A few visitors to geek-coding.blogspot.com have asked me how they could prevent their images from being used on other sites. They were particularly concerned that some sites were linking directly to their images on their web server using IMG tags. As such, not only were those images being used without the owner's permissions, they were also making the owner pay for their bandwidth!
How to Detect The Bandwidth Thieves
The simplest way to detect such linkages to your images is to check your web server logs for referrals to the images on your website - that is, find out which are the sites that send visitors to the images on your website.
Trace the referrers in the logs to the actual referring website and check the offending web page. If you find your graphics displayed on their page, check the HTML source for that page and find out where the graphic files are hosted. If the IMG tag points to your website, it means they are using your bandwidth for their website.
How to Protect Your Images: System Requirements
One way to protect your images from being linked directly from your site is to deliver them from a PHP script. Note that there is no way to protect your images from being copied by others and uploaded to their website; if they can view it, they can copy it. The method that I'm outlining here will only protect your bandwidth from being used by some other site.
You will need PHP access for this script to work. If your host does not currently provide PHP access.
If you prefer a free web host, you can try looking for them on the Free Web Hosts with PHP page, although you should remember that free web hosts tend to close suddenly without warning, leaving your website high and dry.
Note that the script will only work if your web host has PHP version 4.1 or above installed, which probably accounts for all of the web hosts in business today, so this is probably not going to be an issue. It does not matter whether your web host is running an Apache server on Unix or IIS server on Windows (or whatever), although if your web host runs Apache on Unix, you might want to use my .htaccess solution, How to Prevent Image Bandwidth Theft with .htaccess athttp://www.thesitewizard.com/archive/bandwidththeft.shtml instead - it's more efficient.
3.
Copy the PHP code given below into an ASCII text file and save it as "chimage.php". The exact file extension to use depends on your web server.
More information about how to configure and use the script can be found after the script.
Note the script begins from the "<?" line (inclusive of that line) and ends on the "?>" line (inclusive of that line). Do not add any text before or after those markers ("<?" and "?>") or you will run into numerous error messages when you use the script.
Note the script ended on the "?>" line above. Copy only up to (and including) the line with the "?>". Do not retype the script - cut and paste it.
Installing and Configuring the Script
To install the script, just upload it (in ASCII text mode) to your main directory.
To configure it, change the following lines at the beginning of the script.
$imagedir
Point $imagedir to the actual directory where you placed your image files. This must be the full path. So if you placed your files in "/users/yourname/images/", change the line to
$imagedir = "/users/yourname/images/" ;Remember to end the line with a semi-colon. Please see my tips on where to put your images later in this article before you do anything.$validprefixes
$validprefixes allows you to indicate all the hosts from which you will be calling your images. For example, if your domain is "example.com" but it can also be referred to as "www.example.com", change the lines to:
$validprefixes = array { "example.com", "www.example.com" } ;
If your site can only be accessed from one URL, use the following format:
$validprefixes = array { "www.example.com" } ;
Remember that these are hostnames, not URLs. It doesn't matter which page on "www.example.com" your image is loaded from. All that matters is that if the URL begins with "www.example.com", you should put "www.example.com" in the list of valid prefixes above.$homepage
Set $homepage to the URL of your main page. Visitors who directly use your script from their browser will be directed there.$email
If you wish to be informed when some other site link to your images illegitimately, remove the preceding "//" from the line with $email. Set $email to point to your email address.
Using the Script
Upload your images
Put your images in a secret directory somewhere.
The best place is actually in a directory that cannot be normally accessed by your web server but that can be accessed by your PHP script. For example, some web servers are configured so that you have to put your files in a "htdocs" or "public_html" directory before it will be visible on your website. Whenever you want to upload your files, you have to change to that directory to do it. If that is the case, DON'T change to that directory but make another subdirectory in the same level as "htdocs" or "public_html", called for example "images", and dump your images there.
If you do not have access to subdirectories outside your web directories, make a subdirectory with some obscure name that people are less likely to guess, and dump your files there. Don't use names like "images" or the like or people can work around your PHP script with ease.Modifying Your Web Pages
Modify your HTML files to refer to the CHImageGuard script. Instead of referring your images as "mymugshot.gif" in your IMAGE tag, load them as
<image src="chimage.php?image=mymugshot.gif">Note that it really does not matter that anyone can see the name of your image file - they can't access it directly since it's hidden in some unknown subdirectory that only the PHP script knows about.
If you want to use a JPEG file named "award.jpg", just put it in your new image directory and call it with the IMAGE SRC tag with
<image src="chimage.php?image=award.jpg">The PHP script can handle GIF, JPG and PNG image files. Don't bother to try to use any other type of file - the built-in function it uses to detect the file type may not be able to determine its type correctly.
What Happens When A Bandwidth Thief Tries to Use Your Images
After you do the above, if some other site tries to copy your image URL to their IMAGE tag, they will find that the image will not display on their site. In place of the image, the visitor's web browser will display a broken link image. If you have enabled the email warning system (disabled by default), you will also receive an email with information about which site tried to use which image from your site.
Your images should load fine on pages on your site. However, please read my cautionary note later in this article.
How It Works
When someone visits a web page, the browser will request for the individual images on the website. Each time it makes a request for an image it will also inform the web server the URL of the page that linked to that image.
The script works by checking that the page requesting the image is actually in the list of hosts you listed in $validprefixes. If it is, it will send the image to the web server. Otherwise it will inform the web server that the image could not be found.
Potential Problems
PHP Settings
It is possible that on some web hosts, your PHP script may not be able to access directories outside your web server directories. In such a case, you'll just have to put your images in a subdirectory within your web directories. Just be sure to name it with some unlikely name (a gibberish sequence of characters and numbers might be one possibility).Buggy Browsers/Anonymous referrers
Since CHImageGuard depends on the browser to tell it which page is linking to the images, it would not work correctly under the following conditions:
- if the browser has a bug that makes it provide the wrong information
- if the visitor uses a browser that allows him/her to change such information
- if the visitor works through a proxy or firewall that changes or modifies such information (such as some anonymous proxies)
I wrote the script in such a way that if the information on the referring page is simply suppressed, the script will still deliver the image on the chance that the visitor is viewing your website through an anonymous proxy or a privacy-enabled browser. This means that if the visitor is viewing the bandwidth pirate's website with such a browser, he will still be able to view the image stolen from your site as well. My rationale is that it is better to lose that small amount of bandwidth than to have broken link images appear on your own pages.
However, if the referring page information is present but does not point to one of your valid hostnames, the script will issue a Not Found error for the image, even if the visitor is at your website and is using a browser that camouflages such information. The visitor will then only see a broken link image in place of the actual image.
Note that this is an issue with the browser or proxy. Please do not report it as a bug in CHImageGuard. There is no known way of fixing it at the script level at this point in time. It affects all scripts of this nature, whether PHP, Perl, JavaScript, etc. It also affects other types of programs that rely on the browser furnishing accurate referral data, such as web statistics programs. It rarely occurs on my websites but, of course, your mileage may vary.
Changing the Output
Some people prefer to use a special image that is displayed when the image is linked from another site. This might be an image proclaiming "This image was stolen", or one that advertises their own site such as "You can get even better products/services at www.your-site-name.com". You can easily do that if you like, but remember the following:
- The script depends on referral data from the browser. If the data is faulty, it may actually furnish the image when your page is loaded. This is not a major problem if you're replacing the image with an advertisement for your site, but may be a major embarrassment if you display things like "this image was stolen".
- You're adding to your own bandwidth, defeating the entire purpose of the exercise, which is to save it. Why not simply return a HTTP error and save your bandwidth?
Having said that, if you insist on issuing a different image for the thief's site, change the lines
if (isset($email)) { mail( $email, "Bandwidth Theft Alert", "WARNING:\n\n$referrer\ntried to access\n$image\n", "From: CHImageGuard <$email>" ); } header( "HTTP/1.0 404 Not Found" );
to
if (isset($email)) { mail( $email, "Bandwidth Theft Alert", "WARNING:\n\n$referrer\ntried to access\n$image\n", "From: CHImageGuard <$email>" ); } header( "Content-type: image/gif" ); @readfile( "/your/replacement/image/filepath.gif" );
(assuming of course that you are using a GIF file here). You will of course have to put the correct full path to your GIF file as argument to the readfile function.
0 commentaires:
Enregistrer un commentaire