Home » Tutorial/How-To, Useful Tools

Content Protection: Disable Hotlinking

Published on February 20, 2008 12 CommentsPrint This Post Print This Post

While thinking about the article I wrote yesterday (Content Theft: Die Splog Die), I came across an interesting article about how to deter image theft, or hotlinking. Hotlinking is when a website links directly to the images stored on your server. Not only is this stealing your image, but it is stealing bandwidth that you are paying for.

Spam websites that are stealing your content are usually also stealing your images. So in addition to the copyright notice that I’ve placed in the RSS and email feeds, I’ve decided to deter image hotlinking as well. This is done by editing your site’s .htaccess file to only load images when referred from your website (or other websites that you specifically permit). All other websites that try to load your images will be redirected to an image of your choosing. This is extremely easy to do, and it’s interesting to see the results!

I fully recommend reading the full article, but I’ll summarize the highlights here.

First, make an image that will deter hotlinking. Make the image a .jpe to ensure it can be displayed on the infringing website. For my image I used the idea from David Airey’s article:

Stop Hotlinking

Next add the following to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*.(jpe?g|gif|bmp|png|jpg)$ /images/nohotlink.jpe [L]

Change "mysite" to the url of your website. I changed it to "simply-basic". And that’s all you need to do. Here is an actual example of what happens to websites that are stealing your content (mouseover for larger image):


Stopping hotlinking and mess up their web format all at the same time. Nice!

Hopefully this will help deter some image hotlinking. If nothing else, it’s amusing to see your custom image on other websites!

Useful Articles

This article was written by John Kolbert on February 20, 2008 and filed as Tutorial/How-To, Useful Tools. Get the latest articles by subscribing to the RSS feed. This article, including images and attachments, is property of John Kolbert and is not to be republished or translated without prior written permission.

Post Toolbox

Share It


Print It

12 Comments »

  • Randy said: 1 February 20, 2008 at 10:45 pm

    Unfortunately, this affects my web-based feed reader as well — the referrer there is technically different. (I use Bloglines beta.) I went back and viewed some older posts with images, and they were all replaced with the new “I Heart Simply-Basic.com” image.

    Congrats on being so popular that you need something like this in place!
    ~randy

    Randy’s last blog post..Pathways to Bliss

  • John Kolbert (author) said: 2 February 20, 2008 at 11:21 pm

    @Randy Rats. I had tested it in my own desktop feed reader and it worked fine. I didn’t think about the web-based feed readers. I’ve tried to exclude bloglines from the htaccess filter. Let me know if it works. Of course, this is just band-aid because everyone uses different readers. Maybe I’ll have to rethink using this protection. Thanks for the heads up.

  • David Airey said: 3 February 21, 2008 at 3:45 am

    Hi John,

    Thanks for the mention. I responded to your question about feed readers. You can ‘white list’ all the main ones, but it’s not so easy to ensure blanket coverage.

    All the best.

    David Airey’s last blog post..4 Phases of Internet Marketing FREE report

  • Jonathan Bailey said: 4 February 21, 2008 at 2:52 pm

    I agree that image hotlinking is a problem and that the solution you present doesn’t work, but it also, usually, blocks images loaded up by some RSS readers such as Google Reader and NewGator.

    After all, in those cases, the URL listed for the page load is on their servers and your .htaccess file will block all image uses not on your own site.

    This has forced many to find other ways to deal with the problem, such as specifically blacklisting known bad sites.

    Hope this helps!

    Jonathan Bailey’s last blog post..Video: Professor Lessig’s Final Free Culture Lecture

  • John Kolbert (author) said: 5 February 21, 2008 at 6:52 pm

    @David Thanks for stopping by and for the suggestion. I have since updated the .htaccess to whitelist most of the major web-based rss readers, so hopefully that helps. You’re right, you can’t possibly whitelist all of them. I guess you have to decide what’s more important: stop hotlinking, or ensuring none of your readers have trouble reading the RSS feed.

    @Jonathan That is an interesting suggestion. Black-listing only known offenders ensures that RSS subscribers won’t have issues. It turns blocking hotlinking into a reactionary process rather then an actionary one, but it does ensure usability.

  • tv brackets said: 6 February 22, 2008 at 9:33 am

    This is a great idea! I have copyrights on all my stuff, but I am aware of the fact it gets ripped off all the time.
    I was unaware that I could stop them from at least linking to my pics, and I will get this changed.

  • John Kolbert (author) said: 7 February 22, 2008 at 10:12 am

    @tv brackets I’m glad you’ll get some use from it. Being able to block access to your sites images is great tool. If you want to whitelist sites so they can post your image (like Google image search, etc), all you have to do is include code similar to the following into your .htaccess:

    RewriteCond %{HTTP_REFERER} !google. [NC]

    This line would go by the code shown in the article, above. You can change “google” to any domain you want whitelisted. Enjoy!

  • andrej said: 8 February 23, 2008 at 1:47 pm

    Good tip, thanks for sharing. I think I will have to use this, as there are some auto-blogs that are “stealing” the content from my blog, so I could at least block my images from being “stolen” and save some bandwidth.

    andrej’s last blog post..Citrus Net

  • ACT Practice Tests said: 9 February 23, 2008 at 2:23 pm

    This is great! I have heard of doing this but wasn’t sure just how to accomplish it. This will definitely go in bag of tricks!!

    ACT Practice Tests’s last blog post..ACT Practice Tests — A key to ACT Test Success

  • John Kolbert (author) said: 10 February 27, 2008 at 4:31 pm

    @Anjrec & ACT I’m glad you guys will get some use from this! I’ve fond it quite useful myself.

  • Jeffro2pt0 said: 11 February 27, 2008 at 7:05 pm

    Heya John. The end result is hilarious, but since it has already been mentioned up above, after I discovered that images were not appearing in FeedReaders and that I couldn’t do other things that required me to see images hosted on my domain, I decided to turn hotlinking off as it was more hassle than what it was worth. I have yet to come across a splog that has actually lifted an image from my domain and posted it on their own domain.

    How do you combat automation? Apparently, doing things manually

    Jeffro2pt0’s last blog post..The Negatives Of DoFollow

  • Shantanu Goel said: 12 February 28, 2008 at 12:48 pm

    John,
    There is another problem with that .htaccess. You are blocking blank referrers as well. Browsers that are not sending out referrers (for privacy etc) will also fail in this case. I’d say that allowing blank referrers should not be much of an issue.

    Shantanu Goel’s last blog post..One Month Completed….

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Please read the comment policy before commenting.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="">

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.