Protecting images.

Jimathy · 11 Nov 2008 at 21:59

I've got a site built on drupal on which I have some protected content for registered users and subscribers only, all imagery in jpg form.

I'm looking for a good way of stopping some of these images being leeched, particularly the subscription images.

I appreciate there's probably no completely watertight way but would just like to make it a bit harder for the casual leecher.

Ideas and experiences appreciated.

Tripnologist · 11 Nov 2008 at 22:03

There is no point. It just makes you look unprofessional.

That being said,
- overlay a transparent .gif over your images.
- Disable right click.

The only real protection you have at all is watermarking your images.
Why would you want to 'protect' these images from your 'subscribers' anyway? They've already paid to view them.

Jimathy · 11 Nov 2008 at 22:10

What I'm trying to prevent is people that don't subscribe just going straight to http://www.mydomain.com/subcriber_images/subscriber_only_image.jpg
Or subscribers subscribing for a short period, figuring out which directory the image is in and then canceling their subscription, but carrying on viewing the images without paying.

Augmented · 11 Nov 2008 at 22:10

You can use a rewrite rule to ensure that images are only available to be viewed on your site. If the image isn't being viewed on your site then you can rewrite the image request to another image - one with "Stop Leeching!", porn, shock images etc. Whatever takes your fancy.

However, if you're doing this to stop your bandwidth being consumed then you're better off returning a 404 or a 1x1 pixel gif.

It's not perfect as it relies on the referrer header being sent by the client, which can easily be spoofed/removed, but it's generally a very successful solution.

For more info: http://www.alistapart.com/articles/hotlinking/

Note that the article provides a more robust solution, you can ignore the PHP and just use an .htaccess rule:

Code:

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC]
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !yoursite\.com [NC] 
RewriteCond %{HTTP_REFERER} !friendlysite\.com [NC]  
RewriteCond %{HTTP_REFERER} !google\. [NC] 
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]

RewriteRule (.*) -

More here: http://delicious.com/search?p=htaccess+hotlinking&chk=&context=userposts&fr=del_icio_us&lc=0

Tripnologist · 11 Nov 2008 at 23:28

Jimathy said:
...figuring out which directory the image is in and then canceling their subscription, but carrying on viewing the images without paying.

Why not just make it so the directory can only be viewed by those who are logged in and are subscribed? If they cancel, remove their access.

Jimathy · 13 Nov 2008 at 16:25

Tripnologist said:
Why not just make it so the directory can only be viewed by those who are logged in and are subscribed? If they cancel, remove their access.

That's pretty much exactly what I'd like to be able do.