homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

This 38 message thread spans 2 pages: < < 38 ( 1 [2]     
Mod Rewrite Anti-Leech (A Better Version)
Mod Rewrite Anti-Leech (A Better Version)

10+ Year Member

Msg#: 2783 posted 1:54 pm on Feb 1, 2005 (gmt 0)

Hi everyone my first post on these boards.

The preamble

This is the code that I'm currently using for anti-leeching purposes. But there's a couple of improvements I'd like to make for different senarios.

In the first case senario where someone is leeching bandwidth (or infringing copyright) by embedded my images in their site, I'd like to use REWRITE RULE 1, so that it displays an antileeching.jpg which would contain an appropriate alert/warning message on their site.

In the second case senario where someone is using a hypertext link to one of my images (so not actual displaying the image on their site, but rather linking directly to an image on my site) in this case I think it would be better to redirect traffic to my homepage, using something like REWRITE RULE 2.

This sounds good in theory but any ideas on how I'd go about writing the conditional statement to handle this?

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^$
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?myfriends.org(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mywork.com(/)?.*$ [NC]


RewriteRule .*\.(gif¦jpg¦jpeg¦png¦swf)$ [mydomain.com...] [R,NC]


RewriteRule .*\.(gif¦jpg¦jpeg¦png¦swf)$ [mydomain.com...] [R,NC]



WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Msg#: 2783 posted 3:16 am on Feb 9, 2005 (gmt 0)

OK, I'm reading a lot of high tech solutions to a low tech answer.

Rename the file on your server and replace the hijacked file with something more interesting.

One of my customers had many content pages hijacked by someone in a different country so legal options were too prohibitive. We simply replaced all the images, including the page background image, with words like "THIEF" "CROOK" "STOLEN IMAGE" you get the idea. The visitors to the hijacked site saw that for about a week before the crook got wise and removed all those images from their site.


10+ Year Member

Msg#: 2783 posted 3:34 am on Feb 9, 2005 (gmt 0)

You need to also be aware that it could be a freindly blog site, sending traffic your way.


WebmasterWorld Senior Member 10+ Year Member

Msg#: 2783 posted 4:22 am on Feb 9, 2005 (gmt 0)

bill's suggestion is often used on eBay when another seller hotlinks images for his/her own listing. Banning domains would not make sense since you are also serving images from that same domain. (You'd have to ban by item number.)

There is also the other approach of substituting images for specific domains that you specify.


10+ Year Member

Msg#: 2783 posted 4:51 am on Feb 13, 2005 (gmt 0)
I've been following this and similar threads with interest, hoping to hone my mod_rewrite statements a bit.

I use much the same mod_rewrite stuff listed here, but in conjunction with a couple of other tricks that othes might care to comment on:

1) The first is adding pics to my gallery pages as table cell backgrounds, with a transparent gif as the front image. It wont owrk with hotlinkers who know their business has proved to work so far in 99 percent of cases where my images have been hotlinked. Most people never seem to question that the "front" clickable image is the picture they want, and gleefully add the URL to their site, of course bringing up the clear GIF. To make it more enticing, the directory containing a large number of these transparent gifs is enticingly called "photos", while the real pics are stored somewhere with an arcane name.

There are problems. While it seems to work OK in most browsers, it can be problematic over a slow dial up connection. If the image is only partially loaded, hitting reload doesnt seem to complete reloading the image. for anyone halfway clued up, a giveaway would be the .gif file extension.

2) A lot of downloaders who couldnt access the directory listing rightly just incremented the numbers at the end of the path, so changing /pics/image01.jpg to /pics/image02.jpg etc, etc (you do have to be desperate!). So I took to adding a "spoiler" at the end of the URL, as in /pics/image01_93402.jpg /pics/image02_65719.jpg so the sequence wont work. I use dreamweaver templates for the gallery, and its just a case of going through the image directory and adding random numbers to the end. With a really vast gallery system this is going to be hard work though.

3) Once a month or so I "move" the images folder by renaming it; changing the directory name in DW and on the server so I dont have to re upload all the pics. I do have to re-upload the html pages, but the site is only 600 or so pages. The I use a sort of 'look behind to see whos following' approach and check the logs for 404s in the old directory and take appropriate action against any obviously offending referrers or clients. My image directories are obviously excluded in robots.txt.

