2009/8/7 Nathan Kennedy <[email protected]>
> Group,
>
>
>
> I discovered recently that a newly released website is hotlinking a
> loading.gif image off my site.
>
> I am of the mindset that if you are going to hotlink like that, prepare to
> get pooed on.
>
> I'm surprised that still in this day and age, people are not just simply
downloading and hosting themselves ... although I digress.
Fair enough on the mindset however - the image you have chosen is quite
possibly going to offend some people - the question is not of getting the
image on the other server, but more of that fact that you are hosting the
image on your own server.
Is that the image you really what you want to present to the public at
large?
Also imagine the fun when the transparent proxy here displays the poo,
instead of the spinning thingy. (Attica Group / Callplus have a transparent
proxy).
Thirdly, your poo is 10KB in size - the loading is 3KB in size. Who's
going to hurt from the 3x increase in bandwidth requirement?
>
>
> To keep this on-topic, here is a portion of the PHP script that I used to
> select which image is displayed to the unfortunate viewer (I know it is
> probably easier/faster/cleaner to do with mod_rewrite rules, but this is a
> PHP mailing list!):
>
>
>
> if(strpos(strtolower($_SERVER['HTTP_REFERER']),'mudah') &&
> $_SERVER['REMOTE_ADDR'] != 'OFFENDING_DEVELOPER_IP_ADDRESS') {
>
> header('Content-Type: image/jpeg');
>
> readfile('images/poo.jpg');
>
> }
>
> else {
>
> header('Content-Type: image/gif');
>
> readfile('images/loading2.gif');
>
> }
>
>
>
> There are a couple of smarts:
>
> a) If the viewer is the developer (which I can only tell from the IP
> address that originally found my image via Google Images – yay for Apache
> logs) then the original ‘loading.gif’ image is displayed.
>
> b) If the referrer doesn’t contain ‘mudah’ (a porton of the site
> address), then the original ‘loading.gif’ image is displayed. This is so
> that people who visit a direct link (including the Google Imagebot) won’t
> see the new image. This makes it perfectly safe to click
> http://www.kennedytechnology.com/images/loading.gif
>
>
>
> I don’t want to type out the address for the offending site, because the
> developer may see this thread in his/her referrals. But if you wish to see
> the new version of the site you can do so by typing
> (one)(two)(three)mudah(dot)com.
>
It's a public internet site - the developer may already know ...
>
>
> Anyone else done similar things for people who choose to hotlink and steal
> your bandwidth?
>
Not directly, no - but I would suggest that you either redirect the traffic
elsewhere (like a image from a google cache instead) or simply deny access
to the images via the http headers.
This would give a slightly more professionally way of dealing with this
issue and also the added benefit of reducing your bandwidth (error message
headers being < 3KB in size, generally).
Lastly - the poo may actually encourage a DoS attack against you (byebye,
bandwidth) - whereas a denial may have the same effect.
My 2c/
Cheers,
Wazza.
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[email protected]
-~----------~----~----~----~------~----~------~--~---
