.... Internet marketing resources, ecommerce web site design tutorials
  Taming the Beast - quality web marketing and ecommerce development services .... .


Return to web marketing and ecommerce articles index

Hotlinking issues - protecting your copyright, images and bandwidth

Hotlinking of images and flash objects is becoming an increasing problem for many webmasters and site owners, especially given the recent explosion in popularity of social networking services. This article discusses the hotlinking issue and some simple steps you can take to reduce the impact of this form of bandwidth theft - even perhaps turning it to your advantage.

What is hotlinking?

Hotlinking, aka inline linking, is the practice of displaying a file such as an image or flash object on a page that is stored on another site. While it has legitimate uses; often people will hotlink images without the permission of the owner of the site being referenced. 

Because the object is being called from the server of origin, that account is the one that wears the bandwidth expense for delivering the image for display. In the cases of unauthorized hotlinking, it's not only a copyright issue, but bandwidth theft. It become a particularly nasty problem for sites with many photographs and original images.

Legitimate examples of hotlinking

Probably the best example of legitimate hotlinking can be found on YouTube; where on each video linking code is also provided for the easy implementation and display of the video on user profiles and web sites external to the service. 

In essence, hotlinking works like this:

instead of the following method of coding for displaying an image:

<img src="image.gif">

.. which references an image on the local server, hotlink code is used like this:

<img src="http://othersite.com/gif.jpg">

i.e, the image is being displayed on the page, but another site is delivering the content

Negative effects of hotlinking

Unwanted hotlinking can have some rather undesirable effects, mainly:

- increased bandwidth usage by your site. Because the image is being called from your server, you wear the expense.

- images or flash objects being displayed where you don't want them to be

- loss of *real* traffic to your own site, i.e. instead of people needing to visit your web site to view the image or flash presentation, they can view it on the hotlinker's site.

Why do people hotlink?

Most people hotlink for one or more of the following reasons:

a) it's easy to do
b) to reduce their own bandwidth and hard disk usage 
c) to display files that their own service doesn't support
d) they are just plain nasty
e) ignorance of what they are doing is wrong

For the most part, I tend to believe that e) applies mostly these days; and based on my experience, mostly due to the social networking phenomenon. Using the example of MySpace, it's much easier for MySpace users to hotlink to your images rather than save them, upload them to their own gallery, determine the URL and then embed that code. 

As for copyright.. heh, "what's copyright?". Most of these sorts of users have no idea what they are doing is illegal.

Detecting hotlinking

Most webmasters aren't able to detect hotlinking until it becomes a massive problem; such as sudden spikes in bandwidth usage without a corresponding increase in traffic. 

To be quite honest, while there are ways to detect hotlinking, I believe tracking down hotlinkers is a waste of your valuable resources. Your time is better spent in creating content or promoting your site. Yes, you can send copyright infringement notices, but if you have a site where hotlinking is a problem, it's somewhat a case of "whack-a-mole"; no sooner would you have finished one anti-hotlinking crusade that you'd need to start another. 

There's better ways to deal with the problem; i.e., an ounce of prevention is worth a pound of cure.

Addressing the hotlinking issue

Depending on the type of site you have, you may be able to turn hotlinking to your advantage quite simply. For example, if you have an image rich site that focuses on flombles; by adding a label to each image such as "FlombleSite.com", you may be able to push traffic to your site that way.

For most site owners though, hotlinking is simply a pain in the butt and quite infuriating. There are a couple of relatively simple steps you can take to block images and objects from your site being shown on other sites. You can even replace the image being displayed on another site with one you specify which can alert the hotlinker that you're onto them and even push traffic your way :).

Using .htaccess to prevent hotlinking

The following solutions assume your site is hosted on an Apache web server (most are), the availabity of the mod_rewrite module (most hosts running Apache have this enable) and requires the use of a .htaccess file. If you're not sure the type of server your site is running on, ask your web host about Apache, mod_rewrite and .htaccess availability. 

A .htaccess file is simply a set of instructions stored in your web site's file base that is read by the server before it delivers content to the requester.

If you don't have a .htaccess file in place, you can create one using Notepad, but it must be named .htaccess - notice the "." before the filename. 

