Title : Complete Hotlink Protection

Version : 1.1

Coder : naveeid
Purpose : Prevent your forum attachments from being directly linked to - prevent bandwidth abuse.

Why : My dedicated server was down due to too many hotlinked image connections. i was feeling helpless. even after protecting images through .htaccess, images were still hot linked through attachment.php



How : just edit your server .htaccess and modify the code with your domain names



Installation :
edit your .htaccess file.


RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yourfirstwebsite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursecondwebsite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://www.yourfirstwebsite/anypic.jpg [L]


RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yourfirstwebsite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*attachment\.php*$ http://www.yourfirstwebsite/anypic.jpg [L,R,NC]


1) please change yourfirstwebsite.com and yoursecondwebsite.com to your websites on that cpanel account. if you dont have a second website then you can remove that line

2) i am allowing google to fetch images or attachments for their server. if you dont want to allow google then just remove that line.

3) replace anypic.jpg with your website banner or hotlink warning banner.

it works very fine. its the simplest and easiest available soloution.

Demo:-
i have installed it on my website , you can check my website for hotlink protection.
http://www.nidokidos.org/attachment.php?attachmentid=40703&d=1302073196
now this image will show in my website , this image will be displayed if opened it in a browser. but if it will be opened in any other website , it will be replaced by my website banner.

Code removed

well if a server is already overloaded , then it should not allow any directory to be hotlinked.

You don't have to put anything in to that directory if you don't want to. It just allows you to if ever needed.

And your Google code is redundant as this takes care of it already:

RewriteCond %{HTTP_REFERER} !^$

There is an easier and better way to do this and allow images to be hot-linked from one directory only (for posting error pics and avatars on other sites if they don't allow them locally).

# allow hotlinking from hotlinking-allowed directory only
RewriteCond %{REQUEST_URI} ^/hotlinking-allowed-directory
RewriteRule ^.*$ - [L]

# Hotlink Protection
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png|mp3|pdf|psd)$ http://imgxxx.imageshack.us/imgxxx/xxxx/your_hotlink_image_name.jpg [L]
# RewriteRule .*\.(jpe?g|gif|bmp|png|mp3|pdf|psd)$ - [F]


Use either of the last 2 lines depending on what you want.

Boofo is there any solution for hotlinking through attachment.php in these lines?

Do you allow guests to download attachments?

well in my forum guests are allowed to download attachments and view attached images.

through this mod , if any picture will be embedded/hotlinked through attachment.php on any OTHER website , it will display website banner or warning picture instead. similarly any other mp3 or download links of your forum files will be placed on any OTHER website , they will show your website banner or bandwidth theft warning when clicked.

No problem. I have removed my code.

Where should this go? in forum? or root?

Root.

and if the image isn't available....

What will it show?

the standard vb error message?

what if my attachement.php

is under a different folder?

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?thewindowscenter\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?thewindowscenter\.com/wordpress/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?bing\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://www.thewindowscenter.com/anypic.jpg [L]


RewriteCond %{HTTP_REFERER} !^http://(.+\.)?thewindowscenter\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?bing\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*attachment\.php*$ http://www.thewindowscenter.com/anypic.jpg [L,R,NC]

is that correct?

opps put the wordpress in the wrong spot.. fixed
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?thewindowscenter.wordpress\.com/ [NC]

naveeid, your attachment.php line does not work. I set guests to be able to download/view attachments, and this did not stop anyone from another site being able to hotlink it. When I set guests back to not be able to view or download attachments, then they got the login screen on a hotlink. But they got that anyway before the attachment.php line was added to the htaccess. So that code is redundant.

@boofo
first of all this code is nothing to do with guests. this code is only to stop other sites from hotlinking images from vbulletin forum. as all the images are served through attachment.php in vbulletin , so we need to protect our attachment.php abuse.

if any other website or forum will place any images from my website , for example this image url
http://www.nidokidos.org/attachment.php?attachmentid=46163&d=1304560281

which is serving image through attachment.php , using this code in htaccess will not let the images of your site being displayed on the other website , but it will replace your website banner.

so in a result they will remove your images from their website. the code is working perfectly fine with me.

what if my attachement.php

is under a different folder?



it does not matter if the attachment.php is under any other folder.. it will work fine.

and if the image isn't available....

What will it show?

the standard vb error message?


which image you are talking about , please explain your question so that i can give you the right answer.

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?thewindowscenter\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?thewindowscenter\.com/wordpress/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?bing\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://www.thewindowscenter.com/anypic.jpg [L]


RewriteCond %{HTTP_REFERER} !^http://(.+\.)?thewindowscenter\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?bing\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*attachment\.php*$ http://www.thewindowscenter.com/anypic.jpg [L,R,NC]

is that correct?

opps put the wordpress in the wrong spot.. fixed
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?thewindowscenter.wordpress\.com/ [NC]



you have not placed any image at anypic.jpg????? please check that.

