image hotlinking protection anyone
 

I realize that image hotllinking can be stopped using mod_rewrite but an increasing number of users now use a firewall as standard. These firewalls don't pass any HTTP_REFERRER info which is needed for mod_rewrite to work.

I toyed with the idea of using mod_rewrite for allowing access whether HTTP_REFERRER info is passed or not:

<!-- CODE SAMPLE
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif¦jpe?g¦png)$ - [NC,F]
<!--

This solution, to a large extent, negates the purpose of having image anti-hotlinking in the first place.

Does anyone out there know of an apache module that will effectively circumvent the obvious problems with mod_rewrite and that lends itself to protecting images more effectively? Possibly a binary that maps the server and works with static or dynamic html files. Obviously the protection mechanisms need to contained on the server and have no dependencies on client generated headers or other such data.

Any suggestions etc would be very appreciated.

Bump

True. However, IMO the threat of a small number of users who could possibly access the material is far outweighed by the vast majority of users who would be redirected by trying to view hotlinked content.

There are ways to work those re-directed users to your advantage notwithstanding the number of visitors the hotlinking site would lose due to the surfer being redirected or further jerked around.

If the majority of users viewing hotlinked material were to be whisked off to somewhere less pleasant, then I would think it would be to the hotlinker's advantage to pass on that material and find a more unsuspecting target.

:2 cents:

AST

I'm not aware of any possible way to "re-direct" visitors who view hotlinked files.

The only possible way is is the hotlinks link like this:

http://domain.com/hotlinkedpic.jpg

users clicking on the above could be redirected, but most pic hotlinkers simply do this:
<img src="http://domain.com/hotlinkedpic.jpg">

there's no way to redirect it when the hotlinked images is embedded in his web page. The most we can o is show a broken image or show an alternative image. which brings me back to how do we prevent this from happening to legitimate users who are behind firewalls or whose ISP's use a proxy.

There's got to be a way, surely!

I use this http://www.internet-hosting-report.c...v2_hotlink.htm and its works :)

RazorSharpe
don't know if this is any help?

Just an image don't think you can redirect someone. The FBI might know how, them and other Gov. agencies they put tracking stuff in images, this i do know. called web bugs. how they catch Pedo's sometimes

If someone is hotlinking images what I've done is make an htm give it the name of the image. image.jgp and rename it image.htm

I know for some reason google and others some how can get past my past my htaccess

TheSwed, I don't use c-panel. Does doing that create an htaccess file or write the rules directly to httpd.conf or some other conf file?

I'm thinking it will be using the same mod_rewrite rules I mentioned above, which are not any good these days as far as I'm concerned.

Thanks anyway mate.

if you have good stuff people will always want to hotlink your images.

let 'em.

just put "? www.yourwebsite.com" on all your images.

Jimmyf, that could get to be quite a daunting task when you're faced with literally tens of thousands of images. Creating files, renaming, etc. seems like a full time job :)

Isn't there anything out there can generate timed/expiring urls on the fly. generate them every x seconds and they expire every 2 minutes or something like that.

I honestly can't believe people have been able to create a movie hotlinking software that is more reliable than the image protection scripts out there currently! :)

latinasojourn, the major factor behind me trying to find a solution is to save bandwidth. Having a copyright on the images isn't helping me achieve that objective. Most hotlinkers are of chinese, korean, turkish origin. My copyright on the images is hardly going to do me any good with most of the people that visit the hotlinkers sites.

1. I wasn't dealing with tens of thousands, just thousands and what I did was make 100 of them copied 2 a folder rename them pasted'em again over and over, once you have'em.
2. I would think if you could find a programer that is very good with math he could do it. Had one but he's retarded now, he's into golf, refuses 2 program any more. to do below.

(Isn't there anything out there can generate timed/expiring urls on the fly. generate them every x seconds and they expire every 2 minutes or something like that.)

Depending what images you want to protect you can use PHP sessions. This won't work with TGP galleries, as most places won't list you, but it's an easy way to better protect your images on other pages.

http://www.htmlcenter.com/tutorials/...s.cfm/159/PHP/

ok.

if this is a BW problem then do a daily check on your domains' stats and note the accesses of specific popular images. run geek tools and see the origination of the offending IPs.

then block those specific IP ranges or domains from accessing your domain.

or you can change specific file names which will 404 the hits which you should redirect to a signup page.