** I changed the subject header in order to point people towards the info re .htaccess and robots.txt files that is contained later in this thread. **
Another edit - January 19, 2004 - removed my rant - it isn't needed BUT all this information is good regarding preventing direct linking, robot.txt files, etc.
So now it's a sticky at the top of the customization forum.
Gaile
Posts: 13451
PixelPoet, I could not agree more! You have my full support on this.
I hope someone a little more apache/rewrite savvy can help you out in making a .htaccess file that prevents hotlinking of images for you.
Posts: 974
pixelpoet: do you need help stopping people from hotlinking?
Posts: 1301
Hi
No - thanks. My .htaccess file and my robots.txt keep a lot of the riff raff away. Those are two files I have spent a lot of time perfecting (webmasterworld.com is a great place to learn more). I don't hesitate to block people that I find constantly direct linking. I don't allow linking to jpg or png files because those are my photos, but I let the little 'tards link to gif files so that I can find them quickly. Lately tho I've got the ones that are downloading my site lock, stock and barrel and even leaving my sitemeter intact. :roll:
Those ones are REAL easy to pick off...
I'd love a way to keep people from stealing my stylesheets, but I don't think that's possible.
Anyway... I just needed to vent. Thanks.
Gaile
Posts: 974
It's okay if you don't need or use my ideas, I'm the idea guy, that's what I'm here for. It sucks that people steal your hard work and I would be glad to help kick their collective butts. I've got more ideas if you're interested.
Posts: 7994
Gaile, there are a couple of techniques you can use to prevent people from using your stylesheets. The easiest approach is to move the stylesheet out of your document root and then write a quick PHP script that prints out the contents of it. Then link to that PHP script instead of the style sheet directly. Then you can write some code that checks the HTTP_REFERER to see if the page requesting the style sheet is in your domain, and if not, you can send back nothing (or a stylesheet of your own that makes their site look terrible :-P )
I'm sure Jesse can help you put that in place!
Posts: 8194
Heh, I thought Jesse only came up with ideas, no actual work ;)
Posts: 1301
Jesse, if there is a way (as Bharat mentioned) to prevent the use of my stylesheets then I'm all for it. I found two more sites tonight and I've removed my css entirely until I find a way to stop this.
I am simply tired of people not asking once in a while for HELP instead of just taking. The stupid part is leaving in actual links to my site that make it so easy for me to find these idiots. :roll:
Ironically the most recent site I found is a charity in my area. Guess who won't be getting any donations from me....
I do want to just end this thread now and not have it drag out needlessly. There are other more important things to do.
I do appreciate your offer of assistance and will email you when I decide what direction I'm going in with this.
Gaile
Posts: 332
Just going to post this tutorial I wrote for my Hosting Company. Usefull for anyone who needs to stop unwanted theft. Be aware that certain people will not be able to access your files. The people affected use either a high level security on IE or have a firewall with higher level security setting. By using an image return you can utilize these leachers by advertising your site, and showing that the site that they were leached to is desreputable and the browser (as I do) won't return. This won't stop the user from downloading your images/files, but it will help prevent bandwidth theft.
=)
Jade
Posts: 332
Just another note. If you want to share your images with multiple domains then you can set the permissions to just those domains.
Say you want a folder with full permission granted. Usefull when posting images to forums. Then place a new .htacess file in that specific folder with this code.
RewriteEngine Off
If you want to disable the browsing of files in the directorys on your site then include this line of code as the last line of your .htaccess file.
Options -indexes
=)
Jade
Posts: 13451
JadeDragon, great stuff! How about those who blatanly steal your whole layout? I had one today. :/ Not much to to about those, i know.
Posts: 332
You can contact their hosting company and/or IP to have the copywrited material removed. Unfortunately this is all to common and some hosting companies do not care what their clients are doing. At that point if thier theft is sever enough for you, then you will have to pursue them yourself.
You can find out who their host is and their contact information by going Here.
Posts: 13451
JadeDragon, i know. I am just venting a bit.
Posts: 1301
Hey H0bbel...
Joined my *Venting* Club did you? I've run out of things to say about the unoriginal copycats of the world.
Ironically, if anyone asks me how I did something directly related to Gallery, I tell them. Gallery is opensource code and I don't mind sharing how I accomplished whatever small changes I made, but when they just copy the entire thing lock stock 'n barrel. Well... :evil:
ANYWAY...JadeDragon, my .htaccess is actually pretty close to what you have, however here's where we differ:
RewriteRule .*\.(jpg|jpeg|gif|bmp|png)$ - [F,NC]
Notice the bit after Rewrite Rule is different. So what does your code do that the one I'm using doesn't do?
