How do I stop others from leeching my files?

12-20-01, 09:38 PM

Create an .htaccess file. See instructions for this in our FAQ section as well as on our support pages.

In your .htaccess file, place the following:

<Limit GET POST>
order allow,deny
deny from host.to.deny # This will deny access from that host
deny from 0.0.0.0 # This will deny a full IP
deny from 0.0.0. # This will deny from that particular subnet
allow from all
</Limit>

1-21-02, 01:57 AM

What if you want to deny all leeching from every site but your own?

Ddr · 1-21-02, 10:24 AM

I know these questions come up over and over and the answers are all here in the forums, but for the new people asking those same questions again, here are a couple of more tips I found in these Forums that were very useful. Thanks to those that originally posted them here.

When you are new, everything is difficult. EZPass was mentioned in another thread, and even I was able to make it work to create .htaccess files to protect certain directories on my website.

But for a really easy way, check out Lockit. I dont think anything could be easier with it's friendly interface, automatic detection of paths and placement of the .htaccess and .htpasswd files. Yes, and it's free, but does not support multiple user/password sets. (EZPass does) Its just for one user. Still, it can get a newbie protected as simply as anything I tried. It can be found at

http://www.highlandmedia.com/Downloads/LockIt.shtml

Now, imagine my surprise when I found that I could still directory browse after putting .htaccess files in my picture directories. Another newbie mistake. .htaccess only causes a password call for entry through the front door, not the back. Again, the Forums gave Me the answer to help. Place a blank index.html page in the directory with the pictures and now directory browsing is stopped. I am sure this is not high security, but it will discourage most intruders, I think. I actually put a little warning about trespassing on that "blank" index.html page for a more official sounding deterrent.

Hope that helps some of you.

Dale

1-21-02, 12:40 PM

That's not what I'm talking about. I don't care about the password in this case. Just denying my files from being downloaded or viewed from anywhere but my site.

Naveen · 3-9-02, 11:16 PM

This is what I have in my .htaccess file....

<Limit GET POST>
order allow,deny
deny from http://www.masalatalk.com/
deny from 64.246.15.39
deny from 64.246.6.47</Limit>

Now I keep getting 500 internal error !

3-10-02, 09:50 AM

this problem is becoming more and more prevelant....

check out this link.... there are several programs there to prevent leaching....

http://www.hotscripts.com/Perl/Scrip...urity_Systems/

hope this helps

Ajarn · 3-11-02, 01:36 AM

Quote:

Originally posted by Naveen
This is what I have in my .htaccess file....

<Limit GET POST>
order allow,deny
deny from http://www.masalatalk.com/
deny from 64.246.15.39
deny from 64.246.6.47</Limit>

Now I keep getting 500 internal error !

You need to change your format, and I don't think you can deny a www address- I belive it must be an IP address

For example, here's mine..

<Limit GET PUT POST>
order allow,deny
allow from all
deny from 68.36.66.114 66.20.176.37 61.5.41.43 209.152.113.245
</Limit>

Make sure each address is seperated by a space, to signal a new address

3-21-02, 07:50 AM

Lockit doesn't seem to be available anymore................

3-21-02, 08:14 AM

couldn't the reverse be used if you only want pics displayed on your own site.....??

<Limit GET PUT POST>
order allow,deny
deny from all
allow from (your site)
</Limit>

3-30-02, 12:24 AM

Quote:

Originally posted by Jedd
couldn't the reverse be used if you only want pics displayed on your own site.....??

<Limit GET PUT POST>
order allow,deny
deny from all
allow from (your site)
</Limit>

If you wish to block others from leeching images, try adding the following to your .htaccess file:

<Files *.gif>
Order Allow, Deny
Deny from all
Allow from .yoursite.com
</Files>

I've tested this and it works great.

Hope this helps!

3-30-02, 08:28 AM

Nice!

Naveen · 3-30-02, 12:45 PM

<Files *.jpg>
Order Allow, Deny
Deny from all
Allow from .indianceleb.com
</Files>

Gives me 500 Internal server error, Once it worked but then I was not able to see my own *.jpg Images.

HELP !

3-30-02, 04:48 PM

Make sure that this is at the top of the .htaccess file. I set mine up and it works.

<Files *.jpg>
Order Allow, Deny
Deny from all
Allow from .manninc.com
</Files>

Some times it wants to work, other times it doesn't. Don't really know why.

Hope this helps!

On a side note, Jedd's suggestion above works (with a slight adjustment):

<Limit GET POST>
order allow,deny
deny from all
allow from .yoursite.com
</Limit>

This solution might actually work better than the one I suggested.

3-30-02, 06:02 PM

Well those solutions worked for a little while and than fizzed out. Here's another setup, one I've used in the past and it still works:

RewriteCond %{HTTP_REFERER} !^http://yoursite.com/ [NC] # and not my site
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/ [NC] # and not my site
RewriteRule [^/]+.(gif|jpg)$ - [F] # No access to images
RewriteRule ^/cgi-bin/.+$ - [F] # No access to CGIs

Hope this helps!

Ajarn · 3-30-02, 09:36 PM

Rube Goldberg lives!

Naveen · 3-31-02, 07:13 AM

This is working for me ... Yee haw !

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$ http://www.yourdomain.com/bad.gif [R]
<Files *.jpg>
Order allow,deny
deny from .domain1.com
deny from .domain2.com
deny from 64.246.15.39
deny from 64.21.143.17
allow from all
</Files>

3-31-02, 12:41 PM

The code I posted is much simplier and blocks all access to any gif or jpg image on your site from any site other than your own. This prevents any sites from leeching your images. Therefore, the extra coding is not necessary.

Hope this helps!

