Hotlinking – Content And Bandwidth Theft

Locks On A Fence | larrytalkstech.com

Locks On A Fence

Who Knew???

Several weeks ago, while digitally “thumbing” through the available apps on my content delivery network (to learn more about CDN’s, click HERE) CloudFlare, I enabled all the elements of an app entitled ScrapeShield. CloudFlare describes the app as “…a free app…that protects your site’s content, and allows you to monitor and track misuse. ScrapeShield includes content tracking, Pinterest blocking, email obfuscation, hotlink protection, and – coming soon – watermarking[1].” Neat stuff. Sounded great. I moved all the sliders to “on”, and never gave the app another thought.

The following week, while looking at my DashBoard on CloudFlare’s site, I noticed in the Security Setting area that nearly 500 hotlinking requests had been blocked. This got my attention!!! Had these hotlinks been established, it would have accounted for an astounding 25% of my total bandwidth. Thank you CloudFlare and ScrapeShield. Nice to know the software was doing its job. But what exactly was it protecting me from? This required some more digging.

How Hotlinking Works

What is hot linking? One of the best descriptions comes from WebWeaver: “Hotlinking, inline linking, remote linking and many other terms are used to describe a way taking images, or other files and embedding it directly into a website. In other words, unauthorized use of someone else’s bandwidth. Hotlinked files are files Not stored on your own server[2].”

Confused Emoticon
What happened to my bandwidth?

Here’s how it works: Let’s say you you have an article on your website about black and white photography. You then go to the websites of several world renown photographers, and link a number of photos from their sites to the article on your site. Now when someone clicks on your article on black and white photography, the photos you hotlinked appear in your article. They appear just like they would have if the photos had actually came from your server. But they didn’t, they came from someone else’s. Not only are you using copyrighted photos from someone else, you are also using their bandwidth to make the photos appear on your site.

Here’s another example: Imagine that you have an outside electric box on the side of your house. You had this box installed so during the Christmas holidays you can plug in your many Christmas lights and electrified decorations. It’s now Summer, and at night, your neighbor climbs over your fence, and plugs a power cord into the same outside electric box. This cord runs back to your neighbor’s 110 volt window air conditioner. Your are now paying to cool your neighbor’s bedroom at night. Early the next morning, your neighbor goes to the fence, and gives the cord a yank.

Two important points immediately come to mind from these examples: Hotlinking is theft, and as in my situation, you may never know it’s happening.

What You Can Do

How can you tell if someone is hotlinking your files? Here is one example of how to find out[3]:

“To find out what files are being accessed by what sites, you can check this in your site logs on your web server.

1. Use your FTP program to access your web server directory, and then go into the logs/W3SVC### directory (where ## may be any set of numbers).
2. Download and/or view the a few of the most recent log files. Each log file is named according to date, such as exYYMMDD.log where YY is the last two digits of the year, MM is the month and DD is the day.
3. Take a closer look when you see several lines that reference the same image on your site. Look in the line to see if the URL is from another site that is not on your domain or from a known search engine. Typically, any URL that has forum in it is a good indication of possible hotlinking. There may be other web sites that may be doing this as well. The lines are long so you will need to scroll horizontally to see all the data, or you can turn on word wrap in your text editor.
4. Below is an exmaple of a line from a log file. W3SVC### represents the directory where your raw log files are kept. xx.xxx.xx.xxx represents IP numbers, and yourdomain.com represents your actual domain name. The URL in red is the suspected hotlinking site. 
2004-07-27 10:47:03 W3SVC### AWHWS2 xx.xxx.xx.xxx GET /avatars/an_avatar.gif – 80 – xx.xxx.x.xxx HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) – http://somedomain.com/forum/viewtopic.php?t=000&start=00 yourdomain.com 404 0 3 4288 313 625 
The above information shows that http://somedomain.com/forum/viewtopic.php?t=000&start00
is hotlinking to the /avatars/an_avatar.gif image on yourdomain.com. 

By visiting the site http://somedomain.com/forum/viewtopic.php?t=000&start=00 you may find your image there…..”

The above process requires a good deal of skill and time to find out what has been done. If you are like me, and want to know if you vulnerable to hotlinking now, you can check several of your images from your website by inserting their URL’s into a “Search Box” found HERE. The tricky part is finding the real URL for the image. Here’s how to do it in WordPress

Log into Wp-admin

On the “bar” at the left of your screen, click Media, then click Library.

Click on any photo or graphic.

A window entitled Attachment Details will open.  Look at the bar on the right side of the window. You will see the details of the photo or graphic you clicked. The URL you want will be displayed near the top of the bar. (Copy the URL and paste it into Search Box mentioned above.)

The most successful means of stopping hotlinking is to add a comment directly into your site’s .htaccess file. Unless you really know what you are doing, I would avoid this approach. For most people, there is a much easier way. Simply go to your site’s cPanel. Scroll down to its Security section. You should find a HotLink Protection icon. Click it, and enable hotlink protection.

Next, if you are using a CDN, see if the service offers an app like ScrapeShield (mentioned earlier in this article), and enable it.

Summary

Hotlinking is prevalent, and you may not even know if your site is being affected. Enable the hotlink protection available from your web host and/or your content delivery network. You have nothing to lose in doing this, and quite possibly a lot to gain.

Sources

1. CloudFlare Apps | https://www.cloudflare.com/apps/
2. WebWeaver | http://www.webweaver.nu/html-tips/hotlinking.shtml
3. Active Web Hosting | http://www.activewebhosting.com/faq/web-hotlinkcheck.html

By prometheus

Husband. Father. Grandfather. World class Geek.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.