ok does anyone know how to stop image and other files from being hotlinked off the server?

preferably a way that would prevent all files from being hotlinked without having to add there name to some list?(if you dont know that type of way its perfectly fine :))

if you could give a sore server abused soul a chance I would greatly apreaciate it :)

-Thanks

There are a few ways to do that.

Hayama-kun said that you can just chmod them 744 and that does the trick.

Or just use an anti-leech script to call them.

Yeah, anti leech scripts are easy to implement. Instead of linking your pics to http://yoursite.com/file.gif, it would be something like http://yoursite.com/cgi-bin/anti-leech.cgi?file.gif. Many simple scripts like that. Easy to do with PHP too. Don't know about chmod to 744...might work on some servers, and probably not on others. I don't think the number 'really' sets the protection of the file, the server is sets the security each chmod value has. That's how I understand it anyway. Without a script, you can just change the path to the file every so often?

IF you have httpd.conf access add the following to your virtualhost/ directory tag... otehrwise add it to a .htaccess file in the root directory of your website



RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://you.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.you.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://123.456.789.192/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourfriend.com/dir/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$ http://www.you.com/ [R]


Just be sure to change you.com to your site or you're in for big problems...

Hayama-kun said that you can just chmod them 744 and that does the trick.
No, that would have no such effect. I don't think you understand permissions...

As for anti-leach and mod_rewrite, keep in mind that you are now trusting user-input. Never trust user input. The HTTP_REFERER is sent by the browser. Some browsers (notably some Netscape versions) intermittently send an empty referer for no reason... some proxies also strip this information, though this is more rare.

End result is you can't totally trust input you didn't generate. You might be fine sending a blank image in its place, but be careful when replacing it with something like "Stolen Image" or things like that...

THANK YOOOOOU!!!! :D

it tried that code and it works prefectly

do you know what versions of netscape dont support it?
like how far back?

anyways this htaccess code is exactly what I was looking for I cant use the cgi script that hides the url because Im using this to protect files from being leeched off of a free hosting site where people upload files and if they upload it, its pretty easy for them to find out where it went :rolleyes:

thanks anyways though :D now I can offer all types of file types :D :D

It's not any particular Netscape version... I'm using Mozilla 0.9.4 (latest Mozilla release) and periodically it just sends an empty referer. All versions I've used in the past have done this sporadically, and I have no idea what causes it other than perhaps buggy code.

You should be fine if you just refuse to display the image (the example given above will redirect to your main page; if it's an <IMG> tag, it will simply show as a broken image).

I only gave the warning because I've seen people replace the image with a big white image with "STOLEN CONTENT" in red letters, and once in a while a Netscape user would see this on the correct website, making them look bad. Just redirecting to the main page will be much better.

No, I use 701 (not 744), and that's for anti-leeching full directories...that's a bit different from hot-linking. :p