Website Hammered by Hotlinking, Spammers, and Free Loaders?

My main site recently was hammered by Hotlinking, Spammers, and Free Loaders. This can happen to any website, so we all need to learn how to keep an eye on potential abuse of our sites.

Hotlinking Images

Hotlinking is the technique of linking to images on your site for use offsite. That’s the simple description. It is the abusive use of your images on other websites. The images linked and used are not limited to just the pictures on your posts, but the graphics used within your site such as background graphics, the header, logos, any image on your site.

By linking to your image, they get to use your image, usually without permission, but they also get to use your bandwidth and server space. The link goes out from their site to your site where you have the image stored and the image then is used on their site. The costs associated with a website are a combination of space and bandwidth. When others use your stored images, they are using your storage space. When they link to your images, they are using your bandwidth, not theirs. So you are paying for their use of your images in more ways than one. Some of the most notorious hotlinkers are those who want to use your images without permission (but we haven’t really stolen it, have we?) and those without storage space of their own.

How do you know you have your images hotlinked? Your server should allow you access to your statistics and site reports. These are also called Logs, Access Logs, or Bandwidth Logs. You will need to start your detective work there.

There are several places to look for clues that your images are being hotlinked. Look for sections related to the files being accessed, often called the most accessed pages, urls, files, or file types. If these sections list specific files, you can see how often a file has been accessed. If an image is getting a lot of access time but the page on which you have the image isn’t, then be suspicious.

To put a stop to hotlinking on your site, start with your server options. Check with the server to see if they have a feature for preventing hotlinking. If not, then you can add your own prevention by editing the .htaccess file in your root directory.

For information on changing the .htaccess file, these helpful articles.

• Preventing Image Bandwidth Theft With .htaccess
• Stop Hotlinking and Bandwidth Theft with htaccess
• Htaccess Disable Hotlinking Code Generator

Spammers: Comment Spammers, Site Spammers, Email Spammers

Remember Spam, that nasty stuff created to serve the military as something-that-might-be-meat-in-a-can? Besides the fact that my father happens to like it, this is considered of the nastiest things on the planet made by man, so the term has migrated over to label the nastiest things found on the Internet.

Email spam was the first big nasty on the Internet. Unwanted email slinking into your inbox promoting all things greed, sex, and snake oil. Email addresses were generated by computers putting names and email services together randomly, as well as found and harvested from chats, forums, and websites.

To protect your email on your website, you can do a variety of things. One of the easiest is to obfuscate your email address when you use it manually. For example, my email address is: lorelle@cameraontheroad.com.

While you see it on the screen as “right”, this is what it really looks like (spaces required to make this visible here):

& #108;& #111;& #x72;& #x65;& #108;& amp;
#x6C;& #x65;& #x40;& #x63;& #x61;& #109;& #101;
& #x72;& #x61;& #x6F;& #x6E;& #116;& #104;& #101;
& #x72;& #x6F;& #x61;& #100;& #46;& #x63;om

You can create your own from one of the links below and save it in a text file ready to paste into your site whenever you need it.

WordPress users have it even better. Using template tags on template files, the email address is pulled from the database, which helps to hide it from the email harvesters. You can also use WordPress plugins like Coffee2Code Obfuscate Email WordPress Plugin which will automatically rewrite your email address into character codes.

Here is more information on hiding your email address:

• How and Why of obfuscating your address
• A Simple Character Entity Chart
• ECM–Email Countermeasures Javascript Email Converter
• Duke University – Hide Your Email Address from Spammers
• WordPress Codex – Protection from Harvesters

From email, the spammers have expanded to attack comments on interactive websites. Lucikly, WordPress and other blogging software programs are fighting back so there is often little you need to do. Comments that are “questionable” are automatically stopped or put into the Comment Moderation panel, awaiting your review and approval. Users of WordPressMU, like wordpress.com, are usually protected by Bad Behavior – Comment Spam WordPress Plugin and/or Spam Karma 2, two of the top comment spam fighting tools. If you are running the full version of WordPress, consider adding those anti-comment spam plugins to your site.

