Business

Sales and marketing UK
A forum orientated to sales and marketing.  Suitable for all UK businesses

UK Business Forums
A place where business people from all sectors can discuss thier business

Photography

Photographers.co.uk
Great portal for UK photographers, livley discussion forum

Wedding photography
Our very own Richard is a wedding photographer
Find out more by looking at our wedding photography information pack

Type A – The casual browser / normal user
Type B – The web designer (in terms of knowledge level)
Type C – The hardened cyber criminal / hacker (in terms of knowledge level)

Your strategy will be dependant on which users you are trying to deter. The normal user will be put off with simple deterrents and give up. A person with web designer knowledge will be right in there in seconds, unless the images are protected very well protected. Protecting against the hardened cyber criminal / hacker is very hard, and needs an additional strategy

Right click
You can disable the right mouse click and pop a message up about copyright. This will deter a lot of people in class A, but has the disadvantage of stopping people using “right mouseclick / back” to return to the previous page, which is how some partially sighted / blind people with text readers jump back a page. The right mouse click thing is quite annoying and doesn’t prevent your images being stolen – as disabling Java will quickly circumvent the issue

Right click (nice alternative)
Offer nice popup menu on the right click – this is much more pleasing than the traditional version, and a lot more subtle, also the equivalent “back” link can be programmed in so not to upset the users who use a text reader. Again this will slow down a “A” type user. A print screen grab will still beat this method

Transparent GIF
Pop photograph in a table and cover with transparent GIF.  This is quite subtle – you pop the image in a table/cell background, and stretch a 1×1 transparent GIF over the top. When the user copies the file, they get a blank transparent GIF, not the photograph. This doesn’t rely on Java, and will deter most type “A” browsers. A print screen grab will still beat this method

Chop image up
Here we slice the image up, and reconstruct it on the page. When the user copies the file, they get a small portion of it. This can be combined with the transparent GIF method, and will work if Java is turned off. This is likely to deter both user type “A” and User type “B” because it is too much effort to actually get the image into a usable state. A print screen grab will still beat this method

Protect the image directory
This is usually the default setting on most servers nowadays – check that you can’t directly navigate to the image directory and get a directory listing (at which point you will loose all your images)

Advanced right click (java)
There are some very clever methods of defeating the right click and print screen – essentially a script remaps or disables specific buttons (like the control key). This is pretty irrelevant, as disabling java defeats it. It will deter most type “A” users

Flash
Contrary to popular belief, images are not secure in Flash. Yep your average type “A” user will be defeated; your average web designer can just decompile the flash code using a “Flash Decompiler” which will drop out all the images nicely

Obfuscate source code
Essentially there are several methods here: firstly the source code can be “scrambled” making it pretty unreadable, preventing the human user from seeing where the image is stored. The second is to offer an alternate content when the source is viewed (which can be defeated easily)

Use PHP
By using PHP to serve the images, the actual directory they are in can be hidden. Instead of HTML files on the server there is a “program running on the server” that serves the images to the browser. The browser doesnt get to know the real location. This will prevent most web designers from browsing the directory. The next task here is to use an abstractly named and nested directory to prevent guessing.  Using a .htaccess file to remap to correct location is sweet too. This will slow down type”B” users from taking the images en-masse

DHTML / Javascript
Use a script that only displays the big picture when the mouse is over the thumbnail, and the left mouse button is depressed. This is clever, as the page won’t display anything if Java is turned off, and you can’t right mouse click while the left button is down. In combination with PHP or other methods, this will beat most type “A” and “B” users. This can prevent a screen grab of the pig picture, because the left mouse button is down

Disable IE6 image toolbar
Drop the following code in a webpage header, and the IE6 image toolbar disappears

<meta http-equiv=”imagetoolbar” content=”no” />

Use a plugin
There are a few – here is an example: http://www.artistscope.net/

This is the most effective option we know about. The downside is that it is expensive both in terms of price, and inconvinience to the end user.  To see the images, they need to download a free plugin (just like you do for Flash)

This is pretty unbeatable from the browser – so type “A” and Type “B” users will not get your images

Use a watermark
Ugly, but effective up to a point, also consider Digimark digital watermarking

Publish a policy
Explain that you check regularly for copied content either that you use Digimark or that you check http://www.copyscape.com/ & http://www.archive.org/index.php and that you always take action against image and content thieves. This actually may deter most. By showing you are proactive, most will walk away

