Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: linuxhelp on June 11, 2009, 08:16:24 PM

Title: SME show only image on own domain (against image grabbing)
Post by: linuxhelp on June 11, 2009, 08:16:24 PM: Hi,

if have a big problem, i offer a free webcam site on net an a lot of bad domains
are stealing my image. My site is based on wordpress and i tried to help me with
a custom http rule and .htaccess rewrite:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mydomain.de/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.de/.*$ [NC]
RewriteRule .*\.jpg$ - [L]

it doesn't help.. i can timestamp the imagename to 110609.jpg but the php
rewrite-code does not show the image

what can i do to solve it? javascript?
Title: Re: SME show only image on own domain (against image grabbing)
Post by: piran on June 12, 2009, 12:42:16 AM: Code: [Select]
RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://mydomain.de.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mydomain.de.*$ [NC] RewriteRule .*.[Jj][Pp][Gg]*$ /images/alarm.gif [R=301,L]Above edits 'might' make it more reliable ~ YMMV ~ it only
stops 'hot-linking' (unsolicited use of your bandwidth).
Picture grabbing cannot be stopped.
Picture re-use elsewhere cannot be stopped but use of
watermarks and 'just enough pixels for the purpose' helps.
Hired lawyers and hired hoodlums might otherwise assist
but sometimes it can be hard to tell the difference;~)
Title: Re: SME show only image on own domain (against image grabbing)
Post by: piran on June 12, 2009, 01:38:41 PM: Quote from: linuxhelp on June 11, 2009, 08:16:24 PM
what can i do to solve it? javascript?
Here's another way: Amend your picture's PHP delivery script so that the picture is located in a completely separate directory, then use .htaccess or php.ini to deny all from that directory. That way only the server's PHP can render the picture on-line. Hot-linked attempts do not have server authority and will get your site's flavour of forbidden errordoc. This keeps out the search engine good guys too but I think that that is not your problem.
Title: Re: SME show only image on own domain (against image grabbing)
Post by: Curly on June 12, 2009, 08:30:53 PM: Piran is right, use rewrite rules to redirect all requests for a picture to a php-script:

Code: [Select]
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.myserver.nl [NC] RewriteCond %{HTTP_REFERER} !^http://www.allowedserver.com [NC] RewriteCond %{HTTP_REFERER} !google\. [NC] RewriteRule (.*) /showpicture.php?pic=$1
and then use the php-script showpicture.php to:
- check referrer
- retrieve the picture from another directory that is usually not reachable

I've put the pictures in an directory in /home/e-smith/files/primary, but NOT html, files or cgi-bin.

But, someone could still copy your pictures, this only stops hotlinking. Look here, http://www.alistapart.com/articles/hotlinking/ (http://www.alistapart.com/articles/hotlinking/), that's where i've got a big part of the code from.
Title: Re: SME show only image on own domain (against image grabbing)
Post by: linuxhelp on September 03, 2009, 01:32:21 AM: solved..

found an PHP Code solution to redirect image path..
Title: Re: SME show only image on own domain (against image grabbing)
Post by: piran on September 03, 2009, 09:03:41 AM: Quote from: linuxhelp on September 03, 2009, 01:32:21 AM
solved..

found an PHP Code solution to redirect image path..
Would you share that happy solution with the rest of us please?