Author: Chris Hüneke

Posted on

Anti-Hotlinking Script for WP on Apache (.htaccess) – Linkspam Prevention

Category Image 091

Never published this before, so this is a DaniWeb.com Exclusive :)

If your WP-Site has a lot of K-Links, you should consider using this script.

It definetly works. For now...

Negative SEO through spamming Backlinks can be a huge problem for the visibility of a webpage.

You can not defend your site against all kinds of attacks, but on one of the most common, you can significantly decrease the negative effects:

"K-Links" (new version: C-Links), where Image Hotlinking is used to generate Links, targeting mainly Wordpress Instances.

Examples:
k-links.png

this is why they're called "K-Links/C-Links". They always end with "-k.html" oder "-c.html"

The basic Anti-Hotlinking-Script can help in reducing the amount of traffic, when hotlinking is abused to burn your bandwith.

But i have never seen it recover any visibility losses in the SERPs.

This is the basic "Anti-Hotlinking-Script":
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?daniweb.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?google.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?bing.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?yahoo.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?duckduckgo.com [NC]
    RewriteRule \\.(jpg|jpeg|png|gif|avif|webp|svg)$ /nohotlink.html [L]
</IfModule>

---

content nohotlink.html:

<body>
    <h1>Hotlinking not allowed</h1>
    <p>Too view our images, please visit our <a href="<https://daniweb.com/>">Website</a>.</p>
</body>

It integrates the "Whitelist" directly into .htaccess, which is not optimal.

I had a case, where this caused problems, because the Whitelist was huge (1000+ Domains).

So i found this solution with "RewriteMap", which i integradted into this Script to put the whitelist inside a .txt file.
This also was easier for the client, as he might needs to add entries to the whitelist and like this does not have to edit the htaccess everytime.

I have also set the link inside the HTML to rel="nofollow".

I did get some nice results with this!

Even if there are still other DoFollow-Links on the Hotlinking Site, the presence of this one nofollow-link seems to reduce the toxicity of each one.

Important: Dont link the actual Canonical URl from your Main Page from nohotlink.html!
If your Domain is https://daniweb.com for example, you link to http://www.daniweb.com (with "www" and "http").

I experimented a lot with this and set the Canonical of the nohotlink.html to the Main Page, tested with noindex, nofollow robots tag, but it was all a mess.

If anybody is as deep into this stuff as i am, i will be happy to discuss.

Feel free to share your thoughts!

Disclaimer: Please use at your own risk, only if you know, what you are doing. Don't make me responsible, if you make mistakes. They are yours, not mine.

Posted on

Does Google’s Disavow-Tool still work – or does it hurt?

Featured Imgs 11

Back in the days Google's Disavow Tool could be useful to disavow spammy backlinks, which competitors created to hurt the rankings of a website.

Negative SEO and Spamlink-attacks were (and are) real and can cause serious damages to businesses relying on Google's Organic Search as a Traffic Source.

Of course, also Spammers and Blackhat-SEO's made heavy use of this tool to simply "recover" their sites from penalties, they have caused themselves, when buying toxic backlinks.

My theory is, that the Disavow-Tool was/is used by Blackhats way more frequently than by Whitehat SEOs. And Google therefore might have slightly changed the function of it.

For example, many Backlinksellers advertise like this to calm their potential clients: "In case of consequences, there's Google's Disavow tool, so no worries".

I directly confronted John Muller (Search Advocate at Google) with this - you can see his response in the attached image. He obviously dodged my question, but sometimes no answer can be an answer too, right?

There's an very interesting case study on Reddit on this and i have a lot more info, which i will try to put into an article on DaniWeb this weekend.

I have found a lot of answers for many questions, but on still remains...

Does the Disavow Tool still help to recover a website's lost rankings caused by spammy links?

Or does it nowadays hurt the rankings of a site even more, because Google lets it as kind of a "honeypot" for Blackhatters, which try to recover from the penalties they caused themselves?

If anybody has something to share about this, would be very appreciated.

Thanks for your attention,
Chris