home > articles > hotlinking

Dealing with Hot-Linking

Hot-linking, or bandwidth theft, is the act of using someone's image, without their permission, for display on their own site, eBay auction, forum, blog but the image resides on another site. This also holds true for music, videos, and other media.

The bandwidth is the amount of data transferred from a web site to a user's computer. Since most hosts charge for bandwidth, the transfer of images, videos, and other media without your permission is costing you.

Here is a helpful policy on hot-linking you may want to add to your site:

1. By default, an image cannot be hot-linked.
2. Users who link directly to an image hosted on my website are redirected to an error image.

Outlined are several ways to deal with hot-linking.

Educate the Thief

Many people don't know how very wrong it is to "use" graphics on someone else's server, so an email with a short explanation of why hot-linking is wrong may do the trick.

Send the Graphic

If the image that is being hot-linked is not copyrighted you may want to send the image to the thief along with an explanation of why hot-linking is wrong. I used this method once and it worked out well.

Rename the Graphic

The stolen graphic can be renamed on your server which will cause the thief's link to fail. In pursuing this method, you will have to rename all your links, but depending on the software tools you use (e.g.  Dreamweaver, Expression Web), renaming within that tool will automatically change all your links.

Create a New Graphic

If you want to be sneaky, you can always create a new image that says "this person is stealing my images", then give it the old name of your image. All the hot-links will display your new image.

Warn the Thief

You can send a cease-and-desist order to the thief. Here is a sample one from the digital millennium copyright act.

=== BEGIN SAMPLE DMCA TAKEDOWN NOTICE ===

Attn: {Owner, webmaster etc of infringing business},

Pursuant to 17 USC 512(c)(3)(A), this communication serves as a statement that:

(1). I am [the exclusive rights holder | the duly authorized representative of the exclusive rights holder] for [title of copyrighted material being infringed upon, along with any identifying material such as ISBNs, publication dates, etc -- or, if the material is a web page, the URL];

(2). These exclusive rights are being violated by material available upon your site at the following URL(s):
[URLs of infringing material];

(3) I have a good faith belief that the use of this material in such a fashion is not authorized by the copyright holder, the copyright holder's agent, or the law;

(4) Under penalty of perjury in a United States court of law, I state that the information contained in this
notification is accurate, and that I am authorized to act on the behalf of the exclusive rights holder for the material in question;

(5) I may be contacted by the following methods (include all):
[physical address, telephone number, and email address];

I hereby request that you remove or disable access to this material as it appears on your service in as expedient a fashion as possible.
Thank you for your kind cooperation.

Regards,
[your full legal name]

Disable the Hot-Link

Your hosting site's control panel ( cpanel ) should have a place where you can disable hot-linking, except to approved sites. Look in security for something called hotlink protection. This app probably adds entries to the site's .htaccess file much like the one shown below.

One problem you may run into is search engines need to find your images so they can be indexed. The cpanels I have used do not enter these in for you as acceptable sites so you must enter them yourself.

DIY Block the Thief

This requires your server to use the Apache configuration file .htaccess file.

Using your .htaccess file allows you to control things such as:

• What sites to block/allow
• Whether to allow/deny blank referrers
• Display custom images to hot-linking sites
• What file extensions to protect against hot-linking

The following .htaccess entries will redirect a hot-linker to hotlink.gif.

#
# Stop Image Hot-linking
#
RewriteEngine on
#
# allowable domains
#
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?yourdomain2.com [NC]
#
# allow blank referrers (see note below)
#
RewriteCond %{HTTP_REFERER} !^$
#
# allow search engines
#
RewriteCond %{HTTP_REFERER} !google. [NC]
RewriteCond %{HTTP_REFERER} !search?q=cache [NC]
RewriteCond %{HTTP_REFERER} !msn. [NC]
RewriteCond %{HTTP_REFERER} !yahoo. [NC]
#
# allow hotlink.gif to be displayed
#
RewriteCond %{REQUEST_URI} !^hotlink.gif$
#
# display custom image
#
RewriteRule .(jpe?g|png|gif)$ hotlink.gif [NC,R,L]

Blank referrers: you have music files etc which are not accessed from a webpage, you will more than likely find there is no referrer information sent. You can set this code to block blank referrers. Bear in mind that some browsers don't carry referrer information, so this may stop a legitimate viewing of your files from your own pages. Only choose this option if this is something that you find you need.

You can add 'zip', 'exe', and other extensions besides images.

Make sure there is not an .htaccess file already. Also, make a backup of the .htaccess file before changing it. Note since the name starts with a dot it will NOT show up in Expression Web. Use another ftp program such as Filezilla to see if there is already an .htaccess