Welcome to WebmasterWorld Guest from 54.158.86.243

Forum Moderators: Ocean10000 & incrediBILL & phranque

Blocking *.blogspot.* hotlinking

how to block hotlinking from blogspot (which is hosted by google)

     
3:51 am on Feb 11, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 56
votes: 2


I am trying to defend my sites from others who hotlink my images. I don't mind the odd forum hotlinking, but this gets out of hand with repeated hotlinking from the same site and web page. Usually I am successful with an http_referer rewrite condition such as:

RewriteCond %{HTTP_REFERER} ^http://.*daro*\.com/ [OR]...
RewriteRule ^.* - [F,L]

This usually works for me. That said I have 3 *.blogspot.* sites that hotlink my images that do not get banned by my usual http_referer condition. Blogspot is hosted by google, and they must have some special magic that tricks me.

I have tried this as well, which also does not work:
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot [OR]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F,L]

What is odd is that when I delete the images they request from my directories, I see in my log that they continue to receive successful 200s and download the image, even when the image no longer exists. I contacted my host provider who could not give me a proper explanation. I then created a single pixel image and renamed it to the image they requested, which works and only costs me 35 bytes/request.

What I'd rather have is that these *.blogspot.* sites get a 403/500 when they hotlink my images, even though my single pixel image is less costly. These blogspot sites show up in my Google Analytics as well as my shortstat log, something I wish to not happen. Can anyone explain to my how they can bypass the http_referer condition? How can I ban these blogspot hotlink bandits? These two sites are very popular and really hit me hard each day with numerous (50) downloads of the same images, thus greatly affecting my bandwidth resources.

I have contacted Google about hotlinking, but as these are not my copyrighted images I cannot submit a DMCA request. Google seems to tolerate hotlinking if the image is not your copyrighted image.

Any help would be greatly appreciated. Thanks. I am new here, so hope I did not break any forum rules.
5:05 pm on Feb 16, 2017 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:3104
votes: 120


I am glad to hear that things are starting to click for you in handling hotlinked images. But please tell us that you are not using this line anywhere?
SetEnvIf User-Agent "blogspot " keep_out
because blogspot is not a UA, it might be a referer, but not a UserAgent.
If a.b.c+2.0/24 and a.b.c+3.0/24 comes along I'll ban a.b.c.0/22.
One thing I noticed above is where it appears that you are "making up" or inventing CIDRs and you should be very careful of doing that. It is quite possible that your invented CIDRs are including IPs from two different servers and it is entirely possible that one of those affected servers is an ISP rather than a host. You should do a whois lookup to be certain of "who" you are blocking. It will save you work in the long run and avoid blocking real people who would like to visit your site(s). I looked at a few of the IPs you've listed:
107.167.112.188 [13/Feb/2017:01:08:26 for example is part of CIDR 107.167.160.0/19
(which is GOOGLE-CLOUD 107.167.160.0 - 107.167.191.255 CIDR:107.167.160.0/19 and could be anything from hosted bots to mobile visitors)
168.235.201.61 [13/Feb/2017:01:45:04 is part of CIDR 168.235.64.0/18
(which is RAMNODE - commonly a server farm topic)
I hope this helps to see why we want to know who we are blocking.

To get a more solid understanding of the best way to use various "tools" within htaccess the section of Apache's site that covers Authentication and Authorization [httpd.apache.org] is helpful and there are links there to all the other Apache sections. That link is from the Apache Forum Charter: [webmasterworld.com...] which is right next to the Apache Forum Library.
5:30 pm on Feb 16, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 56
votes: 2


SetEnvIf User-Agent "blogspot " keep_out
Yes, that was my mistake, and it did not work the first time. On top of the UA error, there is a blank space after blogspot. Double mistake. I have fixed it to:

SetEnvIf Referer "hotlinker*.blogspot" keep_out

Before I ban an IP range I do a whois lookup. I only extend a range if it is the same host provider. Some hosts, such as AWS, Digital Ocean, OVH, Turk Tel, B2Net, Colocrossing/HVH I ban entirely. Thanks for the links. I'll go do more reading.
11:45 pm on Feb 23, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 56
votes: 2


As a social engineering option I also filed 2 DMCAs against blogger for 2 other *.blogspot.* sites that were hotlinking from me. Blogger is run by Google. Here is their answer:

Thanks for reaching out to us.
At this time, Google has decided not to take action. We encourage you to resolve any disputes directly with the individual who posted the content.

If you cannot reach an agreement and choose to pursue legal action against the individual who posted the content, and that action results in a judicial determination that the material is illegal or should be removed, please send us the court order seeking removal. If you would like to request identifying information about an anonymous poster, please contact google-legal-support@google.com (if you are in the U.S.) or internationalcivil@google.com (if you are outside of the U.S.) for more information on how to serve us with valid legal process.

Regards,
The Google Team

Google is asking me to file a lawsuit against the owners of the two blogspot site owners, one in Italy and the other in Indonesia. Once I win these lawsuits they will comply. I have no ability file any such lawsuit. At least the ban method that I learned here works well.

SetEnvIf Referer "blogspot" keep_out

order allow,deny
allow from all
deny from env=keep_out
This 33 message thread spans 2 pages: 33