Important! - If you do have a .htaccess file already present, be sure to back it up first before making alterations or additions.

The level of hotlinking protection provided the following is determined by where the .htaccess file containing the following instruction is placed in your file base. 

For example, for protection of all images and objects on your site, the .htaccess file should be placed in the root document folder of your site (where your home page is stored). If you only want the images and objects in a particular folder protected, the .htaccess file containing the following instructions.

Note for Frontpage users - you'll need to use FTP in order to download/upload your .htaccess files and you should place the hotlinking code at the end of your .htaccess file

Basic hotlink protection

The simplest solution is to use the following in your .htaccess file. It will just display an empty placeholder on the hotlinker's page where the image should appear. You will need to change "you" and ".com" to reflect your domain name:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?you\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpg|jpeg|gif|bmp|png|swf)$ - [F]

Advanced hotlink protection methods

You can use the following code to display an image of your choice in place of the hotlinked image requested. In this version, change "you" and ".com" to match your site details, plus replace "/img/a.gif" with the path and filename to the replacement image. 

This option is great for revenge, but be sure to use a lightweight image so that it doesn't cost you much in bandwidth :). 

Suggestion: you can just have text on the image stating "image available at yourdomain.com" - it may send some real traffic your way. Even if the image distorts on the hotlinkers site due to their specifying image size; it will look horrible enough that they remove it :).

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?you\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpg|jpeg|gif|bmp|png|swf)$ /img/a.jpe [L]

Special note: Notice the image referenced in the last line has a tail extension of "jpe". The reason for this is that if you use "jpg","jpeg","gif" etc; as those are listed as files to be protected, it won't appear. If you've created a gif or jpg file to use as the replacement image, simply rename the tail extension to .jpe and it should still work.

In some cases, you may wish to give certain sites authorization to hotlink to your images. The following code allows for that scenario, while displaying an image of your choice on hotlinker sites who don't have permission. 

You'll need to change the values as described in the previous example, plus change the lines with "ok*" to the domain name/s you wish to be allowed to hotlink. Add extra "ok" lines for more domains if needed. Remember to read the special note above about about the use of the ".jpe" extension for the replacement image.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?you\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?ok1\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?ok2\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpg|jpeg|gif|bmp|png|swf)$ /img/a.jpe [L]

Are these protection methods 100% secure?

A determined hotlinker is a force to be reckoned with, but for the most part, the above solutions will provide excellent protection, perhaps save you a ton of bandwidth, allow you to "educate" hotlinkers that what they are doing isn't cool and perhaps even direct some of the hotlinker's traffic to your site :)

Michael Bloch
Taming the Beast
Tutorials, web content, tools and software.
Web Marketing, Internet Development & Ecommerce Resources

In the interests of transparency and disclosure, please note that the owner of Taming the Beast.net often receives goods and services mentioned in reviews for free, or may receive payments or affiliate commissions for advertising or referring others to merchants of products and services reviewed.

Copyright information.... This article is not available for reproduction without explicit written permission from Michael Bloch and Taming the Beast.net

Click here to view article index 

Online meeting & webinar software review
Powerful, easy to use collaboration tools that can help improve your marketing sales and training efforts. Learn more about these services in this review & try a free trial!

The best shopping cart software
Our reviews of some of the best shopping carts around - free ecommerce solutions  through to premium services offering affiliate programs, marketing modules & online soft goods delivery.  Shopping cart software guide 

Autoresponder software/mailing list manager
 Read our beginners guide and reviews of all-in-one autoresponder & email marketing software solutions.

Credit card transaction fraud screening!  Effective fraud screening is an essential part of running an online businesses. Fraud transactions cost you money and can threaten your merchant account. Pick up a stack of transaction screening tips in this free guide! 

Need some advice/tools for writing/creating a web design, development or marketing proposal?






Get paid cash taking online surveys - free to join online 
survey companies that will pay you cash for your opinion!

In Loving Memory - Mignon Ann Bloch

copyright (c) 1999-2011  Taming the Beast  Adelaide - South Australia 

Profile - Contact - Privacy - Consultants Portfolio 

Search Site - Terms of Service - Social/environmental