Urgent: Hotlink Protection Help Needed

Yesterday a Chinese website has hot linked many large pictures from our forum, because of which our forum’s server is having excessive load. To get rid of this issue, I dropped them a mail to remove the pictures but they doesn’t seems to doing so. That is why, to get rid of it I’m now considering to include hotlink prevention. I have followed many threads over here, vbulletin.com and org but I’m not able to get it working. My main domain has a Wordpress and vbulletin forum is located in a directory (/forum). My webhost tried to implement hotlink protection through cPanel feature but it’s throwing up an error due to default .htaccess of WordPress. (Note: WP creates its own default .htaccess when Permalinks are used). Then, my webhost removed that default .htaccess and tried with another. This time, it was activated but my blog had gone. Finally, they gave up and I’ve restored the old WP .htaccess to so that my blog appears again. Now – I’m thinking to implement hot-link protection on the vbulletin forum directory ONLY. I thought, it would be simpler but heck, the issue is only getting frustrating for me because each time my server load spikes (due to Chinese website), I have to shut down my forums so that things stay in control. But for how long can I keep doing this? It’s causing huge loss to us and even more so, a huge interruption to our users.

I would extremely appreciate if someone could help me out here because this problem is getting beyond my understanding. I’m attaching my .htaccess of vbulletin forum directory. Please let me know the exact code where exactly do I need to add it? I do already have replacement image for actual pictures. Also, I want it such that, the pictures can appear / indexed by search engines like Google / and should be visible when viewed through direct link on browser. Many thanks in advance.

PS: I have already tried to follow the steps in this thread: Hotlink Protection Tutorial (Apache Server - .htaccess files)

PPS: In above .htacces, "mywebsite.com" is used instead of my actual domain, while "yourdomain.com" was there in .htaccess already.

The code given is correct, but does not include non-www.


RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.yourdomain.com/nohotlinking.jpe [R,NC]


should add in



RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.yourdomain.com/nohotlinking.jpe [R,NC]



You can also use

RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ - [F]
instead of
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.yourdomain.com/nohotlinking.jpe [R,NC]

to Fail the request and not show anything.

Thanks Brian. But surprisingly it does not works. I'm attaching below what I did. Also I would like to inform that I especially wish to restrict the attachments from being copied to another website. And these attachments are not stored in public_html. Does that affect anyways?

Code:

RewriteCond %{HTTP_HOST} !^www\.mywebsite\.com$
RewriteRule (.*) http://www.mywebsite.com/forums/$1 [R=301,L]
# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On


# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /


#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]


RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]


RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]


RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.mywebsite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsite.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.mywebsite.com/forums/images/nhl.jpe [R,NC]

It doesn't work because vbseo adds additional information to the end of the file:

[QUOTE]http://www.mysite.com/content/attachments/3734-example.jpg?cid=18[/QUOTE]

So if you just enter:

http://www.mysite.com/content/attachments/3734-example.jpg

then the Hotlink protection will be enabled.

Unfortunately if someone right clicks on an image on my site, it displays the extra info :

/content/attachments/3724d1318260387-week41.jpg/
/attachments/3726-burnvic.jpg/?cid=18

which completely negates the Hotlink protection

That bug was fixed in 3.6. I suggest upgrading to 3.6 asap.