In addtion to the above, all the images are watermarked. I was truly delighted when one outback Australian wrote me that I was a fool as he'd got around all my precautions and downloaded all my images, and was now going to Photoshop (!) the watermark out of all 300. His broadband ISP (the only one serving his rural locality) obligingly deleted his account after I forwarded them the mail.

None of these are going to stop really determined thieves or hotlinkers, but the last may deter those who have to double check your pages constantly every time there is a 'hole' in their site.


10+ Year Member

Msg#: 2783 posted 1:34 pm on Feb 13, 2005 (gmt 0)


Sounds like an awful lot of extra work trying to keep a few people away. And as you wrote, they can get to your images anyway if they really want to.

Personally, I would never use my robots.txt file to guide eventual image grabbers as where to look. That file should be clean as a whistle only containing "not welcome" messages to friendly bots respecting the messages. The others should be dealt with server side scripted.

The transparent GIF is a good solution to obvious newbies not knowing or thinking about what they're doing. A simple redirect to the transparent GIF when hotlinking should do the trick - they wont be able to see the image. Place the transparent GIF on another domain to keep them out of your stats.

Your complicated approach with images in backgrounds and transparent GIF's as anchor images isn't really feasible if you want to get peoples attention via image searches. I doubt your web site will get good page rankings for image galleries if there is little text and lots of cleverly hidden images.


10+ Year Member

Msg#: 2783 posted 4:12 am on Feb 14, 2005 (gmt 0)


Fair comment, although it is not as complex as it perhaps sounds, as all of the galleries are set up from templates to creating new galleries and adding images is simply done with find and replace.

My possibly slightly unhealthy obsession with mod_rewrite and the other methods possibly stems from my background as a photojournalist who has been dealing with copyright abuse since long before images were digitised. In short, I lack any patience with those who think copyright is for other people.

My robots.txt does ban all bots from image folders; I see little value to doing well for searches for my images presented without context. While my images do not appear in google etc 'image' searches, they do in fact rank highly on the normal page searches, including a couple of top slots and plenty of top 10s for "#*$!placename gallery", "xxxplacename photo" or the like. Admittedly, the pages do have quite a bit of descriptive text.

I have no real idea about scripting to deal with the hotlinking problem, and no budget for it, hence for now I am stuck with mod_rewrite and the mix of other techniques until something better - and easy to implement - arrives.


WebmasterWorld Senior Member 10+ Year Member

Msg#: 2783 posted 6:04 am on Feb 14, 2005 (gmt 0)

Hello Carrots:

My images are mostly specialized maps, resulting from 20 years of work.
Naturally they are targets for hot-linking, but I deal with that on a case-by-case basis.

IF its some blog or the like _and_ they give proper credits and an
honest link back, I simply leave things as they are.

By "honest link" I mean the usual href = kind, none of that rel=nofollow stuff,
and definitely not a php redirect to site#123.

IF its a blog with no link back, I subscribe and put one in, maybe 2 or 3 if relevant.

IF I can't get into the blog (instructions in Korean etc.) or anything
that looks abusive, then its time for musical filenames.

I copy map#1.gif to map#1A.gif. Send it on up to host.
I search _all_ html files using that image and change filename to map#1A.gif.

Then the fun starts, again on a case-by-case basis.

For the NEW map#1.gif (shown on the hotlinking site)
I might put up the same image with my main URL emblazoned on the front of it.

" For the original work resulting in this image, see www.mysite.net "

One image was a picture of a strange undersea sponge.
I substituted Spongebob Squarepants.

I reserve the raunchy explicit stuff only for the very worst offenders, and very seldom.
I make a point of taking those images down once the hotlinking fades away.
No use tempting some unexpected penalty.

Then (if its Friday nite / Saturday) I go drink lots of beer and complain about something else.

Best - Larry


10+ Year Member

Msg#: 2783 posted 6:40 pm on Mar 25, 2008 (gmt 0)

I'm updating my .htaccess files and wondering if these recommendations from 2005 are still applicable now?

Have there been any changes in search engine exclusions?

Would it be advisable to use the method JDMorgan wrote about at the bottom of this topic: [webmasterworld.com...] ?
(That method would block faked blank referers or faked blank user agents, and blank referer and blank user agents except for the HEAD.)

This 38 message thread spans 2 pages: < < 38 ( 1 [2]
Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved