Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 25023 invoked by uid 500); 6 Nov 2002 06:24:41 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 24956 invoked from network); 6 Nov 2002 06:24:26 -0000 Received: from shawidc-mo1.cg.shawcable.net (HELO pd3mo1so.prod.shaw.ca) (24.71.223.10) by daedalus.apache.org with SMTP; 6 Nov 2002 06:24:26 -0000 Received: from pd4mr3so.prod.shaw.ca (pd4mr3so-qfe3.prod.shaw.ca [10.0.141.214]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H5500A3P5LARD@l-daemon> for users@httpd.apache.org; Tue, 05 Nov 2002 23:19:58 -0700 (MST) Received: from pn2ml8so.prod.shaw.ca (pn2ml8so-qfe0.prod.shaw.ca [10.0.121.152]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.6 (built Apr 26 2002)) with ESMTP id <0H5500I9K5LA0I@l-daemon> for users@httpd.apache.org; Tue, 05 Nov 2002 23:19:58 -0700 (MST) Received: from shaw.ca (h24-80-110-238.vf.shawcable.net [24.80.110.238]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H55009JU5L8IG@l-daemon> for users@httpd.apache.org; Tue, 05 Nov 2002 23:19:58 -0700 (MST) Date: Tue, 05 Nov 2002 22:19:43 -0800 From: "J. Greenlees" To: users@httpd.apache.org Message-id: <3DC8B47F.1070708@shaw.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 References: <5FCE856B804270449E97E3C7744D5D2D024FDE@exchangeserver.internal.stamina.com.au> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] how do I prevent sites from hijacking my images? Dale, I recently went through apache's docs about this for several artists, using an .htaccess file to only allow your own pages to link is the easiest way to stop the hotlinking. to stop caching of pages you would need to do something as Saqib N Ali has suggested, also to disable right clicking. though with no js active on a client's browser then the js doesn't work. one suggestion made to the artists: put an image up that says "THIS PERSON IS A THIEF THEY ARE STEALING THIS IMAGE AND BANDWIDTH FROM ME" most hotlinking is done with chatsites, and the person doing the linking will get banned right quick. just have to name the image the same as the one's being stolen. ~g~ the rewrite rule can put a different image up when someone tries to hotlink to your site. Andrew Kenna wrote: > There was an article on www.apacheweek.com a while back explaining how .htaccess can prevent this. > > Andrew > > > -----Original Message----- > From: Chris Taylor [mailto:chris@x-bb.org] > Sent: Wednesday, 6 November 2002 3:51 PM > To: users@httpd.apache.org > Subject: Re: [users@httpd] how do I prevent sites from hijacking my images? > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It seems that you're missing the point, the problem is that external sites are linking these images as if they were there own, which is essentially bandwidth theft. The way to stop this is to use mod_rewrite (as in my previous post). Although the odd client saving the image to their hard drive may be a nuisance, it's not really the issue, so all of these client side efforts (JS for instance) aren't what's required. > > Andrew's idea (below) is essentially the implementation of the mod_rewrite solution: a .htaccess file, but in the end it's the same solution. > > I hope that clears it up. > > Chris Taylor - chris@x-bb.org - The guy with the PS2 WebServer - http://www.x-bb.org/chris.asc > > - ----- Original Message ----- > From: "Andrew Kenna" > To: > Sent: Wednesday, November 06, 2002 4:46 AM > Subject: RE: [users@httpd] how do I prevent sites from hijacking my images? > > > Create a little javascript thing that displays the image, disable right click on that particular web page and put a restriction on the directory that stores the images with a .htaccess file and say that the only refferer can be the actual page the images are linked to. > > The above may work > > Andrew > > > - -----Original Message----- > From: Saqib.N.Ali@seagate.com [mailto:Saqib.N.Ali@seagate.com] > Sent: Wednesday, 6 November 2002 3:41 PM > To: users@httpd.apache.org > Subject: RE: [users@httpd] how do I prevent sites from hijacking my images? > > > > But