5-5-02, 10:41 AM

To test your anti-leech code, you can head over to http://www.hotlinking.com

12-20-01, 09:38 PM	#1
Starr Guest Posts: n/a	How do I stop others from leeching my files? Create an .htaccess file. See instructions for this in our FAQ section as well as on our support pages. In your .htaccess file, place the following: <Limit GET POST> order allow,deny deny from host.to.deny # This will deny access from that host deny from 0.0.0.0 # This will deny a full IP deny from 0.0.0. # This will deny from that particular subnet allow from all </Limit>

1-21-02, 10:24 AM	#3
Ddr Join Date: Jan 2002 Posts: 949 Reputation: 5	it's been said before, but... I know these questions come up over and over and the answers are all here in the forums, but for the new people asking those same questions again, here are a couple of more tips I found in these Forums that were very useful. Thanks to those that originally posted them here. When you are new, everything is difficult. EZPass was mentioned in another thread, and even I was able to make it work to create .htaccess files to protect certain directories on my website. But for a really easy way, check out Lockit. I dont think anything could be easier with it's friendly interface, automatic detection of paths and placement of the .htaccess and .htpasswd files. Yes, and it's free, but does not support multiple user/password sets. (EZPass does) Its just for one user. Still, it can get a newbie protected as simply as anything I tried. It can be found at http://www.highlandmedia.com/Downloads/LockIt.shtml Now, imagine my surprise when I found that I could still directory browse after putting .htaccess files in my picture directories. Another newbie mistake. .htaccess only causes a password call for entry through the front door, not the back. Again, the Forums gave Me the answer to help. Place a blank index.html page in the directory with the pictures and now directory browsing is stopped. I am sure this is not high security, but it will discourage most intruders, I think. I actually put a little warning about trespassing on that "blank" index.html page for a more official sounding deterrent. Hope that helps some of you. Dale

3-9-02, 11:16 PM	#5
Naveen ¤¤¤¤¤¤ Join Date: Jan 2002 Location: Right in front of you Posts: 542 Reputation: 5	500 Internal error ! This is what I have in my .htaccess file.... <Limit GET POST> order allow,deny deny from http://www.masalatalk.com/ deny from 64.246.15.39 deny from 64.246.6.47</Limit> Now I keep getting 500 internal error !

3-10-02, 09:50 AM	#6
SBGlasby Guest Posts: n/a	Stop Leeching this problem is becoming more and more prevelant.... check out this link.... there are several programs there to prevent leaching.... http://www.hotscripts.com/Perl/Scrip...urity_Systems/ hope this helps

3-30-02, 12:45 PM	#12
Naveen ¤¤¤¤¤¤ Join Date: Jan 2002 Location: Right in front of you Posts: 542 Reputation: 5	Not working for me <Files .jpg> Order Allow, Deny Deny from all Allow from .indianceleb.com </Files> Gives me 500 Internal server error, Once it worked but then I was not able to see my own .jpg Images. HELP !

1-21-02, 01:57 AM	#2
FunkyBacon Guest Posts: n/a	What if you want to deny all leeching from every site but your own?

1-21-02, 12:40 PM	#4
FunkyBacon Guest Posts: n/a	That's not what I'm talking about. I don't care about the password in this case. Just denying my files from being downloaded or viewed from anywhere but my site.

3-21-02, 07:50 AM	#8
Jedd Guest Posts: n/a	Lockit doesn't seem to be available anymore................

3-21-02, 08:14 AM	#9
Jedd Guest Posts: n/a	couldn't the reverse be used if you only want pics displayed on your own site.....?? <Limit GET PUT POST> order allow,deny deny from all allow from (your site) </Limit>

3-30-02, 04:48 PM	#13
MannInc Guest Posts: n/a	Make sure that this is at the top of the .htaccess file. I set mine up and it works. <Files *.jpg> Order Allow, Deny Deny from all Allow from .manninc.com </Files> Some times it wants to work, other times it doesn't. Don't really know why. Hope this helps! On a side note, Jedd's suggestion above works (with a slight adjustment): <Limit GET POST> order allow,deny deny from all allow from .yoursite.com </Limit> This solution might actually work better than the one I suggested.

3-30-02, 06:02 PM	#14
MannInc Guest Posts: n/a	Well those solutions worked for a little while and than fizzed out. Here's another setup, one I've used in the past and it still works: RewriteCond %{HTTP_REFERER} !^http://yoursite.com/ [NC] # and not my site RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/ [NC] # and not my site RewriteRule [^/]+.(gif\|jpg)$ - [F] # No access to images RewriteRule ^/cgi-bin/.+$ - [F] # No access to CGIs Hope this helps!

3-30-02, 09:36 PM	#15
Ajarn Never!! Join Date: Jan 2002 Location: Chiang Mai, Thailand (Paradise) Posts: 184 Reputation: 5	Rube Goldberg lives!

3-31-02, 07:13 AM	#16
Naveen ¤¤¤¤¤¤ Join Date: Jan 2002 Location: Right in front of you Posts: 542 Reputation: 5	working for me This is working for me ... Yee haw ! RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.$ [NC] RewriteRule .\.(gif\|GIF\|jpg\|JPG)$ http://www.yourdomain.com/bad.gif [R] <Files .jpg> Order allow,deny deny from .domain1.com deny from .domain2.com deny from 64.246.15.39 deny from 64.21.143.17 allow from all </Files>

3-31-02, 12:41 PM	#17
MannInc Guest Posts: n/a	The code I posted is much simplier and blocks all access to any gif or jpg image on your site from any site other than your own. This prevents any sites from leeching your images. Therefore, the extra coding is not necessary. Hope this helps!

5-5-02, 10:41 AM	#18
MannInc Guest Posts: n/a	Testing Anti-Leech Code To test your anti-leech code, you can head over to http://www.hotlinking.com