Hotlinking

Image Hotlinking (also known as leeching, or inline linking) is the practice of stealing bandwidth from other websites, by linking to an image stored on another server. By doing this, when a person visits a website with hotlinked images, the images must be downloaded from the other server, costing that server bandwidth, instead of the server being visited.

This practice can lead to gigabytes of bandwidth being "leeched" from other websites, with no benefit to themselves in return.

Am I Hotlinking Someone Else's Image?

It is quite possible that people new to webpages may be engaging in the practice of image hotlinking without realizing it. The best way to determine if you are image hotlinking is to look at the image code:

If the image is coming from a site that isn't yours, it's considered hotlinking or inline linking. To solve this, save a copy of the image yourself (assuming you have permission to do so), upload it to your web server, and link to it from there. Alternatively, you can upload it to the numerous free image hosting sites available around the net.

Combating Image Hot Linking

There are several ways of combating leeching:

1. Image Replacement - The tool of more vindictive webmasters, this is when the images being inline linked to are swapped for more "inappropriate" content. Often embarrassing, this will ensure that the thief will look elsewhere for his/her images.

Unfortunately, this involves effort on a case-by-case basis and, while often entertaining, is not very efficient. Also, your poor victim may not even realize what they are doing is wrong, and swapping their image for something more embarrassing would just be cruel, wouldn't it?

2. Legal Action - Hotlinking to images and other multimedia can be considered intellectual property theft, and can open the perpetrator to legal action. This method of prevent hotlinking however, it is expensive and time consuming, and won't necessarily prevent others from trying the same thing.

3. .htaccess Files - The best method for beating image leechers is the use of a .htaccess file.

If you are new to to .htaccess files, it would probably be a good idea to Google it and have a read, before continuing. Here is the first line:

RewriteEngine On

This begins the rewriting rules, the rules that govern redirection when someone tries to access your website. Next:

RewriteCond %{HTTP_referrer} !^$

HTTP_referrer indicates the site the request is coming from. If someone hotlinks one of your images, the HTTP_referrer will be equal to whatever address the image was linked to. The full line means that the following code will only be executed if the referrer is not blank. Now, what if the referrer is YOUR site (i.e someone browsing your own website):

RewriteCond %{HTTP_referrer} !^http://(www\.)?yoursitehere.com(/)?.*$ [NC]

This line will allow requests whose referrer is your own site. If there are any other websites you would like to allow access, simply copy this line underneath itself, and replace "yoursitehere.com" with their domain. You can do this as many times as you like.

RewriteRule .*\.(gif|jpe?g|png|bmp)$ [F,NC]

This last line, will rewrite any requests who's referrer doesn't match the above criteria (i.e blank, from your site, or from any other site you specified) to point to nothing. The leecher will simply find that the image he is linking to will not display.

There you have it! This is how it will look:

RewriteEngine On
RewriteCond %{HTTP_referrer} !^$
RewriteCond %{HTTP_referrer} !^http://(www\.)?yoursitehere.com(/)?.*$ [NC]
RewriteCond %{HTTP_referrer} !^http://(www\.)?anothersiteitrust.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpe?g|png|bmp)$ [F,NC]

Once you gain more experience with using .htaccess files, you can tailor this code to work exactly how you want it, but for the time being, this should suit your needs.

The disadvantage to this method, is that you prevent people from linking to the image normally. This is not always a problem, especially if you'd rather have them link to the page the image resides on, but this may be unacceptable to others.

Leave a comment

Name:

Comment:

Total comments: 11

Phid commented on 25 Jan 2007 -

Please tell us how to blacklist sites rather than whitelist them. I would rather allow anyone to hotlink to my images (e.g. small sites) but have the ability to blacklist especially bad sites (e.g. inappropriate content sites or bandwidth hoggers). I would also like to place an image (e.g. "Image property of ____") in place of the hotlinked image. Thanks.

Ron Payne commented on 2 Jun 2007 -

Good information. Thanks for putting it up. Your site came up third down in Yahoo's search. LOL

Ron payne commented on 2 Jun 2007 -

Forgot to mention that every where else, "HTML_Referrer" as you have it is written as "HTML_referer". And it works that way. Haven't tried using "HTML_referrer" yet to see if it makes a difference.

Ron Payne commented on 9 Jan 2008 -

Can you list the code needed to allow specific sites/search engines like Google's, Yahoo's and other legitimate sites/engines? Have asked, but get so many variations. For example:
RewriteCond %{HTTP_REFERER} !^http://images.google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://images.google.com$ [NC]

And about Yahoo. Tried so many variations that we lost track of what we were doing. LOL

Ron
http://PayneLessDesigns.com

webmasta commented on 15 Aug 2008 -

that last line is incorrect....

should read
RewriteRule .*.(gif|jpe?g|png|bmp)$ - [F,NC]

note the dash between the $ and [F,NC]

Kyle Allen commented on 27 Nov 2008 -

Hello, I get on Google Images and search for cool pictures to right click on and set as my background. One time I clicked on a picture to make it bigger and a notice came up that said quit hot linking. Is what I am doing hot linking and is it illegal?

graham commented on 26 Jan 2009 -

Kyle, no you didn't do anything wrong or illegal. The message was because two websites were in a dispute. One website hosts the image, but another website stole the image. The website with the original image is mad about the image theft, and tried to get revenge on the thieves website by changing the image. What you saw was an image switch. You were basically caught in the middle of a dispute.

===
Graham
Hotlink Protection

Babaji M P commented on 25 Sep 2009 -

Using a replacement image is working.

But ... ,

The replacement images changes to the dimension of the copied image !

For eg.,

The original image is http://mysite.com/image.jpg of dimension 800x900
replacement image is http://hosted.com/image.jpg of dimension 200x300

Now, the problem here is the replacement image is stretched to 800x900,
making it hard to see the warning on the replacement image.

Any idea how to make the replacement image to show specific dimension via .htaccess ?

Thank You.

HackerTen commented on 16 Nov 2009 -

Easy Babaji, change the replacement image for something bigger then you will have solved the problem.

---------------
http://www.hackerten.com

DeafMan commented on 24 Feb 2010 -

RewriteCond %{HTTP_referrer} ^$ means that a blank referer (note correct spelling for .htaccess) is true and we continue on to other conditions. Using the ! means the condition is now false and since line-to-line is "AND" logic, it doesn't matter what they say. The whole set of conditions is false and there's no rewrite.

Thus you allow the blank referrers through places like anonymouse.org - the moral of the story is: if someone wants your file they're going to have it. There's no (none!) security on the web and even less privacy! (! doesn't mean "not" in valley speak)

Mr. Reader commented on 28 Oct 2010 -

Thanks for the info.
It's not clear what is meant by: "the image was linked to."
at 3. .htaccess Files .... HTTP_referrer indicates the site the request is coming from. If someone hotlinks one of your images, the HTTP_referrer will be equal to whatever address the image was linked to.
Please rewrite to clarify. Thanks.