How to Protect Your Images from Bandwidth Thieves

PHP Script to guard your images from being used on other sites at your expense.


How to Protect Your Images from Bandwidth Thieves

by Christopher Heng, thesitewizard.com

A few visitors to thesitewizard.com have asked me how they could prevent their images from being used on other sites. They were particularly concerned that some sites were linking directly to their images on their web server using IMG tags. As such, not only were those images being used without the owner's permissions, they were also making the owner pay for their bandwidth!

How to Detect The Bandwidth Thieves

The simplest way to detect such linkages to your images is to check your web server logs for referrals to the images on your website. That is, sift through the logs to find out which are the sites that send visitors to the images on your website.

Trace the referrers in the logs to the actual referring website and check the offending web page. If you find your graphics displayed on their page, check the HTML source for that page and find out where the graphic files are hosted. If the IMG tag points to your website, it means they are using your bandwidth for their website.

How to Protect Your Images: System Requirements

One way to protect your images from being linked directly from your site is to deliver them from a PHP script. Note that there is no way to protect your images from being copied by others and uploaded to their website; if they can view it, they can copy it. The method that I'm outlining here will only protect your bandwidth from being used by some other site.

You will need PHP access for this script to work. If your host does not currently provide PHP access, you can search for commercial web hosts with PHP access from the following pages:

If you prefer a free web host, you can try looking for them on the Free Web Hosts with PHP page, although you should remember that free web hosts tend to close suddenly without warning, leaving your website high and dry.

Note that the script will only work if your web host has PHP version 4.1 or above installed, which probably accounts for all of the web hosts in business today, so this is probably not going to be an issue. It does not matter whether your web host is running an Apache server on Unix or IIS server on Windows (or whatever), although if your web host runs Apache on Unix, you might want to use my .htaccess solution, How to Prevent Image Bandwidth Theft with .htaccess at http://www.thesitewizard.com/archive/bandwidththeft.shtml instead — it's more efficient.

The CHImageGuard PHP Script

Copy the PHP code given below into an ASCII text file and save it as "chimage.php". The exact file extension to use depends on your web server.

More information about how to configure and use the script can be found after the script.

Note the script begins from the "<?php" line (inclusive of that line) and ends on the "?>" line (inclusive of that line). Do not add any text before or after those markers ("<?php" and "?>") or you will run into numerous error messages when you use the script.

Note the script ended on the "?>" line above. Copy only up to (and including) the line with the "?>". Do not retype the script — cut and paste it.

Installing and Configuring the Script

To install the script, just upload it (in ASCII text mode) to your main directory.

To configure it, change the following lines at the beginning of the script.

  1. $imagedir

    Point $imagedir to the actual directory where you placed your image files. This must be the full path. So if you placed your files in "/users/yourname/images/", change the line to

    $imagedir = "/users/yourname/images/" ;

    Remember to end the line with a semi-colon. Please see my tips on where to put your images later in this article before you do anything.

  2. $validprefixes

    $validprefixes allows you to indicate all the hosts from which you will be calling your images. For example, if your domain is "example.com" but it can also be referred to as "www.example.com", change the lines to:

    $validprefixes = array {
    	"example.com",
    	"www.example.com"
    } ;
    

    Note carefully the punctuation marks that I used and do not modify them. If you need to add more hosts, simply add it before the first host line (in this example, you would add it before "example.com") and make sure each additional line ends with a comma.

    If your site can only be accessed from one URL, use the following format:

    $validprefixes = array {
    	"www.example.com"
    } ;
    

    Notice that there are no commas in the second example.

    Remember that these are hostnames, not URLs. It doesn't matter which page on "www.example.com" your image is loaded from. All that matters is that if the URL begins with "www.example.com", you should put "www.example.com" in the list of valid prefixes above.

  3. $homepage

    Set $homepage to the URL of your main page. Visitors who directly use your script from their browser will be directed there.

  4. $email

    If you wish to be informed when some other site link to your images illegitimately, remove the preceding "//" from the line with $email. Set $email to point to your email address.

Using the Script

  1. Upload your images

    Put your images in a secret directory somewhere.

    The best place is actually in a directory that cannot be normally accessed by your web server but that can be accessed by your PHP script. For example, some web servers are configured so that you have to put your files in a "htdocs" or "public_html" directory before it will be visible on your website. Whenever you want to upload your files, you have to change to that directory to do it. If that is the case, DON'T change to that directory but make another subdirectory in the same level as "htdocs" or "public_html", called for example "images", and dump your images there.

    If you do not have access to subdirectories outside your web directories, make a subdirectory with some obscure name that people are less likely to guess, and dump your files there. Don't use names like "images" or the like or people can work around your PHP script with ease.

  2. Modifying Your Web Pages

    Modify your HTML files to refer to the CHImageGuard script. Instead of referring your images as "mymugshot.gif" in your IMAGE tag, load them as

    <image src="chimage.php?image=mymugshot.gif">

    Note that it really does not matter that anyone can see the name of your image file - they can't access it directly since it's hidden in some unknown subdirectory that only the PHP script knows about.

