Hotlinks redirect to image Hotlinks redirect to image
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Hotlinks redirect to image

Started by ComputerLady, June 01, 2005, 05:51:07 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ComputerLady

I am a real novice when it comes to using .htaccess files to prevent image hotlinking! Followed the steps in the FAQ for adding a .htaccess file to the album folder. In tests, it does indeed block hotlinking yet allow images I've added into Coppermine to display. What I would like to do is add a statement that will open this image:

When someone tries to hotlink to anything. How do I do that?

Let's see, some links... My gallery is at:
http://design-comp.com/gallery/

Code I tried, and does work is at:
http://altlab.com/htaccess_tutorial.html

Thanks in advance for help!

Tranz

I'm sorry, but I don't understand what it is you want done, and what is happening that you don't want.

Joachim Müller

do you mean something like this: http://forum.coppermine-gallery.net/index.php?topic=13732.msg84113#msg84113 - it will enable you to specify an image that is shown instead of the pic the "thief" was trying to steal by hotlinking.

This is an example: when trying to embedd the file http://osterburken.net/galerie/albums/urlaub/99/teneriffa/markus2.jpg that resides on the page http://osterburken.net/galerie/displayimage.php?pos=-3693, all you should see is:
(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fosterburken.net%2Fgalerie%2Falbums%2Furlaub%2F99%2Fteneriffa%2Fmarkus2.jpg&hash=a8b4e42e94ed5df71c1b74651e74095d2eeb8e99), even though the file exists and you can view it when directly accessing it or the page in is embedded in.

ComputerLady

Quote from: GauGau on June 01, 2005, 08:42:42 AM
do you mean something like this: http://forum.coppermine-gallery.net/index.php?topic=13732.msg84113#msg84113 - it will enable you to specify an image that is shown instead of the pic the "thief" was trying to steal by hotlinking.

This is an example: when trying to embedd the file http://osterburken.net/galerie/albums/urlaub/99/teneriffa/markus2.jpg that resides on the page http://osterburken.net/galerie/displayimage.php?pos=-3693, all you should see is:
(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fosterburken.net%2Fgalerie%2Falbums%2Furlaub%2F99%2Fteneriffa%2Fmarkus2.jpg&hash=a8b4e42e94ed5df71c1b74651e74095d2eeb8e99), even though the file exists and you can view it when directly accessing it or the page in is embedded in.

Yes, that is precisely what I'd like to do. Not only block hotlinking, but do a redirect to this image file if they should try it:

(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fwww.design-comp.com%2Fimages%2Fhotlink.gif&hash=5246d5e8c40bf5d6aaed94c3943ead1443e905b4)

Let me try the code outlined in your other post, GauGau, to see how that works. I tried using the code found at this site:
http://altlab.com/htaccess_tutorial.html

Found major problems with those suggestions. For one thing, none of the images will show in Coppermine at all, even though they are ON my own website! Nor does it show the replacement image when someone hotlinks either. Code I used was:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?design-comp.com\.com/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png)$ images/hotlink.gif [L]


According to what it says on that tutorial site, I thought it would work!

As I said before, I'm a real novice when it comes to writing .htaccess code though...

ComputerLady

Code I used in my .htaccess is:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?design-comp.tld(/)?.*$     [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp)$ http://www.design-comp.tld/images/hotlink.gif [R,NC]


This has same exact problem with suggestions I found on this site:
http://altlab.com/htaccess_tutorial.html

Namely, images will not show in gallary on my site nor is replacement image showing. I have setup a test page on another site I manage - which wil eventually get the okay to hotlink - so I can see how things are working:
http://cebug.org/test.htm

Going to restore the code suggested in Coppermine's FAQ for now. At least that DOES prevent hotlinking and allows the images to be shown on my site!

Yeah, I know about all the other tricks... Disable right-click, layer a transparent gif over the top, etc. In my experience, none of these will stop a very determined thief. I've given up on wasting the time over them myself. Only thing I want to block is the hotlinking.

For those images I do not want anyone to steal, they are going to have a VERY large and obvious watermark showing in them. Plus, the ones I upload on the site are going to be very greatly reduced in size and quality.

Joachim Müller

Wether hotlinking protection will work or not depends (among other factors) on the webhosting allowing you to set up rewrite rules. What you did appears to be correct, that's why I suggest contacting your webhost, asking them for support - maybe they didn't enable mod_rewrite, which is a pre-requisite for the htaccess magic you're planning to set up.
Your motivations for setting up hotlink protection and the conclusions you have drawn for yourself (no JavaScript gimmicks, instead watermarking, low-res and server-sided protection) are exactly what I recommend and apply on the sites I run.

Tranz

Make sure when you do this, that you account for people who have blocked referers, like with security software. Sometimes I have to block referers (using webdev toolbar in FF), and I see "don't steal" images although the images work fine on the particular site. So I recommend using the web developer toolbar to emulate what happens when people block referers