Hotlinking is a scourge of the internet. If you are not familiar with the term, you might be familiar with the concept. Hotlinking is a situation where someone links directly to your images, via a url from your server. In other words, they are stealing your server bandwidth, by copying the exact location of where you store your pictures. In our view, this practice is worse than stealing a picture, because not only you not getting credit, you are also having someone steal money on your data costs. Unfortunately, as well, this kind of thing happens more than you think as well. Recently we were victims of this crime as well, and took the preventive measures against the said crook. If you are facing a similar reality of hotlinked images, below is the way to protect yourself.

We had covered earlier the use of .htaccess for password protection, but this file is also where you can protect yourself from hotlinking thieves stealing your images. Open up your .htaccess file in notepad, or if you don’t have one already open up notepad. You will want to copy one of the below codes depending on your needs. When done, save file as .htaccess and load it into the root of the folders you wish to protect. Now onto the the code.

The first option is to allow only your site (and those listed) to access your images. Think of it as a safe list. To achieve this copy the below code:

## DISABLE HOTLINKING
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([^.]+\.)?yourwebsite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?feedburner.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://([^.]+\.)?google.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|png|js|css)$ - [F]

This code will allow your site, and the sites listed access to your images. If our example, yourwebsite.com and all subdomains are free to access images. This is denoted using ([^.]+\.)? in the code. If you want just a specific domain use (www\.)? instead. The one downside, is protecting yourself to only sites you list, you might block certain sites you don’t wish to restrict. For example, some people might read your RSS feeds in a reader no on your safe list. The other option you have is to use the below code. This code works by listing which domains should be blocked from accessing your images. In the below example, the most common free blogger sites are blocked from copying the images on your server:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC]
RewriteRule \.(gif|jpg|jpeg|png|js|css)$ - [F]

The downside to this implementation is that you need to know the sites to block. In some cases, this may be the preferred method, as more domain are prone to abuse than others.

One other piece of fun you can have is to modify the last line of the code in both cases:

RewriteRule \.(gif|jpg|jpeg|png|js|css)$ - [F]

This line displays a 403 Forbidden error code when someone hotlinks to your image, but you can replace it with your own image of your choosing. Below is an example to serve a image from your server:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]

What this code does is that any files ending with the extension jpeg, jpg, gif, bmp, or png are blocked. They are then replaced by a no_hot_link.jpe file from your images directory. This JPEG file uses the extension jpe instead of jpg to prevent these rules from blocking your replacement image. To create a JPE image, just create the jpeg you want and rename the file extension to jpe. Remember the image on your server should be small, because it would defeat the purposes, which is reducing bandwidth bandits. One tip we have is to ensure your image tells the people visiting the offending site to visit your site instead for the “real” content.

If you wish to get more creative, with larger images, their is also an option to server an image from a free host like Photobucket, Flickr or the like. You can do that by using the below code instead of the prvious image codes.

RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://www.freesitewebpagesetc.com/i-steal-content-1.jpe [L]

Please remember, using this method only works in stopping people from directly linking to your images, it does not stop people from stealing images, by saving them on their own servers and using them. To prevent that we suggest you examine digital watermark technologies.

***For the visitors of our blog, we offer an image above for your to use for hotlinking avoidance. Please make sure to save the image to your hard-drive. Do not to link directly to it. You don’t want your to be a hotlinking thief do you? We also kindly ask you link back to us in some way as a thank you, although it is not necessary.***