Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Mod Rewrite Anti-Leech (A Better Version)

Mod Rewrite Anti-Leech (A Better Version)

1:54 pm on Feb 1, 2005 (gmt 0)

New User

10+ Year Member

joined:Feb 1, 2005
votes: 0

Hi everyone my first post on these boards.

The preamble

This is the code that I'm currently using for anti-leeching purposes. But there's a couple of improvements I'd like to make for different senarios.

In the first case senario where someone is leeching bandwidth (or infringing copyright) by embedded my images in their site, I'd like to use REWRITE RULE 1, so that it displays an antileeching.jpg which would contain an appropriate alert/warning message on their site.

In the second case senario where someone is using a hypertext link to one of my images (so not actual displaying the image on their site, but rather linking directly to an image on my site) in this case I think it would be better to redirect traffic to my homepage, using something like REWRITE RULE 2.

This sounds good in theory but any ideas on how I'd go about writing the conditional statement to handle this?

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^$
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?myfriends.org(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mywork.com(/)?.*$ [NC]


RewriteRule .*\.(gif¦jpg¦jpeg¦png¦swf)$ [mydomain.com...] [R,NC]


RewriteRule .*\.(gif¦jpg¦jpeg¦png¦swf)$ [mydomain.com...] [R,NC]

3:16 am on Feb 9, 2005 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
votes: 99

OK, I'm reading a lot of high tech solutions to a low tech answer.

Rename the file on your server and replace the hijacked file with something more interesting.

One of my customers had many content pages hijacked by someone in a different country so legal options were too prohibitive. We simply replaced all the images, including the page background image, with words like "THIEF" "CROOK" "STOLEN IMAGE" you get the idea. The visitors to the hijacked site saw that for about a week before the crook got wise and removed all those images from their site.

3:34 am on Feb 9, 2005 (gmt 0)

New User

10+ Year Member

joined:Feb 1, 2005
votes: 0

You need to also be aware that it could be a freindly blog site, sending traffic your way.
4:22 am on Feb 9, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 16, 2001
votes: 4

bill's suggestion is often used on eBay when another seller hotlinks images for his/her own listing. Banning domains would not make sense since you are also serving images from that same domain. (You'd have to ban by item number.)

There is also the other approach of substituting images for specific domains that you specify.

4:51 am on Feb 13, 2005 (gmt 0)

New User

10+ Year Member

joined:Feb 29, 2004
votes: 0

I've been following this and similar threads with interest, hoping to hone my mod_rewrite statements a bit.

I use much the same mod_rewrite stuff listed here, but in conjunction with a couple of other tricks that othes might care to comment on:

1) The first is adding pics to my gallery pages as table cell backgrounds, with a transparent gif as the front image. It wont owrk with hotlinkers who know their business has proved to work so far in 99 percent of cases where my images have been hotlinked. Most people never seem to question that the "front" clickable image is the picture they want, and gleefully add the URL to their site, of course bringing up the clear GIF. To make it more enticing, the directory containing a large number of these transparent gifs is enticingly called "photos", while the real pics are stored somewhere with an arcane name.

There are problems. While it seems to work OK in most browsers, it can be problematic over a slow dial up connection. If the image is only partially loaded, hitting reload doesnt seem to complete reloading the image. for anyone halfway clued up, a giveaway would be the .gif file extension.

2) A lot of downloaders who couldnt access the directory listing rightly just incremented the numbers at the end of the path, so changing /pics/image01.jpg to /pics/image02.jpg etc, etc (you do have to be desperate!). So I took to adding a "spoiler" at the end of the URL, as in /pics/image01_93402.jpg /pics/image02_65719.jpg so the sequence wont work. I use dreamweaver templates for the gallery, and its just a case of going through the image directory and adding random numbers to the end. With a really vast gallery system this is going to be hard work though.

3) Once a month or so I "move" the images folder by renaming it; changing the directory name in DW and on the server so I dont have to re upload all the pics. I do have to re-upload the html pages, but the site is only 600 or so pages. The I use a sort of 'look behind to see whos following' approach and check the logs for 404s in the old directory and take appropriate action against any obviously offending referrers or clients. My image directories are obviously excluded in robots.txt.