@boofo
first of all this code is nothing to do with guests. this code is only to stop other sites from hotlinking images from vbulletin forum. as all the images are served through attachment.php in vbulletin , so we need to protect our attachment.php abuse.

if any other website or forum will place any images from my website , for example this image url
http://www.nidokidos.org/attachment.php?attachmentid=46163&d=1304560281

which is serving image through attachment.php , using this code in htaccess will not let the images of your site being displayed on the other website , but it will replace your website banner.

so in a result they will remove your images from their website. the code is working perfectly fine with me.

What do you think vb considers someone who isn't logged in, no matter where they are? I'm saying they attachment.php code doesn't need to be there as you have to be logged in to be able to download and see attachments, anyway. Thus, redundant code.

you have not placed any image at anypic.jpg????? please check that.

yea i did.. i just named the pic that.. :)

What do you think vb considers someone who isn't logged in, no matter where they are? I'm saying they attachment.php code doesn't need to be there as you have to be logged in to be able to download and see attachments, anyway. Thus, redundant code.


if some one is not logging in but visits our website , he is a guest member. you can control guest permissions from the admin panel.

but if some one uses my website resources , hotlink my images in emails , sent it to large yahoo groups , place my website hotlinked images in forums , there is no option in VB4 to control that kind of hotlinking. and there was no modification available to stop the abuse of attachment.php. in this mod you can stop this kind of hotlinking. and save your server resources.

yea i did.. i just named the pic that.. :)

so i hope its working fine ?

if some one is not logging in but visits our website , he is a guest member. you can control guest permissions from the admin panel.

but if some one uses my website resources , hotlink my images in emails , sent it to large yahoo groups , place my website hotlinked images in forums , there is no option in VB4 to control that kind of hotlinking. and there was no modification available to stop the abuse of attachment.php. in this mod you can stop this kind of hotlinking. and save your server resources.

Well, you are wrong. I just tested in on the com with an attachment.php link from my site. If I was logged into my site at the same time, then, yes, the link would show the actual attachment. But if I was logged out of my site and clicked on the link that I posted on the com, it showed the registration error page from my site when I clicked on that link. So, your attachment.php code is ONLY good if the person is also logged into the site they are using it from, or if you allow guests to view and download attachments.

If you have the replacement image for the hotlinking on your site, the resources should be the same on your server as it still has to retrieve the image from your server. ;)

boofo may be i am unable to explain my point of view correctly to you..

let me explain it again.

1) first of all this mods stops simple hotlinking. and if some one hotlinks your images , it replaces it with your website banner or warning message.

2) secondly if my website images are placed and hotlinked using attachment.php then if will not show the original image but it will show website banner or warning message.

for example this is an image hosted on my website.
http://www.nidokidos.org/attachment.php?attachmentid=33211&d=1298731742

a- if you will try to open it as its , it will be replaced by nidokidos banner.
a- if you will see it in google images , it will work fine.
b- if anyone , guest or member will see this image on nidokidos website pages , it will work fine.
for example see this image posted on this page. (http://www.nidokidos.org/threads/34781-obama-after-using-fair-and-lovely/page5)
but

if it is hotlinked in "any other" website , it will show a banner or warning message.

now see a website has placed it on it page , (may be using bing) , and as i have not allowed that website or bing to show my image on their web pages , they are getting a banner from my webserver.

please see this link
http://connect.in.com/nidokidos-org/images-picture-10-of-53-from-un-beau-voyage-2-980527553176.html


this is for what i made this mod. i hope you understand it now.
it has nothing to do with registrations , / members / guest.

Where this file should actually be placed. Suppose I have www.mysite.com as domain and www.mysite/forum as forum root.

Should I place it in domain or in forum root directory?

you have to add it in your /forum directory.

I added it to the root and it works fine from there for me.

ok good.

Does this work in vb3? I've put this at the bottom of my htaccess file but it doesn't seem to work, can someone check it for me please? My website is in my signature. Thanks.
RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?marineaquariumsa\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?bing\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://www.marineaquariumsa.com/hotpic.jpg [L]


RewriteCond %{HTTP_REFERER} !^http://(.+\.)?marineaquariumsa\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?bing\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*attachment\.php*$ http://www.marineaquariumsa.com/hotpic.jpg [L,R,NC]

It's blocking images on tapatalk, any idea how we can allow tapatalk?

naveeid and Boofo. I'm from Brazil

My .HTACESS stayed that way

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?MYDOMAIN\.com\.br/.*$ [NC]
RewriteRule \.(mid|wav|mp3|zip|avi|rm|ram|swf|mpg|wmv|pdf|jpeg |jpg|gif|bmp|png|psd|ipa|deb)$ http://www.MYDOMAIN.com.br/images/Xto4B.jpg [NC,R,L]

Until herein perfect.

