While image theft has not big a big issue with our sites I thought that you would like this creative way of dealing with it.

When you identify an image theft theough your logs (referrer file) you just do the following:

1. Copy the original image

2. Rename the original and reassign it within your page that it resides

3. Change the original copy to include the name of your website BOLD over the image or just create an all new image.

4. Upload the new image to your site using the same name and path as the original (before step 2).

Then go look at the site that was stealing the image. It now will be showing your NEW image in its place.

Here is an example:


http://www.afterdark.it/...splay;num=1026728492

This was a picture of the new Ducati MotoGP bike. Now it is all black with MotorcycleIndustry.com over it.

I figure that if someone is going to take an image you might as well get some advertising out of it!

Nice one Brian!

I think I will adopt your methods for my upcoming grahpic design site.

Interesting avtar that the theif is using BTW


http://www.iuni.com/...tware/web/index.html
Links Plugins

It is almost too bad that there can't be a program that rotates the images names on a regular basis like:

Week one:

Real Image = 122345.jpg

Week 2:

Real Image = 122346.jpg

and fake image = 122345.jpg

This way you don't have to worry about images being taken. They would just take it for a week then it becomes advertising for your site!

I am sure this is... maybe something on hotscripts?


http://www.iuni.com/...tware/web/index.html
Links Plugins

You can do it automatically with apache rewrites....no need to rename your images, you just tell apache to send back a different image if the referer does not have your website's URL in it :)

eg....

You have this in your webpage...

<img src="/images/foo.gif">

....someone links to:

<img src="http://www.yourdomain.com/images/foo.gif">

....their referer will be www.theirdomain.com and not www.yourdomain.com, so with a re-wriite, apache will spot that and send back a porn image or whatever you fancy :) "Stolen from mysite.com"

I'll try to find the code.

Ooo, that sounds nice indeed!


http://www.iuni.com/...tware/web/index.html
Links Plugins

Alright Paul!

OK, I'll turn you into a King then (no not a dog named king).

<<<<POOF>>>>>

You are now the King of Image Piracy Security

Ahh...But what if you are HOSTING images for other sites as well?



edit:If you use /imagename.jpg on your own site and give http://www.yoursite.com/imagename/jpg to sites that you are hosting an image for would that be a work around?

As Paul points out, Rewrite is the better path to take. It's what I use. For example:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} !stolen.gif
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*your-domain.com/ [NC]
RewriteRule /* http://www.yourdomain.com/images/stolen.gif [L,R]

But you should be able to edit the RewriteRule to point to a script that outputs a random image - mind you, greater overhead on server.



Cheers - Dan

----
Cheers,

Dan
Founder and CEO

LionsGate Creative
GoodPassRobot
Magelln

Rewrite is definitely better. You can also take advantage of the RewriteMap directive to serve up a watermarked version of your image... if you're feeling especially dastardly maybe even set it up so that the first 1-3 hits are normal and then your site logo is smeared all over the image

Here's an additional tutorial on how to setup your server to deny off-site ref's of your images (if Dan's example wasn't enough )

http://www.livejournal.com/...qbrowse.bml?faqid=73

Hey Aki,

The issue I see with that method is the following:

a. If you serve banner images for other sites

b. If you have a Linkshare or CJ Affiliate program

Both of these will be hindered by making this a "global" watchdog rather than a specific issue control.

Then of course the other item is NT rather than Apache.

Any ideas?

Sigh, there's always one

Not sure about IIS, but it's very easy to set certain parts of your URL system to be accessed from other sites. I just recently setup a site so that all images except for those found in /banners/ are blocked. Since rewrite relies on regex's you can even set it up so that any image outside of the banners filesystem with the prefix "exportable_" can still be linked from an offsite source.

I'm the wrong person for IIS though, I still had problems getting links to run on IIS (turns out it was ACL permissions on perl.exe...)

I can't get either of those rewrites to work grrrr :(

ah the ol' IIS permissions thing!

Yes NT is a bit more tricky but I will say once it is set up it is a rock!

