Bandwidth/image Theft

[lilirose]

I was looking over my site's stats in AwStats recently and discovered that I had nearly a thousand hits from a Chinese forum. The link in AwStats was to a viewthread.php page, rather than showing me directly the exact thread or threads in that forum which sent all these visitors.

 

I suspect an image from my site is being hotlinked by a user on this forum. What I'm trying to figure out is how to discover exactly which image is being hotlinked. AwStats does not tell me, and I've gone over my raw access logs searching for the relevant URL with no luck. The URL is not currently in my "Latest Visitor" logs, either.

 

I have Hotlink Protection turned OFF and I wish to leave it that way, because both my husband and I often use images from my site on various forums that we participate in, and want to be able to do so without having to go into Cpanel and add the URL to Hotlink Protection's "allowed" list each time we do so. It's far easier for me to remove or rename images that are being illegally linked- it's only happened once before, and that time the image was in my "Latest Visitors" log.

 

Is there a way for me to find out which of my images is being stolen without checking my "Latest Visitors" logs multiple times each day?

[TCH-Bruce]

You could try something like this in your .htaccess file.

 

>order allow,deny
deny from .forum-domain.com
allow from all

[lilirose]

Yeah, I know it's possible to edit .htaccess in order to block that forum. Still, I want to know which image is being linked to. Is there no way to tell?

[TCH-Bruce]

Or maybe this would work better.

 

><Directory />
Order allow,deny
Allow from all
Deny from forum-domain.com
</Directory>

 

This would prevent the forum from accessing anything on your site.

[TCH-Bruce]

I also found this on Preventing Image Theft

[lilirose]

I'm aware of the various ways to block the offending forum from accessing my site- that's not the question I'm asking. I want to know if there is a way to tell exactly which image is being hotlinked. Can anyone answer that question?

[TCH-Tim]

I usually check "Latest Visitors" in Web/FTP stats for that. Or you can look in the full log file in FTP Manager > FTP Accounts. The raw log files will be listed at the bottom. These will also tell you exactly where the image is being hotlinked from - e.g. a forum post or someone's MySpace profile (MySpace is brutal with the hotlinking), etc.

Edited January 21, 2006 by timhodge

[lilirose]

*sigh*

 

I must be wording my question really badly or something, since the only one of you who even tried to answer my question ("How do I figure out which image they are hotlinking?") apparently didn't read the part of my OP where I said

 

I've gone over my raw access logs searching for the relevant URL with no luck. The URL is not currently in my "Latest Visitor" logs, either.

 

I'm not sure where AwStats is coming up with the URL if it's not in my raw access logs, though. It's quite a mystery.

[TCH-Andy]

I'd come back to why you suspect an image is being linked? what is the URL of concern?

 

Ultimately you will need to go through your raw log file. You can either do it manually, or with a log file analyser (you can always google for "log file analyzer" which will give you a number of free / trail packages).

 

You can then look at either the number of hits on specific images, or the download bandwidth for specific images. Where there is a lot of hits, you can check where they are being downloaded from, or the referrer.

[Deverill]

Awstats should reflect your raw logs. I'd submit a helpdesk ticket with all the details if it is not.

[TCH-Bruce]

I must be wording my question really badly or something, since the only one of you who even tried to answer my question ("How do I figure out which image they are hotlinking?") apparently didn't read the part of my OP where I said

I did read your question and since I didn't know how to determine which image or content was being hit I was offering a solution to stop that site from gaining access to yours.

 

Sorry if you felt otherwise.

[TCH-Tim]

I suggested looking in the raw logs because if Awstats is picking up the URL, it must be in the logs. Like Jim said. (Hopefully it's not a simple matter of being too specific when you're searching the logs.) If the requests are not in the raw logs, something is amiss and you should take Jim's suggestion of contacting the Help Desk.

 

Good luck.

[lilirose]

Andy, I'm not positive it's an image being hotlinked- it's just a hunch, because of repeated hits coming from a forum that I've never visited. The URL I'm getting from AwStats is ht_p://chinese.cari.com.my/myforum/viewthread.php .

 

I can't find that URL or any portion of it in my raw access logs despite repeated searches. Oh well. I've turned Hotlink Protection on and will add the forums that I post photos to manually...I suppose it's better than letting strangers eat my bandwidth. Thanks for the help, all.

[TCH-Andy]

Looking at you log files, you had 2 hits from there, and that was at the end of last month (hence you can't find them in this month). I don't think that it's significant hotlinking anyway.

