I found websites that hotlink to videos on my site. The problem wouldn't be that great if they at least were doing it to show the video but in this case they are using it as their background music.
Is flash the only option I have to prevent the bandwith thieves from hotlinking or is there another option.
Thanks.

Your ISP can set up a non-linking from outside sources rule for the server. It is pretty easy to do so I would hope they allow you to do this... This means that none of your image or video files can be linked by outside URLs... in many cases you can set up specific IP addresses that you allow, but again, it depends on your ISP.

Right. This guy (http://www.cobbk12.org/~sprayberry/INFOCUS/january/columns/fast_food.htm) tried to hotlink one of my photographs of the first Wendy's restaurant today, but as you can see, he gets a very small placeholder GIF that directs people to my site instead. This sort of thing is easy to set up so long as you can get into your Apache config file.

Thats awesome. Is that something you have to personally know how to setup or will my host more than likely do that apache configuration for me?

Robert,

It looks like the guy's hotlinking is now working. Your Wendy's photo is showing up, not your small placeholder GIF.

Christopher, if you went to my site to see the Wendy's picture, and then back to his site, the photo would show up, because it would be in your cache.

For this reason, he'll probably never know that everbody else sees the placeholder GIF, because he'll always see the page as he intended.

Brandon, I don't know whether your host service will be helpful enough to set this up for you, but if you're not hosting on your own server, what do you care if others hotlink? It doesn't stop them from stealing the files, only the bandwidth. Or maybe your hosting deal limits your bandwidth and then shuts down access to your site after X number of megabytes have been viewed?

Thanks a lot guys. I will contact my ISP and see what they offer.
For my purpose, because I code in ASP, I am hosting on the Windows servers, maybe I will need to switch if this doesn't work.
Thanks again

Just a quick update, I opened up a service ticket with my ISP and within seconds had the problem solved by ISP putting a block on the IP range I provided them. BTW, I have to give these guys a plug. The company's name is HOSTEK.NET , I have been with them for almost seven years now. Never had a downtime, they are up to speed on everything and offers a full plate of great services. I also never waited more than 10 minutes for my issues to be addressed.
Again, thanks for your suggestions.

Probably the easiest way to prevent this is to just periodically change the filename or the directory for how it appears on your site. More than likely the pirate will get tired of seeing a blank space on their site and/or get tired of going to yours to get the newest url that you have changed it to and eventually just give up. Another way would be to change the filename/directory as it appears on your site and substitute another image with the orginal filename/directory that says unauthorized image to show everyone visiting their site that they are pirating.

Robert,

Well that's odd, because I didn't go to your site first, yet the photo still showed up.

*EDIT* Just tested again. I cleared my browsers' caches before hand, just to make sure. This time your placeholder worked. Don't know why. Like I said, I hadn't viewed that image on your site beforehand, though I may have visited your homepage about the time I went to his. Odd.

Why don't you send the owner of the site a nasty cease and desist letter. After all, if they are stealing your music, from your site, to use on their site, wouldn't that be an infringement of your copyright?

<<<-- Originally posted by Christopher Lefchik : Well that's odd, because I didn't go to your site first, yet the photo still showed up. -->>>

I have never been to your site either, but I saw the Wendy's image when I clicked on that link...

Which Wendy's image, Boyd? There are several on the page. If the picture of the first restaurant in Columbus appears even after you've cleared your cache, then it's a bit of a mystery.

Rhett, I did send them an e-mail, I also e-mailed their host provider and nothing. BTW, the IP blocking didn't do jack to resolve the issue so I guess I will have to keep changing the name or convert everything to flash. What bothers me the most that this is most likely some little girl, obviously a fan, and completely disregards a reasonable request to support her favorite artist by actually buying a CD as opposed to stealing it. I keep having these visions of Joe Pesci in the Goodfellows shooting the busboy in the leg...not sure why.

<<<-- Originally posted by Rafal Krolik :
Is flash the only option I have to prevent the bandwith thieves from hotlinking or is there another option.
Thanks. -->>>

you can embed the file into your web page...

usually done like this, java script to open up a new page off a link, page is sized to video so only video shows, video qt or windows media is embedded into the page...

so there is no direct link to the video, they can't link to the web page because your using a java script link not a html an html link...

you can learn how to do all this stuff by using google for embeding video on a html page and search google for java script hot links and open page commands

good luck


by the way the wendys picture showed on my computer as well...

I just thought of a cute trick. Change the image to one of the same name that says "the image previously used here is stolen copy protected artwork" (or something similar) it would send a powerful message to the website owner and embarrass them at the same time possibly making them think twice next time.

I hope you do it (it would be funny), I'll keep checking in hopes.

Now Rhett, that's not fair. I already said put unauthorized image (www.dvinfo.net/conf/showthread.php?s=&postid=269175#post269175) in place to expose them. I agree that it would be very funny. What could they say? :)

Rafal. When you said you guess you'll have to keep changing the name is this guy actually continuing to update the image everytime you change the filename? If so, that is some aggressive pirating and it's probably time to give him a call or send him a note. I caught a company using my footage for demos on their site and called them about it and they took it down immediately.