As well, I found I couldn't add css, html or php extensions to this - or nobody could see my site unless the end bit was changed from F, NC to R,NC -- but had several people tell me when I changed it to R (on the suggestion of my host), that they could now link to my images.
In all honesty - it just gets too freakin' tiring keeping the idiots out!
So for now I've got images protected. CSS and the rest I've decided not to worry about for the time being. I have other things to do.
I thought this thread was dead - was SO surprised to see comments here.
Something that should be mentioned is to be VERY careful messing around with .htaccess if you are flying blind because you can mess things up quite badly. There are several good tutorials online (yours among them now, Jade) that address the basics and beyond. Just takes a quick *google* to find them!
Right now I'm in the midst of attempting to make my (still unveiled) gallery layout html compliant. I figure I'll start with 4.01 transitional and work my way UP....
Gaile
Posts: 332
This is the full listing of Apache directives.
This is the information for ReWrite Rule.
This will explain the quantifiers for ? * + used infront of the ReWrite Rule.
I have not seen your setup before. But it basically says that the rewrite must match "any single character except newline" "matched 0 or more times" "quote next meta-character"
Mine says "match any character class""matched 1 or more times""match any character except newline"
Although I have done some research on different methods of .htaccess I am still a novice. How each setting truely effects the way each Apache setup parses the .htacess is still beyond me. Due to the varience of each hosts set up some things may need to be adjusted.
I've changed a bit of the previous post due to my typos.
EDIT: additional info.
At the end of these codes.
You will see the different functions or CondPattern These tell Apache what to return.
[R] = Redirect the request to a new file. In this case it is going to return the hotlink.jpg
[L] = Stops the ReWrite process
[F] = Returns a Forbidden code 403, thus the little "x" from anyone trying to leach.
[NC] = no case
[OR] = switches to the next ReWrite Condition
=)
Jade
Posts: 332
On another note, which was brought to mind by PixelPoets post.
IF you have a problem with this code
Then use this code
Changing [NC] every ending line to [NC,OR] except the last one.
You will probably get a 500 error or no images while testing which works for your server. If you have a nice host then they will answer your questions as to which one is best suited for their setup.
=)
Jade
Posts: 332
Now to wrap this up here is an example of an .htacess page with an image return that will encompase all subdomain characters.
You will want to create your .htacess page in notepade with word wrap OFF. Be careful not to have any extra spaces at the end of a line or within the code itself. You will want to put this in the first public folder of your site. Some hosts (like mine) offer a folder above root. Standard Chmod is 644.
Well I hope this gets everyone going. Any questions I'll do my best to answer.
=)
Jade
Posts: 332
OK I lied. Here's a tutorial for the Bad Referrer that Bharat posted about.
Quoted directly from my host tutorials. I haven't used it yet.
Remember you only need one "RewriteEngine On" in your .htacess file.
=)
Jade
Posts: 1301
Thanks for all the info, Jade.
Gaile
Posts: 8194
Yes, I'm bookmarking this thread. Maybe when I'm in a good mood, I'll add all this juicy info to the docs ;)
Posts: 332
Here's another question brought up to me today.
How to ban specific user IPs or a block of IPs
=)
Jade
Posts: 332
Since this is all about images not being stolen a good thing to have is a robots.txt. The robots.txt file acts simular to an .htacess file, but specifically for search engines like Google's Image archiver.
This prevents all the images on your site from being listed in the Google image directory but still allows google to index the site itself.
To make this work you need to load the robots.txt into /htdocs/robots.txt
If you wish for only a specific directory then it would be.
again placed in the /htdocs/robots.txt
Here is a listing of search engine bots.
=)
Jade
Posts: 1301
Hello again!
I wonder if we should have started a new thread for all this helpful stuff!
Just a couple of things to note. Not everyone has an htdocs directory. For some people it's called public_html or even just www or html.
And here's my robots.txt file, in case anyone isn't sure where to start or HOW LARGE they can be (yeah, this one is kind long). Anyway. Feel free to use it if it is of use to you.
I use a robots validator to make sure things are in good working order. The url is at the top of the robots.tx file. In fact, I validated this file before posting it here.
Probably taking this thread WAY off topic, but the site that this validator resides on, Search Engine World, there are a few interesting tools, like Sim Spider that shows you what a spider will see when it visits your site, and a webpage size checker.
