homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

Someone is stealing images!
how can i stop this dude?

 4:08 pm on Jan 20, 2006 (gmt 0)

One of my clients has a website with some gift oriented products. Now this other guy has stolen her images and actually having the image source come from her site. Is there anything I can do to put a stop to this? She has already contacted him with no response.

Her site is on a Cobalt 550 running Apache. There has to be a way to block him from doing this isn't there?



 4:18 pm on Jan 20, 2006 (gmt 0)

RewriteEngine on

RewriteCond %{HTTP_REFERER}!^$

RewriteCond %{HTTP_REFERER}!^http://your_domain_name/.*$ [NC] [OR]

RewriteCond %{HTTP_REFERER}!^http://www.your_domain_name/.*$ [NC] [OR]

RewriteRule .*\.(gif¦GIF¦jpg¦JPG¦bmp¦BMP¦wav¦mp3¦wmv¦avi¦mpeg)$ - [F]

in your .htaccess file :)


 4:21 pm on Jan 20, 2006 (gmt 0)

For a simple, reasonably-effective (but not 100%) solution, try this search [google.com]. It works well enough to make the hotlinker's site look broken to his visitors.

Better effectiveness can be had using a scripted approach, where you set and check cookies before serving images or protected content. But this requires an investment of significant time and complicates your site. You can also simply change the filenames periodically to 'break' the hotlinks.

The only 100% solution to theft of copyrighted images involves attorneys, but even that may not work if the thief is in a country with loose copyright laws or enforcement.



 4:23 pm on Jan 20, 2006 (gmt 0)

just one thing

you must change the broken vertical pipes to solid ( this board changes them )


 4:28 pm on Jan 20, 2006 (gmt 0)

There are several problems with that code, so to save future readers some trouble, here's a correction/enhancement.

In .htaccess:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com
RewriteRule \.(gif夸pe?g在mp如ng¦wav妃p3安mv地vi妃pe?g)$ - [NC,F]

Replace all broken pipe "¦" characters above with solid pipes before use; Posting on this board modifies them.



 4:31 pm on Jan 20, 2006 (gmt 0)

Does it matter that we are running shared images on this particular server? Where would I need to place the .htaccess file? I fixed the broken pipes and modified the file to suit my clients needs'...just didn't know if I was doing something wrong as the images still show up on the other dudes' website.


 4:38 pm on Jan 20, 2006 (gmt 0)

I used that code you have Curly but my clients' website is the one that gets blocked, not the other dudes' images. I'm probably just doing something wrong. I'll keep researching it but if you guys have any other ideas do share!


 4:52 pm on Jan 20, 2006 (gmt 0)

This is the code I used:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?MYDOMAIN\.com
RewriteRule \.(gif¦jpeg¦bmp¦png¦wav¦mp3¦wmv¦avi¦mpeg)$ - [NC,F]

But then I get an Internal Server error on my clients site AND the stealers sites' images all still work too.

Any ideas? Maybe its something to do with "mod_rewrite" or something that would cause me NOT to be able to do this?

[edited by: jdMorgan at 5:05 pm (utc) on Jan. 20, 2006]
[edit reason] Included code, removed URL per TOS. [/edit]


 5:08 pm on Jan 20, 2006 (gmt 0)

Check your server error log and look for the error message related to the 500-Server Error. The error log will often tell you exactly what's wrong.

The code is good, so it's likely a configuration problem, such as mod_rewrite not loaded or not allowed with your current config.

You can try commenting out the "Options" line. It may not be needed and it may not be allowed. If both are true, then the code might work without it.



 5:22 pm on Jan 20, 2006 (gmt 0)

I'm sorry to be a bother, but could you kindly direct me to where the error logs would be? I looked in /logs as admin but couldn't see anything.


 5:24 pm on Jan 20, 2006 (gmt 0)

I always thought the better solution was to replace the images they are linking to with something nasty, like porn shots or a banner that says "thief" or something like that, no?



