Stop Image Hot linking & Bandwidth Theft

The contents of this article may be out of date. It has been archived and will no longer be updated, comments are closed and the page is provided for reference purposes only.

Hot linking what happens when someone copies and pastes images from your site to their blog or website. This practice may be purely accidental or downright theft. If someone hot links your images, every time that image is shown on their website, your server bandwidth is used. This can be an issue if your host company caps your monthly bandwidth. The smart way to prevent this is via a .htaccess file.

Using our .htacces file we can set:

  • What website to block
  • What website to allow
  • Allow or deny blank referrers
  • Display custom images when hotlinking is detected
  • Files to protect

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([^.]+\.)?yoursite\. [NC]
RewriteCond %{REQUEST_URI} !^/images/hotlink\.gif$
RewriteRule \.(jpe?g|gif|bmp|png)$ /images/hotlink.gif [NC,L]

So what exactly are we doing here?

Line two is allowing blank referrers (recommended) these users may be surfing under a firewall and thus they are not providing any referrers information.

Line three is allowing your site to display your images. The [NC] code means “No Case”, meaning match the URL regardless of being in upper or lower case letters.

Line four excludes the hotlink.gif image from the rule so your hot linked image can be displayed and not blocked.

Line five matches any files ending with the extension jpeg, jpg, gif, bmp, or png. This is then replaced by the hotlink.gif file in your images directory.

The hotlinker.gif image is a custom image that you have created. I suggest using something like “This image was hot linked from yoursite.com”. Remember these is no need to be nasty as sometimes hot linking can be an innocent mistake. I liked the wording of an image used by www.mezzoblue.com I found on flickr and used this as a template for my own image below:

Hotlinking Image

The above images is the mezzoblue inspired optimised GIF that I use to replaced hot linked images from this domain.

Alternatively you can display a 403 Forbidden error code instead of an image. Replace the last line of the previous examples with this line:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]

Hold on won’t this stop Google indexing my images? Yes, if you want to block other websites from hot linking your images, but allow indexing of your images in the Google, Yahoo and MSN image search engines, you should use the code below:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([^.]+\.)?yoursite\. [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteCond %{HTTP_REFERER} !msn\. [NC]
RewriteCond %{HTTP_REFERER} !yahoo\. [NC]
RewriteCond %{REQUEST_URI} !^/images/hotlink\.gif$
RewriteRule \.(jpe?g|gif|bmp|png)$ /images/hotlink.gif [NC,L]

Lastly say someone is using your images in a way you do not feel is appropriate you may then want to only stop hot linking from their specific outside domains, but allow any other web site to hotlink images you can add the following rules:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]

The above rules block images hotlinked on MySpace and Blogspot and will display a 403 Forbidden error code as in the above example.

In conclusion if your hosting company provides unlimited bandwidth it may not be necessary to prevent hot linking however if you are paying by the gigabyte it may prove effective in preventing bandwidth theft.

This article was posted on 22 May 2009 in Code, Tutorials

comments

What you have had to say about all this...

Many thanks for the code. I think replacing the hot linked image is a lot more effective than using 403 error page. the 403 page will not get displayed on the external site and their visitors are none the wiser. the replacement however is looking fantastic, everywhere where my pics shouldn’t be! thanks for sharing.

For me the bandwidth stolen is less important than the pic stolen, as my site is all about my pics. Too many people and pic grabbers are taking them without thanks. respect for copyright is getting worse as people prefer the convenience of finding large amount of pics at the stealing sites! would like to have your comment on this too.

- Via

What about google/google images?

- Hayden James

That's the end of this article. I hope you found it useful. If you're enjoyed this article why don't you have a look around the archives, where you can find some more tutorials, tips and general ramblings.