 

If you were bothered - then just set deny access from that IP / domain. Then you can carry on linking elsewhere.

[abinidi]

I'm aware of the various ways to block the offending forum from accessing my site- that's not the question I'm asking. I want to know if there is a way to tell exactly which image is being hotlinked. Can anyone answer that question?

 

 

*sigh*

 

I must be wording my question really badly or something, since the only one of you who even tried to answer my question ("How do I figure out which image they are hotlinking?") apparently didn't read the part of my OP where I said

I'm not sure where AwStats is coming up with the URL if it's not in my raw access logs, though. It's quite a mystery.

 

Please remember that most (if not all) forum members are volunteers who are just trying to help. Getting frusterated with us doesn't usually help you get an answer to your question. It only usually scares more people away from answering because they are afraid of becoming the object of your wrath!

 

 

Best wishes. Sorry you didn't get the answer you were looking for.

[Deverill]

Have you had any success in verifying that your awstats is accurately reflecting your true log file? If so, awstats can be a big help in seeing where the bandwidth is going. In one of my sites, almost half of my monthly bandwidth was eaten by MSNBot.

[lilirose]

Jim, I have not had any success in figuring out why AwStats doesn't match my raw log, though it might have something to do with me clearing out the AwStats files before doing a backup a couple of weeks ago- though that doesn't seem right as I didn't remove my raw logs at that time.

 

Andy, my apologies- now that I look back at my AwStats, I see that you are correct. I was matching the wrong line, which was a forum that I do participate in, so I thought I'd got more than 1000 hits from the chinese.cari.com link. My mistake.

 

However, I am a bit curious how you accessed my stats without having my password? I didn't realize they were publicly accessible- or were you able to access it because you're a tech support person? I'm uncomfortable with the idea that anyone can view my stats at will- if there's a way to keep them private, please inform.

 

abinidi, I don't think there's any need to scold me- you misinterpreted my intent. I was frustrated over the fact that I was apparently not communicating clearly, because nobody had given even a simple a "yes" or "no" answer to the question I asked twice. I do realise that the volunteers here were trying to help, but they were going to great lengths to give me information I hadn't asked for, so it seemed obvious to me that I wasn't making myself understood.

 

Just for the record, I know that a lot of people who hotlink do so out of ignorance of copyright issues and the fact that bandwidth costs money, and thus my preferred solution would have been to discover which image was being hotlinked, so I could replace it with another image asking the hotlinker not to steal bandwidth. I thought it might have discouraged the hotlinker from doing the same thing to someone else in future. Maybe I should have said that in my OP but I was trying to be as succinct as possible so that I could get a clear answer to a clear question.

[TCH-Bruce]

I am a bit curious how you accessed my stats without having my password?

Andy is a staff member and a tech so he does have access to all the servers and thus able to access the log files without logging into your account.

 

And for the record, I did read your post. Since you could not provide what was being hotlinked too, I offered a method as did Andy to block only the site that was leeching your content based on what information you provided. I never told you to turn on hot-link protection I gave a method to block content from being accessed.

[abinidi]

abinidi, I don't think there's any need to scold me- you misinterpreted my intent. I was frustrated over the fact that I was apparently not communicating clearly, because nobody had given even a simple a "yes" or "no" answer to the question I asked twice. I do realise that the volunteers here were trying to help, but they were going to great lengths to give me information I hadn't asked for, so it seemed obvious to me that I wasn't making myself understood.

 

With all due respect, and with no scolding intended either, I'd like to respond to this by saying that this is one of the troubles with written communication, especially on-line. It is very hard to determine intent. If you go back and read your messages on this thread, I bet you can see how your responses *COULD* be read as jumping down the throats of the people who were trying to help you.

 

The same thing happend with my comment in this thread. I didn't write it with the intention to scold. I read the frusteration in your message, and understood that to mean that you were frusterated with the responses you had received. I wanted to kindly remind you that a frustrated/hostile tone often makes people wary of responding to a thread. But I wasn't as clear as I might have been, and it came across as if I were wanting to scold you.

 

Anyway, can we still be friends? I'm sorry if I came across as mean or scolding. I really was just trying to give a friendly reminder.

 

Best Wishes!

[lilirose]

Bruce, again, I do appreciate the fact that you were trying to be helpful, and thank you for that. It seems obvious to me that I wouldn't have been able to tell you what image was being hotlinked to, since the question I asked was "How do I discover what image is being linked to?"

 

Again, I thank you for your help, my frustration was (and still is) not with you, or with any of the people who were kindly trying to help me; rather I was frustrated that I'm not good at asking questions in a clear enough manner.

