring urls on the fly. generate them every x seconds and they expire every 2 minutes or something like that. I honestly can't believe people have been able to create a movie hotlinking software that is more reliable than the image protection scripts out there currently! __________________ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

06-11-2004, 07:13 PM	#10
RazorSharpe Confirmed User Industry Role: Join Date: Aug 2001 Location: Scotland Posts: 2,238	latinasojourn, the major factor behind me trying to find a solution is to save bandwidth. Having a copyright on the images isn't helping me achieve that objective. Most hotlinkers are of chinese, korean, turkish origin. My copyright on the images is hardly going to do me any good with most of the people that visit the hotlinkers sites. __________________ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

06-11-2004, 07:42 PM	#12
AgentCash Confirmed User Join Date: Feb 2002 Posts: 720	Depending what images you want to protect you can use PHP sessions. This won't work with TGP galleries, as most places won't list you, but it's an easy way to better protect your images on other pages. http://www.htmlcenter.com/tutorials/...s.cfm/159/PHP/