I like the idea of placing everything for export in a file for it but I still come back to the same issue (the original post) which is that there really is no way to automate the image switch (rotation). While what you have said along with others is very do-able on the ol' Penguin it still falls short of being friendly for the Linkshare, CJ and served banner issues. It just so happens that NT exacerbates the condition.

But I can live with that especially considering the fact that MS OS is again gaining momentum and that the black and white developers are falling like flies buzzing around no pest strips. It is only a matter of time before MS OS takes back the #1 position on servers (as well as maintaining its #1 status on PC's and office networks). (I know these comments will bring out the angry Penguins quoting all the Unix biased OS tracking systems. LOL.)

I have fun being one of a few on the "this" forum that uses NT. Keeps everyone on their toes when developing. LOL

Ok I take that back...all my images just went on vacation ...however the direct linking didn't prevent me from seeing the image (ie when the referer was blank) even though I had:

RewriteCond %{HTTP_REFERER} !^$

RewriteLog might be a handy directive to turn on when you're playing with rewrite. I've used it a few times and it prints reams of useful information.

Hi Paul:

In my Rewrite example, that line defines that if no referer passed, the image displays. I added it to compensate for web beasties like firewalls that are often configured (usually by default as is the case with Nortons) for maximum privacy such that referer is not passed. So in my example, calling the image directly (i.e., typing in the URL to the image in the browser address bar) will pull the image. I see one downside in that javascript-based image pulls may not pass referer so this may be one means to defeat the Rewrite.



Cheers - Dan

----
Cheers,

Dan
Founder and CEO

LionsGate Creative
GoodPassRobot
Magelln

Ah yeah I always forget that....ooo RewriteLogLevel 9 wasn't such a good idea

Good point...hehe I just need to remove the "!" right?

tsk tsk tsk, such a trouble maker. Watch out, us penguin lovers have teeth. rwar, munchmunch.

Anyways, take back #1? I don't think MS ever was the leader in servers, perhaps in SME but certainly not in large corporations where big blue and other big names throw their punches. On the internet, IIS has never been #1 as far as I know, if it ever had, every penguin hugger (including me!) on the planet would be crying foul.

.Net has my radar beeping through, that seems like it can change things.

Anyways, maybe take a look at these URLs. A quick google search brought them up... not sure if they're at use at all for you:
http://www.pstruh.cz/.../urlrepl/library.htm
http://www.isapirewrite.com/

Yep. Not something I'd do - at least not in my main images directory.



Cheers - Dan

----
Cheers,

Dan
Founder and CEO

LionsGate Creative
GoodPassRobot
Magelln

LOL

I knew the angry Penguins would come out of the closet on that statement. LOL



As per large corporations, you are correct. The buyers of Amdahl and IBM system III's are not the norm. And those guys spend a lot of time in the Cobol and Fortran arenas.

What made the Penguin get a big foot hold is Dell and its server hosting service as well as others. But I guess if you are looking for the cheapest way to do it and the greatest profit (as Dell and other public companies do) they would choose it over the more expensive MS OS. Just as MySQL has a foothold over MSSQL, Oracle, and others with a price issue.

Thta's OK Aki, there will always be room for the Penguin. Just as Apple has survived through their school programs and niche development programs. The Penguin will live on and maybe even longer than Commodore Basic!

Did you see where a group of people got a Commodore 64 to act as a server on the net? See, anything is possible for the Penguin!LOL

Both products have carved niches for themselves. If MS can create software that doesn't create those spectacular PR/security problems (Nimda for example) I think they're going to do well especially at home and in the SMEs. mmmmmmm... yummy looking worm, bite or not? Naw, just stop handling Mr. NT's support instead (not that I would anyways, there are more qualified people in the office to handle that)

Funny you should mention the C64, I was looking at putting Linux on my PDA until I saw all the warning labels on the site. My PDA's got a nice little 1G Microdrive on it and its possible to get a Network card for it as well. I could of kept a minature version of my devel env in my pocket at all times and on the road, I could just plug into any local network whenever I wanted to show off/work on my stuff.

I figured out what my next thread will be when I get a chance.

