Stealing images...unique situation

[encryptdesigns]

So I have been researching this ALL DAY and found all kinds of things about modifying the .htaccess file to block this dude from stealing images.

Here is what makes this a unique situation. We are running Apache with hundreds of similar websites that are sharing the same images. So instead of having each and every website have its very own copy of each image, we decided to save space, and have one folder (and rewrote part of the httpd.conf file to make it work) but now there is a site (not hosted by us) that is hardlinking images from one of my clients on his site

How do I block this guy? I have pretty well tried everything I have found online. I even found this nice tool here:

http://www.htmlbasix.com/disablehotlinking.shtml

If I take my clients site XYZ.com and add a .htaccess file there and paste the results gathered by the above link then I get an Internal Server Error. So I decided to go into the Shared Folder regiion and added the .htaccess file there. But the problem is that not only is the STEALERS images not work, but none of our clients on that server work either

So, hopefully, you can see the uniqueness of this situation. I even tried a DENY FROM with the stealers' IP Address but to no avail. I'm sure all of the code that htmlbasix.com provided would work under normal circumstances, but not working for me with this.

Maybe editing the http.conf file would be a solution perhaps? Thank you guys for your time once again and hopefully I can stop this idiot!

[lumi]

sounds not good your case. i had the same problem but i could fix it with a simple DENY FROM in the htaccess.
are you sure that you htaccess work properly and it is in the picture folder?

lumi

[Itsacon]

If your server runs PHP, you could use that.

I had a similar problem, and I solved it by having all images served out by a php script (aptly named image.php), which has a list of allowed addresses and hostnames, and only gives out the image if the referer is from one of those domains.
The images themselves are stored in a directory on the server that is not directly accessible by the webserver, only by PHP.

If you're interested I can post the code for the script.

[macboy9000]

possibly the reason the htaccess fixes aren't working is because the images are being stolen from your client's sites, not yours. however, are your clients using an extended version of your domain (i.e. http://www.yoursite.com/hosted/theirsite), or do they have their own domain (i.e. http://www.theirsite.com)? if it's their own domain, that's probably why the htaccess files aren't working, but if it's an extended version of yours, i can't really help. just to check, you should try using the php image trick, and move the shared folder so that the stealer will lose the links altogether. maybe then you could apply another htaccess file, also.

[Itsacon]

Macboy, the images are on his server. The clients' servers are linking to them from their server. .htaccess SHOULD work.

if you add

Code:

allow from <first client's domain>
allow from <second client's domain>
deny from all

it will only allow connections from those domains.

[macboy9000]

right. i know that. well, i suppose what i said could be out of context depending on what his .htaccess file looked like. but supposing he only allowed HIS server to view the images, assuming that since HE was hosting his clients sites, it would still allow them. maybe, rather than blocking and allowing domains, you could just use your IP address. unless it's dynamic, in which case you'd have to define EVERY SINGLE domain that you host. and that's just inefficient.