Select Page

Avoid Hotlinking or so called bandwidth stealing

From WikiPedia

Inline linking (also known as hotlinking, leeching, piggy-backing, direct linking, offsite image grabs and bandwidth theft) is the use of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located.

This is not just Bandwidth Stealing, as

  • It cost CPU and bandwidth which means less performance for your visitors,
  • It cost a lot of money as you still pay the server cost, and loose ad revenues,
  • It drive people away from your reputable homepage since they will find your picture or files on any mirrors,
  • It may be a security threat at least for distributable software, anybody may alter (backdoor,ads, privacy information stealing) any of my open source component without my consent.

The mod_rewrite module is able to intercept incoming URLs and modify them according to a set of rules that you specify. The basic idea is use the mod_rewrite module to inspect the incoming HTTP header. The field we’re looking for is the Referer field – or basically the URL that the current request originated from.

Referer

This optional header field allows the client to specify, for the server’s benefit, the address ( URI ) of the document (or element within the document) from which the URI in the request was obtained.
This allows a server to generate lists of back-links to documents, for interest, logging, etc. It allows bad links to be traced for maintenance.

So create a file .htaccess at the root of your site with the following content:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?wiki.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?forums.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?bugs.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?demo.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?demo2.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mirror.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?images.google.com(/)?.*$     [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|zip|css)$ http://www.waltercedric.com/bandwidthStealing.html [R,NC]

Notes:

  • I want to allow cross linking between all my Subdomains wiki,demo, bugs, forums … so I have a bigger list of allowed Referer than usual to enter…
  • I do not allow hotlinking of the following resources for obvious reasons: jpg|jpeg|gif|png|bmp|zip|css
  • I redirect any bad people to a fix files on disk http://www.waltercedric.com/bandwidthStealing.html
  • You are allowed to copy the templates http://www.waltercedric.com/bandwidthStealing.html as long as you keep the bottom link.
  • Note the latest RewriteCond: I always allow Google to references my images

There is a useful online generator with a lot more explanation online at the bottom of this page http://www.htmlbasix.com/disablehotlinking.shtml . This is active on my server since 2 weeks, and I’ve see a performance in response time.

More tips 

  • To have an insight on resources stealing in nearly real time, simply put a statistics marker with for example Google Analytics to see how many people are landing on that page per week or months!
  • To generate money (better than nothing), dot forget also to put advertisements publicity on your redirect hot linking page

About The Author

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.

Categories