Companies that develop for the Penguin that have gone BK. Hmmm...I better not. There may be a server space issue. LOL

Seriously I have had nothing but horror and grey hair from MY Linux server. It had an uptime percent that would get most IT specialists fired ten times over. My NT servers that I have do not have uptime issues whatsoever. The one that I use for LinksSQL/GForum/etc has been restarted 2 times in 30 months. Both planned. My Linux server, well lets just say that if it was up more than 70 percent of the time it was a good day. Yes, Daily!

Maybe it was from the ISP, maybe it was the virtual IP's giving them a fit, maybe it was the 36 domains on one server, who knows. All I know is that I do not have any problems on NT. So why fix something that isn't broke right!

By the way, I agree about .NET. That will be the death deal to Java in the business market. But, that is just my opinion of couse.

Oh and the Nimda virus did not populate at the same level as KLEZ has. Sure Outlook made it go like wildfire as almost all virus programs use security issues (left unfixed, unpatched and unprotected by antivirus programs) to multiply. The reason these made such a footprint was the people that were on the net without virus protection and/or patching their Outlook (sex without a condom).

The only true MS only virus seen in the last couple years was Code Red and the spin offs of Code Red. This attacked MS Servers only.

Bottom line, getting me to convert to the Penguin would take an act of God! LOL

Teambldr,

I can truly see what your saying. But the problem is that most folks don't have as much skill as you do. Take my ISP for example. He's learned that running a machine as ROOT was stupidity to looking them down so hard they squeaked.

If you take this another step you'd have all kinds of folks that get nailed by viruses as soon as they've reinstalled their system without virus protection. Just 2 days ago, I was a friend's used car dealer shop. He's got this nifty car auction PC with 98 installed. His office staff girl went to check the mail and boom, right before my eyes klez sent the box to a black screen with a "_" waiting (this was after I had tried installing a virus protection program. Too late. ... the Auction system staff just had finished re-installing the system that morning.

And the final step. All the home users who can't really protect their own system out of plain lack of experience. M$ is number so they've got all the newbie types too.

So, even trying to give M$ a fair shake. They've still got themselves in virus heaven. I wonder what will happen though.

.Net ... hehe ... is gonna depend on how much M$ wants to charge for it. Last I heard quite a few companies were complaining.

Hexley, the un-official mascot now reigns as the largest single distributor of *nix. And, Hexley is having a big problem playing ball over Office. So, imagine open office, star office teamed up with Hexley what will .NET have?

XBOX ... the undercover, pull the wool over your eyes sneak attack. A while back I said the same thing, and I'm still sticking to my guns. M$ is working to put itself in all of your homes. lololololo ... Body Snatchers SPXP.

---

openoffice + gimp + sketch ...

Hi.. If you have mod_rewrite enabled on your server.. here is a better solution..

I developed this to secure my javascript source files (*.js). I believe this method is foolproof.. well.. no.. but it's the best method in my opinion.

RewriteEngine On
RewriteBase /images
RewriteCond %{HTTP_REFERER} !^http://[^/]*yourdomain.com
RewriteCond %{REQUEST_URI} \.(jpg|gif|png|bmp)$
RewriteRule ^.*$ /yousuck.gif

that goes into your .htaccess.. basically.. if anyone tries to go straight to the image or if they try and put the image on their site.. it'll display "yousuck.gif" instead.. xoom.com used to do this.. geocities.com does something similar. umm.. they can always just save your image and upload it to their own site.. so it doesn't keep them from "stealing" your images.. but it keeps them from "stealing" your bandwidth..

if you want to prevent stealing images.. you could just do a no right click javascript on the site.. that's just 2 lines of code.. if you use both of these methods.. your images can't be taken, unless they disabled javascript.. but there is no way of preventing that.. the browser's cache stores the images anyways..


ya.. so try it.. it works great. :P


[edit]oh.. it needs a little changing for images.. the code i used was for .js files only.. umm.. for images you'd probably want the referer line to be "if referer && referer =~ /yourdomain/" rather than what it is now..

No right click scripts can be bypassed by using the browser window functions or keystrokes.