I have a doubt.

The image that will be replaced in the hotlink, should be the same as the image copies from within my domain ?

The image that will be replaced in the hotlink is warped.

Eg: The original image is 200px x 400px.

My hotlink picture. Should measure 200 x 400 too?
Or should lower?

The problem that my images vary in height and width.

Is there any way to set it somewhere or file?

The hotlink img is here: (http://www.clanload.com.br/?v=BNciR.jpg)

The test only is here (http://arkanoidblue.blogspot.com.br/2012/12/hotlink-test.html)

naveeid and Boofo. I'm from Brazil

My .HTACESS stayed that way

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?MYDOMAIN\.com\.br/.*$ [NC]
RewriteRule \.(mid|wav|mp3|zip|avi|rm|ram|swf|mpg|wmv|pdf|jpeg |jpg|gif|bmp|png|psd|ipa|deb)$ http://www.MYDOMAIN.com.br/images/Xto4B.jpg [NC,R,L]

Until herein perfect.

I have a doubt.

The image that will be replaced in the hotlink, should be the same as the image copies from within my domain ?

The image that will be replaced in the hotlink is warped.

Eg: The original image is 200px x 400px.

My hotlink picture. Should measure 200 x 400 too?
Or should lower?

The problem that my images vary in height and width.

Is there any way to set it somewhere or file?

The hotlink img is here: (http://www.clanload.com.br/?v=BNciR.jpg)

The test only is here (http://arkanoidblue.blogspot.com.br/2012/12/hotlink-test.html)


brother you can not control this. because the image we replace with hotlinked image is different sizes. i think its not important , we can ignore this.

Does this work in vb3? I've put this at the bottom of my htaccess file but it doesn't seem to work, can someone check it for me please? My website is in my signature. Thanks.
RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?marineaquariumsa\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?bing\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://www.marineaquariumsa.com/hotpic.jpg [L]


RewriteCond %{HTTP_REFERER} !^http://(.+\.)?marineaquariumsa\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?bing\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*attachment\.php*$ http://www.marineaquariumsa.com/hotpic.jpg [L,R,NC]




i cant say anything about vb3 , if the same attachment.php type of thing is there in vb3 , then i think it will work out.

It's blocking images on tapatalk, any idea how we can allow tapatalk?



to allow any webiste , just add this code below the google line


RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YESTOTHISWEBSITE\.com/ [NC]

replace YESTOTHISWEBSITE with the name of the website which you want to allow for hotlink.

What if i have vBSEO installed? Seems like it's not working for me (as it's rewriting the url to make it friendly - therefore it doesn't have the attachment.php inside). Let's do a test:

I will use an IMG for this:
http://www.consolegames.ro/forum/attachments/f7-console-news/198081d1371497600-cum-se-descurca-last-us-la-capitolul-vanzari-the_last_of_us.jpg?cmps=1

https://vborg.vbsupport.ru/external/2013/06/1.jpg?cmps=1

See? It's still showing... although i've added the .htaccess lines...

Does anyone have the web.config version of this? I am using iis 7 (windows server 2008R2), and as you know, windows uses web.config, not htaccess.

I have seen you ask numerous times about the windows server, is there a particular reason you don't switch to a Linux server?

works great thank you

Thanks so much for this, just what I needed. I uploaded it to my forum directory as it wouldn't work in the root.

welcome madness85

welcome angeljs

i have no idea about VBSEO MonkYZ

I was looking for something fairly targeted for hotlink redirection and didn't find anything posted here suitable, so I'm sharing my solution - it's not ideal - if there is an update to vbulletin I'll need to re-apply my changes, but for my purposes it worked.

I found an image hotlinked to my site from a cricket enthusiast site - the image was this:

https://vborg.vbsupport.ru/external/2016/01/6.jpg

It was some Indian cricket nut trying to diss the Aussies in a post about cricket after a win by India over Australia, so I specifically targeted referrers from that site to display this image instead:

https://vborg.vbsupport.ru/external/2016/01/7.jpg

How I ended up doing it was hacky, but it works... in attachment.php, I just added these lines of code:


if( stripos($_SERVER['HTTP_REFERER'], 'cricketweb.net') !== FALSE ) {
header('Content-Type: image/jpeg');
readfile('images/numberone.jpg');
exit;
}


Simple, silly and pointless, but I had fun :)

URL of the post hotlinking is here (http://www.cricketweb.net/forum/cricket-chat/69472-your-best-current-test-team-3.html#post3609542) - but no doubt the poster will edit their post when they learn of my tricksies, so it may not last long.