I was browsing around eBay yesterday and stumbled upon an old auction which had some pretty vile graphics on it. The auction was about music in some way, but some of the pictures (I assume they were originally music-related graphics) were instead these rather gross porn pictures with obscene language printed over them. Maximum offensiveness was strived for, I’d say. I viewed the source of the graphics and it was some domain site relating to CDs.
I wrote the owner of the auction and asked him what was up, if he knew about the graphics, and so forth. He wrote back and said, “my graphics were hijacked by an outside entity.” He went on to complain about how awful it all was, how embarrassing, how eBay was informed, and how he’d “fixed things so it would never happen again.” What he didn’t admit (until I started asking him more questions) was that the reason “his” graphics were “hijacked” was because he stole (hotlinked) the graphics from this “outside entity.” And that was the reason he couldn’t change them since he didn’t have control over them.
Now, granted, what this CD site did to him was beyond vile. I can’t stand hotlinking but I know that most people do it out of thoughtlessness and ignorance and I can think of more amusing ways to embarrass them than replacing the graphics with porn. But I thought it was pretty hilarious that this guy, even when caught, couldn’t just admit that HE sort of brought this on himself by trusting that he could use someone else’s graphics on someone else’s server and that he’d never piss anyone off by doing so. So instead of saying, “Yeah, I messed up, but look what this jerk did” he tries to place the blame on the other guy, by saying that his graphics were “hijacked.” No, sucker, YOUR graphics were not hijacked. You didn’t deserve something quite so vile to happen to your auctions, but I still can’t feel terribly sorry for you. Glad that you’ve vowed never to hotlink again, though.
I heard someone did that with goatsec once-to CNN and a bunch of other news sites. He had a picture of something related to a top story, and every news website and their brother was linking to his picture.
A while ago I patched Apache so it would grab a random porn image any time an image was linked from my server that had an unauthorized referral address. That’ll show 'em, said I. And by and large I was right. When reviewing the logs, I noticed that most all instances of hotlinking lasted a very short time.
Then one day after I had long forgotten about it, I added another server behind our load balancer. Because of the way I had set it up, the load balancer ended up accidentally caching the porn images, and 50% of our page hits went out with porn all over the place before anyone noticed anything.
No, I don’t really feel sorry for this guy either. Especially since he was too weasely to admit what he’d done. If I’d been ignorant of the workings of bandwidth theft, I would have been left with the impression that he was some hapless victim who was “hijacked” by some malicious “outside entity.” When in fact he simply pissed someone off just a little too much.
As a continual victim of bandwidth theft, I haven’t gone to “extremely gross” route. What I have done on occasion (got the idea from a fellow Doper) was to put up a tacky picture, or, in a few instances, a graphic that says, “NAMBLA: I molest children and steal bandwidth.” That definitely gets the hotlinker’s attention.
friedo, oh yeah, it sounds embarrassing! I’ve had a few graphics that were meant for theives end up on my pages. It’s embarrassing too, but usually the graphics say something like “THIEF” or something, so it’s not quite as bad as accidentally showing porn! :eek:
I’ve seen a couple people who tried to hotlink to photoshop contest images from Something Awful on another message board. The thread they posted them in was shortly filled with porn images that were probably upwards of 1000x1200.
Firstly, the GPL doesn’t oblige you to distribute patches. In fact, you don’t even have to accept the GPL just to use the software. It only requires that you provide the source for any binary that you distribute.
It’s important to remember that the site hosting the pictures didn’t actively do anything to this guy. It’s not like they hacked his server or anything. All they did was fix it so that anyone who tried to leech their bandwidth in this way would be served a different picture from what they were expecting. They’re under no obligation to host pictures at all, let alone host them for complete strangers who won’t spring for their own webspace.
I’m thinking of starting my own website. Nothing big, just some random scribblings and a place to host my digital photographs so that friends from back home in Australia can see them.
Now, i’m not the world’s greatest photographer, and i can’t imagine that anyone would want my pictures, but if they did, how does one tell that one’s graphics have been hijacked in this way? Is there a special way for webmasters to know this stuff?
Sorry if this is a dumb question, but i’ve never been a website owner, and i want to know how i can trace stuff like this, especially since small sites like the one i plan tend to get charged more by the host based on the amount of bandwidth used each month. I don’t want to have my fees jacked up by hijackers.
Your account will have a logfile on the server, and possibly a nice viewer to make sorting through all the information easier. This logfile has all the URLs that were accessed on your website, the IP adresses that acessed them, and any URLs those pages were called from. If you see a bunch of accesses of “myphoto.gif” from “www.thiefurl.com”, you can be pretty sure that someone at thiefurl is hotlinking to that image.
