I didn't know what forum to post this in but i think this is security related. I run a adult site. I am having a big problem with people linking pics off my site. I want to make all my site content unlinkable. I tried alot of anti leech cgi scripts but it's too much work. I have over 1000 pics and it's too much trouble to try to protect every file with the cgi script. I have seen the free hosting site angelfire's anti leeching system and i wanted to make my site unleechable like theirs but i can't seem to find any software or scripts to do it. Got any idea on how i can do this? Or should i try to contact my host?

I wrote a PHP script to do exactly what you want.

If you will like to have it, just email me.

thanks hun you have mail

You can do this with .htaccess.

Or better yet, simply use mod_rewrite, assuming the web server you run supports it.

I was told by a friend of mines that there are several apache modules that only allow images to be loaded from local pages to prevent hotlinking. So i contacted my host (inihosting) tonight. i am really hoping they can fix this for me.

http://faq.solutionscripts.com/misc/hot_linking.html ;)

Is it me or does NS6 and Opera not support that mod_Rewrite thats on the web page that eva2000 posted? I tried it and had it replace the image with one of my own but it seems IE takes a while then shows it but NS never does...

NS6 does support mod_rewrite. As long as a browser passes along the http_referrer (sp?) variable via headers sent back to the server, mod_rewrite will be able to function.

However, if you have software like norton internet security on your home machine, it'll block such info from getting sent back, and as a result, mod_rewrite on the server end won't be able to work properly.

But such is the case only with very few of your visitors, so it won't do much damage.

One last thing, if you are testing your mod_rewrite statements and reloading a picture that's already in your cache, it will still pop up even though the server is denying access to it. Only way to get around this is to rename the file and re-test.

Funny you mentioned the spelling (or questioned it) of http_referrer -- that was a typo when it was implemented, which is why it has always been spelled improperly. As for mod_rewrite. Two things can be done;

#1: Make people have to have the referrer field exist and be correct, or they get an error.

Problem with solution #1, is that remote site's can simply create a script to fake the referrer field and people can still link remotely. However, most site's won't bother to do that and also don't know how. So that will definitely help.

#2: Check for a referrer, as the default mod_rewrite rules do in their examples and if they don't have a referrer, simply let them bypass the rules, since they would fail all other tests anyway.

Problem with solution #2, is the same as #1, but that also poses a problem due to remote site's possibly not passing the referrer anyway. There's not many browser's that don't pass the referrer, but if they don't anyway, they likely can't access member areas and whatnot anyway -- which I assume is the purpose of this.

There's another solution, which is pretty fail safe, but requires more resources to be taken, by having a script (written in any language and preferably used with fastCGI or some other custom created module for Apache you can write yourself -- or have someone write) that uses sessions and checks and verifies them before loading the content to display in their browser or any other manner.

That, possibly even in addition with mod_rewrite or something similar to do checking -- before it checks a session -- to cut down on any wasted processing time (it won't take enough to matter if it's done properly!), would be 100% effective. However, that might be more than people are willing to bother to do, so mod_rewrite is a good choice to implement, where if done well can prevent most of these type of issues.

I went to all the trouble of doing this and now the dang thing shows the bad.gif for all images heh

Store all your picture files in a database like MySQL. Easy management and also prevent them from stealing your pictures .. :)