|
|
| jakari's blog | home | jakari | gallery |
At one point I noticed the webserver was eating up all the upstream bandwidth... looking at the logs I found it was predominantly MySpace users hotlinking to one of a couple images.
I could have removed/renamed that image. Or been nice and resize and resample it to a smaller file. But I'm not nice like that.
First step: Just deny them access based on their referer:
SetEnvIfNoCase Referer "^http://www\.example\.com/" local_ref=1
SetEnvIfNoCase Referer "\.livejournal\.com/" local_ref=1
<FilesMatch "\.(gif|jpe?g|png)$">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>
That returns a 403 for *.gif, *.jpg, *.jpeg. *.png if not referred to from our local domains or LiveJournal. Ah, but we can do better:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://([a-z0-9]+\.)?myspace\.com/ [NC]
RewriteRule \.jpg$ http://collect.myspace.com/index.cfm?fuseaction=signout [R]
This very sneaky idea I found at http://www.jibble.org/myspace-hotlinking/ and I think it's brilliant for those of us who can't stand the blight that is MySpace. If you're referring from anywhere @myspace.com, and request *.jpg, the URL for that JPG request will be rewrittem to the MySpAz Logout page. Buh-bye!
So kids, this is why you don't inline link to external content that you don't own. Not only are you stealing other people's resources (space, bandwidth, power) that we pay for, but you have no idea what us fuckers are going to inject into your page.
Obviously, rewriting to say, a link to Goatse.jpg would be very easy, but I'm *just* nice enough for that.