Review your web stats and logs
By reviewing your web statistics regularly, you ought to detect hot linking and unusual activity. If so, contact your ISP to Block the IP address. Hot linking is even worse than someone nicking your image – they are getting your server to actually to serve it. I.E. their webpage has your image on it, served from your web space… resulting in your bandwidth being stolen, and affecting your sites performance

Beating the Type “C” user
We are talking about preventing your site from being hacked. I will only offer general advice on this but:
1. Use a host you trust
2. Check the versions of PHP etc. you are using, and ask about when the server was last patched
3. Change your FTP and SQL passwords after the web designer has done his thing – your designer will be able to show you how to change the SQL passwords, and what files to edit
4. Use “Strong passwords”
5. Change your passwords often
6. Keep up to speed on the updates (security) for any packages you are using (gallery packages or CMS packages for example
7. Regularly change your Cpanel password
8. If you have a very valuable collection of images or files, have a security audit using a firm specialising in them
It is worth mentioning that most of this type of theft is pretty close to home – from a disgruntled website designer, employee etc.. So having systems where access is limited to the very few you trust, and having a clean desk policy is the way to go

Conclusion
Although not an exhaustive list, we can see that it is pretty easy to make it fairly hard to copy images for the majority of surfers. However there is a third type of slippery customer that is much harder to beat…

In the real world
Generally a combination of the above does a pretty good job. There are always ways around things – it’s a bit like locking your bike up outside the bank. If you don’t lock it it will walk – if you stick a cheap lock on – it will stay until someone brings some bolt cutters along

About the Author

Richard King is a professional photographer and website designer.  To speak to Richard call 0115 845 8953.  Richard specailises in websites for photographers and artists

• Navigate to the following address: http://yoursite/gallery/lib/support/
• Login to the page using your admin password
• Click on Cache Maintenance
• Check the tick boxes you  want cleared, but be sure to check the “Downloadable Plugin Cache” tickbox
• Click ont he clear the cache button

You now can access your G2 Plugin page from admin

To begin, lets run over how we figured this out..

What is a hot link?
A hot link is where another website essentially displays YOUR image on THIER web space without copying it.  What they do is LINK to it, so essentially your site is serving the image onto their web page.  This consumes your websites bandwidth, and is essentially stealing

We looked at our logs, specifically the section called “Links from an external page” (other web sites excluding search engines.  It is good practice to review your logs regularly, as you can tell all sorts of useful things ranging from the efficiency of your SEO through to who is hot linking images from your site

What did we do?
Well we have a fairly neat way of combating this, using the good old .htaccess file – we simply dropped in the following code into the .htaccess code in the root directory of our website:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?placeofdesign\.com(/)?.*$ [NC]
RewriteRule \.(gif|jpe?g|png|bmp)$ naughtyfolder/imagetoreplacehotlinkedimage\.jpg[L,NC]

What this code does is basically swap the hot linked image, with the following image found in the naughty folder – how cool is that! This means that the following image is now being displayed on the offending webpage, and untill they notice, and remove the link to our image

How does this code work?
To begin we turn on the Mod Rewriting engine – this allows you to transform URLs from one thing to another at the server level.  The code then conditionally looks at the the referrer.  In the case the referring URL is not from our domain name, we replace the image served with an alternative

Why not just block the IP address?
Blocking the IP address would achieve the same result, but we would have to do this for each infringement one by one.  For sure it is a good option for serial offenders.  The other issue with IP addresses is that they are recycled.  The sort of organisation that hotlinks images, will just move server, or get booted off their server.  The last thing we want to do is block a valid referrer.  This is why this method is cool, because we are not blocking ranges of IP addresses to our domain and driving away potentially valid traffic

How about if we want the images to be hot linked?
In the instance where we wanted to allow an image to be hot linked – for example a photographer posting an image on a forum for critique, then you can allow more domains by adding more allowed domain into the conditional part of the code

Example: RewriteCond %{HTTP_REFERER} !myfavephotography website\.com [NC]

Or if you wish to allow Google to show your images in the image search:

RewriteCond %{HTTP_REFERER}  !^http://(www\.)?google\. [NC]

The complete code in this instance would be:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?placeofdesign\.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myfavephotographywebsite\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?google\. [NC]
RewriteRule \.(gif|jpe?g|png|bmp)$ naughtyfolder/imagetoreplacehotlinkedimage.jpg[L,NC]

Feel free to leave a comment or drop us an email if you have any questions