Images are easy to block with php, just never link directly to the images on your own site and feed them through a PHP script that checks the referer.
Since some browsers don't send refering information to the server you only want to apply your referer check to those that actually show the referer.
Also when you do your referer check, make sure that the host name is located in the correct part of the refering url. if you don't check that, something like:
http://www.somesite.com/page.html?http: ... rpage.html
will show your images. I found this out when I noticed archives of my site on google were loading images off my server.
Code: Select all
if ($HTTP_REFERER) {
$referer = strtolower($HTTP_REFERER);
$host = strtolower($HTTP_HOST);
if (strpos($referer, "http://$host") != 0 || !stristr($referer, "http://$host")) {
readfile("./images/dontlinktothis.jpg");
exit;
}
}
Use the header() functions to tell the browser it is an image and use readfile() to pass the image data through.