Hotlinking (or image theft) is sometimes mistaken for negative SEO. Most of the time, however, the perpetrators aren’t out to do harm, just to profit. Even if it’s not malicious, hotlinking can cause harm. Knowing how to identify bad links and understand their consequences can help you protect yourself. An update from Mikaël Priol, CEO of SEO.fr
What is hotlinking?
Hotlinking is the practice of “swiping” an image from one website and embedding it in another, using the URL of the original resource.
Except that the image is like a mini page, hosted on your site’s server.
This means that each time the page is loaded from the site that appropriated it, it’s the resource’s origin server that must provide the file.
The “thieving” site looks like it’s linking to the stolen site, but is in fact simply appropriating its resources… And the big problem with hotlinking is that not only do the referring domains not transmit any juice to the primary site, but they also harm its performance.
The problems of hotlinking
The main problem with hotlinking is the additional load on the site’s server and the potential overload.
Just as they use shared 2.0 platforms to simplify their lives and quickly create hundreds of sites, hotlinking authors will use whatever images they can get their hands on and duplicate the maneuver for each of the sites they create.
But if thousands of sites at a time are using an image from another site, the robots that map the web, like Google’s Googlebot, will pass over them to identify them… and each time they do, they’ll use up the bandwidth of the hotlinked site’s server.
Hotlinking draws on the resources of the stolen site, and can increase hosting costs for large volumes. If the server isn’t sized for it, it can slow down loading times. In extreme cases, it can even create a traffic jam on the server, generating server errors (error 500) on pages.
An isolated case of hotlinking is not a problem, but a high and repeated level of hotlinking will degrade the site’s rating and cause its position to drop, simply because it will perform less well, or because the Google robot will no longer find the pages in question.
Another problem posed by hotlinking is its “hijacked” use to set up redirects to malicious sites.
The devfall.blogspot.com blog had been hotlinking… If you try to visit it, you’re automatically redirected to a third-party site where you’re invited to click on a captcha (see below). In reality, this is a fake captcha, and clicking on it will open your computer to malware.
The sectors most affected by hotlinking are those that generate a lot of images: decoration, cars, fashion… A furniture site, for example, will have its images stripped very easily. But even niche markets can be hotlinked.
How to detect hotlinking
Two methods are generally used to detect hotlinking.
You can regularly monitor your server logs. In the event of hotlinking, you’ll notice a sudden increase in the traffic generated by crawlers on your images. This method requires regular observation and a good understanding of your traffic patterns.
You can use backlink analysis tools to spot suspicious links. These tools make it easy to spot any abnormal growth in the number of links pointing to your images. These undesirable links often come from sites with little authority, such as blogspots or foreign sites…
When a domain name seems suspicious, it’s important to examine the link profile of each domain to confirm your suspicions.
Hotlinking results in a significant increase in referring domains. This increase is a first indication, but it’s necessary to check each link to make sure it’s really hotlinking.
Hotlinking may occur sporadically, but is often carried out on a large scale. The better known a site is, the more exposed it is to the risk of hotlinking.
How to prevent hotlinking?
To protect your images from hotlinking, you can block access to your images from external domains while allowing search engine spiders to pass through by modifying your site’s .htaccess file. This modification will prevent other sites from using your images.
For example:
- RewriteEngine on
- RewriteCond %{HTTP_REFERER} !^$
- RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?monsite.com [NC]
- RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
- RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
- RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
- RewriteRule \.(jpg|jpeg|png|gif|svg)$ monsite.com/hotlink.jpg [NC,R,L]
This rule blocks access to image files (.jpg, .jpeg, .png, .gif) from external domains, with the exception of the “my-site.com” domain.
- The “RewriteEngine on” directive activates the URL rewriting module, while the “RewriteCond %{HTTP_REFERER} !^$” directive checks that the request contains an HTTP_REFERER header (i.e. that it comes from another site).
- The “RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?mon-site.com [NC]” directive checks that the referring domain is not “mon-site.com”.
- RewriteRule .(jpg|jpeg|png|gif|svg)$ monsite.com/hotlink.jpg [NC,R,L] redirects users who want to use the image without authorization to a “fictitious” image. The default rule redirects to a 403 page without design: RewriteRule .(jpg|jpeg|png|gif)$ – [NC,F,L]
Another technique is to insert watermarks into images. Watermarks are visual marks that appear on the image to indicate that it is protected by copyright.
Some hosting services offer built-in protection against hotlinking. These protections can include features such as limiting bandwidth for external requests, disabling image access for certain referring domains, or redirecting external requests to a default image.
Regular monitoring of your traffic and backlinks is a good way of preventing hotlinking. By identifying undesirable links early on, you can take the necessary steps to block them before they multiply.
