Anti-Hotlink Robots: ACTIVATED
Folks, it is with chagrin, dismay, and weary disgust that I’ve finally been forced to disable hotlinking into the /spanking-pictures/ directory where all the great pictures you see on Spanking Blog are stored. I resisted for half a decade, but I’m done feeding bandwidth leeches for free.
If you experience any failure to see any pictures or graphics here at Spanking Blog, please let me know. The security robots are finicky critters, and I may have borked their instructions. I want to hear about any image-related oddities you may experience while visiting Spanking Blog.
That’s the message payload for this post.
The rest of this post is technical education for folks who are curious about the hotlinking problem or want to know what the hell I’m talking about — there is no spanking in it, so feel free to skip it.
“Hotlinking” is the practice of using, on your website, an image tag with a “src=” that points, not to your own web server, but to somebody else’s (like, say, Spanking Blog’s.) Hotlinking allows you to show images on your website that you do not have on your server — especially handy if you have some sort of web space, or are posting on a forum, where you cannot upload your own images.
Hotlinking is “bad” (for me) when it happens at high-traffic websites (because it costs me a lot of money in bandwidth) and when the people who do it don’t give me a courtesy link (because, if they did, I wouldn’t care about the bandwidth, I’d be too busy enjoying the traffic from the courtesy link).
Hotlinking is “good” (for the web and the world) when it’s done by people who don’t have their own image server space or don’t know how to upload pictures to their space. Hotlinking is also sort of built into the structure of the internet; the whole point of putting resources on the web is to share them, and hotlinking is one way to do that. Letting your images be hotlinked is a social good, if you can afford it and if people don’t abuse your generosity too badly.
Sadly, they do.
A year or two ago I put a lot of time and effort into a compromise solution — a fancy script that looked at every hotlink request and tried to decide which ones to accept (anything from a blog, for instance) and which ones to deny. There was also a middle ground, a category of hotlink requests that got satisfied, but with a “hotlinked from Spanking Blog” watermark. It was a huge pain to set this script up, it turned out to require constant tweaking, and, in the end it was pointless, because it didn’t actually reduce the number of hotlinked file requests my server had to respond to, since the script had to consider every one.
Here are some of the worst abusers in my logs for the month of August:
– Fark.com
– a Chinese-language spanking forum
– a members-only Norwegian image-sharing forum
– several “porn blogs” consisting of hotlinked pics from everywhere
There are also dozens of links from high-traffic non-adult blogs who hotlink the cute spanking pictures in my archives, but who are (presumably) reluctant to give a proper link credit because they don’t want to link to a horrifying nasty porn site like this one.
Anyway, no more. I’ve uploaded an .htaccess file to the /spanking-pictures/ directory that’s modeled after the one explained at Creating The Ultimate htaccess Anti-Hotlinking Strategy. Thanks to Perishable Press for the help.
There’s really no excuse for hotlinking to your blog when there are free image hosting sites available (like photobucket or imageshack). Those who wish to can just save a picture they find here, upload it to one of those sites, then hotlink to them instead (still giving credit to spankingblog, of course).
When I first read this post’s title, and then the first few paragraphs, I was concerned. I was worried that I would be unable to see your pictures. I’ve gone to porn sites before, and they would show a “not permitted” image, or something like that, instead of actual pictures. I assumed that they were checking Referer headers to prevent hotlinking, and because I don’t send a Referer header with my http requests, they wouldn’t show the images.
Thank you for doing it right. I can see the images on this site just fine. I looked at the page you linked to, where you got your .htaccess model, and the first thing it does is check if the Referer header is blank, and if it is, it doesn’t apply that rule.
spankingblog.com would be a real bummer without pictures. I don’t think I would even come here any more if you borked that. Good job, and I hope that you save lots of money in bandwidth without losing any legitimate traffic.
Bob, you’re welcome. I’ve put a lot of effort into researching this over the years, and I’ve never found a better (or better explained!) approach than you’ll find at the Perishable Press link.
Of course a permissive approach to blank referrer headers does open a window for the determined hotlinker, but that’s not my worry or my problem; my problem is the vast army of casual bandwidth thieves who know enough to hotlink but not enough to circumvent.
“Of course a permissive approach to blank referrer headers does open a window for the determined hotlinker”
Not really. The referer header is a browser setting. The person doing the hotlinking has no control over it.
It’s not quite that simple, though you are broadly correct. There are various kinds of site-leeching robots and other tools for grabbing and sharing a site’s pictures without loading its html pages; some of those hostile softwares pretend to be a browser when requesting pics, and can benefit from the blank referrer “hole”. In effect they are non-standard “browsers” that browse only the images. But, again, I’ll worry about that threat if it gets big enough to be a problem; today’s problem I could solve without shooting that bullet.
Thanks for the link to the tech page; it’s reallllly useful. (I’ve got just enough geek-fu to follow the instructions, but not nearly enough to understand them. Ah well.)
Adele, you’re welcome! There’s a lot of anti-hotlinking info out there, but most of it is contradictory, confusing, or just wrong. When I found that page I figured I was done looking. ;-)