Menu
What's new

Graphics still wonky

Vaughn McMillan said:
I suspect there's some type of security setting on those particular boxes that's blocking the images. Norton is always the first suspect, but there could always be others. I'm not familiar enough with the Norton products to walk someone through trying to track down the errant setting. :dunno:
Click to expand...


You're right to suspect individual machines' configurations. That's exactly what's causing it for just a few folks. It's not that their setting is actually doing the blocking of the image, but it is blocking information that is setting off the hotlinking protection. I'm actually very interested to see what the others are seeing just because my profession relies on knowing how varied the world is. So, guinea pigs, I thank you for that :)

The "Hotlinking Protection" must be rather aggressive to absolutely refuse any non-referer even if the browser has a cookie for that domain. Is the setting a vBulletin setting, by any chance? You might check the vBulletin forums or support or help systems they have available for some information. While I agree the hotlink protection is valuable, it should at the very least be smarter. If a legitimate user is actually logged in (like many of those reporitng it have been) the vBulletin should make an exception for possible hotlinkers. Is there a chance that the setting can be "dialed back" a bit in agressiveness? Like "Protect all images from hotlinkers that don't have the 'logged in' cookie" perhaps? I'd expect a conciencious developer to consider this, but maybe not? Perhaps vBulletin can shed some light on it? It's a little more involved than just "if they have this cookie, give up the images" because cookies can be spoofed, but there are ways to utilize cookies to provide pretty decent protection. Worst case, all images could be redirected to a login prompt, also - but that does use some bandwidth, too. It's a complex feature to program, but absolutely possible and not that tough to do. I would hope vBulletin would be helpful here.

It seems like you should be able to protect your server without alienating your legitimate userbase. At least, that's my opinion as a web developer :)
 
Last edited:
Thanks much for the insight, Jason. The setting we're playing with is in the Bluehost control panel -- not vBulletin. Here are the controls we're given:

Hotlink Protection.jpg

Not really a lot to work with there. Pretty much an "all or none" approach it looks like. When I get a bit of time I'm going to look (and ask) around the vBulletin forums to see if there's something within the software that can do what we want. I poked around the vBulletin Admin CP a bit tonight, but didn't really have any time to dig deeply.

For now, the stolen bandwidth is not causing much of an increase in our overall monthly usage, but it's something we'd like to nip in the bud before it gets too prevalent.

I should also mention that the people who are doing this very likely have no idea that it can potentially cause a problem. It's not like they are intentionally stealing, but more like they picked a flower in a park, not realizing it was actually on private property. Heck, I've done the same to other sites before I realized the mechanics of it.

I may end up with more questions about this for you Jason. I'll drop you a PM if I do.

Thanks again - :wave:
 
For Bruce and anyone else that had the wonkies that use ZoneAlarm. An individual setting for this site will allow you to set access to whatever the Admins want to change HERE and HERE alone.

You access the settings by going to the Privacy/Site List page in ZoneAlarm and then if FWW is not listed add the URL to the list with the Add button.

Since I trust these guys I have turned on all of the site access settings for FWW.

Whether it be Norton, McAfee, or any of the other security software it will be a similar approach. Set up for each web site you trust giving them specific but greater latitude of what they can do or how they can direct your browser. It is usually just a one time thing (I am NOT advocating set and forget now!) but can make life a little easier on the Net.
 
Vaughn McMillan said:
Thanks much for the insight, Jason. The setting we're playing with is in the Bluehost control panel -- not vBulletin. Here are the controls we're given:

View attachment 15288
Thanks again - :wave:
Click to expand...

I think that little checkbox at the bottom might solve most of the issues we've heard about. That one implies to me that it allows "NO referer" rather than "ONLY the referers in the list above" - this might work around any of our legitimate users' issues.

The intention of using an <img> tag to share images with people on another forum would cause a referer to be sent. Typing in the url to the image itself would not, since it's your "starting point" and nothing referred you to that image. I'd bet that the people having trouble have software that's making them appear to the server as though they've just typed in the url. I think checking that box would solve our fellow members' issues while offering essentially the same protection of our bandwidth.

Without checking that checkbox, the only way someone can see an image is if their browser tells the web server that it came from somewhere in that given list of domains. It appears (from what I can gather) that the people having trouble aren't sending ANY referer, so checking that box should solve their woes.

I think i just said the same thing more than once - i tend to ramble a little bit now and then (those who know me well will be chuckling)
 
Jason Beam said:
I think that little checkbox at the bottom might solve most of the issues we've heard about. That one implies to me that it allows "NO referer" rather than "ONLY the referers in the list above" - this might work around any of our legitimate users' issues.

The intention of using an <img> tag to share images with people on another forum would cause a referer to be sent. Typing in the url to the image itself would not, since it's your "starting point" and nothing referred you to that image. I'd bet that the people having trouble have software that's making them appear to the server as though they've just typed in the url. I think checking that box would solve our fellow members' issues while offering essentially the same protection of our bandwidth.

Without checking that checkbox, the only way someone can see an image is if their browser tells the web server that it came from somewhere in that given list of domains. It appears (from what I can gather) that the people having trouble aren't sending ANY referer, so checking that box should solve their woes.

I think i just said the same thing more than once - i tend to ramble a little bit now and then (those who know me well will be chuckling)
Click to expand...
Thanks Jason. Ramble at will. ;) I just re-enabled it with the check box selected. I should know pretty quickly if it makes a difference.
 
Let's see........long haired blonde guy in California.....play with refeers......hmmmm......where in the '60s did I hear that?.....:dunno::huh::rolleyes::D


Mine's working okay Vaughn.:)
 
Ken Fitzgerald said:
Let's see........long haired blonde guy in California.....play with refeers......hmmmm......where in the '60s did I hear that?.....:dunno::huh::rolleyes::D


Mine's working okay Vaughn.:)
Click to expand...
Glad to see it's still working. Looks like Jason hit the nail on the head. :thumb:

And you're showing your age, Ken. ;) By the 70s, we called it pot. :bonkers:
 
You must log in or register to reply here.
Top