Another forum has hotlinked an attachment image of my forum.
Here are my htaccess rules. They don't work.
#hotlinking rules
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?subdomain\.mydomain\.com [NC]
RewriteRule \.([Gg][Ii][Ff]|[Jj][Pp][Gg]|flv|swf)$ http://mydomain.com/nohotlinking.jpeg [NC,R,L]

#attachments
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule attachment\.php\?attachmentid=\d+(\&d\=\d+)?$ http://mydomain.com/nohotlinking.jpeg [NC,R,L]

The attachment image is still loading on the other site.

Could it be that no referer is sent if an attachment image is embedded on a site as an image?
But the second check does not allow an empty referer. So either way, the hotlinking image should be shown instead of the attachment...

I'm not much of a mod_rewrite person, but could it be that they're not using www?

I'm looking for a solution as well. Tried .htaccess myself, and tried a plugin and hacked attachment.php file from vB.org - none worked. I host video files, so it would suck if someone starts hotlinking them, lol.

You need to add *


RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/.*$ [NC]

Thanks for trying to help, but no change. I can still hotlink my attachments...

Here is what I use and it works fine for me.

# Hotlink Protection - images
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png|mp3|pdf|psd)$ /forums/images/nohotlinking.jpg [L]

# Hotlink Protection - attachments
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteRule .*attachment\.php*$ http://www.yoursite.com/forums/images/nohotlinking.jpg [L,R,NC]

Doesn't work either... It maybe works for you because you use some sort of a SEO mod or vB4, where attachments end with their own extension, and not with php extension, or you don't allow viewing of attachments to guests. Anyhow, I've pretty much checked every thread on vB.com/vB.org related to attachment hotlinking, and none of the .htaccess snippets, plugins and file hacks aren't working.

No SEO stuff. But I don't allow guests to view attachments. never saw any reason to. I even have it set up where I allow hot-linking from one specific directory and no others.

Well yeah, I do want my guests to be able to view attachments as I host pictures and videos - so having them enabled for guests on my site isn't a problem - as I don't want anyone to sign up because of few pictures, or one video. But I don't want anyone eating up my bandwidth by linking longer videos to their sites either.

Here is what I use and it works fine for me.

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteRule .*attachment\.php*$ http://www.yoursite.com/forums/images/nohotlinking.jpg [L,R,NC]

Cool. That worked for me! Thank you very much, Boofo!

Some questions/comments about your solution:
You match "(.+\.)?". Any referer that will end with ".yoursite.com/" can still hotlink your images. So it's probably better to use "(www\.)?", unless you also want to allow subdomains.

Just a theoretical question: Is the dollar sign in the match pattern really needed? Because once the "*" is reached, it will match all the following characters. But I guess you need to tell the pattern where to start the search...

I don't know why my solution did not work. Maybe it was the pattern, maybe it was the NC,R,L... :rolleyes:

Cool. That worked for me! Thank you very much, Boofo!

Some questions/comments about your solution:
You match "(.+\.)?". Any referer that will end with ".yoursite.com/" can still hotlink your images. So it's probably better to use "(www\.)?", unless you also want to allow subdomains.

Just a theoretical question: Is the dollar sign in the match pattern really needed? Because once the "*" is reached, it will match all the following characters. But I guess you need to tell the pattern where to start the search...

I don't know why my solution did not work. Maybe it was the pattern, maybe it was the NC,R,L... :rolleyes:

Yes, that will match your site link with the www or without. As far as the pattern goes, my idea on that is, if it works, does it really matter? ;) To be honest, I don't understand all the regex stuff yet. I am still learning.