    If you want to use a JPEG file named "award.jpg", just put it in your new image directory and call it with the IMAGE SRC tag with

    <image src="chimage.php?image=award.jpg">

    The PHP script can handle GIF, JPG and PNG image files. Don't bother to try to use any other type of file — the built-in function it uses to detect the file type may not be able to determine its type correctly.

What Happens When A Bandwidth Thief Tries to Use Your Images

After you do the above, if some other site tries to copy your image URL to their IMAGE tag, they will find that the image will not display on their site. In place of the image, the visitor's web browser will display a broken link image. If you have enabled the email warning system (disabled by default), you will also receive an email with information about which site tried to use which image from your site.

Your images should load fine on pages on your site. However, please read my cautionary note later in this article.

How It Works

When someone visits a web page, the browser will request for the individual images on the website. Each time it makes a request for an image it will also inform the web server the URL of the page that linked to that image.

The script works by checking that the page requesting the image is actually in the list of hosts you listed in $validprefixes. If it is, it will send the image to the web server. Otherwise it will inform the web server that the image could not be found.

Potential Problems

  1. PHP Settings

    It is possible that on some web hosts, your PHP script may not be able to access directories outside your web server directories. In such a case, you'll just have to put your images in a subdirectory within your web directories. Just be sure to name it with some unlikely name (a gibberish sequence of characters and numbers might be one possibility).

  2. Buggy Browsers/Anonymous referrers

    Since CHImageGuard depends on the browser to tell it which page is linking to the images, it would not work correctly under the following conditions:

    • if the browser has a bug that makes it provide the wrong information
    • if the visitor uses a browser that allows him/her to change such information
    • if the visitor works through a proxy or firewall that changes or modifies such information (such as some anonymous proxies)

    There are possibly other situations where the information on the referring page is suppressed or wrong.

    I wrote the script in such a way that if the information on the referring page is simply suppressed, the script will still deliver the image on the chance that the visitor is viewing your website through an anonymous proxy or a privacy-enabled browser. This means that if the visitor is viewing the bandwidth pirate's website with such a browser, he will still be able to view the image stolen from your site as well. My rationale is that it is better to lose that small amount of bandwidth than to have broken link images appear on your own pages.

    However, if the referring page information is present but does not point to one of your valid hostnames, the script will issue a Not Found error for the image, even if the visitor is at your website and is using a browser that camouflages such information. The visitor will then only see a broken link image in place of the actual image.

    Note that this is an issue with the browser or proxy. Please do not report it as a bug in CHImageGuard. There is no known way of fixing it at the script level at this point in time. It affects all scripts of this nature, whether PHP, Perl, JavaScript, etc. It also affects other types of programs that rely on the browser furnishing accurate referral data, such as web statistics programs. It rarely occurs on my websites but, of course, your mileage may vary.

Changing the Output

Some people prefer to use a special image that is displayed when the image is linked from another site. This might be an image proclaiming "This image was stolen", or one that advertises their own site such as "You can get even better products/services at www.your-site-name.com". You can easily do that if you like, but remember the following:

Having said that, if you insist on issuing a different image for the thief's site, change the lines

if (isset($email)) {
  mail( $email, "Bandwidth Theft Alert",
  "WARNING:\n\n$referrer\ntried to access\n$image\n",
  "From: CHImageGuard <$email>" );
}
header( "HTTP/1.0 404 Not Found" );

to

if (isset($email)) {
  mail( $email, "Bandwidth Theft Alert",
  "WARNING:\n\n$referrer\ntried to access\n$image\n",
  "From: CHImageGuard <$email>" );
}
header( "Content-type: image/gif" );
@readfile( "/your/replacement/image/filepath.gif" );

(assuming of course that you are using a GIF file here). You will of course have to put the correct full path to your GIF file as argument to the readfile function.

Miscellaneous

Feel free to use the script on as many websites as you like. However, please do not redistribute the script. You can find the full terms of the licence ("license" in US English) agreement in the PHP script above.

Copyright 2000-2014 by Christopher Heng. All rights reserved.
Get more free tips and articles like this, on web design, promotion, revenue and scripting, from http://www.thesitewizard.com/

thesitewizard™ News Feed (RSS Site Feed)  Subscribe to thesitewizard.com newsfeed

Do you find this article useful? You can learn of new articles and scripts that are published on thesitewizard.com by subscribing to the RSS feed. Simply point your RSS feed reader or a browser that supports RSS feeds at http://www.thesitewizard.com/thesitewizard.xml. You can read more about how to subscribe to RSS site feeds from my RSS FAQ.

Do Not Reprint Without Permission

This article is copyrighted. Please do not reproduce this article in whole or part, in any form, without obtaining my written permission.

Related Pages

New Articles

Popular Articles

How to Link to This Page

It will appear on your page as:

How to Protect Your Images from Bandwidth Thieves





Home
Donate
Contact Us
Link to Us
Topics
Site Map

Getting Started
Web Design
Search Engines
Revenue Making
Domains
Web Hosting
Blogging
JavaScripts
PHP
Perl / CGI
HTML
CSS
.htaccess / Apache
Newsletters
General
Seasonal
Reviews
FAQs
Wizards

 

 
Free webmasters and programmers resources, scripts and tutorials
 
HowtoHaven.com: Free How-To Guides
 
Site Design Tips at thesitewizard.com
Find this site useful?
Please link to us.