Hi can someone please tell me how to prevent someone from hotlinking my site and images ?
or if there is something I have to put in to the .htaccess .. if so can I place it anywhere onto the .htaccess or it has to be all the way on top .. bottom?

Thanks for your help guys!! really appreciate it. :)

a simple htaccess setup:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.domain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://domain.com [NC]
RewriteRule [^/]+\.(exe|mpeg|mpg|avi|mp3|gif|jpg|JPG|GIF|MP3|AVI)$ - [F]
RewriteRule ^/cgi-bin/.+$ - [F]
ErrorDocument 403 http://www.domain.com
ErrorDocument 404 http://www.domain.com
ErrorDocument 500 http://www.domain.com

Great! and Thank you,
now where it says:
RewriteRule [^/]+\.(exe|mpeg|mpg|avi|mp3|gif|jpg|JPG|GIF|MP3|AVI)$ - [F]

can I insert midi and any other extensions I like to insert? ex.

RewriteRule [^/]+\.(exe|mpeg|mpg|avi|mp3|gif|jpg|JPG|GIF|MP3|AVI|m idi)$ - [F]

I don't know anything about midi format but I would think it'll work with any extension regardless of files type/extension. try it and you'll know ;)

you know where it says:

RewriteCond %{HTTP_REFERER} !^http://www.domain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://domain.com [NC]

can I add:

RewriteCond %{HTTP_REFERER} !^http://mydomainIPaddress [NC]

? add my domain ip address to that and place it as a third line?

Yeah ... but isn't there a hack program that bypasses htaccess?

What about that?

The only hack I know of that can get around .htaccess is by writing a script or something which spoofs the referral header. I don't know of how this is done in a browser but its a 2 line piece of code in perl. Then again, nobody really surfs the web with perl now do they :-)

WG

I was referring to a program at http://www.spoofer.de which was featured in a bunch of threads on adult webmaster boards not too long ago ...

Apparently it completely bypasses htaccess ...

Bypass htaccess? Is that possible? what about htaccess password. Is that useless?

Andre

From what I was reading of the posts, and if I recall, the program could also bypass htaccess passwords ... but I don't know first hand ...

You should probably test this yourself Andre since that's what other people were doing when they posted topics about it ...

yeah, referer can be spoofed and images hotlinked anyhow. The only sence .htaccess makes here is that it will deter newbies, experienced guy can fuck you anyways/

about bypassing password - i don't think so.
there are different methods to crack by force, intercept paswords and uudecode, quess, etc. But how they hell can you bypass it?

here is a little 'howto' I put up recently on request of our clients about basic authentication: http://208.50.252.10/htaccesstips.html
Pretty basic stuff :)

Well, as I mentioned, I wasn't sure about passwords ... but I thought some people who were testing said the spoofer program bypassed that as well ...

Here's one of the comments I copied from a Netpond post on this program ...

"It works on every site I have tested ...

People don't need usernames and passwords, they can just download this program and enter!

I saw 100s of examples posted on some forums including small and big sites.

If you use a .htaccess file to share your content you better find another way. This is HUGE !"

Sorry ... I can't remember who posted this ... I just made a copy of the comments for my own records ... but this was the jist of what people were saying about it ...

One a related note, I have another question ...

If you slice up your images and web design using Adobe Photoshop 6 or other programs with auto slicing ...

Could that screw up those who attempt to hotlink to your site ...

I was just wondering if this was another possible solution ...

just read spoofer.de - quite interesting about 'fake web' stuff

you want to slice up every single pic you have? lol

.htaccess does the job. pro can screw you anyways. If you use linux, setup firewall on your server and block the asshole completely with iptable or something

Yeah ... I'm gonna slice every pic ...

Maybe stop the damn thieves from lifting them ... LOL