In addtion to the above, all the images are watermarked. I was truly delighted when one outback Australian wrote me that I was a fool as he'd got around all my precautions and downloaded all my images, and was now going to Photoshop (!) the watermark out of all 300. His broadband ISP (the only one serving his rural locality) obligingly deleted his account after I forwarded them the mail.

None of these are going to stop really determined thieves or hotlinkers, but the last may deter those who have to double check your pages constantly every time there is a 'hole' in their site.

1:34 pm on Feb 13, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 17, 2005
votes: 0


Sounds like an awful lot of extra work trying to keep a few people away. And as you wrote, they can get to your images anyway if they really want to.

Personally, I would never use my robots.txt file to guide eventual image grabbers as where to look. That file should be clean as a whistle only containing "not welcome" messages to friendly bots respecting the messages. The others should be dealt with server side scripted.

The transparent GIF is a good solution to obvious newbies not knowing or thinking about what they're doing. A simple redirect to the transparent GIF when hotlinking should do the trick - they wont be able to see the image. Place the transparent GIF on another domain to keep them out of your stats.

Your complicated approach with images in backgrounds and transparent GIF's as anchor images isn't really feasible if you want to get peoples attention via image searches. I doubt your web site will get good page rankings for image galleries if there is little text and lots of cleverly hidden images.

4:12 am on Feb 14, 2005 (gmt 0)

New User

10+ Year Member

joined:Feb 29, 2004
votes: 0


Fair comment, although it is not as complex as it perhaps sounds, as all of the galleries are set up from templates to creating new galleries and adding images is simply done with find and replace.

My possibly slightly unhealthy obsession with mod_rewrite and the other methods possibly stems from my background as a photojournalist who has been dealing with copyright abuse since long before images were digitised. In short, I lack any patience with those who think copyright is for other people.

My robots.txt does ban all bots from image folders; I see little value to doing well for searches for my images presented without context. While my images do not appear in google etc 'image' searches, they do in fact rank highly on the normal page searches, including a couple of top slots and plenty of top 10s for "#*$!placename gallery", "xxxplacename photo" or the like. Admittedly, the pages do have quite a bit of descriptive text.

I have no real idea about scripting to deal with the hotlinking problem, and no budget for it, hence for now I am stuck with mod_rewrite and the mix of other techniques until something better - and easy to implement - arrives.

6:04 am on Feb 14, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 13, 2004
votes: 0

Hello Carrots:

My images are mostly specialized maps, resulting from 20 years of work.
Naturally they are targets for hot-linking, but I deal with that on a case-by-case basis.

IF its some blog or the like _and_ they give proper credits and an
honest link back, I simply leave things as they are.

By "honest link" I mean the usual href = kind, none of that rel=nofollow stuff,
and definitely not a php redirect to site#123.

IF its a blog with no link back, I subscribe and put one in, maybe 2 or 3 if relevant.

IF I can't get into the blog (instructions in Korean etc.) or anything
that looks abusive, then its time for musical filenames.

I copy map#1.gif to map#1A.gif. Send it on up to host.
I search _all_ html files using that image and change filename to map#1A.gif.

Then the fun starts, again on a case-by-case basis.

For the NEW map#1.gif (shown on the hotlinking site)
I might put up the same image with my main URL emblazoned on the front of it.

" For the original work resulting in this image, see www.mysite.net "

One image was a picture of a strange undersea sponge.
I substituted Spongebob Squarepants.

I reserve the raunchy explicit stuff only for the very worst offenders, and very seldom.
I make a point of taking those images down once the hotlinking fades away.
No use tempting some unexpected penalty.

Then (if its Friday nite / Saturday) I go drink lots of beer and complain about something else.

Best - Larry

6:40 pm on Mar 25, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Dec 4, 2002
posts: 385
votes: 0

I'm updating my .htaccess files and wondering if these recommendations from 2005 are still applicable now?

Have there been any changes in search engine exclusions?

Would it be advisable to use the method JDMorgan wrote about at the bottom of this topic: [webmasterworld.com...] ?
(That method would block faked blank referers or faked blank user agents, and blank referer and blank user agents except for the HEAD.)

This 38 message thread spans 2 pages: 38