... just thought I'd toss those things into the mix and see if it helps anyone.
Gaile
Posts: 3473
Guys,
This is great stuff. Can you get together with Andrew and make it into a chapter of the manual? It's too deep to be a FAQ, and as forum postings it's going to get pretty hard to wade through.
Just a humble suggestion.
Posts: 8194
See my post above ;)
Posts: 332
Yes, I'm bumping this. Can we move this somewhere and make it a sticky?
:P
Jade
Posts: 8194
Heh, I have totally forgotten about this. Oops
Posts: 1
i'm using currently mod_rewrite, but now friends are having trouble accessing wmv and zip files. how can i allow linking to these?
Posts: 8
This is my .htaccess file, stored in the root www directory, but users are still able to hotlink my images. Did I do something wrong? There is no additional .htaccess file in my albums directory that would be overriding this.
Months ago I remember reading something about having to make a change to the .htconfig file if the .htaccess file doesn't work, but of course now that I need that information I can't find it, lol. I don't have access to any .htconfig file and the guy hosting my site said I need to tell him exactly what needs to be done to make it work because he doesn't know, but I don't know either so I hope somebody here does.
UPDATE:
I found this in the documentation:
... but I don't remember getting any such message asking me to make those changes.
Maybe this is what I was thinking was the ".htconfig file" that I may have to make changes to? I don't know.
Posts: 8
I found this in another thread, and it said to place this in my albums directory (which on my server is /www/albums/ whereas gallery is /www/modules/gallery/) but this didn't work either.
I also tried using the following, which I found in the official documentation on this site, but it didn't work either.
I changed "http://www.example.com/gallery" to "http://www.example.com/modules/gallery" since that is where my Gallery is (I'm using PostNuke).
I guess I should point out that I'm using G1, if that makes a difference. The mod_rewrite module is installed on my server.
Posts: 1
Hi There ,
Well the above makes sense / no sense ;) .
to start with , on the robots.txt , dont use them ! , bad bots look for exclusions in the robots.txt , and think ,, "oh well not meant to go there ..... so lets have a look" . Also , i know that robots.txt files are a first place any haxor looks to see whats occouring ..
Mod_rewrite , and all of ts voodoo .. woooooo , anti hotlinking is good , but the implamentation above is not the best .
Hows about , if rather than
you had
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$|.*avi$|.*mpg$|.*mpv$|.*mp3$|.*swf$|.*zip$|.*rar$|.*gz$|.*bz2$|.*ace$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^.*yourdomain.*\.com [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteRule (.*) http://www.yourdomain.com/showcontent.php
A direct hotlink will not work , however , what about people who just *link* to an image (genuine linking to files is not a bad thing !) . then you get the showcontent.php file to show the image /download in a frame of your site (giving you some backward links , etc )
Just my 1 cents worth .
Posts: 14
This is an extremely helpful thread. However, I do - in common with one previous post -- have a question about .htaccess and file types. I have tried to protect my Gallery from hot-linking in 2 different ways using htaccess. Each worked for images files [jpeg, gif]; neither worked for video files [wmv, mpeg, avi]. First I tried using allow,deny as follows:
This blocked direct requests and hot links fine and allowed gallery to operate normally for images, but video files would not play [player would not connect].
Next I tried the alternate method using mod_rewrite [as stated in JadeDragon's posts above]:
Again, Gallery worked fine and hot-linking and direct requests were blocked - that is, they were properly redirected to hotlink.jpg -- but video files were also redirected. Removing the video files extensions from the RewriteRule allwoed them to be played -- and hotlinked.
I'm guessing that in the first case, there must be a configuration issue with the way htaccess interacts with video files that is allowing html and images files to be passed, but not video. I know that htaccess authentication treats html pages and images differently than video, in that you have to enter your username/password once for each, at least if you are using an external player.
The problem in the second case I imagine could be the same issue, or perhaps Gallery passes requests for video files in such a way that extension is not recognised. Since Gallery uses mod_rewrite to pass image and video requests to view_photo.php, I suspect the potential for a conflict.
Can anyone here shed some light on these issues? I'm using Gallery 1.5.1 but the same behavior occurs on each of the 3 versions of Gallery 1.4 I use.
Many thanks for any insight, pointers to helpful refs, or even a good guess.
Posts: 14
Follow up: I think the problem is that media players and/or browsers don't send the referrer data correctly or maybe not at all for video files. If so, it looks like there is no solution using .htaccess in this manner. If anyone knows differently, I love to hear it.
