Prevent Hotlinking of Images (Apache and NGINX)

[CCarter]

They are showing the image on their site - so copy and paste - and then below it saying : Source and the source links to - mysite.com/wp-content/images/theimage.jpg

I just want to confirm the htaccess code above does indeed stop YOUR images from showing up on the offending site if they are using you are the source. I hotlinked an image from Mako on MOE, and then within the Mako htaccess implemented the code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?moneyoverethics.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ - [F]

Before:

and After:

So all your images on their site should suddenly appear broken. If you have multiples sites you'll have to expand the htaccess to:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?buildersociety.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?moneyoverethics.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ - [F]

Here is the NGINX version:

server {
    ...
    location ~* \.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ {
        if ($http_referer ~* (buildersociety.com|moneyoverethics.com)) {
            return 403;
        }
    }
    ...
}

Edited: Added webp from @Politico code

 

[Politico]

Clutch!
I added webp to mine

RewriteRule \.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ - [F]

I'm assuming that won't break things, will it?

 

[MrMedia]

I just want to confirm the htaccess code above does indeed stop YOUR images from showing up on the offending site if they are using you are the source. I hotlinked an image from Mako on MOE, and then within the Mako htaccess implemented the code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?moneyoverethics.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ - [F]

Before:

and After:

So all your images on their site should suddenly appear broken. If you have multiples sites you'll have to expand the htaccess to:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?buildersociety.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?moneyoverethics.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ - [F]

Here is the NGINX version:

server {
    ...
    location ~* \.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ {
        if ($http_referer ~* (buildersociety.com|moneyoverethics.com)) {
            return 403;
        }
    }
    ...
}

Edited: Added webp from @Politico code

Sick thank you. The links will still be in place but its a solid fuck you to the site that is now filled with 1000s of broken images.

 

[CCarter]

The links will still be in place

I suspect they'll replace them or take it down at some point when they realize the images aren't linking correctly - otherwise it makes no sense for users viewing the site and their site metrics will tank.

If they are serious about they site they'll have to figure out a fix, makes no sense not to.

I would also put together a disavow files with ALL their pages that link to you and Disavow the links, then get Google to re-crawl that site, you might be surprised at their rankings afterwards.

 

[MrMedia]

If I wanted to get brutal and dark how badly could I wreck their site?

As far as I am concerned they started this war so its time to strike back hard.

They are protected by cloudflare so a massive DDOS or similar is out of the question - anything else I could do to decimate this scum?

 

[Darth]

Could people hotlinking your images have a SEO benefit for you, and does blocking them remove the benefit?

 

[CCarter]

If I wanted to get brutal and dark how badly could I wreck their site?

LOL - sneaky fuckers...

Let's do it. Here is the image in the code on MoneyOverEthics (MOE) - I am hotlinking a MakoBoard Image:

Here is what happens when there is no blocking from Makoboard's htaccess:

Here is the actually source code inside MOE, so you can see it is being served correctly:

Here is what happens when instead we tell it to load ANOTHER image from my MakoBoard htaccess:

--

Here is the code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?buildersociety.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?moneyoverethics.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|bmp|zip|rar|mp3|mp4|avi)$ https://i.imgur.com/nE5X4C5.gif [NC,R,L]

So you are thinking he is simply serving her:

... But think, ALL their images will be changed to the above image where they are hotlinking you instead of failing...

But think... what if you server them a very bad image?

(Squint your eyes to figure out what's going on)

Obviously NOT pixelated and blurred. ALL their images would turn into Porn/Adult or even dickrolled gay porn from WickedFire days, instead of your images. And you don't even have to host it, put it up on imgur.

I beg you, please send me screenshots if you implement this - DM or whatever! It's too funny not to share it.

Turn ALL their images into some repeat adult, I did this in the past to some hotlinkers, they got the message quickly, AND if they were not paying attention their visitors saw the adult image for days, weeks, months - and eventually Google will recognize the porn content and tank the site. So they'll have to remove that quickly... (And you aren't hosting the image so you are good).

 

[MrMedia]

LOL - sneaky fuckers...

Let's do it. Here is the image in the code on MoneyOverEthics (MOE) - I am hotlinking a MakoBoard Image:

Here is what happens when there is no blocking from Makoboard's htaccess:

Here is the actually source code inside MOE, so you can see it is being served correctly:

Here is what happens when instead we tell it to load ANOTHER image from my MakoBoard htaccess:

--

Here is the code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?buildersociety.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?moneyoverethics.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|bmp|zip|rar|mp3|mp4|avi)$ https://i.imgur.com/nE5X4C5.gif [NC,R,L]

So you are thinking he is simply serving her:

... But think, ALL their images will be changed to the above image where they are hotlinking you instead of failing...