 

As I said in my last post, I would have preferred not to simply block the hotlinker for the following reason, stated in my previous post:

I know that a lot of people who hotlink do so out of ignorance... my preferred solution would have been to discover which image was being hotlinked, so I could replace it with another image asking the hotlinker not to steal bandwidth. I thought it might have discouraged the hotlinker from doing the same thing to someone else in future. Maybe I should have said that in my OP...

 

My apologies to anyone who I have offended due to my poor communications skills.

[zilla]

I don't know if this will help or not, since you may have a jillion images on your site; but you can do a search for your image using its file name and it will turn up which sites are linking to it. So, if you had a hunch which image it might be, you could verify by doing that.

[GOF]

I am having the same problem... but it doesn't seem to have an easy answer.

 

lilirose:

Wow.

Those ARE some great pictures on your site! I am impressed.

 

 

and

 

Thanks to all the volunteers that help keep this forum a great question and answer place!

 

Greg

[TCH-JimE]

All,

 

Hot-linking is a bad crime and its really annoying, however, I have found one thing, its pointless stopping one photo being used, because before long, you will find another person has taken another photograph and so on and so on till you get to the point where in 6 months time, you are having to stop hotlinking about 1000 pictures

 

Its very hard, if not impossible to work out where your images are going. The only real way is to download your raw logs and use a free web log anazler to look through and see if you can spot trends to where the pictures are going. If your like me though, that could involve 10s of forums.

 

What I found was to use the htaccess way to stop hotlinking. It also means I can add in domain names where i post and may want to post a picture up.

 

Post this into your .htaccess file, changing what the domainname.com for your own domain name.

 

>RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domainname.com(/)?.*$	 [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp)$ - [F,NC]

 

You can then add in places where you post and may want to use your own pictures, e.g.

 

>RewriteCond %{HTTP_REFERER} !^http://www.wabbithole.com/lists/ [NC]

 

The NC means it doesnt matter whether its written in caps or not, while the F forbids any of the aforementioned files from being referenced outside, you can all manner of files endings there.

 

You can also find my very old topic on this:

http://www.totalchoicehosting.com/forums/i...968&hl=htaccess

 

Ta

 

Jimuni

[Derek]

QUOTE(lilirose @ Jan 20 2006, 06:06 PM)

 

I'm aware of the various ways to block the offending forum from accessing my site- that's not the question I'm asking. I want to know if there is a way to tell exactly which image is being hotlinked. Can anyone answer that question?

 

QUOTE(lilirose @ Jan 21 2006, 05:39 AM)

 

*sigh*

 

I must be wording my question really badly or something, since the only one of you who even tried to answer my question ("How do I figure out which image they are hotlinking?") apparently didn't read the part of my OP where I said

I'm not sure where AwStats is coming up with the URL if it's not in my raw access logs, though. It's quite a mystery.

Please remember that most (if not all) forum members are volunteers who are just trying to help. Getting frusterated with us doesn't usually help you get an answer to your question. It only usually scares more people away from answering because they are afraid of becoming the object of your wrath!

 

 

 

Best wishes. Sorry you didn't get the answer you were looking for.

 

Lilirose - I feel your pain. NO, the failure in communications here was not you. You articulated your question very well. I grasped your 'intent' after the first pass without having to go back and reread. I have also received support from companies (not TCH, yet) where I would ask a specific question or request and they would reply to the question as if I was asking a completely different question. It is very, very frustrating and discouraging.

 

I did read your question and since I didn't know how to determine which image or content was being hit I was offering a solution to stop that site from gaining access to yours.

 

Sorry if you felt otherwise.

TCHBruce - If you 'did read' Lilirose's question, but didn't know the answer, why didn't you communicate this in your very first reply? I hope you understand that the absence of this explanation in your very first reply is what sparked all of this initially. A simple "Gee, I don't know how to determine which image is being linked, Lilirose. But here's what I can tell you... " would have probably prevented the majority of the miscommunications of this thread.

 

abinidi - Being a volunteer is GREAT! However, it doesn't exempt people from using reason, logic and good communication skills. Let's just try harder next time, mm-kay?

[TCH-Dick]

Hi Derek,

 

I'm not sure what your intentions are but you really have not added to this discussion. If you continue to dig up old threads just to make snide remarks, you will find your posting privileges revoked.

 

I will now leave you to our forum members so they can help you understand why we call these these forums the "TotalChoice Hosting Family Forums".

 

Let's just try harder next time, mm-kay?