The MU forums have moved to WordPress.org

how to prevent hotlinking (10 posts)

  1. Ovidiu
    Member
    Posted 16 years ago #

    I just found a link back to one of my blogs from a site that is hotlinking to my files... so I searched the net for how to stop this and found this:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www.)?yourdomain.com(/)?.*$ [NC]
    RewriteRule .*.(gif|jpe?g|png|bmp)$ [F,NC]

    this would only allow http://www.yourdomain.com to link to my files, but how would I change this to allow yourdomain.com and *.yourdomain.com to hotlink to files?

    could I then just insert this code into a .htaccess file and put it into: /wp-content/blogs.dir/files/.htaccess ?

  2. ceejayoz
    Member
    Posted 16 years ago #

    Easier than that:

    
    RewriteCond %{HTTP_REFERER} !^http://(www.)?yourdomain.com(/)?.*$ [NC]
    

    becomes:

    RewriteCond %{HTTP_REFERER} !^http://(.*)?yourdomain.com(/)?.*$ [NC]
    

    That should work, barring typos on my end. It may need to be made non-greedy, though, if you have problems.

  3. Ovidiu
    Member
    Posted 16 years ago #

    are you sure about this line

    http://(.*)?yourdomain

    if I exchange the www for * it should look like:

    http://(*.)?yourdomain

    just guessing trying to make sure its ok, I don't know much about the syntax used in .htaccess files...

  4. Ovidiu
    Member
    Posted 16 years ago #

    can anyone clarify this please?

  5. Ovidiu
    Member
    Posted 16 years ago #

    still working on this. I tried this:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(*.)?zice.ro(/)?.*$ [NC]
    RewriteRule .*.(gif|jpe?g|png|bmp)$ [F,NC]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    

    and this

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(.*)?zice.ro(/)?.*$ [NC]
    RewriteRule .*.(gif|jpe?g|png|bmp)$ [F,NC]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    

    but one site stealing my bandwidth is still displaying an image from my server... I emptied the cache too :-(

    and this command:

    tail -f /var/www/web5/log/web.log | grep exposed_audio.jpg

    does not show any access to this particular image file!? Am I doing somethign wrong? maybe that guy cahes my image on his server, wouldn't be that bad....
    but still wanna be sure which hotlinking .htaccess lines do prevent it usually.

    ###edit###
    I am an idiot. I had edited the wrong .htaccess and was just wondering why another site was giving me an 500 serevr error :-)

  6. Ovidiu
    Member
    Posted 16 years ago #

    p.s. the first example was the right one, hotlinking prevention works now.

  7. Lucifix
    Member
    Posted 16 years ago #

    I have tried to use this plugin but it didn't work.

    Did anyone else tried it?
    http://www.bahn-spass.de/2007/05/05/hotlink-protection

  8. Nackereia
    Member
    Posted 16 years ago #

    Will hotlink protection still allow my users (that don't exist yet :X) to use images in their themes/layouts?

    I tried disabling hotlinking from cpanel, and all it did was make the images I was using on my site not show up for my site :/

  9. 44r0ng
    Member
    Posted 16 years ago #

    Lucifix,

    That plugin does work-- but it protects specific file directories. By default it stops hotlinking for wp-content/uploads. If you want to change the directory to protect, edit the code on the plugin editor page. There are instructions here:

    http://www.bahn-spass.de/2007/05/05/hotlink-protection

  10. MoonbatWingnut
    Member
    Posted 16 years ago #

    I tried the bahn-spass plugin and these guys blew right past it with their checking tool:

    http://coldlink.com/htm/tool.htm

About this Topic

  • Started 16 years ago by Ovidiu
  • Latest reply from MoonbatWingnut