Posts: 64
You guys seem to be dealing with some of the same type of issues that I have encountered.
I would like to be able to link pictures from my "folderxyc" (in my wesbite's gallery) on forums and others, but would like to make it so that people CANT just right click on the photo that was posted and just copy and paste "www.mywebsite.com/albums/folderxyc" and just look at everything that is stored in that folder, including those .DAT files which probably contain sensitive info...
I know that I have seen people that are able to do this. Any help would be greatly appreciated!
Posts: 7
Okay, I really don't get it, lol. This is what I have:
And yet sites like this (http://www.fanforum.com/showpost.php?p=8200659&postcount=118) and this (http://www.deadjournal.com/users/cap_it/?skip=40) can still pull my images. Help?
I can get it to work if I do not specify image extensions like so:
RewriteRule .*$ images/nohotlinking.gif [L]
But then that means direct links to the .html files within my site also do not work.
Posts: 36
I would like to know following.
I want my other domain to hotlink images,not the gallery domain.
For other domains they must get the pic tht shows u dont hav permission to view it
I want to know where to place the code for the following details in htaccess file & where should I upload it.
advance thanks for the help
Posts: 2
I am trying to setup an .htacess file to prevent hotlinking images on my site.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com [NC]
RewriteRule [^/]+.(gif|jpg)$ - [F]
If I put this file in my root folder, I get a 500 Internal Server Error.
If I put it in my image folder my images do not load I get the x.
I use Earthlink hosting, they say they run on Apache server and .htaccess files are permitted.
Any help would be great thanks.
Kevin
Posts: 2
this was in the logs folder:
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /www/htdocs/domains/s3/00542/www.jarabina.com/etc/.htpasswd
<Limit GET POST>
require valid-user
Options ExecCGI FollowSymLinks
</Limit>
Thanks again
Posts: 64
I know it will help to a lesser degree, but maybe having a "no right-click" script setup to prevent the less knowledgeable people from quickly snatching a photo from your gallery would be a first step until we can figure something else out?
If anybody has done this I would welcome any advice. I would like to implement something like this on my gallery.
Posts: 64
thanks for the code, Bigal.
If nothing else is available I am sure this could be helpful.
Posts: 11
In case this helps, here's my .htaccess for disallowing hotlinking to anything other than thumbnails and highlights (except from shutterfly). Hotlinking returns an error image (http://www.seren.net/hotlink.gif):
Posts: 11
If your .htaccess file is that large, you probably need to make better use of wildcards. Why is it so large?
Posts: 11
If you have mod_rewrite installed, this should work:
RewriteEngine on
RewriteRule ^(.*)_(.*)$ $1-$2 [R=301]
Intuitively this should replace only a single instance of "_", but testing shows it replaces all "_"s in the URL.
Posts: 17
thank you friend
------------------------------------
Posts: 2
Seren wrote:
Hi,
Any idea on how to place a clickable thumbnail of the hotlinked photo instead of a banner ?
I do not want to avoid hotlinking but work around it.
Thanxs,
Posts: 2
Hello guys,
Already found what i was looking for here. The only problem is that it links the hotlinked thumbnail, sized photo and full photo back to the album instead of the photo (thumbnail, sized photo or full photo respectively) itself, but i can definitely live with that.
Cheers,
Posts: 9
I read through most of this and I really need help please.
ver. 1.4.4 pl6
I hot link my pictures to other forums by direct url to image, not so much interested in stopping hotlinkin to the pictures because I have plenty of bandwidth. My album dir when someone is trying to access through the web do not show.
Here is my problem. Every now and then hackers are uploading spam and take over scripts to the /albums directory.
I was thinking of placing an htaccess to the /albums directory:
For example:
Order deny,allow
Deny from all
Will this interfere with anything?
I have a skin that Jade did for me that I would need upgraded to 1.57 but can not get a hold of her. They tell me that this version might me more protected, not sure. If anyone know someone that can update the skin to the1.5.7 version please let me know.
Thank you for your help.
Jim B.
Posts: 28
Hello all is my site http://carvehicle.net
and .htaccess
i submit my sitemap google http://www.carvehicle.net/?g2_view=sitemap.Sitemap But erro " Network unreachable: DNS issue
We encountered an error while trying to access your Sitemap. Please ensure your Sitemap follows our guidelines and can be accessed at the location you provided and then resubmit. "
Help Me (