Tim Yang’s Geek Blog

August 30, 2023

Preventing inline images from comment posters

Tags:

Wordcount - 184
Permalink
add to del.icio.us
Views - 111

Chris Josephes writes in Oreillynet about an interesting method for finding out if an image that one of your visitors is hotlinking is instead sending a substituted image. Hotlinking is often a danger in forums and blog comments where there is no preset control over what is posted.

Chris says:

If any site user makes a posting that inlines images from a third party server, the editing software should retrieve the image twice using the HTTP HEAD method. For the first retrieval, don’t pass a Referer header. For the second retrieval, set a Referer header that would reference the full URL of the page that would eventually load the image. For both requests, the HTTP server headers Content-Length and ETag should return identical values. If they don’t, that means the web server is sending out different files. Make sure the comment poster is aware of this, and give them the opportunity to correct the problem.

This would be really nice if someone used this method in a plugin for blog CMSes.

Technorati Tags: Hotlinking CMS

Add to del.icio.us − Post a comment (0)

− Top − Home − Next page »

» Contact me
- EMAIL timyang@gmail.com
- ICQ 16892551
- AIM worgthezo
- MSN timyang1@hotmail.com
- YIM timyang1
- ADD/TEL RSSContact (RSS)

» Archive Calendar

» Sponsors
» Earlier articles
- What do you write for a small business blog
  Particletree has an article on small business blogging making arguments for it. The article brings up the point that small businesses think that blogging is too time consuming. But I think they’d change their minds if they knew of the interesting and wide range of things they could blog about.
- The real top ten tips for blogging anonymously
  As many of you know, Reporters without Borders released a PDF handbook about blogging for dissident bloggers. Actually a lot of it also deals with making a good blog, like the section about blogging ethics and search engine optimisation. Completely irrelevant.
- Google blog search
  Hot news this week: Google has launched a blog search tool. I think we were always expecting a blog: operator for the regular Google search site, which I think I would have liked better. But Google decided to come up with a separate engine.
- Tell me about your blog
  If you read my blog and if you have a blog, tell me about it. I already have a short list of other bloggers who read my blog, but I got them mostly from comments and from blog-search tools like Technorati. I have a list called “Readers” in my RSS feed reader, but it’s still very thin and I’d like to boost it.
- Techcrunch on how to pitch your dotcom
  This is a great article from Techcruch on ten things that tech companies can do to get blogged. It’s Techcrunch’s wishlist directed at all the PR reps who keep sending them stuff. But it makes a lot of sense.
- Display any Flickr photo collection on your website
  This is a really nice script that displays photos from any Flickr.com RSS feed on your website. Technorati Tags: Flickr rss .
- Lifehacker.com went from Nice! to Sucks!
  This is probably news of no importance, but I’ve decided to unsubscribe from Lifehacker.com’s RSS feed. It just got too intrusive for me with its “link optimisation”.
- Researching a client’s brands online
  Yesterday I touched on the topic of studying a company to make it inscrutable. That’s just one of the reasons I always conduct secondary research (research through the internet and other publications) on all my clients. What I look out for is brand impressions — anything that people think is important enough about a company, its products or its employees to mention.
- Skype robot that creates an underaged-girl “user” as a perv honeypot
  This is brilliant. This programme makes a robot for Skype that looks like a girl — with automated responses and even an attractive photo. The software author also put up logs of a previous conversation that the robot had with an unsuspecting victim who propositioned the “user”.
- The role and function of marketing communications in product development teams
  The ideal dotcom startup team seems to be CEO, CTO and COO or CFO. Now it’s all well and good to be product and business focused, but who’s looking out for the people who can make or break a business — the users and the public stakeholders? A CEO’s function is to provide strategic vision, a CTO’s to manage the development of the product and internal technologies, a COO or CFO is to look after revenue and expenditures. All these are full-time jobs with weighty responsibilities.
» Most popular
» Categories
- Adsense (RSS) (5)
- Blogging (RSS) (5)
- Business (RSS) (11)
- CMS (RSS) (6)
- Crime (RSS) (4)
- Del.icio.us (RSS) (2)
- Email (RSS) (6)
- Gaming (RSS) (2)
- Gmail (RSS) (1)
- Google (RSS) (9)
- Howto (RSS) (6)
- Instant messaging (RSS) (5)
- Lifehack (RSS) (3)
- Links (RSS) (1)
- Mac (RSS) (3)
- Marketing (RSS) (9)
- Media (RSS) (3)
- Mobile (RSS) (2)
- RSS (RSS) (21)
- Search (RSS) (6)
- Social networks (RSS) (5)
- Spam (RSS) (3)
- Tags (RSS) (6)
- Uncategorised (RSS) (9)
- Uncategorised (RSS) (5)
- Webdesign (RSS) (3)
- Wordpress (RSS) (10)
- Yahoo (RSS) (4)

Welcome to the new Tim Yang’s Geek Blog

A blog about online stuff.

August 30, 2023

Preventing inline images from comment posters