• Home
• Articles
• Reviews
• News
• Standards
• Web
• Microsoft
• Genealogy
• Resources
• Awards

• facebook
• twitter

2011-04-17 Hotlink Hustle

leech freeze

images

A few other sites where hotlinking to some of my images; they were displaying images from my site on their own pages. Every time someone visited their page, their browser was told to load an image from my site.
This is image leeching, and image leeching is bandwidth theft. So far, the effect of the hotlink hustlers on my bandwidth has been negligible, but I decided that I'd rather not wait around for their leeching to become a serious problem, but prevent it from becoming one with a leech freeze.

leech freeze

The way a leech freeze works is pretty simple; whenever the web server receives a request for an image, it does not mechanically serve the requested image, but performs a check first. If one of the site's own pages is requesting the image, it is shown. If some other site is requesting the image, it is not shown.

Hotlinking isn't a hot idea.

replacement image

Hotlinking isn't a hot idea.
A common way of dealing with bandwidth thieves is to show another image instead. You can use a generic replacement image, but you are not limited to one replacement image for all leech requests. You can customise the replacement image for each page and for each image they leech.

That possibility is one of the reasons that you should never leech bandwidth, but host all your content yourself; you never know when the webmaster whose bandwidth your stealing decides to replace that content with something embarrassing, perhaps even something that puts you in violation of the Terms of Service of the host you are using. That's why hotlinking isn't such a hot idea.

Common choices for replacement images are images that contain text, varying from a friendly please don't hotlink our images, to a blunt the owner of this site is a thief. Sometimes the text is aimed at the webmaster, but it makes more sense to aim the text at the visitor. A short neutral message like View this image on mysite.com not only gets a message across to both the webmaster and their visitors - it also advertises your site to their visitors. A webmaster who links to my site can hardly object to a small image that says I ♥ www.tamurajones.net.

error 403

The fundamental problem with serving a replacement image is that you are still serving an image; that the other site is still using your bandwidth.
There is a dearth of funny replacement images, and the reason for that is quite simple; if you come up with a particularly humorous replacement, webmasters are likely to link to that image...

I decided to go with the simplest approach, returning HTTP status code 403: forbidden. That is the shortest possible response.

Apache configuration command

This is what my Apache leech freeze command looks like:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*\.)?tamurajones\.net/.*$ [NC]
RewriteRule \.(png|svg|css|txt|pdf|zip)$ - [F]
</IfModule>

There are two rewrite conditions. Both rewrite conditions depend on the so-called HTTP referrer; that is the page making the file request. The exclamation mark in both indicates negative logic; only if the indicated conditions are not met is the rewrite rule executed.

The second rewrite condition tell the web server to honour file requests from any page on its own domain, including all subdomains.However, browsers do not always provide a referrer, so the first rewrite condition tells the server to allow all requests without a referrer.
If the first rule was absent, the server might occasionally refuse to load images for its own pages, and that is not the intention. With this rule in place, the web server will occasionally allow a leech request, but still block most leech requests for that image.

The third line is the rewrite rule. It tells the server what to do for all external requests. The rewrite rule contains a list of file extensions for which external requests should be denied.
The list of extensions to include here depends on your site. It is not necessary to include file extension you do not use. The list of file extensions does not include gif or jpg because this site uses web standards exclusively; all images are in either PNG or SVG format.

links

• RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1

 

Copyright © Tamura Jones. All Rights reserved.