Recently I noted some suspicious activity: some images were being retrieved from my web server without a corresponding page view. That usually means someone is stealing my bandwidth.

How does it work? Say someone has decided they like a particular image on my site, so they “link it” to some other website elsewhere. This means that they don’t have to PAY for the hosting and subsequent bandwidth use themselves. A typical use is to link an image as an “avatar” for your bulletin board identity; each message shows a little picture representing the person talking. For a busy bulletin board, this can add up to thousands of image loads a day: not an insignicant amount. Leeches!

So I implemented the following in an .htaccess file in the imgcache directory:

SetEnvIfNoCase Referer "^http://(www.)?davidseah.com/" local_ref=1
<filesMatch ".(gif|jpg)">
 Order Allow,Deny
 Allow from env=local_ref
</filesMatch>

This theoretically allows requests that are made only from pages on my website. So far it seems to work. On the down side, it may break the site for AOL users and others who are behind corporate firewalls… it remains to be seen if implementing this countermeasure causes more trouble than it’s worth. Let me know!