you can still "right click" and do a 'save picture as'.. am i wrong? In Peace, Saqib Ali http://www.sc-icc.org:8080/cocoon/mount/docbook/ > > "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 > > (Embedded image moved to file: pic27644.jpg) > > > > > daniel > > Saqib.N.Ali@seagate.com, users > > teque.org> cc: > > No Phone Info Subject: RE: > [users@httpd] how do I prevent sites from hijacking my images? > Available > > > > 11/05/2002 > > 07:34 PM > > Please respond > > to users > > > > > > > > > > header output your image using gd in php > > then load the image like > >>===== Original Message From Saqib.N.Ali@seagate.com ===== >>I agree that there is no way to protect the images from being stolen. >>But there are ways to deter people from easily stealing the image. For >>e.g. about 3 years back I wrote a Java Application that would parse an >>image > > and > >>create HTML TABLE based representation of the image on Pixel level. >>This HTML table could be easily displayed intead of the actual >>graphic, but people couldn't just right click and save it to their >>Local HD. However if they really wanted to copy the image they >>would have to take screen capture, and paste it into GIMP. This way >>they would offcourse lose the quality. >> >>In Peace, >>Saqib Ali >>http://www.sc-icc.org:8080/cocoon/mount/docbook/ >> >>"I fear, if I rebel against my Lord, the retribution of an Awful Day >>(The Day of Resurrection)" Al-Quran 6:15 >> >> (Embedded image moved to file: pic00292.jpg) >> >> >> >> "Lewis >> Watson" To: >> >> > six.com> Subject: Re: >>[users@httpd] > > how > do I prevent sites from hijacking my images? > >> No Phone Info >> Available >> >> 11/05/2002 >> 07:12 PM >> Please >> respond to >> users >> >> >> >> >> >> >> >>----- Original Message ----- >>From: "dale's stuff" >>To: >>Sent: Tuesday, November 05, 2002 9:06 PM >>Subject: [users@httpd] how do I prevent sites from hijacking my images? >> >> >> >>>Hello, >>> >>>I was just processing my logs and have found that once again some >>>scum >> >>are >> >>>stealing some images from my site and linking directly to them. >>> >>>I am running apache 1.3.2x on RH Linux 7.1. I would like to be able >>>to serve a different image to these scum to get the point across that >>>they >> >>can' >> >>>t be stealing my images -kind of like what angelfire and so forth do. >>> >>>any suggestions? >>> >>>Thanks >>> >>>Dale >>> >> >>Hi Dale. >>There are things you can do to prevent them from linking to them (See >>the links below), but to keep them from pulling them off your site and >>using them? Nothing. You are offering the graphics over a public >>network. There are ways to slow some people up or making it a tad >>more difficult but in the end there is no way to prevent someone > >>from > >>pulling what your server is giving out. >> >>http://www.bignosebird.com/apache/a16.shtml >>http://httpd.apache.org/docs/misc/FAQ.html#image-theft >> >>hope this helps, >>Lewis >> >> >> >>--------------------------------------------------------------------- >>The official User-To-User support forum of the Apache HTTP Server >>Project. See for more >>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> " from the digest: users-digest-unsubscribe@httpd.apache.org >>For additional commands, e-mail: users-help@httpd.apache.org >> >> >> >> >>--------------------------------------------------------------------- >>The official User-To-User support forum of the Apache HTTP Server >>Project. See for more >>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> " from the digest: users-digest-unsubscribe@httpd.apache.org >>For additional commands, e-mail: users-help@httpd.apache.org > > > > > - --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. See for more > info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > > > - --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use > > iQA/AwUBPcifxCqf8lmE2RZkEQITlwCdHhX+tX5MLVleyC+0t/9d1loY6joAoNC+ > 9H4AJ8wNjLxvxf/rYIm63Phz > =JsIi > -----END PGP SIGNATURE----- > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org