OSCOMMERCE SUPPORT CALL 702-453-3332

What is it?
Hotlinking is where some other site links to some item on your site, usually an image (which I will use here as an example), so that that item can be displayed on the other site. Such sites are, in effect, stealing from your site. This causes two problems for the shop whose items are being stolen:

- it causes your bandwidth to be used. Let's say some site hotlinks to one of your images. Everytime someone loads the page that is displaying your image on that other site, the image is actualy being loaded from your server. If enough people visit that site, it could cause you to run out of bandwidth.

- it may hurt your reputation. When someone sees your image on another site, they may click on it, which would take them to your site. They would naturally assume you are affiliated with that site and if that site is promoting some idea or product that you don't want to be associated with, it could cause damage to your sites reputation (guilt by association). This is usually an unlikely side-effect but is a definite possiblity if the stealing site is a popular one.

How to know if someone is hotlinking to your site?
Go to google and typeinto the search string. When it returns, click on the Image link at the top of the page and go through the links. Only your site should show. If others show, then they are either hotlinking to you or they are doing so because you have submitted to them, like with a link exchange. Or, install the latest version of SEO Assistant, which has a feature to check for hotlinkng.

How do you fix it?
You can block the sites from accessing your images by adding code to your .htaccess file. Many control panels have a way to do this but be careful with that method since it can overwrite other changes you may want in that file. A common method to fight against this is to cause the site doing the hotlinking to use some image you create. The following code will allow your site to display your images but will prevent any others from doing so by substituting in a new image.Create an image named hotlinked.gif, or change it to whatever you like, and anyone hotlinking to your site will display that image. If there are sites you want to allow to link to your images, just add another line like the two above with yourdomain.com changed to the other sites domain name.

Jack

I have noticed that hotlinking of images, which had died down, has made a comeback recently - and it can have a devastating effect on bandwidth used.

To allow search engines to use your images the .htaccess file needs to be a lot larger than posted, but the idea is right.

The worst 'hotlinkers' seem to be people using images as avatars on various forums. With the refresh rate of some forums that can really gobble up bandwidth.

Vger

I'm not sure the code will block the search engines but in case it does, all that would need to be added is a line like this

Jack

Hi Jack,

Silly question...

What program should I use in order to edit my .htaccess file?
Dreamweaver can't open it and when I open it in Notepad it looks like this -

$Id: .htaccess,v 1.3 2003/06/12 10:53:20 hpdl Exp $ This is used with Apache WebServers For this to work, you must include the parameter 'Options' to the AllowOverride configuration Example: <Directory "/usr/local/apache/htdocs"> AllowOverride Options </Directory> 'All' with also work. (This configuration is in the apache/conf/httpd.conf file) The following makes adjustments to the SSL protocol for Internet Explorer browsers <IfModule mod_setenvif.c><IfDefine SSL>SetEnvIf User-Agent ".*MSIE.*" \nokeepalive ssl-unclean-shutdown \downgrade-1.0 force-response-1.0</IfDefine></IfModule> If Search Engine Friendly URLs do not work, try enabling the following Apache configuration parameter AcceptPathInfo On Fix certain PHP values (commented out by default to prevent errors occuring on certain servers) <IfModule mod_php4.c> php_value session.use_trans_sid 0 php_value register_globals 1 </IfModule>

But yet I think it should look something like this as posted here in order to edit it properly -

# $Id: .htaccess,v 1.3 2003/06/12 10:53:20 hpdl Exp $
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
# AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)

# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers

<IfModule mod_setenvif.c>
<IfDefine SSL>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfDefine>
</IfModule>

# If Search Engine Friendly URLs do not work, try enabling the
# following Apache configuration parameter
#
# AcceptPathInfo On

# Fix certain PHP values
# (commented out by default to prevent errors occuring on certain
# servers)
#
#<IfModule mod_php4.c>
# php_value session.use_trans_sid 0
# php_value register_globals 1
#</IfModule>

Sorry for such an elementary question...

I don't use DW but it should be able to handle the file, I would think. It would be considered a hidden file so you might have to enable some option to see it. Other than that, any php editor should be able to handle it or wordpad would also work.

Jack

Thanks Jack!

Wordpad did the trick.

Don't know why, but I always forget about that program...

Much appreciated!

-- edit --

Oop's forgot, one more question.

Would this also prevent the Newsletters from displaying images from our site?

I don't know the answer to that. The code prevents other sites from accessing the images and a newsletter link isn't from a site so I think it will show. It is an easy test to create such a newsletter and enable the hotlinking code so I would suggest doing that to be sure.

Jack

You shouldn't use Word or WordPad when editing osCommerce files. Both apply hidden formatting to text, and include non-sgml characters which are only recognised by Microsoft programmes.

Only use Plain Text Editors like Note Pad, Text Pad, PS Pad or Crimson Editor.

You'll also need to use Win Merge or similar to compare files side by side.

Vger

Thanks Jack!
I wasn't sure if you new of any such problems.
I'll give it a test run.




Thanks Vger, I will look into an alternative text editor.

I have a couple of slight problems Jack after implementing the code.

I have a shared SSL certificate and when I check out it has always been a bit slow on my dialup, but now it's REAL SLOW.

Also all of my images are broken when in https:// mode.

Here is the code I added at the bottom of the file -

# Begin - Below for preventing sites from hotlinking my images.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?handeshobbies.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?https://secure.bluehost.com/~handesho/catalog(/)?.*$ [NC]
RewriteCond %{HTTP_USER_AGENT} !(googlebot-image|msnbot|psbot|yahoo-mmcrawler) [NC]
RewriteRule \.(jpe?g|gif|bmp|png|ico)$ images/hotlinking.gif [L,NC]
# End - hotlinking code

The bold code I tried different versions such as -
RewriteCond %{HTTP_REFERER} !^https://(www\.)?https://handeshobbies.com(/)?.*$ [NC]

Structure:
/public_html/
> catalog/images/Images
> handeshelpinghands/Pictures

The .htaccess file is in the catalog folder not the actual root (public_html) as I didn't want to effect anything other than my osC site.

Any ideas where I went wrong?

Try
The rewritecond lines are the urls you want to access your site so it should also work withThe (www\.) is not really needed since that doesn't exist in the actual url.

Jack

Thank you so much Jack for putting up with me and helping me out.

I guess it's time to take a break and go canoeing or fishing. At least something away from this dang computer.

I can't believe I tried different things and never noticed I left the https:// in there.
RewriteCond %{HTTP_REFERER} !^https://(www.)?https://secure.bluehost.com/~handesho/catalog(/)?.*$ [NC]

It is working just fine now.

Big thanks again Jack!!!

Maybe just shoot me now and get it over with...

P.S. I was able to convice Dreamweaver to edit the .htaccess file.

I've heard some same a computer makes a fine boat anchor.

Jack

My desktop worked good last year until the line broke. Now it's at the bottom of Indian Pond.

Afraid my notebook doesn't have enough weight.