Category: 
June 13, 2007As we all know, hot linking has become a huge bandwidth strain for linked sites. I’ve recently discovered a fair few sites linking to images on this site without permission. Now, there’s lots of Apache tutorials to counter this problem – but if you run a large cluster of webservers, this isn’t always easily implemented. Far better to do it on your front-end load balancer.
Using TrafficScript you can prevent hot linking like so:
$referrer = string.lowerCase( http.getHeader( "Referer" ));
$host = http.getHostHeader();
$path = http.getPath();
$redirect = "/blocked.png";
# Never block requests with no Referer:
if( $referrer != "" ) {
# Referer header should contain the hostname of the site
if( !string.contains( $referrer, $host )) {
# Only block images
$path = http.getPath();
if( string.regexMatch( $path, "\\.(jpe?g|png|gif)" )) {
# OK, block this image (but allow our special blocked image)
if( $path != $redirect ) {
# Redirect them to our 'Go away' image
http.redirect( $redirect);
}
}
}
}
..and if you’re quick enough, you can catch the cheeky so and so’s at altplustab who decided to use an image of mine on their front-page. I wonder how long it’ll be before they remove it?
Here’s a screenshot for when they stop stealing my bandwidth and remove the hotlink.
Here’s another person abusing my bandwidth, not a surprise from a MySpace user, mind.
Horaayy..there are 27 comment(s) for me so far ;)
yup, image still up there. Good luck with your code. I think it still needs some work. Your screenshots are fake. Btw, we don’t own an image server, so we upload images to blogger.
My screenshots are -not- fake. It’s clear as day for everyone to witness – you’ve been caught hot linking. Your site, even as I write, is still hot linking. Please desist.
Any tips on my code, welcome. It appears to work pretty well…
Butch Cassidy: That’s one hell of a fake screenshot. The hotlink image is on your site plain for anyone to see. It might well be the case that you do upload the images to your own server, but you aren’t using that uploaded image on your site at the moment.
The HTML source on altplustab currently shows you clearly linking.
It appears that Blogger wasn’t uploading them correctly. It informed that it had uploaded the image, but kept using the url it got it from. I can guarantee you, that we had no interest in decreasing your server’s performance. It’s not like its part of our evil world domination plan. Bullying people around isn’t nice, though, so your server is part of our plan now. You could easily just sent an email to the administration of altplustab. But ofc, writing some article with a couple of pointy insults works better.
The article was written to educate people about:
a) The problem of hot linking.
b) A quick and efficient way to prevent it within your datacentre load balancers.
I am pleased you have seen the error of your ways and correctly uploaded the image to your site. You should do this also for all the other images you’re hot linking to – unless you have their permission?
Don’t see why Chris should have to teach the AltPlusTab admins how to configure and use their own site. Never mind the fact that you didn’t even check his claims before crying ‘fake’ on his screen shot. I think you should look at yourself before crying about “pointy insults”
a
I already explained in a polite and insult-free way, that this was caused by a glitch in the Blogger dashboard, still you continue to add injury to the original insult.
Actually, Butch, I don’t believe this was a ‘glitch’ at all – as you’ve clearly been able to ‘fix’ your user error this morning.
Regarding explaining your hot linking – I should remind you of your original comment:
And later:
You haven’t yet:
a) Pointed out how the code could be improved.
b) Justified your ‘fake screenshot’ claim
c) How is my server ‘part of your plan’ ?
Well my bad on crying fake. The truth is, the only way I understood that I had this problem on my blog, was because I got to this site. So, if Chris does not want hotlinking he should warn people that are doing it, and how they are doing it. Not insulting them on his blog. I thank Chris for the comment on our blog, because that was the only way of knowing what happened.
I guess you have learnt not to hot link the hard way. The hot link block I implemented was not targeted at you specifically, but at all people hot linking to images on this site without permission. I’m a bit shocked you didn’t understand what the image text was telling you, though?
a) and b) the reason i cried fake is that, i could still see all the images correctly. I was joking about the code.
c) this is called humor. You could argue that its unrecognizable and bad humor, still, it was just that.
