Why hotlinking can be dangerous

4:28 pm maintenance

This night I had an increase of hits by 1300% on one of my sites. I got some AdSense clicks, but I was curious where the traffic was coming from.

I just found out that the majority of the traffic is coming from two profiles on Friendster which are hotlinking my wallpapers for their background.

So for the first time in my life I wanted to have an anti hotlinking script. At first I wanted to show a “don’t hotlink my images” picture, but in the end I send a forbidden (403) header together with a redirect to that image.

Wonder why?

Because I don’t like to make people angry for nothing… look what a simple redirect was doing to this Friendster profile:


With redirect to a “Please don’t hotlink my images” picture:

I was kind enough to not leave this profile unusable like this and included a forbidden header. Now the profile looks like this:

Here is the .htaccess code I used to get the last result:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9]+\.)?anty\.info [NC]
RewriteCond %{REQUEST_FILENAME} !nohotlinking.gif$
RewriteRule \.(gif|jpe?g|png)$ http://www.anty.info/nohotlinking.gif [F,L,NC]

You can imagine what stupid things you can do on websites if you control the images.

The danger is not on my site, but on the users who has hotlinked my images. I could display URLs, messages or even nude pictures which maybe get this user into trouble.

Now lets hear what you’d do with such an opportunity. Would you exploit this situation?

2 Responses
  1. LoLo :

    Date: November 8, 2007 @ 7:23 am

    doesn’t it increase the pagerank ?

  2. anty :

    Date: November 8, 2007 @ 8:05 am

    Interesting question, LoLo. I don’t know if img-tags distribute linkjuice. I don’t think they do, but it’s worth a test!

Leave a Comment

Your comment

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.