Pursuading people with Rewrite rules that "hotlinking" is bad is not malicious, it’s just funny

Earlier this evening while kicking back to a movie (thanks to John P. for helping me figure out my audio), Mailplane + Growl notified me of a new message with a Subject line to difficult to ignore. George from the OS9USER News Room wrote:

We recently did a digg on the article you published on gmail (scams). We dugg your story , and wanted a picture to go with it to publish your digg with our news feeds. Your picture changed when we linked to it with your referring story. The contents of that picture is totally un-exceptable…. so we reported your site to the authorities.

We have only one question ? Why have malicious coding when we digg your story ??? We wanted a picture to include your story In Our News Room, but when our reporter was doing another story, they noticed that your picture had changed. It as a “hot link” to a picture that you used on your story, along with a dugg story …..

When your site saw the referring url from the users explorer, you switched the IMG to another picture.

Note : We dont bow down to anyone. You dont have to answer our email, but tucows , google , yahoo and a few others may ask the same questions. We have a response from Yahoo already. It was quickly answered.

Thanks for the digg on the Gmail phishing email warning. After reading the [above] email, I immediately came to my senses and understood what this comment was all about. Well George, let me introduce you to my little friend – Mr. htaccess Rewrite and the scorned in-law Ms. hotlinking.

What is hotlinking?


Bandwidth theft or “hotlinking” is direct linking to a web site’s files (images, video, etc.). An example would be using an <img /> tag to display a JPEG image you found on someone else’s web page so it will appear on your own site, eBay auction listing, weblog, forum message post, etc.

If you’re publishing content online with an image that is served from someone else’s server, you are "hotlinking" – unless of course you are using an image hosted on public sites like ImageShack, Photobucket, or Box.

I copied an image and it changed after a refresh!

Prior to the public release of Grid Focus, I had created a few Rewrite rules to deal with individuals who had begun distributing the theme without permission. As-is customary for many situations where content is re-used or distributed without permission, images used in the theme were still hosted on the local server. With a few .htaccess rules, anyone can easily serve alternate image for any external requests.

Target specific external domains and serve an alternate image

In order to serve your own "personalized" nohotlink image for specific domains, use:

# STOP hotlinking
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ nohotlink.jpg [L]

This first two lines of code tell the server to replace image requests from myspace.com & blogspot.com. The last line tells the server that for any image filetype request – jpg, jpeg, gif, bmp, and png – serve a personalized nohotlink.jpg image.

Deny all image requests from all domains other than your own

#STOP hotlinking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]
RewriteRule \.(jpe?g|gif|bmp|png)$ nohotlink.jpg [L,NC]

The above snippet will replace external image requests from any domain other than your own with your own nohotlink.jpg image. Find more examples for preventing hotlinking here.

George, stop misinforming internet users. There are no malicious scripts that swap images here on 5thirtyone.com.

Basically your referring URL (from your explorer) is stored in a cookie, which triggers the script to do whatever. In this case, change the IMG Path to another location. Our IMG=5thiryone.com/… activated a script on that site, that adjusted your screen accordingly. This problem was caught, and luckly did not get out in our feeds what-so-ever.

The only scripts that are activated are the imaginary ones in your head, or ones from your own site.

Take Care of your Hosting Issues

Make sure no one is hotlinking your images and get the best website hosting today. If you make sure to use one with dedicated servers you’ll be sure to avoid some major hosting headaches down the line. Get better hosting for your website!

Discuss - 31 Comments

  1. Myles says:

    found in his comments:

    “Users can download all our goodies, via our toolbar. Click On “Your Menu / Downloads ” and select the program you want… there is much more available, but this is a quick reference we use. There seems to be a debate online on stealing bandwidth. So if I post a banner from your site, lets say , I am stealing bandwidth because I have to goto your server to get the pic you have chosen ! – Digging a story , and putting a picture with it, IS NOT STEALING, I FEEL IT IS PUBLICIZING YOUR ARTICLE, NOT STEALING BANDWIDTH. There is a debate going on, on exactly the ethic’s of online reporting … Seem’s I caused it. I was also asked if I was the cause of blogger being down today, because of my attack here !! Man , what a day !”

  2. Jonah says:

    Here’s the best part:

    “so we reported your site to the authorities”

    Um, I guess the Governor of the Internets will be knocking on your door soon, huh? Look out!

  3. This is too funny, and I’ve been doing the same for quite a while now. I feed hotlinkers a random image, current rotation is goatse, tubgirl and lemonparty. That usually stops it pretty quickly.

  4. hi derek! it’s been a while

    I was just poking around this guys website.
    I’m guessing he is about 12 years old from all of his typos LOL. “do not except cookies”

    He really should have checked up on things before “reporting” you to google and yahoo (what would they do about it anyways?). I find it toooo funny that he says your image is obscene, when he has on his website a photo of a chick in a bikini that says SEXYHOT and links to a NSFW site. Doesn’t seem to me that his subscribers (if there are any), would even care about some text on an image.

    http://www.flickr.com/photos/wiphey/86327295/in/set-1636808/ =D

  5. John Pastor says:

    Hey, thanks for the plug! 😛

  6. Brad says:

    Hotlinking is probably the single most annoying thing someone can do. Kirsten, love your way of showing who’s boss host. Dish out a little David Hasslehoff.

    I woke up one morning to wordpress letting me know that I had a ping from a couple of sites. Turned out one of them was a random german site trying to mirror content (hosting company took care of it before I even saw it).

    One thing I can say, spam[mers] suck.

  7. Rob says:

    I made a hotlink image to deter a select few people who were linking tons of images from my site. Instead of the image they wanted, they got a bright yellow image with black text that said “I steal bandwidth. I’m also lousy in bed.”

  8. johno says:

    Reporting you to Google and Yahoo–if Google had any sense, they’d reply with words to the effect, “get a $%&’&% life”. They break into your house, then complain when you lock the door. I’m dumbstruck. I’m surprised they didn’t then attempt to hotlink that rather nice red image.

  9. Mark Penix says:

    Am I the only one who knew about hotlinking about 10+ years ago!? Being that I’m 25, yes I knew about it when I was 15.

    This gave me a good laugh. Thank you so much. To add to the hilarity was that misinformed post. Hilarious.

  10. […] found this post over on 5ThirtyOne pretty […]

  11. […] wrote an article – Pursuading people with Rewrite rules that “hotlinking” is bad is not malicious, it&#8217… digg_url = ‘http://www.brajeshwar.com/2007/prevent-hotlinking-with-htaccess/’; digg_title = […]