- Allowing Hotlinking -

• Upside of allowing: Instead of blocking, I just switch the requested image to one that advertises my site; free publicity. Also, if you just allow hotlinking, you don't need to pay close attention to who you may be accidentally blocking.

• Downside of allowing: depending on the amount of requests, there's a drain on server resources. Allowing hotlinking may diminish branding and site recognition.


- Blocking Hotlinking -

• Upside of blocking: stops the diminishing effect of your unique images being at places other than your site (branding & site recognition.)

• Downside of blocking: Interferes with caching of remote requests. Some users & agents may be unintentionally blocked from viewing images from apps, proxies & those behind firewalls. If you do choose to block hotlinking, you absolutely need to diligently watch the hourly/daily raw server logs to see who exactly is being blocked. This is a lot of work :)

[fix typo]

[edited by: keyplyr at 4:10 am (utc) on Jul 29, 2017]

I was thinking of just blocking the websites we are aware of that, as I said, are questionable and my client would prefer not to be associated with. Click bait sites basically.

And where does that end? You'll still need to watch the logs and keep adding site after site to the block list if you do it by domain. Just say'n.

Since it's a client's site and not your own, at some point the client won't be a client any longer and they'll be left with an incomplete & eventually obsolete block list, since it seems they have images that other's like to hotlink.

If you're going to use an htaccess rewrite condition, it's better to use common indicators and url attributes that will continue to apply, example: forum, blog, pic, photos, thread, gallery, upload... etc.

Bottom line, it is up to the client. I can only make suggestions. I appreciate your input. Thanks.

Few benefits for hotlinking, many cons, the one that gets most clients attention is letting them know they are paying the FREE RIDE for the other side to show THEIR STUFF.

Just kill it. What few benefits there might be are infinitesimal compared to the constant drain from the bank account.

For me it depends on the image and if you wish to support a specific cause. For example I have motorcycle safety images on my site, and allow motorcycle sites to hotlink my images. Riders join forums, they find my image and they hotlink my image into their thread. There's not a whole lot I can do to change their behaviour. I would prefer them to download my image and save it locally on the forum, but they probably don't know how to do that. I support and encourage riding around the world, so I allow it.

I do monitor my logs. There are some hotlinkers that are rapacious and can really eat up server resources. For these I ban. Thankfully there are only a few. Most of these are old web sites with dormant owners. I have tried contacting them, tried talking to their host provider, but to no avail, so I ban them. Thankfully I have very few of these sites, but they continue to visit me daily and don't mind when they go away with a 403.

tried talking to their host provider, but to no avail, so I ban them.

I did that with one of the hosting companies and their response was that a) hotlinking was not illegal and b) there was nothing they could do about it.

Yes, I contacted the Big G and started a DMCA, but they said hotlinking was not illegal. If I wished to pursue the matter, send the Big G the legal documents and their legal department would look at it. In other words, they will not do much.

A 403 ban is much better and under your control.

One more complication: it is impossible for your server to tell whether an image request is
-- a "true" hotlink (your image is displayed on someone else's site so the viewer thinks it is that site's image)
or
-- a direct link to the image itself
or
-- your page filtered through a legitimate translation utility that creates its own URL
or
-- a link from an image search
or
-- other possibilities that I've overlooked at the moment.

It's all the same "Referer" header. You might decide that it's perfectly OK for a forum to say
[ url=http://www.example.com/yourpicture.jpg]this picture[/ url]
while you don't want them to say
[ img]http://www.example.com/yourpicture.jpg[/ img]
... but you can't do anything about it unless you're in personal contact with the forum administrator and can ask them to edit.

I've got one directory where all images come in two forms, /largename.jpg and /smallname.jpg, corresponding to full-size pictures and thumbnails. As a compromise, any request for largename.jpg from an unknown source is rewritten to smallname.jpg so the server is only sending out 1/10 the filesize.

To determine if the site is hotlinking to you, plug the referrer into Google to see if it is a legit site. If it is then go to the referer site page, right click "View Page Source" and look at their html code. Search for your site name. You might find your image hotlinked, a link to your image, or you might not find your site name at all (referrer spam).