 5:33 pm on Jan 20, 2006 (gmt 0)

Well I can't exactly do that as I noted before that all the images on this particular server are being shared by other websites, haha, so that wouldn't really work.

But if I could I would!


 5:42 pm on Jan 20, 2006 (gmt 0)

Ok it says in the error logs:

RewriteCond not allowed here

Any way around this?


 5:58 pm on Jan 20, 2006 (gmt 0)

Ok I checked out Apache and "mod_rewrite" is a loaded module. But I am still getting the error page and the error logs say this:

RewriteEngine not allowed here

Any ideas?


 6:16 pm on Jan 20, 2006 (gmt 0)

I figured it out! :D:D:D:D

Since I am sharing images on the entire server, I needed to place the .htaccess file inside of the directory where the image folders were located. So that worked like a charm!


 6:31 pm on Jan 20, 2006 (gmt 0)

Well that didn't exactly work. Its blocking images on my clients site too.

I'll keep playing...


 6:46 pm on Jan 20, 2006 (gmt 0)

Is there a way to "allow" images to be seen with a certain IP Class?


 10:27 pm on Jan 20, 2006 (gmt 0)

If you simply want to 'allow' several other client sites to use these images, add them as negative RewriteConds, Assuming you're still using the last code you posted, and them like this:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?MYDOMAIN\.com
RewriteCond %{HTTP_REFERER} !^http://(www\.)?CLIENT1_DOMAIN\.com
RewriteCond %{HTTP_REFERER} !^http://(www\.)?CLIENT2_DOMAIN\.com
RewriteRule \.(gif夸peg在mp如ng安av妃p3安mv地vi妃peg)$ - [NC,F]



 10:31 pm on Jan 20, 2006 (gmt 0)

There probably is...you may find an answer In the Apache URL Rewriting Guide (search Google for that).

But if you know all the domains of all the websites that access these images, then you could add more Rewrite Conditions to allow other domain names access.

RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com ## existing line ##
RewriteCond %{HTTP_REFERER} !^http://subdomain\.example\.com
RewriteCond %{HTTP_REFERER} !^http://(www\.)?otherdomain\.com
RewriteCond %{HTTP_REFERER} !^http://(www\.)?andanother\.org
RewriteCond %{HTTP_REFERER} !^http://(www\.)?andanother\.net

Adding the above conditions would probably work too. Plus the above won't get hosed if the IP addresses of the sites ever change some day (?).

Good luck!


 10:44 pm on Jan 20, 2006 (gmt 0)

Can I just edit the httpd.conf file because none of this other stuff is working. I have been working on this since around 11 am CST. Its getting a little frustrating to say the least.

I posted this message on another site looking for help but to no avail:

So I have been researching this ALL DAY and found all kinds of things about modifying the .htaccess file to block this dude from stealing images.

Here is what makes this a unique situation. We are running Apache with hundreds of similar websites that are sharing the same images. So instead of having each and every website have its very own copy of each image, we decided to save space, and have one folder (and rewrote part of the httpd.conf file to make it work) but now there is a site (not hosted by us) that is hardlinking images from one of my clients on his site

How do I block this guy? I have pretty well tried everything I have found online. I even found a nice tool <snip>

If I take my clients site XYZ.com and add a .htaccess file there and paste the results gathered by the above link then I get an Internal Server Error. So I decided to go into the Shared Folder regiion and added the .htaccess file there. But the problem is that not only is the STEALERS images not work, but none of our clients on that server work either

So, hopefully, you can see the uniqueness of this situation. I even tried a DENY FROM with the stealers' IP Address but to no avail. I'm sure all of the code that htmlbasix.com provided would work under normal circumstances, but not working for me with this.

Maybe editing the http.conf file would be a solution perhaps? Thank you guys for your time once again and hopefully I can stop this idiot!

[edited by: jdMorgan at 10:57 pm (utc) on Jan. 20, 2006]
[edit reason] Repaired formatting. Removed URL per TOS. [/edit]

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved