HowTo: Prevent Bandwidth Theft or Hotlinking


Hotlinking, inline linking, direct linking, leeching or bandwidth theft. Call it whatever you want but it all means the same thing, the loss of precious bandwidth. Bandwidth theft is very rampant in the world wide web.

If you don’t pay for hosting or don’t have any bandwidth limits, then you might not be worried about it. But to those who pay for web hosting, especially those who have a small monthly bandwidth limit, every byte counts. You wouldn’t want to exceed your limit because other people are using up your bandwidth by hotlinking your files, right?

One way of protecting your files from hotlinking is by inserting certain rules in your .htaccess file. In the following examples, the files being protected are image files. You can change them to any file formats that you wish to protect.

NOTE:
For WordPress users, you can insert these lines of code right before the line # BEGIN WordPress in your .htaccess file. Make sure you make a backup of your .htaccess file before editing it.

Block a specific domain
This code will return a 403 Forbidden Error instead of the file only when the image is requested by the specified domains in this example: domain.net & domain.com

Block all domains
This code will return a 403 Forbidden Error instead of the requested file to all domains except domain.com, which should be changed to the domain name of your site or where the file is used.

If you already have disabled hotlinking or activated a anti-hotlinking measure, then good for you! If not, then you should. You wouldn’t want to lose precious bandwidth to hotlinking don’t you?

To check if your files are safe or if your hotlinking measures are working, check out this free online anti-hotlinking testing tool. If you’re worried about messing with your .htaccess file, you can try this .htaccess editor that’s recommended by AJ.

I’ve had several experiences of bandwidth theft and people hotlinking to my images. Well, that was before I disabled hotlinking. Now, I don’t even worry about it. How about you, have you had any experience of someone hotlinking your files? What did you do about it? What are the anti-hotlinking measures you’re taking? Tell us about it.

[image source: flickr.com/photos/thecrazyfilmgirl]

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

16 Comments

  1. bryan

    June 21, 2010 at 11:42 PM

    Did put the code just before # BEGIN , but it seems that it doesn’t work. The other website is still hotlinking my images..

    Please help.. I’m using BLOCK all domains script..

  2. Beng

    September 12, 2007 at 10:25 AM

    I actually have no bandwidth problem so far dahil di naman famous ang site ko :mrgreen: and besides, I have 2,000GB volume transfer monthly. Pero kahit na ganun I still have to apply this piece of code dahil dumadami sila eh, Kitang-kita doon sa access stats ko.

    Regarding the pyscho designer, hehehe natahimik na siya. Pero di pa rin nag apologize hanggang ngayon. Well, bahala na siya sa buhay niya. Tama na sa akin na ipinamukha ko sa kanya ang tutuo. I take it for granted she’s the kind of person who can not accept mistake.

  3. JP Habaradas

    September 12, 2007 at 9:50 AM

    @Beng – You’re welcome Madam Hafner! You mentioned that there are many hotlinks to your images, I’m sure it eats up a considerable amount of your bandwidth so you really should have some sort of anti-hotlinking measure on your blog.

    Btw, how’s it with the pyscho designer? She still bothering you? Hehe :D

  4. Beng

    September 11, 2007 at 4:12 PM

    thanks for sharing jaypee. i have read about this somewhere on codex.wordpress.org but i really never paid attention about hotlinking. i’ll use this na talaga dahil maraming naghahotlink sa mga images ko :twisted:

  5. JP Habaradas

    September 10, 2007 at 11:00 AM

    @derek – I see. I guess you shouldn’t implement it for now. Yeah, it should mess up your RSS. I guess it has something to do with your blog setup or settings.

    I’ll try to do some research and find out what causes that issue and maybe come up with a fix. You’re welcome! :)

  6. derek

    September 10, 2007 at 10:34 AM

    I used the block all domains rule, I took it out and then the feeds eventually shows up.

    I agree that it shouldn’t mess up the feeds but for some weird reason that happened to me. Hmm maybe I’ll try it again after a few days. Thanks for this post!

  7. JP Habaradas

    September 9, 2007 at 11:55 PM

    @derek – Hi! Which rule did you use? As what I told iRonnie, I’ve never had these problems with my RSS feeds when I implemented this rules in my .htaccess file. And based on principle, these rules only protect your files from direct linking via http and doesn’t protect your files via RSS feeds.

    Have you tried removing the anti-hotlinking rules from the .htaccess file and checking your RSS feeds? Let me know of any developments or if you’re still experiencing the same problem.

  8. derek

    September 9, 2007 at 7:39 AM

    ei jaypee, I tried using this anti-hotlinking code. I did check my feedburner today and was shocked by the number of feeds that was lost, is it really messing up the feeds?

  9. JP Habaradas

    September 8, 2007 at 3:00 PM

    @Ronald – You’re welcome! I’m sure everyone hates hotlinking except for those persons who do it themselves. Hehe Thanks for dropping by. :)

  10. Ronald Allan

    September 8, 2007 at 2:21 PM

    nice one for this … this will greatly help my bandwidth.

    really hate when someone do this stuff…

    tnx for this..

  11. JP Habaradas

    September 8, 2007 at 2:00 AM

    @iRonnie – I see. In my case, I just block other domains from hotlinking to my files and I don’t use the anti-linking image.

    As far as I know, these rules shouldn’t mess the RSS feeds. What if you try a different rule? Or try this one:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L]

    Let me know if it works or not. :)

  12. iRonnie

    September 8, 2007 at 1:40 AM

    i cant seem to find my reference for the code i used because i have already removed it from my htaccess. but i do remember it came with a code like this:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
    RewriteRule \.(gif|jpg)$ http://www.mydomain.com/angryman.gif [R,L]

    substituting an anti-linking image of your choice.

  13. JP Habaradas

    September 7, 2007 at 2:43 PM

    @mr nice ash – How much is your monthly bandwidth limit? I’m not sure about this but I think the images that Google display in it’s search results are cached so it doesn’t really eat up much bandwidth from you unlike if the file is directly hotlinked.

    There are other things that eat up your bandwidth, stuff like WordPress plugins that are not properly coded, unnecessary codes in your php files, etc. So you’ll have to check these out one by one an d determine the ones you can eliminate. I know it’s a tedious job but you’ll have to do it if you want to optimize your bandwidth usage. :)

  14. mr nice ash

    September 7, 2007 at 10:55 AM

    i’d probably try this. my bandwidth consumption is now over 50% of my limit. will it be because google displays my images on it’s search page?

  15. JP Habaradas

    September 7, 2007 at 3:30 AM

    @iRonnie – Yeah, I forgot to mention about that. Allowing or restricting access to files in a certain folder.

    I never had any problems with images in my RSS feeds even after using these rules in my .htaccess file. Btw, which rule did you apply?

  16. iRonnie

    September 7, 2007 at 3:17 AM

    i was using a similar code in the htaccess. in addition, the code allows me to restrict hotlinking in a specific folder only. however, i decided to remove the code because it tends to mess up my rss sometime.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">