Bandwidth Theft

Fix it!!

Postby Ozone » Fri Aug 02, 2002 5:29 pm

We have a number of sites linking directly to graphics on some of our specialty pages. The normal URL forbidden by referer works well, though they have begun to snatch graphics from another sub-site on another server. It just so happens that the server they are snatching graphics from also serves banners and graphics to other sites.

Since they've been such a pain to us I'd like to be more of a pain back to the services thieves, is there a way using the normal script:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.info-galaxy.com/.*$ [NC]
RewriteRule .*.gif$ - [F]

to redirect these requests to another file (e.g. imathief.gif or imathief.wav) ?

My understanding of the text was to use a RewriteMap, though this didn't work then I tried :
RewriteRule ^*.gif$ /home/www/imathief.gif [R]
which didn't work either.

Now-a-days I'm more into poetic justice than chasing twits. Any help would be appreciated.
Ozone
 
Posts: 1
Joined: Thu Aug 01, 2002 4:00 pm

Postby Brett » Mon Aug 05, 2002 12:47 pm

Something like that should work, but you probably want to rewrite to /imathief.gif instead of /home/www/imathief.gif.
Brett
 
Posts: 82
Joined: Tue Jul 10, 2001 4:00 pm
Location: yohost.com

How I do it

Postby Dave Koch » Wed Aug 14, 2002 7:46 pm

Ozone:

I THINK (correct me if I am wrong :biggrin: ) but I tHINK the second part of the rewrite needs to be a URL and NOT a URI...

Why waste your bandwidth sending them an image? Here is what I do...

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|GIF|jpg|JPG)$ - [L]

That should wrap it all up.

dave
Dave Koch
 

Postby john_sepu » Thu Aug 29, 2002 6:14 pm

Hi,

I totally new to this modrewrite stuff and am only doing it cuz one of my clients (sharpshooterstudios.com) is having his images linked to from another site. I tried putting what was shown in the previous example (see below) into my .htaccess file but it had no effect. The linked images still show up on the other site.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?sharpshooterstudios.com/.*$ [NC]
RewriteRule \.(gif|GIF|jpg|JPG)$ - [L]


I have also tried:

SetEnvIfNoCase Referer "^http://www\.sharpshooterstudios\.com/" local_ref=1
#<FilesMatch "\.(gif|jpg)">
#Order Allow,Deny
#Allow from env=local_ref
#</FilesMatch>

but all that does is shut down access to the entire site. Obviously I'm doing something wrong, or perhaps something is not configured correctly on the server? Where is the Referer field in the header set that the Apache server refers to? On the server or in the html somewhere? I am lost and apparently so is my hosting company. They can't figure out why none of these solution work when it seems they should. Any help would be appreciated! Oh and be forewarned if you go the site... it's an adult softcore site for women. Thanks again!
john_sepu
 
Posts: 1
Joined: Thu Aug 29, 2002 6:11 pm

Postby MGCJerry » Sat Sep 07, 2002 12:25 pm

Heres the one that works good on my site...

Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://localhost/.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$    http://mysite/images/bad.gif [L,R]


I put this in all my image folders. I figure that if they want to hotlink my pics, they shouldn't mind me advertising my site in a "hosted by" image ;).

Hope this helps someone a little.
MGCJerry
 

Postby Tom Kagan » Tue Jan 28, 2003 10:47 am

The RewriteRule in the above examples can be changed to the following to handle more cases where you do not want hotlinking (Of course, you still need the RewriteCond directives applicable to your site):

RewriteRule .*\.(css|gif|jpg|ico|png|GIF|JPG|jpe|jpeg).*$ - [G,L]

The most important addition in the above change is the .* after the file extension list. This prevents defeating hotlink blocking if the bandwidth pirate adds extra characters to the end of the name (e.g.: http://host.com/mypic.jpg?hotlinkbuster) This change does introduce a limitation, however: You can no longer have a subdirectory named with the same blocked extension (e.g: /adir.icostuff/thefile.html will be blocked).

Using [G] instead of [F] makes apache give back a 410 (gone) error instead of a 404 (not found). That's really a preference to the site administrator. But, 410 errors help keep your error log a little cleaner because they aren't logged as errors by default.

The above rule also adds hotlink blocks to the popular .css, .ico, and .png file types. I'm sure there may be custom file types you may want to protect.

.jpe and .jpeg are additional accepted extensions for the JPEG image format.
Tom Kagan
 
Posts: 2
Joined: Tue Jan 28, 2003 10:23 am
Location: New York, NY USA

links inside of .swf files

Postby rdubwnyc » Wed Feb 12, 2003 2:39 pm

Hey there-

Good to see I am not the only one.
My question for all of you gurus is this , I use mod in an .htacess file,
and it works great for links that are based in .html/.php etc..

But what if the offending link is inside a .swf ?

I have noticed this does not stop the link from working when it is inside
of the .swf.

Oh also I added a bogus url after the last string in the for-mentioned
mods and it kicks %%% because then I do not even have to bother wasting .1k on bandwidth, although a good middle finger picture is always
funny on the offending site.
rdubwnyc
 
Posts: 1
Joined: Wed Feb 12, 2003 2:30 pm

Postby MicroGe » Wed May 12, 2004 2:26 am

MGCJerry wrote:Heres the one that works good on my site...

Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://localhost/.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$    http://mysite/images/bad.gif [L,R]


I put this in all my image folders. I figure that if they want to hotlink my pics, they shouldn't mind me advertising my site in a "hosted by" image ;).

Hope this helps someone a little.



This works perfect ;o)

Little Problem, without one specific Folder?!

Example: www.my-domain.com/link-images/logo1.gif | logo2.gif ?!
MicroGe
 

Postby Guest » Wed May 12, 2004 2:44 am

oh .. i have that ;o)

Code: Select all
RewriteCond %{REQUEST_URI} !modules/LinkMe/images/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://localhost/.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://neu.yauno.test/.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://www.neu.yauno.test/.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://test.home/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.test.home/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$    http://neu.yauno.test/images/error.png [L,R]


the first Line is the answer ;o)
Guest
 

Postby Exnor » Thu Jul 08, 2004 6:58 am

Using any kind of referer check will cause users with norten firewall/internet security (and probably some other software) to not see your page, even if you are accessing the site directly.

This is apparently because the software firewall modifies the referer, to say something other than your URL (ie. some norton stuff), or simply a blank referer.
Exnor
 

Next

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 13 guests

cron