Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to protect images from being copied?


Guest

Recommended Posts

There's no surefire way to prevent images from being copied by someone. Even javascript programmes which are meant to disable the right-click function do not work if the person is quick enough (it takes a second or so to kick in).

 

The thing to worry about is someone hot-linking images from your site. This is where someone embeds the full url of an image on your site into their webpage, effectively 'downloading' it from your site to their page. This is called 'hot-linking' or 'sponging' or, to use its legal term 'bandwidth theft'. You can stop this practice via a .htaccess file in your 'images' folder. But .htaccess is a big subject in its own right, especially if you want to prevent hot-linking, so you will need to search and set it up for yourself. It's no good anyone else giving you their .htaccess file because it will depend on what type of server you are on and whether or not mod_rewrite is enabled.

 

Vger

Link to comment
Share on other sites

for htaccess, you use mod rewrite on the server. then you can add the below code to your .htaccess file, and upload the file either to your root directory, or a particular subdirectory to localize the effect to just one section of your site:

 

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]

RewriteRule \.(gif|jpg)$ - [F]

Be sure to replace "mydomain.com" with your own. The above code causes a broken image to be displayed when its hot linked.

If you're feeling bitter, you can set things up so an alternate image is displayed in place of the hot linked one. The code for this is:

 

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]

RewriteRule \.(gif|jpg)$ http://www.mydomain.com/nasty.gif [R,L]

Same deal- replace mydomain.com with your own, plus nasty.gif.

Link to comment
Share on other sites

for htaccess, you use mod rewrite on the server.  then you can add the below code to your .htaccess file, and upload the file either to your root directory, or a particular subdirectory to localize the effect to just one section of your site:

 

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]

RewriteRule \.(gif|jpg)$ - [F]

Be sure to replace "mydomain.com" with your own. The above code causes a broken image to be displayed when its hot linked.

If you're feeling bitter, you can set things up so an alternate image is displayed in place of the hot linked one. The code for this is:

 

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]

RewriteRule \.(gif|jpg)$ http://www.mydomain.com/nasty.gif [R,L]

Same deal- replace mydomain.com with your own, plus nasty.gif.

The first method above works. However, when I try to sign into my own site using SSL, it sees it as a different site and locks out all of the images. Is there a way around this?

 

When I tried the second method, it locked out my server. My host said it automatically blocks if it gets more than 25 hits all at once since it figures it is a DOS attack. Is there a way to change the code to prevent that?

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

and just to add my $0.02...the javascript to disable the right-click is nice and will stop most of the "beginners" out there BUT you can easily get around it by simply doing a "FILE->SAVE" in your browser which will save them to your hardrive....

 

unless you are the true owner of the pictures, you might want to consider watermarking so that if someone does copy them, they can't be re-used elsewhere...

Link to comment
Share on other sites

The biggest problem with "anti-leech" code in .htaccess is that legitimate users of your site who are using a browser or privacy software that blocks the referrer, as more and more do now, will cause your site to appear broken.

 

If your image can be displayed in a browser, it can be copied. Trying to prevent saving is a waste of time in my view.

Link to comment
Share on other sites

You can get around your https problem by changing this

 

RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]

 

 

to this

 

RewriteCond %{HTTP_REFERER} !.*yourdomain.com.*.$ [NC]

 

Steve made the point that I made earlier - that it's no use trying to stop anyone from just copying an image from your site, but .htaccess is the way in which to stop anyone hotlinking images from your site!

 

Vger

Link to comment
Share on other sites

I agree and, TBH, I'm not trying to protect my images. I thought the code was a better approach than most methods I have seen so I wanted to give it a try just to see how well it actually worked. The https problem is a major problem although I would think it could be gotten around with a few regex additions.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

but .htaccess is the way in which to stop anyone hotlinking images from your site!

True - if you don't mind that many people visiting your site won't see the images either.

Link to comment
Share on other sites

Steve - this was part of my original post - and was precisely the reason I did not want to get deeply into the use of .htaccess here

 

You can stop this practice via a .htaccess file in your 'images' folder. But .htaccess is a big subject in its own right, especially if you want to prevent hot-linking, so you will need to search and set it up for yourself. It's no good anyone else giving you their .htaccess file because it will depend on what type of server you are on and whether or not mod_rewrite is enabled.

 

I use .htaccess on some sites with a large image content, and my .htaccess files are not a few lines in length - they are something like 50-60 lines in length - and allow all major search engines, by name and IP address, to cache images from those sites.

 

As I said earlier, and will repeat, it is a major subject in its own right.

 

I also use it for other things than just image hot-linking, but also to pick up on attempted hacks and send them elsewhere, to pick up on selected file requests etc and send them elsewhere also. And they won't like where I send them to!!!

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...