A few visitors to thesitewizard.com have asked me how they could prevent their images from being used on other sites. They were particularly concerned that some sites were linking directly to their images on their web server using IMG tags. As such, not only were those images being used without the owner's permissions, they were also making the owner pay for their bandwidth!
The simplest way to detect such linkages to your images is to check your web server logs for referrals to the images on your website. That is, sift through the logs to find out which are the sites that send visitors to the images on your website.
Trace the referrers in the logs to the actual referring website and check the offending web page. If you find your graphics displayed on their page, check the HTML source for that page and find out where the graphic files are hosted. If the IMG tag points to your website, it means they are using your bandwidth for their website.
One way to protect your images from being linked directly from your site is to deliver them from a PHP script. Note that there is no way to protect your images from being copied by others and uploaded to their website; if they can view it, they can copy it. The method that I'm outlining here will only protect your bandwidth from being used by some other site.
You will need PHP access for this script to work. If your host does not currently provide PHP access, you can search for commercial web hosts with PHP access from the following pages:
If you prefer a free web host, you can try looking for them on the Free Web Hosts with PHP page, although you should remember that free web hosts tend to close suddenly without warning, leaving your website high and dry.
Note that the script will only work if your web host has PHP version 4.1 or above installed, which probably accounts for all of the web hosts in business today, so this is probably not going to be an issue. It does not matter whether your web host is running an Apache server on Unix or IIS server on Windows (or whatever), although if your web host runs Apache on Unix, you might want to use my .htaccess solution, How to Prevent Image Bandwidth Theft with .htaccess at https://www.thesitewizard.com/archive/bandwidththeft.shtml instead — it's more efficient.
Copy the PHP code given below into an ASCII text file and save it as "chimage.php". The exact file extension to use depends on your web server.
More information about how to configure and use the script can be found after the script.
Note the script begins from the "
<?php" line (inclusive of that line) and ends on the
?>" line (inclusive of that line). Do not add any text before or after those markers
<?php" and "
?>") or you will run into numerous error messages when you use the script.
Note the script ended on the "?>" line above. Copy only up to (and including) the line with the "?>". Do not retype the script — cut and paste it.
To install the script, just upload it (in ASCII text mode) to your main directory.
To configure it, change the following lines at the beginning of the script.
Point $imagedir to the actual directory where you placed your image files. This must be the full path. So if you placed your files in "/users/yourname/images/", change the line to
Remember to end the line with a semi-colon. Please see my tips on where to put your images later in this article before you do anything.
$validprefixes allows you to indicate all the hosts from which you will be calling your images. For example, if your domain is "example.com" but it can also be referred to as "www.example.com", change the lines to:
Note carefully the punctuation marks that I used and do not modify them. If you need to add more hosts, simply add it before the first host line (in this example, you would add it before "example.com") and make sure each additional line ends with a comma.
If your site can only be accessed from one URL, use the following format:
Notice that there are no commas in the second example.
Remember that these are hostnames, not URLs. It doesn't matter which page on "www.example.com" your image is loaded from. All that matters is that if the URL begins with "www.example.com", you should put "www.example.com" in the list of valid prefixes above.
Set $homepage to the URL of your main page. Visitors who directly use your script from their browser will be directed there.
If you wish to be informed when some other site link to your images illegitimately, remove the preceding "//" from the line with $email. Set $email to point to your email address.
Put your images in a secret directory somewhere.
The best place is actually in a directory that cannot be normally accessed by your web server but that can be accessed by your PHP script. For example, some web servers are configured so that you have to put your files in a "htdocs" or "public_html" directory before it will be visible on your website. Whenever you want to upload your files, you have to change to that directory to do it. If that is the case, DON'T change to that directory but make another subdirectory in the same level as "htdocs" or "public_html", called for example "images", and dump your images there.
If you do not have access to subdirectories outside your web directories, make a subdirectory with some obscure name that people are less likely to guess, and dump your files there. Don't use names like "images" or the like or people can work around your PHP script with ease.
Modify your HTML files to refer to the CHImageGuard script. Instead of referring your images as "mymugshot.gif" in your IMAGE tag, load them as
Note that it really does not matter that anyone can see the name of your image file - they can't access it directly since it's hidden in some unknown subdirectory that only the PHP script knows about.
If you want to use a JPEG file named "award.jpg", just put it in your new image directory and call it with the IMAGE SRC tag with
The PHP script can handle GIF, JPG and PNG image files. Don't bother to try to use any other type of file — the built-in function it uses to detect the file type may not be able to determine its type correctly.
After you do the above, if some other site tries to copy your image URL to their IMAGE tag, they will find that the image will not display on their site. In place of the image, the visitor's web browser will display a broken link image. If you have enabled the email warning system (disabled by default), you will also receive an email with information about which site tried to use which image from your site.
Your images should load fine on pages on your site. However, please read my cautionary note later in this article.
When someone visits a web page, the browser will request for the individual images on the website. Each time it makes a request for an image it will also inform the web server the URL of the page that linked to that image.
The script works by checking that the page requesting the image is actually in the list of hosts you listed in $validprefixes. If it is, it will send the image to the web server. Otherwise it will inform the web server that the image could not be found.
It is possible that on some web hosts, your PHP script may not be able to access directories outside your web server directories. In such a case, you'll just have to put your images in a subdirectory within your web directories. Just be sure to name it with some unlikely name (a gibberish sequence of characters and numbers might be one possibility).
Since CHImageGuard depends on the browser to tell it which page is linking to the images, it would not work correctly under the following conditions:
There are possibly other situations where the information on the referring page is suppressed or wrong.
I wrote the script in such a way that if the information on the referring page is simply suppressed, the script will still deliver the image on the chance that the visitor is viewing your website through an anonymous proxy or a privacy-enabled browser. This means that if the visitor is viewing the bandwidth pirate's website with such a browser, he will still be able to view the image stolen from your site as well. My rationale is that it is better to lose that small amount of bandwidth than to have broken link images appear on your own pages.
However, if the referring page information is present but does not point to one of your valid hostnames, the script will issue a Not Found error for the image, even if the visitor is at your website and is using a browser that camouflages such information. The visitor will then only see a broken link image in place of the actual image.
Some people prefer to use a special image that is displayed when the image is linked from another site. This might be an image proclaiming "This image was stolen", or one that advertises their own site such as "You can get even better products/services at www.your-site-name.com". You can easily do that if you like, but remember the following:
The script depends on referral data from the browser. If the data is faulty, it may actually furnish the image when your page is loaded. This is not a major problem if you're replacing the image with an advertisement for your site, but may be a major embarrassment if you display things like "this image was stolen".
You're adding to your own bandwidth, defeating the entire purpose of the exercise, which is to save it. Why not simply return a HTTP error and save your bandwidth?
Having said that, if you insist on issuing a different image for the thief's site, change the lines
(assuming of course that you are using a GIF file here). You will of course have to put the correct full path to your GIF file as argument to the readfile function.
Feel free to use the script on as many websites as you like. However, please do not redistribute the script. You can find the full terms of the licence ("license" in US English) agreement in the PHP script above.
Do you find this article useful? You can learn of new articles and scripts that are published on thesitewizard.com by subscribing to the RSS feed. Simply point your RSS feed reader or a browser that supports RSS feeds at https://www.thesitewizard.com/thesitewizard.xml. You can read more about how to subscribe to RSS site feeds from my RSS FAQ.
This article is copyrighted. Please do not reproduce or distribute this article in whole or part, in any form.
It will appear on your page as: