Topic: Hotlink Protection Do Not Block Google, Bing or Yahoo

Hotlink Protection Do Not Block Google, Bing or Yahoo

Tagged: Bing, block images, Bonus Custom Code, Google, hotlink, hotlink protection, image theft, Yahoo

This topic has 79 replies, 12 voices, and was last updated 1 year, 7 months ago by AITpro Admin.

Viewing 15 posts - 46 through 60 (of 80 total)

← 1 2 3 4 5 6 →

Author

Posts
December 19, 2014 at 9:40 am #20169
AITpro Admin
Keymaster

Nope, that code is not designed to do any rewriting or redirection so you would have to use rewriting htaccess code like the code you originally posted to rewrite and redirect.
January 15, 2015 at 6:46 pm #20533
Jack
Participant

Hello friends,
I am looking to add this hotlinking protection code, but I can not. 🙁
My structure is as follows:
The website is: example.com
WordPress is in the folder: example.com/blog
The images are set in a subdomain: uploads.example.com
Could you help me set this up? 🙂
———————————————
Olá Amigos,
Estou querendo adicionar esse código de proteção de hotlinking, mas não estou conseguindo. 🙁
Minha estrutura é a seguinte:
O site é: example.com
O WordPress está na pasta: example.com/blog
As imagens estão configuradas em um subdominio: uploads.example.com
Será que vocês poderiam me ajudar a configurar isso? 🙂
January 15, 2015 at 7:30 pm #20534
AITpro Admin
Keymaster

What part of adding the code can you not do?
What is in the uploads subdomain? Another website? A WordPress site? Just a folder called /uploads/ with images in it?
January 16, 2015 at 6:59 am #20540
Jack
Participant

All this is a single site. Only one WordPress installation. The difference is that WordPress is installed in example.com/blog. More the site is available on example.com thanks to index.php pointing example.com/blog. In uploads.example.com subdomain is where is configured to save the images of the site. I’m not using the default: example.com/wp-content/uploads. I’m not able to work because I do not know what the correct url should I put in the .htaccess plugin to protect everything (Root, subdomains, subfolders of a single domain and a single WordPress installation).
——————————-
Tudo isso é de um único site. Apenas uma instalação WordPress. A diferença é que o WordPress está instalado em example.com/blog. Mais o site está acessível em example.com graças ao index.php apontando para example.com/blog. No subdominio uploads.example.com é onde está configurado pra salvar as imagens do site. Não estou usando o padrão: example.com/wp-content/uploads. Não estou conseguindo fazer funcionar porque não sei qual a url correta que devo colocar no htaccess pelo plugin para proteger tudo (Raiz, subdominios, subpastas de um único domínio e uma única instalação WordPress).
January 16, 2015 at 9:29 am #20548
AITpro Admin
Keymaster
I believe the best method to use would be to create a new .htaccess file in the uploads subdomain folder: /uploads/.htaccess and add only the hotlink protection code in that .htaccess file with your domain root name whitelisted, which would whitelist all of your domains using the root domain.

Notes: SetEnvIfNoCase does not work on LiteSpeed servers yet. (LiteSpeed is planning on adding this in version 5.0). You probably will not need to use your server IP address and should leave that commented out with a # sign first. If things are not working then try adding your server IP address and uncommenting Allow from xxx.xxx.xxx.xxx
```
SetEnvIfNoCase Referer "^(http|https)://.*example\.com.*$" whitelist
SetEnvIfNoCase Referer "^(http|https)://.*google.*" whitelist
SetEnvIfNoCase Referer "^(http|https)://.*yahoo.*" whitelist
SetEnvIfNoCase Referer "^(http|https)://.*bing.*" whitelist

<FilesMatch "\.(gif|jpg|jpeg|png|bmp)$">
Order Allow,Deny
Allow from env=whitelist
# Add Your Server IP Address
# Note: A Server IP address May be Required for 
# everything to work depending on your Host Server
#Allow from xxx.xxx.xxx.xxx
</FilesMatch>
```
January 21, 2015 at 4:17 am #20606
Jack
Participant

