Hotlink protection has completely failed

[sdec]

Hello BH community...

I have already searched and read topics on hotlink protection and found no solution. I have already contacted BH support and was expecting a response today. Nothing. So, I'll ask here.

I've been using the hotlink protection feature for at least a year, and a few days ago I found there is now ZERO protection. It is possible to link/download/open ANY and ALL files throughout my domain and all sub-folders.

The hotlink protection system used to work as intended, so I have a basis for comparison.

What factors could override or corrupt hotlink protection?

Please advise (this is semi-urgent),

- SD

[areidmtm]

open up your .htaccess file located in the public_html folder and post what's in it or at least the hotlink protection part.

Have you installed any software from Fantastico?

[sdec]

Here is the .htaccess file from the 'public' root directory

Code:

# File modified on Sun Sep 24 02:57:11 2006 by server
# For security reasons, mod_php is not used on this server. Use a php.ini file for php directives
# php_flag register_globals off 

ExpiresActive On
ExpiresDefault A18000
ExpiresByType image/gif A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType image/jpg A2592000
ExpiresByType image/png A2592000
AddType audio/mpeg .mp3
AddType audio/x-mpegurl .m3u

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://sdecnet.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://sdecnet.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.sdecnet.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.sdecnet.com$      [NC]
... etc. All my subdomains have similar entries here

RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

I find no 'hotlink protection' block, but all those Rewrite entries mirror the list of allowable URLs in the hotlink protection scheme--except the file extensions, because I also have exe and zip protected, and they are absent from that final RewriteRule.

Thank you in advance,

- SD

[Basil]

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://sdecnet.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://sdecnet.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.sdecnet.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.sdecnet.com$ [NC]
... etc. All my subdomains have similar entries here

RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

..This would be your 'hotlink protection block'.

if (referrer) does not start with http://sdecnet.com or http://www.sdecnet.com
etc
then redirect any (jpg|jpeg|gif|png|bmp) files to a 403 error page

is what your code says.

Really it could be written a lot better, but meh. I don't see anything there that would make it not work.

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?sdecnet\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]

Cleaned up a bit, you could try that instead.

[sdec]

Using a more economical expression has no effect; and it's kind of pointless because BH rewrites its own expression whenever the hotlink protection panel is updated.

Support has finally responded; I'll give them a few days to resolve this.

I appreciate your time and efforts,

- SD

[cubbie866]

I had the same problem. Hotlinking protection has been broken for more than a month now. It used to work. I made several phone calls to Bluehost and eventually ended up with a ticket and had an administrator work on the problem.

Well, they did eventually get hotlinking working again, however, I started having a few people tell me they couldn't see any images when visiting my website. None. Most people would see the images, but some couldn't. I turned off hotlinking protection and then the images would show up for them.

In the end, I've reluctantly kept hotlinking turned off. I would be careful to make sure your site visitors are all seeing the images you want when it is fixed for you.

[fedor]

Hotlink protection works only if you view the image and refresh it
Ye I have this problem

[sdec]

That's very important information; and also unfortunate, because it shows me that BH has adopted a policy of denial.

Note. Hotlink protection is not limited to images. I used to use it to protect my exe and zip files; but now they are linkable from anywhere.

I won't bother sending a ticket; there's a faster way to fix the problem.

Again, thank you (all) for the quick information.