• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

Wasting bandwidth on <img>


Just double-checking - when we have an html page like this, hosted at www.mysite.com:

    <img src = "www.orange.com/t1.jpg" />

then the orange.com site is the one actually expending bandwidth on serving the image up to the browser, right? Even though the user is viewing the page hosted at mysite.com, the other guy is basically paying for the bandwidth?

Is there some way to stop people from doing that, as I might be hosting a lot of images and would not like people leeching off my site, wasting my bandwidth.

  • 3
  • 3
  • 2
  • +2
1 Solution
Host the images on a free image hosting site and point to them with the img src tag.

DJ_AM_JuiceboxAuthor Commented:
If I hosted them on a free image hosting site, wouldn't that be wildy innapropriate? I mean I'd be blatently wasting their bandwidth with possibly hundreds of thousands of images - are there any services that don't mind doing this?

Heres the thing though...to answer your original question, yes orange.com is the site that get hit with the bandwidth for serving images.  

I guess Im not fully understanding your question then.  What is it you trying to stop people from doing?  hosting images on your site (they're taking your bandwidth)?  I ask because from how you worded it, it sounds like your have a website (yoursite.com), but your hosting images on another domain (orange.com).  Orange.com will get all the bandwidth traffic.  
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

Sorry, hit submit on accedent....

As for services that dont mind doing this...thats why theyre free :).  They host images for people (with certain limits) in hopes that it will draw them to theire membership services.  Anyway, if you dont want orange.com to pay for the bandwidth, then put the images on yoursite.com and host them there.  Whoever hosts the images, will get the bandwidth.  
David S.Commented:
If your server has cPanel, there should be an icon with options to prevent image hotlinking & leeching.
DJ_AM_JuiceboxAuthor Commented:
Yeah sorry if I was not clear.

I wrote some client software which lets people make pictures. They can then upload these images to my website, and then others can check them out and download them again to the client software for re-editing.

So I have a choice here as I see it:

1) I can host the images myself on my own webserver. I can pay ~$12 a month for a godaddy account which gives me unlimited bandwidth and disk storage. Even with the minimum plan, I can still store about 300,000 images before space becomes a problem. My concern here though is that if people start linking a lot to these user-generated images, I'm gonna be hit with a lot of bandwidth usage without getting any benefit for it (i dont mind if people link and come to the actual site and look at ads, but I don't want people to just see the raw images without getting credit for them!)

2) I can try hosting the images at one of these free image hosting sites,  people come to my pages which I'm still serving but just point the <img src=""> to that free site. My concern with this is that the free host would get absolutely no credit, since my users would never visit their site, they'd just see the images served up by them in the context of my own pages. That's one concern, the other is if the free host sees I'm hosting like a million images they may decide to pull the plug on my operations and that just breaks my whole site and all my images be be lost!

So, trying to balance which route to take here,

I believe I would personallyopt for the first option, basically because of several things, but some I can think of:

1) Possible issues with rights of images when hosted by a third-party (read carefully their policies...)
2) What you said: if they pull the plug, your website is broken. If that website goes down for maintenance, so does yours. And you do not choose when this happens.
3) Not every third-party image hosting provider allows the images being deleted from their servers, whereas if you host them in your server, you have the control.

If you fear other sites leeching your images for bandwidth grounds, enable an anti-hotlinking system. If the concerns are because of no credit being given to the author, consider watermarking the images or displaying them in low resolution (but downloadable in normal quality).

it's simple.

rather then serving out the actual image, have all of your links point to a image serving script. in that script, you look at the referrer and if it's not your site (or from a list of allowed hotlinkers - for instance google images, etc) then show them a no hyjack image instead of the one they want to see.

if you don't want the image URL to look like this though:

<img src="image.asp?id=kfadkljfadkljfadsljkadljk" />

you can use pretty links with creative 404 page...

<img src="myimage.jpg" /> the file doesn't really exist at that location, but the 404 error knows what you really mean and sends it to the image script which then serves out the actual image.

clear as mud?
DJ_AM_JuiceboxAuthor Commented:
Ok yeah I agree it's best if I host them, but I don't understand the "image serving script". How would that work, can you give a small example or link?

sure - (example in asp classic - but can be translated to any other language easily enough)

[I personally like using the 404 approch myself]

if images are shown as being hosted here: /images/user/file.jpg
you actually put them here: /actual/images/user/file.jpg

now, all of your image links should point to the wrong place forcing a 404 error
in your custom 404 page you make it look at the url and if it's "/images/user" you redirect to:


now comes the fun part - /includes/image.asp looks like the following:
'// note, no error correction has been added.
function showImg(byVal Src)
	dim ref: ref = request.serverVariables("http_referer")
	dim yourdomain : yourdomain = "mydomain.com"
	'/* check that the request for the image is coming from within your server
	' of coarse, i would suggest a more comprehensive method of validation
	' for instance. on my anti-hyjack script, i have a DB list of allowed referrers
	' if the referer is illegal, change the URL
	if(instr(ref, [yourip])=0 and instr(ref,[yourdomain])=0) then	
		Src = "/actual/youAreAnIdiot.jpg"
		Src = "/actual" & Src
	end if
	'/* now serve the image */
	'/* create an output stream object */
	Dim objStream : Set objStream = server.createObject("ADODB.Stream")
	'/* telling the stream to be binary */
	objStream.Type = 1 
	Call objStream.LoadFromFile(Src)
	Response.ContentType = "image/jpeg"
	Call Response.BinaryWrite(objStream.Read)
	'/* Clean up.... */
	Set objStream = Nothing	
end function

Open in new window

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now