Patterico's Pontifications

3/28/2013

The Dangers of Hotlinking

Filed under: General — Patterico @ 9:33 pm



A few days ago, the site was down for an hour or two. I got in touch with my friendly webmaster, who explained that a major news site* had hotlinked a picture of Michael Hiltzik on my server. In other words, instead of grabbing the picture and putting it on the server of the major news site, the site had simply embedded the URL of the picture, and used my server’s resources to show their audience the picture.

My server was being accessed about 1000 times a minute, he said. It knocked me off line in no time flat.

He sent them a polite note asking them to stop. No response. He replaced the image at the URL in question with a blank image. Still no response.

Finally, he suggested that he could replace the picture with another one . . . which would cause the picture of Hiltzik to be replaced with the one he had in mind.

He showed me what he was talking about. “Do it,” I said. (As soon as I had stopped laughing.)

Very quickly, the site resolved the problem, and my site was back up.

But not before my webmaster got a screenshot:

*My webmaster has revealed the name of the site: allthingsd.com. I’d never heard of it before, but it’s apparently a Dow Jones site, capable of generating 1000 hits to my server in a minute with a picture of Michael Hiltzik. So it’s not like ABC News or anything like that, but big enough to know better.

42 Responses to “The Dangers of Hotlinking”

  1. I just told someone I would put this post up, as an illustration of the dangers posed by hotlinking.

    Patterico (2efd47)

  2. I have a feeling that image will become a mainstay when I talk about Hiltzik in the future.

    Patterico (2efd47)

  3. Yeah, that is great. And I won’t do that again.

    JD (b63a52)

  4. It’s . . . too dangerous.

    Patterico (2efd47)

  5. Awesome.

    1. You were kinder than I would have been with that picture selection.

    2. You’re protecting the identity of the “news site”?

    Ken (1ff322)

  6. I’ve been meaning to do this post anyway.

    Patterico (2efd47)

  7. Ken,

    My webmaster didn’t tell me. I had limited Internet access and phone coverage. The screenshot I would have taken would have prominently displayed the news site’s name and banner. He said it was a Dow Jones related site of some sort.

    Patterico (2efd47)

  8. I got a couple of emails from them letting me know that the issue had been fixed. One even had an apology in it. I guess we’ll cut them some slack for that.

    I think they were in the middle of fixing it when the picture got changed.

    It turned out to be a good thing because it exposed a configuration change I needed to make to make the server more resistant to that kind of load. Not that I’m going to invite that kind of abuse again.

    Admin Guy (492627)

  9. So I unknowingly performed a service.

    JD (b63a52)

  10. Absolutely!

    Admin Guy (492627)

  11. the googles say the unnamed site was allthingsd

    happyfeet (8ce051)

  12. it looks like they still do some image hotlinkings but mostly to relatively big sites like the ethically challenged ferret-man’s business insider site and such

    happyfeet (8ce051)

  13. *ethically-challenged* I mean

    happyfeet (8ce051)

  14. Admin Guy,

    I think you should out the name of the site, just for grins.

    Patterico (2efd47)

  15. happyfeet gets the prize for his Google-fu. It was allthingsd.com.

    Admin Guy (492627)

  16. As long as I’m here, I might as well mention that I’m going to update some OS components on the server and the site will be down for about three minutes later this evening.

    Admin Guy (492627)

  17. For the record, Michael is gurning.

    Gazzer (851de9)

  18. Allthingsd is a Dow Jones major news site?

    Maybe I inferred “major” from the traffic, but I know Admin Guy said it was related to Dow Jones.

    Patterico (2efd47)

  19. Admin Guy and JD – That was Suh-Weeeeet!!!!!!!

    daleyrocks (bf33e9)

  20. Looks like it is a Dow Jones site. Never heard of it. That link generated 1000 views per minute? Sheesh.

    Patterico (2efd47)

  21. LOL

    Dustin (82e823)

  22. Nicely done. I’ve seen other sites link to XXX images to discourage hot-linking. Yours was pretty benign in comparison.