Is an ".htaccess" file something you could use? I am not sure if it works on Windows servers.

<<<-- Originally posted by Robert Knecht Schmidt : Which Wendy's image, Boyd? -->>>

Oh, OK... didn't read your post carefully. I see the icon for a missing image there so it is working.

"I just thought of a cute trick. Change the image to one of the same name that says 'the image previously used here is stolen copy protected artwork' (or something similar) it would send a powerful message to the website owner and embarrass them at the same time possibly making them think twice next time."

I think you can send just as powerful an antitheft message--but a positive one rather than an accusatory one--with a simple redirect placeholder. The hotlinker loses because he doesn't get his image and doesn't steal your bandwidth, and you win because you get more real traffic to your site without having to sound like a jerk.

Once you install an auto-placeholder, you instantly come to love hotlinkers. It's like they're advertising your site for free without knowing it. Why should you spoil your free ad space by cluttering it up with a negative message like an accusation? Can you imagine Nike buying a billboard ad and then painting it with, "You suck, buy Nike shoes"?

If you can do scripting (in either PHP or ASP) serve the images up
through that and check the referrer, if it isn't your site then load
up another image...

Sorry Robert, I figured since you already tried the "nice" approach (sending letters) it was time to be "not nice". To steal someone's work is one thing, to steal it and use their bandwidth to do it is another, to steal both and ignore requests or contact from the artist is just plain rude. I don't like that. They could have at least asked or given proper credit up front.

Well, few problems.
1 .htaccess doesn't work on window servers ( I researched and also spoke to my ISP about it )
2 Scripting it with ASP would be no problem, because I am a programmer working with ASP, but the offending party is pointing directly to the .wmv file.
3. e-mail have been sent to the person as well as to their host on numerous occasions, but no response.
4. I even obfuscated the HTML and added the script from displaying the links in the status bar, bu the problem is that once the video plays, whether embedded or directly in a player, you can right click on it, look at the properties which will show you the file name.

BTW, the obfuscator is pretty cool, view the source for this page and you'll see what I mean http://www.sevillemedia.com/cincere

You can take the software for a trial run at http://www.antssoft.com/htmlprotector/index.htm?ref=google&group=1

Thanks guys

Robert,

I tested the site that is hot linking your Wendy's image on three different computers, in at least two browsers on each computer. The browsers' caches were emptied before accessing the site. It turns out I wasn't dreaming. Only on one computer did your placeholder GIF show up. It appears that software firewalls like Zone Alarm Pro and Norton Personal Firewall are somehow interfering with the placeholder, because once they were disabled the placeholder worked fine. It probably has something to do with the firewalls' privacy/ad blocking features.

The one computer that your placeholder worked on (without disabling the firewalls) had the free ZoneAlarm firewall, which doesn't have the privacy/ad blocking features of the other two.

Some browsers also have the ability to set as a security level that images can only be viewed from the same domain you are visiting. This was to help prevent a loophole in image tags that allowed ad companies to track who you are. As a side effect, it prevents hot linking.

Yep. This site uses that technology. Just try hotlinking to one of their images and see what happens.

www.crewpix.com

Go ahead, try this one!
www.crewpix.com/albums/MusicVideos/01_G_001.sized.jpg

Rafal: the idea is to put the file outside of your web directory:

consider the following site structure:

<sitename>movies\
<sitename>www\

You point IIS or Apache to <sitename>www\ directory.

In there you have an ASP script called getmovie.asp for example.
You pass a parameter (on the querystring or even better yet
with a post form so no vars are visible and if people directly link
to it you can redirect them to your homepage due to a missing
parameter) which contains the filename for the movie or an ID
etc.

Then check the referrer through the use of
Request.ServerVariables to make sure the request came from your
site (make sure to only check for the domain and/or IP).

If this is done you can serv up the file.

set obj = Server.CreateObject("ADODB.Stream")
obj.Open
obj.Type = 1 'adTypeBinary
obj.LoadFromFile "d:\<sitename>\movies\" & passedparam

Response.BinaryWrite obj.Read

obj.Close
set obj = nothing


make sure you CHECK THE PASSED PARAM so they can't hack your
webserver by trying to get to other files. The movies directory will
need READ (only those!) rights for the account used to run the
web server under.

You will also need to send headers back (BEFORE the code block
above!!) depending on what you want:

Response.AddHeader "Content-Disposition", "inline; filename=" & strdbFile
Response.ContentType = "application/octet-stream"

This garantuees the browser will download the file instead of play
it. If you want to play it do something like this:

Response.ContentType = "video/x-ms-wmv"

for a .wmv file for example. You can find the mime types for all
files under the registry key HKEY_CLASSES_ROOT.

You can even write a little function to automatically get the correct
mime type by using the file's extension and then looking the
information up in the registry.

James, crewpix is running on Apache which makes doing what I need easy, I am on the IIS and the same option does not exist....yet.

Rob, thanks for the poiner, I will take a look at it tonight and see what comes out of it.