Bandwidth thieves 3

[EdwardMartinIII]

I've read of it before and I occasionally encountered it in the past, but more than ever, I'm seeing people who inline graphics from my websites to their own websites or discussion boards and so on.

I obviously am charged for over-bandwidth, so I'm trying to put a halt to this.

Usually, I change image file names and that breaks things for a couple months, but then I see the bandwidth creeping up again, while the page hits stay steady. Once again, someone's stealing their images from my host.

Most of these, I'm chagrined to discover, are behind database and session calls, so I can't even use me Urchin statistics to go to the page. If I wanted to, I could wade through all the various discusion boards, but that would suck.

My inner naughty fella wants to bang these idiots back. The idea I cam up with was doing a file-name change as usual, but leaving in the old file names an image that is, in fact, very nasty, such as threats to public officials, etc. Very small files, of course. I'm hoping that the hosts of these dingbats will do the smackdown on the offender, once they see a user with an icon that says "Banging babies for jesus" or something much nastier.

Do any of you encounter bandwidth thieves and if so, what do you do to handle this problem?

Thanks!

Cheers,


Edward

"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door

 

[CajunCenturion]

I don't think that person who is paying for the bandwith would agree that no harm is done.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

 

[sleipnir214]

I agree with the core of KornGeek's thought.

Some unethical person is eating up my bandwidth by putting links to graphics on my server on other sites. I change the image to an image if a naked Miss May. But the image link is used on a site dedicated to children's interests.

Eating up my bandwidth through the use of foreign linking is unethical. But I would not be on strong ethical ground myself if I were a party to someone's young darling getting an eyeful of Miss May.

However, I would want to provide the maximum impetus to the bandwidth thieves to take their business elsewhere. An image consisting of the text "This image placed on this server by a bandwidth thief" would keep me on solid ethical ground.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[KornGeek]

Just to clarify, when I said no harm done, I meant by the bandwidth victim. Although this may be less fun, it is a safer stance in a litigious world.

 

[EdwardMartinIII]

In general, I can see worrying about what shows up on a children's site, but because these people are specifically making a choice to link to my images and my images aren't really the sort of images that OUGHT to be on a children's site in the first place, I have no problem whatsoever spanking them back.

I can't nab the money I've paid in bandwidth fees back from their wallets, but if I can prevent the theft in the first place with some sort of server directive, for the first month, that replacement image is going to be something very direct and to-the-point and preferably an assertion that will get their accounts axed immediately with their ISP. After a month, after I calm down from seeing a $900 bill for bandwidth use, then I'll change it to something more sedate, such as "I steal bandwidth -- send me photos of your nubile children."

'Cause I want people to know RIGHT NOW that I'm very annoyed at them. I want them to get in trouble with their ISPs right now. Then later, I want them just embarrassed. First, a live round, then tracers.

Cheers,


Edward

"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door

 

[sleipnir214]

First, a live round, then tracers.

<facetious>
Is this a police procedure or a war? It makes a difference -- particularly whether you should give the bad guy a chance to give himself up first.
</facetious>



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[EdwardMartinIII]

I used to give folks a little note, saying that they were linking to my images and the bandwidth was costing money. Now, more and more of these links are behind asp pages and database-driven sites and password-protected sites, and I can't get in to even write these messages. Sometimes, I can SEE the account of the person, but because I don't have my own account on this or that chat network, I can't write to them.

If I can figure out how to do this referrer thing, then I will probably just do that and serve out an image of the relatively benign message "State of New Jersey Correctional: Registered Pedophile - warning required by law" or something like that.

But yes, when I receive a $900 bill, I'm clearly thinking how fun it would be to unleash wickedness upon the land -- for at least a week. After all, the only people who would be affected would be bandwidth thieves.

Cheers,


Edward

"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door

 

[sleipnir214]

Those links to the Apache documentation should be just what you need.

Also, if you use the "combined" custom log to log activity in this site, you will, for those with it turned on, be able to see the sites which are refering users to fetch graphics at your site. Armed with the domain name, a simple whois lookup will give you the registrant of the domain. A ping or nslookup will give you the IP address of the refering entity, from which you can do a whois lookup at ARIN, RIPE, APNIC or LACNIC to find out the network provider giving access to the offending party.


And I think KornGeek is on the right track.

If these images were JPGs or PNGs, then a HUGE image of a block of a single color, with high compression, would be a fairly small file. With luck the thieves aren't specifying the width and height attributes of the images.

A solid black 2048 by 2048 jpeg with maximum compression runs only about 25K. But imagine what an image that size could do to the layout of a web site...



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jrbarnett]

Alternatively, do what I did - redesign the site to not use images at all, then, remove the images from the server.

John

 

[sleipnir214]

Or redesign the main page so that it sets a session-tracking cookie on the user's browser. Then redesign the rest of the site so that no image is directly available, but rather has to be fetched through a script.

Then have the script which streams the images check for either the referer or for the presence of that cookie (it can also insure that the cookie is a valid one). If neither is correct, the script still streams the images -- only it does so vvvvveeeeerrrrryyyy ssssslllllooooo

http://wwwwwlllllyyyyy.

You know -- send one byte, wait 5 seconds, send another byte, wait 5 more seconds.....

The thieves will stop using your graphics off your server if they understand that their own sites will take forever to render.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[rosieb]

Nice!

Rosie
"Never express yourself more clearly than you think" (Niels Bohr)

 

[SemperFiDownUnda]

State of New Jersey Correctional: Registered Pedophile - warning required by law"

I like that one



Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

 

[EdwardMartinIII]

I used

    Order Allow,Deny
    Allow from env=local_ref
        SetEnvIfNoCase Referer "^[URL unfurl="true"]http://my.apache.org/"[/URL] local_ref=1
        <FilesMatch ".(gif|jpg)">
            Order Allow,Deny
            Allow from env=local_ref
        </FilesMatch>

testing...

Cheers,


Edward

"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door

 

[EdwardMartinIII]

Crackness!

Okay, once I changed "

http://my.apache.org/"

to my correct URL, it worked and my heartrate went down.

Thank you for the idea and definitely a star for the links!

Cheers,


Edward

"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door

 

[EdwardMartinIII]

A little update on this.

First, thank you again for the advice. I've noticed a huge drop in bandwidth pull to people who register as "Pageviews: 0".

My ISP is still evil, but that's a different problem.

A curious effect of this is that when people try to view the site via a web interface, sometimes the web interface itself proves problematic. No matter what they do, they can't see the images on the web site.

Generally, I've chalked it up to them being behind some kind of weird paranoid server that routes everything through an interdimensional pinhole.

So, thanks again. It's nice to have that all taken care of.

Cheers,

Edward

"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door

 

[sleipnir214]

I'd surmise that the problematic users have referrer reporting turned off in their browsers.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[EdwardMartinIII]

So, this is something I can tell them they can fix themselves, or is it something on their server?

Cheers,


Edward

"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door

 

[sleipnir214]

It depends on how you want to work around the problem.

One workaround is to require that users' browsers have HTTP referer reporting turned on.

Another is to modify the Apache configuration so that if the referer is blank, the user is allowed to fetch the image.

Neither is a perfect solution.



Want the best answers? Ask the best questions!

TANSTAAFL!!