But think... what if you server them a very bad image?

(Squint your eyes to figure out what's going on)

Obviously NOT pixelated and blurred. ALL their images would turn into Porn/Adult or even dickrolled gay porn from WickedFire days, instead of your images. And you don't even have to host it, put it up on imgur.

I beg you, please send me screenshots if you implement this - DM or whatever! It's too funny not to share it.

Turn ALL their images into some repeat adult, I did this in the past to some hotlinkers, they got the message quickly, AND if they were not paying attention their visitors saw the adult image for days, weeks, months - and eventually Google will recognize the porn content and tank the site. So they'll have to remove that quickly... (And you aren't hosting the image so you are good).

There's epic then there is this.

Watch this space.... It has to be the Meatspin if I do this which I am 90% certain I will.

Any other DDOS type activities? I want these guys to burn.

 

[CCarter]

Any other DDOS type activities? I want these guys to burn

Nah, that's illegal and you don't want that type of activity. Simply putting the meatspin or some adult could tank them fast, which is what you want. But also their visitors will press the back button quickly, which will be a bad signal in Google's serp eyes. Imagine if they report that shit! Game over!

Please send me a screenshot, I did this like 15 years ago, never seen it in action since.

 

[MrMedia]

Nah, that's illegal and you don't want that type of activity. Simply putting the meatspin or some adult could tank them fast, which is what you want. But also their visitors will press the back button quickly, which will be a bad signal in Google's serp eyes. Imagine if they report that shit! Game over!

Please send me a screenshot, I did this like 15 years ago, never seen it in action since.

If I do it I'll send it to you guaranteed.

 

[Ryuzaki]

They don’t care. It’s automated across thousands upon thousands of domains. It’s not for human users. It’s strictly for crawling and indexing for Google. At this point the only thing I can think is it’s some kind of “indexing service” for spammers. They drop the sites and spin up more, reuse previous domains later, add more to the mix, and no human looks at any of it.

 

[Éowyn]

So when we want to add more troll sites, do we add it like this? With [NC] at the end, not [NC,OR]?

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\\.)?buildersociety.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\\.)?moneyoverethics.com [NC]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\\.)?trollsite3.com [NC]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\\.)?trollsite4.com [NC]
RewriteRule \\.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ - [F]

And when we want to block everything except the search engines it’s like this?
Or is it better to stick to the code above and add more troll sites to it?

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?kagi.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?search.brave.com [NC]
RewriteRule \\.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ - [F]

or do I make the last rule?

RewriteRule \\.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ - [NC,F,L]

 

[CCarter]

And when we want to block everything except the search engines it’s like this?

Don't do this. You will miss out on the next Pinterest or new search engine that destroys Google.

You can't predict the future.

Better to simply block bad actors than assume there will be nothing new under the sun.

You will also miss out on first mover advantage by blocking the future platforms.

 

[Éowyn]

Ah, okay. Thanks. That makes sense. I won't do that then.

 

[CCarter]

Ah, okay. Thanks. That makes sense. I won't do that then.

Also it should be [NC,OR] except for the last one, just NC

The NC stands for non-case sensitive.

OR stands for literally "or", so it connects the next rewrite condtion, until the last one of course. Correct way:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?buildersociety.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?moneyoverethics.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?trollsite3.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?trollsite4.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp|bmp|zip|rar|mp3|mp4|avi)$ - [F]

(You also had extra \ slashes for some reason, I removed that)

 

[Éowyn]

Fascinating. This explains things. Now time to ban some troublemakers to the shadowrealm.

 

[Smith]

They drop the sites and spin up more, reuse previous domains later, add more to the mix, and no human looks at any of it.

I agree with this. This is what I'm seeing. These sites are not made for humans.

@Ryuzaki do you have any suggestions on solving this?

Better to simply block bad actors than assume there will be nothing new under the sun.

These spam sites are rolling out by the hundreds each week. At that rate, it seems easier to add new whitelisted sites (search engines, socials, etc, later).

So, I was just wondering if your thinking has changed on this recently, especially after the Massive Links thread?

 

[CCarter]

These spam sites are rolling out by the hundreds each week.

If you are getting hundreds of new domains weekly than it might make sense to whitelist instead of blacklist. I would get a list of domains sending you traffic in the last 365 days from your analytics then whitelist those and include the major social media networks.