PDA

View Full Version : How to prevent leeching on a WH 3.0 environment?



heroofcamelot
03-02-2011, 04:44 PM
Recently I've learned someone has been leeching off of my site by displaying one of my images on their webpage (the img src url links directly to my site--they didn't just copy the image to their own server). I was wondering if there's any way to employ an anti-leech script on a WH 3.0 environment to prevent this?

If so, my preference would be to use the Apache server scripting language, if that's possible, since I assume writing a PHP script would require me to change all the links to my images. Unfortunately, I don't quite know how to use the Apache server scripting language.

Any help would be appreciated. Thanks in advance.

wildjokerdesign
03-03-2011, 06:39 AM
What you are describing is called Hotlinking and yes you can stop it via a .htaccess file that you place in the same directory as your images. There are two "flavors" you can use. The first would show an alternate image that tells the viewers on the other website that the image was hotlinked or stolen.

Rewriteengine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
RewriteRule \.(jpe?g|gif|bmp|png)$ http://domain.com/alternate.gif [L]
The alternate.gif file would need to be outside of the directory where you place the .htaccess file for this to work. The alternate.gif would be one you make up that has any type of message you want on it. I always try to place my images in their own directory separate from other content but not everyone does that so you may simply need to do the second option.

The second option is to simply return a 403 forbidden header. To do this you replace the last line in the code above with this.

RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]

heroofcamelot
03-04-2011, 05:31 PM
Thanks for the help. I decided to rearrange my site so that all the images would be in one directory, because I do want it to display an image if someone is trying to hotlink to my site. I tested everything, and the images display properly in the webpage. Then I copied the code into the .htaccess file like you said, but when I test it by creating a local webpage on my computer with


<img src ="http://www.heroofcamelot.com/images/ygraine.jpg" />


It still displays the image, instead of displaying the "You're trying to hotlink to my website" image.

This is the code I have in the .htaccess file in my images directory:



Rewriteengine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^$http://heroofcamelot.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.heroofcamelot.com/.*$ [NC]
RewriteRule \.(jpe?g|gif|bmp|png)$ http://www.heroofcamelot.com/err/hotlink.gif [L]


Just to make sure I'm understanding you correctly, I put a space between %{HTTP_REFERER} and the !^ on all three lines. I also put a space before the [NC]s and the [L]. And those are pipes, the | symbol between jpe?g, gif, bmp, and png.

Is it possible there's a setting I have to change for the .htaccess files to work?

wildjokerdesign
03-05-2011, 06:55 AM
I see a typo. See if this works for you.

Rewriteengine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://heroofcamelot.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.heroofcamelot.com/.*$ [NC]
RewriteRule \.(jpg|gif|bmp|png)$ http://www.heroofcamelot.com/err/hotlink.gif [L]

On the third line you had the $ before the url. I went ahead and dropped the regular expression for jpeg and simply used jpg. That is what I use myself since I never use the jpeg extension. Don't know that it makes a difference but I know the above works. :)


but when I test it by creating a local webpage on my computer with...t still displays the image, instead of displaying the "You're trying to hotlink to my website" image.
That is correct. See the very first condition? That is saying your local page or "no referer" is allowed to access the image. That is normal for this. If you want to test it you can use this page: http://wildjokerdesign.com/test.html I've put a link to your image in that.

heroofcamelot
03-05-2011, 10:55 AM
That worked like a charm! Thanks for all your help.