UBB.Developers Forums General Discussion Chit Chat Stop hot linking of your images

In your .htaccess file

This will return a 403 forbidden error.
In both examples replace YourDomain with either your domain or your hosts.

That's what I use:

Where do I find an .htaccess file, or do I simply need to create it and place it in a specific directory..?

If your server is Apache, you just create it and upload it to the directory. if it's not apache, you can't use it...

Nice LK. I'll be adding this

For Windows you could use this:

http://www.nncron.ru/

For those that use *NIX and do not have access to CRON here is a solution for you as well.

http://www.smarterscripts.com/cron/

Remember .htacess is very powerful but if you mae a simple synactical mistake it will render your site from being able to be accessed and it is possible to send it in to an indefinite loop as well so be careful you do not make redundent inclusions. The full file name as it is just an extension and can be placed in any directory. Also the file should be uploaded in ASCii and by default works recursivly. The file should be chmoded to 644 so that it is not access able via a web browser which is also done by:

yeah... in my hacks page, I use it for DirectoryIndex:

I know this has been mentioned many times in securing stuff like cp.cgi but thought since we are noting the many inclusions that it was worth mentioning again.

For restricting access to certain files I use:

This is placed in the directory you are trying to protect.

For further security I use .crypt so that the password is not readily leigable.

Would this one (I added the swf) be a good one to keep people from hotlinking your games files?

[spam]
I wanted to know who was hotlinking to our files, and trawling through the logs was a pain.

I made a PHP script that uses PgSQL as storage, and is managed by a webpage, and at a glance you can see who's hotlinking to what, and allow or block domains. (By Default they get an image you set as the default, but blocking allows you to replace the image with something else, a 65Kx65K gif that one of our staff created is a favourite )
It also gives stats on top hotlinkers etc...
Some piccies:
Main Page
Stats Page

Homepage for my little project is: here
[/spam]

LK's logging is pretty good for smallish sites, but when you're getting >150 hotlinking requests per day, that file is going to fill up pretty quickly, and managing it will become a pain. BTW, yep my script does use the .htaccess stuff.

Sounds really nice... too bad I don't know what PgSQL means, hence I won't register to your board (unless you tell me it's easy to transfer it to flat file), hence I can't check your code

PgSQL = PostgreSQL

~95% of the code is PHP, there's a few SQL statements in there in ahls_db_pgsql.php for data input and retrieval.
Not sure on how difficult a flat file "database" would be for it, sorting would probably be the biggest pain, since the main page sorts by Image then Date then Time. And then the stats need sorting too
Someone did say they'd work on a Flat File mod for me, but that hasn't came to be yet

yes, sounds good

Would this:
[code][/code]work to keep people from linking to my images except for the sites where I link to'em? I'm findin them all over the net

ok, I see what's happening.. they're linking to my old domain stand318.com which I've pointed to the new domain, which allows them to load and apparently bypass my htaccess file

http://www.stand318.com/ubb/graemlins/wavey.gif

Allen, that can be reduced to this:
[code][/code](Plus I thought the Pipes in the RewriteRule were required. (Unless the UBB is removing them, I shall see once this is posted)

thank you

That should keep the new leechers away... I guess I'll have to replace the images they are linking to from the old domain, or just stop forwarding people from the old one to the new one

or if it's possible instead of forwarding www.stand318.com/images/whatever.gif to www.pj.org/images/whatever.gif, just forward it to www.pj.org... (without the inside directories)

the stand318 domain is parked and pointed to the praisecafe.org domain. All links to stand318.com/blah goes automagically to praisecafe.org/blah

I unparked the domain for now... hopefully the ezboard eejits and open topic fruits will get the hint and use their own

I've had a lot of success with getting ezBoard to remove the links to the images.
You can see their info on it here

Each time I've given them an Image to delink, they've usually done it within 24 hours.

Gone down from something like 20 ezBoard requests per day, down to about 1 every 3 days now. Been 2 months since I started that "campaign" though.

hmmm... for some reason the htaccess isn't working. you can see a banana.gif almost to the bottom of this page:
http://www.fragmere.com/community/users/ancient/rik/hgb/index.php

my cpanel has a place for htaccess construction to stop hotlinking and it seemed to say everything looked ok

Bring back this old topic.

AA, I see your banana is still being stolen. :rolleyes:

So, if I wanted to use the Apache htaccess dealie, how would I write it if I wanted to excluse a directory in my domain. I need at least one directory so I can post images.

Thanks for the help!

This is exactly what I want. I want to prevent hotlinking of the images inside my graemlins, avatars, graphics, and ubb directory, but I want to allow hotlinking from my webroot

Good to know other people make use of this. I'd include mine but it's about 3 pages long... I have it for: exe|zip|c|jpg|gif|bat|tar|gz|tgz but with numerous allowed sites (including the IP for my site since it's dedicated (I work for the host so why not lol)).

Your instructions are about the same as I have in the KBASE at HostNuke lol.

Keep in mind that users who use security suites or right click and choose save as will in most cases error out since their browser will send a blank referrer.

To allow these users you use the line:
The only way to actually allow them is to allow blank referrers but that'll leave your info open to people who just choose save as from remote locations ...

Hey there,

reviving this topic again, I would like to know following:

I have set up a wiki (mediawiki 1.3) for University, which has the purpose to get the materials we use at certain seminars. The wiki itself is restricted enough, so you cannot see pages w/o logging in and you can't create accounts for yourself.
Okay, now the thing is: when you upload the pdfs, the directories in ..[wiki-folder]/images are created somehow randomly, like images/1/1f/file.pdf, so I cannot create .htaccess files for each folder, only for images (i dont know, where the files go before uploading them and it would be lots of work to do it for each folder separately).

I tried the codes that were posted before, but it was still possible to get the files without being logged in.

So, how do I limit downloading the pdfs to clicking on the wiki-links?

almost resigning,

Aeris

That should work for your use. Note that the should only be used if you want "blank referrers" to be allowed access (basically someone pasting the URL into their browser).