Thanks for the prompt reply. I put the .htaccess code in the subdomain folder and waited a few days. I noticed today that did not work, other sites continue doing hotlink.
—————————————
Obrigado pela pronta resposta. Coloquei o código htaccess na pasta do subdomínio e aguardei uns dias. Constatei hoje que não funcionou, outros sites continuam fazendo hotlink.
January 21, 2015 at 8:02 am #20612
AITpro Admin
Keymaster

Ok check with your web host support folks so that they can help you with your particular server/website.
May 19, 2015 at 12:12 pm #22782
Krzysztof
Participant
Hello!
In my htacess I have a code like this:
But today I had a security log entry:
and the site here: http://www.mobiless.tk/detail/k/AW-149.html
displays an image from our site very good when visited. Where is the cache? What did I do wrong? 😉
```
# BLOCK HOTLINKING TO IMAGES
# To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?infolotnicze.pl [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]

[403 GET / HEAD Request: 19/05/2015 - 08:11]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 66.220.146.22
Host Name: 66.220.146.22
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.mobiless.tk/detail/k/AW-149.html
REQUEST_URI: /wp-content/uploads/2012/03/aw149.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
```
May 19, 2015 at 12:33 pm #22785
AITpro Admin
Keymaster

INCORRECT: see following reply. Something about the Request was blocked, but not Image retrieval. This is a fairly common issue. You can disregard these Security Log entries.
May 19, 2015 at 12:35 pm #22786
Krzysztof
Participant

But how to block those nasty people from displaying images on our cost?
May 19, 2015 at 12:38 pm #22787
AITpro Admin
Keymaster

Actually you are using old/outdated hotlink protection code. See the very beginning of this forum topic for Google, Yahoo, Bing safe hotlink protection code. You can block someone from hotlinking to your images, but you cannot stop them from copying and using your images.
May 19, 2015 at 12:48 pm #22791
AITpro Admin
Keymaster

Oops I misinterpreted the Security Log entry. What happened is the Yahoo Slurp bot followed your hotlink protected image url from that site and since it is hotlink protected and the Referer is not your website then the Request was blocked. I visually checked that website and your image is not displaying on their website. So your hotlink protection code is working fine. See screenshot below.
May 19, 2015 at 12:51 pm #22795
Krzysztof
Participant

One way or the other I have changed the code to the one recomended by you 😉
May 19, 2015 at 1:36 pm #22802
Krzysztof
Participant
Hmmm
Here is my code But this site here http://www.free-webhosts.com/hotlinking-checker.php Informs me that my hotlinking is not working. Did I make any mistakes sin the code?
```
SetEnvIfNoCase Referer "^(http|https)://www\.infolotnicze\.pl.*$" whitelist
SetEnvIfNoCase Referer "^(http|https)://.*google.*" whitelist
SetEnvIfNoCase Referer "^(http|https)://.*yahoo.*" whitelist
SetEnvIfNoCase Referer "^(http|https)://.*bing.*" whitelist

<FilesMatch "\.(gif|jpg|jpeg|png|bmp)$">
Order Allow,Deny
Allow from env=whitelist
# Add Your Server IP Address
# Note: A Server IP address May be Required for
# everything to work depending on your Host Server
Allow from 185.5.98.32
</FilesMatch>
```
May 19, 2015 at 6:19 pm #22809
AITpro Admin
Keymaster

Your images are still blocked on the site that is hotlinking to your images so that means that the site you used to check if hotlink protection is working is not working. 😉
Author

Posts

Viewing 15 posts - 46 through 60 (of 80 total)

← 1 2 3 4 5 6 →

You must be logged in to reply to this topic.

BulletProof Security Forum

Hotlink Protection Do Not Block Google, Bing or Yahoo

Search Forums

Topic Tags