community group sub-forums > tech talk

Blocking art theft from your website!

(1/3) > >>

WhiteShepherd:
WhiteShepherd your fuzzy dog machanic *tips hat and rearanges some tools* here again to give you artists and web geeks some useful tools.  *tail wags with a smile*  

This time we are working on preventing art theft from your website.  Namely by hot linking.  Hot linking is where someone is taking your art files that are on your web site to display those files on their own web site linking directly to your art.  Sometimes it's just kids showing off something they have found.  Other times I've seen art posted on "Troll" forums, or adult pay sites.  So instead of going to your page to view your art people are seeing it on someone elses web site.

Here is the good news.  Furtopia supports a very powerful Apache feature called "modrewrite".  In layfur terms this can let you highly customize how your website responds to visitors.

In this example I am going to teach you how to stop art hot linking/stealing.  

You can control who your website gives files to using a .htaccess file.

Example filename .htaccess
--------------------------
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?furtopia.org [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?dragoncity.net [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?furbid.ws [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?yahoo.com [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?msn.com [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?livejournal.com [NC]
RewriteRule (.*)\.(avi|mpg|rm|gif|jpg|png|zip)$ - [F,NC]
--------------------------

Now some more layfur explaining.  Some points to note... "([a-zA-Z0-9\.\-]+)?" is a home made wildcard (a little less easy to hack).

So each line like this: RewriteCond %{HTTP_REFERER} !^http://([a-zA-Z0-9\.\-]+)?furtopia.org [NC] tells the server who is ALLOWED to access YOUR protected files.  In this case since we are using a wildcard it's "anysubdomain".furtopia.org can access your files.  This line is most important as it allows YOUR OWN site www.yourname.furtopia.org to directly use your own images.  The other lines are other sites that you give permission to hot link your files.  "yahoo.com and google.com are important as they allow search engines to access your images as well as yahoo groups, etc.  furbid.ws allows furbid to link to your images (auctions on that site), etc.  You can actualy remove sites or add them to control exactly who has access.  You may also wish to add any "foums" to this list you wish to link your avatar from.  Try to think of sites you WANT to allow access.  If you get too restrictive and block everybody you will bock out seach engines from linking your images (something you may want?) and lose visitors who may otherwise not find your site.

Now notice the last line: RewriteRule (.*)\.(avi|mpg|rm|gif|jpg|png|zip)$ - [F,NC]

This line above says basicly unless from you gave a web site "permission" then block direct access to these file extensions.  Ie: .avi, .mpg, etc.  You can add or remove these entensions to what fits your site best.  These are ones I found most common in websites.

You can find an example .htaccess file formated and ziped ready for use on Furtopia websites here: http://www.furtopia.org/tools/htaccess.zip
http://www.furtopia.org/tools/htaccess.txt

Usage suggestions:  If you do not have a problem with someone hot linking from your site, it's generaly best to leave your site open.  However if someone is wrongfully linking your art/music/files you can stop their linking with the above .htaccess file.  "Put your .htaccess file into your web folders that have images/files you wish to protect.  That's all there is to it!"  The Furtopia's server will detect your .htaccess file and halt any hot-linking to your graphics from unapproved sites.

Note: This process is fine tuned for Furtopia's server but I am letting others know it should work on ANY apache server compiled with "modrewrite" support (to help those of you who have hosting else where).

The wild and fun loving white dog...  WhiteShepherd

Nocte:
Ah, the many wonders of .htaccess! Thank you for the clear explanation, WS.

I wonder if there is also an easy way of finding out if your images are being hotlinked? (Except for asking one of the staff members to look at the server logs. )

Firebreath:
And for those who require more "direct" approach towards file-saving theft, here is the latest tutorial I was working on, but seeing this topic was the last incentive I needed to finish it:
Blocking image saving

Hope this helps some people!

Sabu:
One seemple paragraph:

Keep all your images in a non-public-accessible folder, then make a PHP file to call up and display the image if called from within the website. Not only does it let you send the hotlinkers something nasty, but you can also create fun random-image scripts.

WhiteShepherd:
Hmm I thought I had posted here.  I scan from time to time for hot linking.  I may create a service that lets users download their .log files.

Navigation

[0] Message Index

[#] Next page