    Stashiu3 (1680c0)

  23. I would have drawn a funny face on my junk and taken a picture of that! Not to screw with the website — just ’cause it sounds like a fun thing to do. GURNING!!

    unclebryan (453de3)

  24. this sort of thing used to happen all teh time on My Pet Jawa, where various jihadi sites would hot link to jihadi stuff they had posted.

    in return, they would change the destination pic to Zionist boobhies, or something equally kufar…

    haven’t seen anything like that there recently, but you are in good company with your counter move.

    take no prisoners!

    redc1c4 (403dff)

  25. Looks like a mug shot from Hollywood.

    mg (31009b)

  26. Damn you, Patterico, you finally got me to post after a year and a half of lurking.

    Site went down in the middle of the night again last night, FYI. Tried to access it because I was trapped on 3rd shift at work and Chrome kept telling me you didn’t exist. I wondered who’d taken you down first, whether it was Kimberlin or part of the Spamhaus debacle. Turns out it was the old Bitter Beer Face from Keystone Light.

    Trailsong (4f917e)

  27. @Trailsong: The downtime in the middle of the night last night was me. There were some server updates that required a couple of reboots. I was hoping for about three minutes of downtime, but needed some extra time to deal with some oddities with the IPv6 configuration. Mischief managed.

    Admin Guy (492627)

  28. Oh, I had this problem once. I wasn’t as nice as you- I replaced the picture with something a gynocologist would see. I still laugh about it years later.

    me here (822526)

  29. We had a similar problem with a competing website doing that to us. We replace the image with an ad for our website, saying our prices were better than the linkers. They didn’t notice it for days.

    George (8015e3)

  30. What’ funnier, the picture or the headline about “facile” analysis?

    LWGII (c27c59)

  31. Admin Guy, how did you get my picture?

    nk (c5b7ef)

  32. And yes, I too wondered whether it was a DoS attack from Brett Kimberlin, the Speedway Bomber.

    nk (c5b7ef)

  33. Admin Guy is much nicer than I. I would have used a far different image.

    SPQR (a97b9a)

  34. Some death metal band hotlinked some image of mine as the background of their dark, goth-riffic Myspace page. I gave their site a free “My Little Ponies” makeover with lots of pastel hearts and ribbons. The best part was the old image was cached in their browsers, so it took them days to catch on.

    Rick Adams (470dbc)

  35. I only wish I had enough traffic to get hotlinked. 🙁

    The blogger Dana (3e4784)

  36. nk asked:

    Admin Guy, how did you get my picture?

    Post Office wall, where else?

    The Dana channeling Admin Guy (3e4784)

  37. I have a huge animated GIF file that blinks alternately red and blue, which I use for that purpose. It does what I want: hot linkers quit very rapidly, because my file screws of their pages royally.

    It’s also very small, only about 4K.

    Steven Den Beste (99cfa1)

  38. When I say it’s “huge” I mean it’s huge in pixels, something like 2048*2048. But because of the kind of compression that GIF uses, it doesn’t require a lot of storage.

    Steven Den Beste (99cfa1)

  39. Only one way to skin this cat.

    AZ Bob (c11d35)

  40. Too bad you couldn’t wait until Monday to do that. 😀

    bridget (55e4a2)

  41. Post Office wall, where else?

    That warrant was supposed to be recalled as part of my plea deal. Thanks, I’ll contact the FBI.

    nk (c5b7ef)

  42. Just from a fellow admin who has had to deal with this before, if the site runs on Apache and has mod_rewrite available, a simple rule will stop most instances of hot linking.

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^https://patterico.com/.*$ [NC]
    RewriteRule .*\.(gif|jpg|png)$ – [F,L]

    Aaron (c3452a)


Powered by WordPress.

Page loaded in: 0.0921 secs.