I was reading an article over at All Geek Things and realized I have designed quite few sites that at some point have been victimized by this exact type of behavior:

I noticed that I was getting a bit more traffic to some posts on my site. When I checked my analytics the bounce rate was high and the time on site ranged from no time at all to under 30 seconds. On further checking I found that the images in those posts had been hot linked. This means people were viewing the image from another site without having to visit my site. There are actually websites out there with galleries of images hotlinked from other sites. Quite frankly this is sucky behaviour.

All Geek Things goes onto to describe how you can use Google to investigate which folks are hotlinking your content and update WordPress appropriately. I am not sure that I have personally been a victim of this particular kind of malfeasance, but it is relatively easy to guard against it using your ASP.NET web.config file as follows:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Stop Hotlinking">
<match url=".*\.(png|gif|jpg)$" />
<conditions>
<add input="{HTTP_REFERER}" pattern="^$" negate="true" />
<add input="{HTTP_REFERER}" pattern="^http://(.*\.)?poppastring\.com/.*$" negate="true" />
</conditions>
<action type="Rewrite" url="/images/stop_hotlinking.jpg" />
</rule>
</rules>
<rewriteMaps>
<rewriteMap name="DomainsWhiteList" defaultValue="block">
<add key="pinterest.com" value="allow" />
</rewriteMap>
</rewriteMaps>
</rewrite>
</system.webServer>
</configuration>

This blocks almost everybody and even goes a step further by silently redirecting the offenders to an image of my choosing (stop_hotlinking.jpg in this example). However, there are many use cases where hotlinking is desired (Pinterest is one example that comes to mind), and so being able to provide exceptions (white lists) is also helpful, and the rewriteMap section accomplishes that.

Stay safe!

Related Posts