Place of design
» Beating the image hotlinker
« One of our websites – Lencarta | One of our sites: Marlin Freight International Ltd »

Beating the image hotlinker

So some really (not) nice guy decides to hotlink the main image the front page of our website, and then claim to offer to work with photographers and graphic designers whilst having no content of his own… Quite flattering, but also nicking our bandwidth

To begin, lets run over how we figured this out..

What is a hot link?
A hot link is where another website essentially displays YOUR image on THIER web space without copying it.  What they do is LINK to it, so essentially your site is serving the image onto their web page.  This consumes your websites bandwidth, and is essentially stealing

We looked at our logs, specifically the section called “Links from an external page” (other web sites excluding search engines.  It is good practice to review your logs regularly, as you can tell all sorts of useful things ranging from the efficiency of your SEO through to who is hot linking images from your site

What did we do?
Well we have a fairly neat way of combating this, using the good old .htaccess file – we simply dropped in the following code into the .htaccess code in the root directory of our website:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?placeofdesign\.com(/)?.*$ [NC]
RewriteRule \.(gif|jpe?g|png|bmp)$ naughtyfolder/imagetoreplacehotlinkedimage\.jpg[L,NC]

What this code does is basically swap the hot linked image, with the following image found in the naughty folder – how cool is that! This means that the following image is now being displayed on the offending webpage, and untill they notice, and remove the link to our image

humiliatingimage1 300x118 Beating the image hotlinker

How does this code work?
To begin we turn on the Mod Rewriting engine – this allows you to transform URLs from one thing to another at the server level.  The code then conditionally looks at the the referrer.  In the case the referring URL is not from our domain name, we replace the image served with an alternative

Why not just block the IP address?
Blocking the IP address would achieve the same result, but we would have to do this for each infringement one by one.  For sure it is a good option for serial offenders.  The other issue with IP addresses is that they are recycled.  The sort of organisation that hotlinks images, will just move server, or get booted off their server.  The last thing we want to do is block a valid referrer.  This is why this method is cool, because we are not blocking ranges of IP addresses to our domain and driving away potentially valid traffic

How about if we want the images to be hot linked?
In the instance where we wanted to allow an image to be hot linked – for example a photographer posting an image on a forum for critique, then you can allow more domains by adding more allowed domain into the conditional part of the code

Example: RewriteCond %{HTTP_REFERER} !myfavephotography website\.com [NC]


Or if you wish to allow Google to show your images in the image search:

RewriteCond %{HTTP_REFERER}  !^http://(www\.)?google\. [NC]

The complete code in this instance would be:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?placeofdesign\.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myfavephotographywebsite\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?google\. [NC]
RewriteRule \.(gif|jpe?g|png|bmp)$ naughtyfolder/imagetoreplacehotlinkedimage.jpg[L,NC]

Feel free to leave a comment or drop us an email if you have any questions


Digg it | submit to del.icio.us