« Apache and Awstats 6.5 | Main | Of Botnets and ShadowServers »

March 20, 2006

Hotlinkers Beware

http://altlab.com/htaccess_tutorial.html

Doh! I got an error message:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, peeniewallie@wispertel.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.

Apache/2.0.55 (Win32) PHP/5.1.2 Server at www.peeniewallie.com Port 80
[Mon Mar 20 23:25:09 2006] [alert] [client 192.168.1.1] C:/Inetpub/wwwroot/.htaccess: Invalid command 'RewriteEngine', perhaps mis-spelled or defined by a module not included in the server configuration

As it turns out, I just needed to uncomment this loadmodule line::

LoadModule rewrite_module modules/mod_rewrite.so

(Continued in extended entry...)

Now, I'm getting this error:

[Tue Mar 21 00:31:26 2006] [error] [client 24.49.2.86] mod_rewrite: maximum number of internal redirects reached. Assuming configuration error. Use 'RewriteOptions MaxRedirects' to increase the limit if neccessary., referer: http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=61773
[Tue Mar 21 00:31:57 2006] [notice] Parent: Received restart signal -- Restarting the server.

At least it's blocking the hotlink requests, but it won't serve the image I want to serve.

So, I added this line to my .htaccess file:

RewriteOptions MaxRedirects=100

Now, I'm getting yet another error message:

Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://tackycat.blogspot.com/

Aaargh. Maybe this is my problem?

Actually, now that I've played with this some more, it's definitely looping on my redirect. Possibly I'm suffering from this problem related to Apache redirects using index.php.

Here's some technical details on the Apache module mod_rewrite.

Basically, what I decided was this: I'm no genius at this Apache redirect thing, but, for some reason, it's looping. So, to break it out of the loop, I decided to redirect to a file type that wasn't in my condition statement. So, I changed it to essentially allow hotlinking to .jpeg files. I don't use .jpeg files anyway. Mine are all .jpg files. So, when I redirect to a .jpeg file, the redirect doesn't match the condition, and the file is delivered to the sucker. For an example of this in action click on the websites below(Warning: NOT SAFE FOR WORK):

http://www.bayarearidersforum.com/forums/showthread.php?s=&threadid=156244
http://tackycat.blogspot.com/2006/01/wild-parrots-of-telegraph-hill.html
http://www.imonline.nl/bianca-dierensite
http://viewmorepics.myspace.com/index.cfm?fuseaction=user.viewPicture&friendID=929710
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=1909335
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=10517262
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=28282491
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=6524135
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=11823951
http://comments.myspace.com/index.cfm?fuseaction=user.viewComments&friendID=61773
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=11190376
http://board.crewcial.org/?func=topic&id=115833
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=4693719
http://www.myspace.com/justaliljessica
http://missriot.livejournal.com/?skip=20
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=13372052
http://www.medi-board.com/index.php?board=12;action=viewprofile;user=Trimalchio
http://gravityspike.blogspot.com/2005_11_01_gravityspike_archive.html

http://forum.counter-strike.de/bb/thread.php?TID=121855&SID=ac5b8b2db31df9988ff6fc51f9b691d9
http://www.hellouk.org/forum/index.php?showtopic=91986&hl=birkbeck
http://www.xanga.com/o0trishDAdish0o


Alternately, here's the "hall of shame" of hotlinks into my site. Warning: NOT SAFE FOR WORK.


For some reason, the following links weren't redirecting. Possibly because they were in a different folder. But, I copied the .htaccess into the one folder where the images were still successfully pilfered from, and the problem is solved! :

http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=7960476&MyToken=fb033492-f28b-44c6-8cdc-4786049d7cef
http://www.atvpolska.pl/forum/viewtopic.php?t=1591&postdays=0&postorder=asc&start=165
http://www.offroaders.com/readers/archives.htm
http://www.yonja.com/profile.jsp?u=149398110
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=5039207
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=28419717

Alden Bates suggests using the "tubgirl" image as a redirect. If you don't know what "tubgirl" is, for the love of g0d, don't google it. Trust me on this one. ;)

Update: I'm moving the links down here as they remove their hotlinks from my site:
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=10876048
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=1625452
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=3392418
http://bad-luck.livejournal.com/
http://drepbbbbbt.livejournal.com/
http://board.honeypump.net/t.php?id=48575&r=21
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=34224777
http://www0.pafnet.de/user/12704/profiletext
http://dg-clan.com/invision/index.php?showtopic=1659&hl=
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=10876677
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=24256823


This is a test:
My image

Update: Apparently, someone got burned over this little incident.

Posted by Peenie Wallie on March 20, 2006 at 11:23 PM

Comments

FYI: As of 2006-03-21 @ 08:52 MST, there are no pictures in any of your posts.

At least you've prevented yourself from hotlinking to your own site! :-)

Posted by: Robert R. on March 21, 2006 at 8:53 AM

Thanks for pointing this out. I made many changes to the .htaccess file last night. One of the last versions didn't have my website name in the rule - as in "allow this website to link", so yes, I was filtering myself out. Doh! It's been corrected now. :) But, I am still having a problem with the Apache .htaccess redirects, as it's looping for some reason.

Posted by: Peenie Wallie on March 21, 2006 at 10:14 AM

Post a comment




Remember Me?

(you may use HTML tags for style)


NOTICE: IT WILL TAKE APPROX 1-2 MINS FOR YOUR COMMENT TO POST SUCCESSFULLY. YOU WILL HAVE TO REFRESH YOUR BROWSER. PLEASE DO NOT DOUBLE POST COMMENTS OR I WILL KILL YOU.