As a last warning, be wary of nice comments left on your site. These are often caught by the good spam catchers, but some slip through. They often say things like “I can tell you’ve put a lot of work into your site,” and “I’m going to tell my friends about this. Thanks!” Check the email address and link address to see if it is valid and a link to someone who really cares or a potential comment spammer. If it is questionable, delete it.

Remember, you are in charge of all the content on your site including comments. You choose what stays and what goes.

Free Loaders: Website Users and Abusers

A more difficult to track form of abuse of your website is freeloading, also known as silent spamming and referral spam. Silent spamming is when freeloaders take advantage of your website by registering as “members” on your site or tapping into your guest book which might not show up on your site or in your comment moderation, but their website is listed and search engines find it. It is considered a link by the search engines, and the more links to a site, the better the page ranking in search engines.

WordPress helps to combat this by using a nofollow tag in a link which instructs search engines not to follow a web page address link in comments.

Another method of silent spamming is called referral spam. If you publish your site statistics or referrals, or use one of the popular site statistic analyzing programs, like Webalizer, abusers can use their spiders and robots to access this information and use the referrer links in the statistics to link to other sites, using your site as a giant link spider launching point. This is also known as backlinking.

How do you know if you have been hit by one of these silent spammers and abusers? Again, check your site statistics. If you are suddenly getting a boost in traffic, and Slashdot hasn’t highlighted your site, then this unusual traffic could be a sign of referrer spam.

To my delight recently, I witnessed a big jump in traffic. To my dismay, it turned out that this increase in traffic and hits on my database was actually freeloaders and website abusers using referrals and other methods of taking advantage of my site and bandwidth. I dug into my site statistics and found under my top hosts stats, an amazing amount of traffic from only a few sites. Here is the list of the top hosts on my site. To avoid promoting them, I’ve censored part of their IP addresses.

IP Address	Pages	Hits	Bandwidth
70.85.XXX.XXX	5319	5319	440.00 MB
216.195.XXX.XXX	5304	5304	435.96 MB
216.195.XXX.XXX	4711	4711	386.68 MB
64.124.XXX.XXX	878	878	35.79 MB
69.28.XXX.XXX	379	379	31.24 MB
65.19.XXX.XXX	359	359	24.08 MB

I don’t have to be a rocket scientist to see that there is a big gulf between 35 and 386 megabytes. That’s over a 10 times increase. The jump from 878 hits to 4,711 is also a definite clue that something abnormal is going on.

A check on these IP addresses lead to a marketing company and two porno sites. Not the kind of people I want to invest my hard earned money into supporting on my website.

To stop these site leeches and freeloaders, contact your server to find out what services they have available to deny access or ban IP addresses. You can also set up deny access commands in your .htaccess file. To track them, learn to read your site statistics and logs. For more information, see:

• Security: Silent Spamming – Is your Website Being Abused?
• Referral Spam – What looks innocent often isn’t
• Apache Server – Module mod_access – Access and Deny
• Apache Manual – Authentication, Authorization and Access Control

The Moral of the Story?

Evil doers and abusers are part of being human. Unfortunately, part of being human means being aware and informed on how the abusers work so you can do what you can to protect yourself.

Learn how to use your site statistics to monitor what is going on regularly. In an upcoming post, I’ll talk more about what you can learn, good and bad, about your site statistics, but for now, play Sherlock Holmes and keep an eye out for the bad guys who are abusing your site and stop them.

The only way the bad guys can be put out of business is if we stop them when they start, prevent them before they start, and make their income dry up completely.

---

Site Search Tags: hotlink, hotlinking, spam, spammers, free loaders, steal, bandwidth, steal bandwidth, images, graphics, photos, photographs, apache, htaccess, content theft, abuse, stealing images, copyright, protection, copyright infringement, illegal, illegal use, allow, deny, monitor
Copyright Lorelle VanFossen, member of the 9Rules Network