More fun with MySpace hotlinkers… force a log out!

MySpace users are the worst of the worst when it comes to hotlinking.

They will link directly to an image on your server to be displayed on their site, using up your bandwidth every time it’s viewed. As I pay for my sites bandwidth… this is a very annoying thing. I’ve tried posting that they shouldn’t do it, I’ve begged, I’ve pleaded… then I was driven to action!

A while back, I showed you how to add a little code to your .htaccess file (in the root of your website directory) to change the image that they get:

# Begin MySpace hotlink surprise
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ hotlink/tp_poo_hotlink.gif [L]
# End MySpace hotlink surprise

For example, no matter what image they request from my server, they get the one to the right. While this makes me smile, it still uses my bandwidth to display the picture.

I knew that there had to be a better way to deal with it, and today I found it (courtesy of jibble.org).

Simply put, it’s possible to use the .htaccess rewrite rules to send them something that’s not an image… but rather, a URL. While it won’t redirect the page they’re viewing, it can cause hilarious results if you use it to redirect to the correct URL…. the one that logs them out of MySpace!

All you need to do is place the following into your .htaccess file:

# Force MySpace image/bandwidth thieves to log themselves out
RewriteCond %{HTTP_REFERER} ^http://([a-z0-9]+\.)?myspace\.com/ [NC]
RewriteRule \.jpg$ http://collect.myspace.com/index.cfm?fuseaction=signout [R]
# End MySpace log out

Here’s how it works: when a MySpace user views a page that someone has hotlinked an image from your server to, it sends the request to log them out. They don’t notice anything has gone wrong (other than the image didn’t load)… until they click any link…. then they’re “mysteriously” logged out and have to log back in. This will happen to them EVERY TIME they hit that page!

It’s evil, and the technical term for it is “Cross-site Request Forgery”. I’m just giving you the information… what you choose to do with it isn’t my responsibility.

*giggle*

Note: you can change the rewrite rule to include other image types by adding them in. For example: RewriteRule .*\.(jpe?g|gif|bmp|png)

2 thoughts on “More fun with MySpace hotlinkers… force a log out!”

Comments are closed.