Blocking art theft from your website!

[WhiteShepherd]

WhiteShepherd your fuzzy dog machanic *tips hat and rearanges some tools* here again to give you artists and web geeks some useful tools.  *tail wags with a smile*  

This time we are working on preventing art theft from your website.  Namely by hot linking.  Hot linking is where someone is taking your art files that are on your web site to display those files on their own web site linking directly to your art.  Sometimes it's just kids showing off something they have found.  Other times I've seen art posted on "Troll" forums, or adult pay sites.  So instead of going to your page to view your art people are seeing it on someone elses web site.

Here is the good news.  Furtopia supports a very powerful Apache feature called "modrewrite".  In layfur terms this can let you highly customize how your website responds to visitors.

In this example I am going to teach you how to stop art hot linking/stealing.  

You can control who your website gives files to using a .htaccess file.

Example filename .htaccess
--------------------------
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?furtopia.org [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?dragoncity.net [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?furbid.ws [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?yahoo.com [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?msn.com [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?livejournal.com [NC]
RewriteRule (.*)\.(avi|mpg|rm|gif|jpg|png|zip)$ - [F,NC]
--------------------------

Now some more layfur explaining.  Some points to note... "([a-zA-Z0-9\.\-]+)?" is a home made wildcard (a little less easy to hack).

So each line like this: RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?furtopia.org [NC] tells the server who is ALLOWED to access YOUR protected files.  In this case since we are using a wildcard it's "anysubdomain".furtopia.org can access your files.  This line is most important as it allows YOUR OWN site www.yourname.furtopia.org to directly use your own images.  The other lines are other sites that you give permission to hot link your files.  "yahoo.com and google.com are important as they allow search engines to access your images as well as yahoo groups, etc.  furbid.ws allows furbid to link to your images (auctions on that site), etc.  You can actualy remove sites or add them to control exactly who has access.  You may also wish to add any "foums" to this list you wish to link your avatar from.  Try to think of sites you WANT to allow access.  If you get too restrictive and block everybody you will bock out seach engines from linking your images (something you may want?) and lose visitors who may otherwise not find your site.

Now notice the last line: RewriteRule (.*)\.(avi|mpg|rm|gif|jpg|png|zip)$ - [F,NC]

This line above says basicly unless from you gave a web site "permission" then block direct access to these file extensions.  Ie: .avi, .mpg, etc.  You can add or remove these entensions to what fits your site best.  These are ones I found most common in websites.

You can find an example .htaccess file formated and ziped ready for use on Furtopia websites here: http://www.furtopia.org/tools/htaccess.zip
http://www.furtopia.org/tools/htaccess.txt

Usage suggestions:  If you do not have a problem with someone hot linking from your site, it's generaly best to leave your site open.  However if someone is wrongfully linking your art/music/files you can stop their linking with the above .htaccess file.  "Put your .htaccess file into your web folders that have images/files you wish to protect.  That's all there is to it!"  The Furtopia's server will detect your .htaccess file and halt any hot-linking to your graphics from unapproved sites. '>

Note: This process is fine tuned for Furtopia's server but I am letting others know it should work on ANY apache server compiled with "modrewrite" support (to help those of you who have hosting else where).

The wild and fun loving white dog...  WhiteShepherd

[Nocte]

Ah, the many wonders of .htaccess! Thank you for the clear explanation, WS.

I wonder if there is also an easy way of finding out if your images are being hotlinked? (Except for asking one of the staff members to look at the server logs. '> )

[Firebreath]

And for those who require more "direct" approach towards file-saving theft, here is the latest tutorial I was working on, but seeing this topic was the last incentive I needed to finish it:
Blocking image saving

Hope this helps some people!

[Sabu]

One seemple paragraph:

Keep all your images in a non-public-accessible folder, then make a PHP file to call up and display the image if called from within the website. Not only does it let you send the hotlinkers something nasty, but you can also create fun random-image scripts.

[WhiteShepherd]

Hmm I thought I had posted here.  I scan from time to time for hot linking.  I may create a service that lets users download their .log files.

Screen shots can still be taken, and the image can still be stolen that way.

[BlueFox]

Perhaps one could but  slightly transparent, embossed, text saying who did the artwork, and put it over a small part of the image. that ways, if a theif were to try to remove it, he would also have to remove part of the image, leaving evidence.

[AladTheAnthroMeerkat]

Quote (Leonin @ July 10 2004, 10:31 pm)

Screen shots can still be taken, and the image can still be stolen that way.

Or they could view the source code after the html page has been covered with a trans. GIF, search for the URL to the image and nab it that way.

[WhiteShepherd]

Looking through the source would not help.  A direct link would fail.  It would have to come from a link from a web page on the artists site.  

Now if someone wants to save the image they can (unless other protective measures are taken).  This script prevents "hot linking" your images from another site.

[Kataze]

Hmm, what if the site has a directory named, say, "livejournal.com"?  for instance: "http://hotlinkedfiles.com/livejournal.com/astolenjpeg.html"?

I figure this wouldn't work, but I'm just curious and in no way an expert, or even a student of whatever language you use .htaccess with. (CGI?)

[WhiteShepherd]

True but of someone ever redesigned their directory structure just to hotlink an image you could remove the ([a-zA-Z0-9\.\-]+)? and create a secont line for www  ie: http://www.livejournal.com instead of http://([a-zA-Z0-9\.\-]+)?livejournal.com .  It would take two lines (one with and without the www) but would cause directory naming like that to fail.

[Kataze]

Quote (WhiteShepherd @ July 25 2006, 1:58 am)

True but of someone ever redesigned their directory structure just to hotlink an image you could remove the ([a-zA-Z0-9\.\-]+)? and create a secont line for www  ie: http://www.livejournal.com instead of +)?livejournal.com]http://([a-zA-Z0-9\.\-]+)?livejournal.com .  It would take two lines (one with and without the www) but would cause directory naming like that to fail.

So.....With the previous code it would succeed?

[nido]

You cannot escape from art theft. I mean; no matter how hard you try to block direct links; they have to have seen it before on your site itself. If they see it, they've got a copy in their cache. Simple.

[I suddenly have a serious deja vu feeling; scary.]


I guess all left is to mark the pictures so they carry your "identity".