I fixed it, by uploading the images from my computer, and not from the web (the two options from Blogger). Hey, i wanted to use Wordpress too, but I’m to cheap to get a server to run it. (wordpress.com is crap)
I think Butch got off lightly here. Chris, how did you suppress the urge to make stop-hotlinking.gif a 2000×2000 pixel flashing goatse montage? :)
…Cause that would just magnify his bandwidth problem. (btw I still claim that the images were being displayed normally [for me] on altplustab. Don\’t know if they were already cached somewhere else on the web. I still have a webpage where I am hotlinking here just to see if I can someday see the glorious stop-hotlinking image. No luck yet.)
The images were being displayed correctly for you because your browser was caching them. If you’d have cleared your cache, or browsed with caching disabled, you will see the hotlink image.
What is the URL of the hotlinked image, and i’ll test..
I’m guessing its:
http://o-c-u-l-t-o.blogspot.com/
Well, that looks like the hotlink script works absolutely fine to me..
I think that’s not it. They must be cached somewhere alright, but I can assure you it\’s not on my machine. No matter what I try, I just can\’t get the image to load. I think that if you just \’touch\’ one of the hotlinked files, it will work. Whatever server is caching the file will try to reload it.
So what is the URL you are referring to? No one else is having any problems – it’s just you.
In the website you mentioned http://o-c-u-l-t-o.blogspot.com some files are hotlinked, and even after multiple refreshes and cache deletions they persist. My guess is that they must be cached in some ISP server that is not refreshing the image correctly. That\’s why I never have seen the stop-hotlinking image. And most likely no one in my region. That leads me to think that that\’s another reason why we can\’t bother your bandwidth that much also (even if we wanted it :) ).
Some good points raised. However, even _if_ your ISP is caching the script will instruct their proxy (usually squid) to serve the re-directed image. So, I don’t think it’s that. I really do think it is a local caching issue. Could you clear your browsers cache completely, close the browser down, restart it and try again?
Incidentally, if you’re using Firefox I thoroughly recommend the ‘web developer’ plugin. It allows you to browse with caching disabled. DISABLE > DISABLE CACHE.
Give that a go…:)
Installed the web developer extension (I had given that up after seeing that it encouraged some huge memory leaks from firefox 1.0) , disabled cache and gave it another shot. Nothing. If you rule out the ISP caching, then I\’m out of ideas. I would actually ask you to touch this file: \’http://www.cjbuckley.net/blog/wp-content/uploads/zelda.jpg\’.
When you say ‘touch this file’ ..? Can you clarify what you mean?
Given what you say, it must be your ISPs cache. You are the only person unable to see the hotlink blocks so far.
i meant ‘touch’ as the command from unix like systems (changes modification time-stamps [amongst other uses, like creating a blank file]). My idea is simply to check if the server where I presume the files are cached acknowledges the file has been changed and tries to reload it.
You’ll be pleased to know I’m fully aware of the command ‘touch’…;)
I will re-touch this file now:
http://www.cjbuckley.net/blog/wp-content/uploads/zelda.jpg
Butch Cassidy: I’m going to disable content caching (loads the most frequently used images into server memory) on my server. Can you try again now..?
Ta.
(I figured that you would know all about \’touching\’ ;) )
I quit. I\’ve disabled cache, been refreshing your page, and still can\’t find the stop-hotlinking image. Anyway, I will leave those links up in o-c-u-l-t-o for a while more, since I don\’t use that blog and is not taking up your bandwidth, only to see if I can someday see the script working. Probably when those images leave whatever cache they are in. The internet is a strange place, I\’m sorry for the trouble I\’ve caused you, but we really didn\’t know what was happening. It may be argued that we had the responsibility of knowing it. Fair enough. I believe many not so informed bloggers may be hotlinking without even understanding why they are hotlinking, because of the interface they are presented when they are blogging.
Dude, it’s cool :)
The hotlinking gave me a good opportunity to finally write a hot-linking script for other ZXTM users to implement. So, thankyou :)
I’ve cleared the cache from my load balancer btw – you should find if you do a full page refresh the links are served. If they’re not, well we’ll just have to chalk this one up to ‘who knows?’ ;)
Cheers,
Chris
The term “Upload Image” being used in the blogger interface when it isn’t uploading anything isn’t helping…
(been refreshing your page = been refreshing o-c-u-l-t-o)