I just let them take it, let them add it to their site and then change the image after to get marketing out of it. It's more fun!!

oh.. i see what you're saying now..

kind of like what i did for javascript.. what i did was.. i sent all requests that weren't from my domain to a cgi file which recorded the referer, ip, and browser used. then i printed out a new javascript file that would run an infinite loop of alert windows that said "Copyright 2002 www.jsu07.com"..

so pretty much.. if anyone tried to copy my js and ran it on their sites.. they would get alert window after alert window..

i change that though.. only 1 alert window now.. not as cruel as before..

actually.. i'd like to challenge you people.. knowing you are "code hackers", i'm sure you'll all find your own ways around my method. i for one know a few ways to bypass it.. heres the challenge tho..

http://www.jsu07.com/ <-- contains a javascript file (/js/v6temp.js)

if you can obtain the full source code to .js file.. i.. umm..... congratulate you?

also.. it'd be nice to know how you did it.. (using telnet is the easiest way)

Is this it??

var anim = new Array ();

anim[0] = "J S U 0 7 . C O M |--v6--| Dulce Et Decorum Est Pro Patria Mori";
anim[1] = "J S U 0 7 . C O M |-v6---| Dulce Et Decorum Est Pro Patria Mori";
anim[2] = "J S U 0 7 . C O M |v6----| Dulce Et Decorum Est Pro Patria Mori";
anim[3] = "J S U 0 7 . C O M |-v6---| Dulce Et Decorum Est Pro Patria Mori";
anim[4] = "J S U 0 7 . C O M |--v6--| Dulce Et Decorum Est Pro Patria Mori";
anim[5] = "J S U 0 7 . C O M |---v6-| Dulce Et Decorum Est Pro Patria Mori";
anim[6] = "J S U 0 7 . C O M |----v6| Dulce Et Decorum Est Pro Patria Mori";
anim[7] = "J S U 0 7 . C O M |---v6-| Dulce Et Decorum Est Pro Patria Mori";

<SNIP> middle part cut out </SNIP>


doTitle ();

onload = start;

yup.. telnet?

Nope...

1. Go to: www.jsu07.com

2. Click "view source"

3. Notice that .js file is located at www.jsu07.com/js/v6temp.js

4. Enter URL to .js file and choose "Save to Disk"

5. Open .js file and hack away

errr.. that's not supposed to work..

i don't know why it did..

i did change the .htaccess without testing it.. but i'm pretty sure the code is right.

Hah, you could just go to www.jsu07.com and then check your temp internet files directory

<snip>

function start () {
document.getElementById ("jsu07").style.pixelLeft = document.body.clientWidth;
setTimeout ("fiQuote ()", 500)
}

function fiQuote () {
clearTimeout (to);
object = document.getElementById ("quote");
if (object.filters.alpha.opacity < 100) {
object.filters.alpha.opacity += 10;
to = setTimeout ("fiQuote ()", 50);
}
else to = setTimeout ("fiAuthor ()", 1000);
}

</snip>

BTTDB Jerry :)

Hmm apologies in advance for my eliotism but your site spews in NS6....

Copyright Violation

You are seeing this page because your site, or the site you came from, has attempted to copy javascript from JSU07.com.

Your IP address, operating system, web browser and other information have been recorded and sent to the administrator. The URL in which the violation occured has also been recorded.

OMG Paul....that ism

ew.

well maybe there's no good way to protect javascript then. linux people are able to view source.. while windows people with IE have to go to their cache. I don't really care for Netscape, but obviously since the mod_rewrite is all server-side, netscape doesn't send the referer with the script request..

so... all browsers are unalike. i don't really care for netscape though, that thing is blah. my past sites have been javascript intense and i found making it all compatible with netscape is like doubling the length of the source code.

i wanted to protect javascript after a few sites just took the code and copied it completely, changing my "by: jerry su, email: email@jsu07.com" and replacing it with their own name and email. i even had a copyright message which they left in tact.

oh well.. i'll remove the .htaccess and forget the whole thing.

One way would be to put it in more than one part in multiple folders. This way if they do copy it they will only get a part of it.