How to stop it? A good question.

Some people say to use the Apache configuration (or .htaccess) to prevent hot linking, but I found that sometimes that stopped legitimate serving of images (perhaps because the page was cached at an intermediary ISP), and that was also undesireable.

Sorry I cant be more helpful, but I have had similar problems for years and have not been able to solve the issue without creating other issues.

Matt

I have also used .htacess in the past but faced same problem. So, I didn't use .htacess anymore in active folder / directory.

However, till this incident, I have not faced such a major problem. There are lots of incident where sites hotlinked images from my site or these were posted on a number of forums, but still this time it was really very big problem. Thousands of users (who received this email) was requested hundreds of images at the same time using 100 times the bandwidth :(

So someone else with some advice on this ....

There isn't much you can do in that situation - other than move the files constantly.

Tip: put advertisment pictures in the old location. Just make the 404 on the old image directory, redirect to you ad picture. Be sure to put the url of your site in the picture.

Or: if you want to be mean, redirect the 404 to some "ugly picture" elsewhere.

> but I found that sometimes that stopped legitimate serving of images

This is typically caused by a failure to handle blank HTTP_REFERER requests in the anti-hotlinking code. If the code does not allow image requests with blank referrers, then any visitor who comes to your site through a corporate or ISP caching proxy --for example, all AOL users-- will see a broken image.

On the other hand, some of the browsers fetching your images based on a hotlink may also be behind corporate or ISP caching proxies. If you allow blank referrers, they will successfully fetch your image.

So, you have to decide between breaking your own site for some legitimate visitors by blocking blank referrers to completely eliminate the bandwidth loss, or allowing some bandwidth loss by allowing blank referrers so that your legitimate visitors coming from behind caching proxies don't see broken images. Referrer-based solutions cannot be 100% effective, because for a request coming from a caching proxy, the referrer is meaningless and cannot be sent. Similarly, there is no referrer for a direct type-in request because the link came out of the user's memory, or off a slip of paper, bar napkin, newspaper, etc. The HTTP protocol makes no provision for those kinds of referrers... ;)

Nevertheless, if the code is written properly, it will work as described in either case.

Jim

I think there are Apache modules to handle bandwidth quotas, e.g. mod_curb (although i've never used it). Another idea: feed all your images through a script that counts the number of accesses and if this reaches a threshold in one day/week/month, redirect requests with a blank referer to a small image that explains the problem. I haven't done this myself, so it's just a thought.

isn't there some php script that you can use (just one little line in place of the image url), that checks to see whether it is your own site asking for the image. if it's not, then it won't display.

(...i know we're not supposed to give out urls to other sites, but this guy is desperate for a quick fix, and it's a very long script! so i hope you won't mind.
go to the 'a list apart' website and do a search for smarter image hotlinking prevention)

I have moved the images to a new folder and have redirected any request to old folder to a picture telling viewer that this picture is not available due to change of url. It give the url of my site and ask viewer to visit the site.

It really had a positive effect. I guess I have to move my picture folder constantly :)

But if I do this, will it affect indexing of my images with google image search?