Inline linking

From Wikipedia, the free encyclopedia

Inline linking (also known as hotlinking, leeching, piggy-backing, direct linking, offsite image grabs and bandwidth theft) is the use of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located.

Contents

[edit] Inline Linking and the HTTP Protocol

The technology behind the World Wide Web, the Hypertext Transfer Protocol (HTTP), does not make any distinction of types of links—all links are functionally equal. Resources may be located on any server at any location.

When a web site is visited, the browser first downloads the textual content in the form of an HTML document. The downloaded HTML document may call for other HTML and/or stylesheet files to be processed. These files may contain <img> tags which supply the URLs which allow images to display on the page. The HTML code generally does not specify a server, meaning that the web browser should use the same server as the parent code (<img src="picture.jpg" />). It also permits absolute URLs that refer to images hosted on other servers (<img src="http://www.example.com/picture.jpg" />).

When a browser downloads an HTML page containing such an image, the browser will contact the remote server to request the image content.

[edit] Common uses of linked content

The ability to display content from one site within another is part of the original design of the Web's hypertext medium. Commonly accepted uses include:

  • Web architects may deliberately segregate the images of a site on one server or a group of servers. Hosting images on separate servers allows the site to divide the bandwidth requirements between servers. As an example, the high-volume site Slashdot stores its "front page" at slashdot.org; individual stories on servers such as games.slashdot.org or it.slashdot.org; and serves images for each host from images.slashdot.org.
  • Many web pages include banner ads. Banner ads are images hosted by a company that acts as middleman between the advertisers and the web sites on which the ads appear. The <img> tag may specify a URL to a CGI script on the ad server, including a string uniquely identifying the site producing the traffic, and possibly other information about the person viewing the ad, previously collected and associated with a cookie. The CGI script determines which image to send in response to the request.
  • Hit counters show how many times a page has been loaded. Several companies provide hit counters that are maintained off site and displayed with an inline link.

[edit] Controversial uses of inline linking

The blurring of boundaries between sites can lead to other problems when the site violates users' expectations. Other times, inline linking can be done for malicious purposes.

  • Content sites where the object is stored and from which it is retrieved may not like the new placement.
  • Inline linking to an image stored on another site increases the bandwidth use of that site even though the site is not being viewed as intended. The complaint may be the loss of ad revenue or changing the perceived meaning through an unapproved context.
  • Cross-site scripting and Phishing attacks may include inline links to a legitimate site to gain the confidence of a victim.
  • Pay-per-content services may attempt to restrict access to their content through complex scripting and inline linking techniques.

[edit] Prevention on the client side

Most web browsers will blindly follow the URL for inline links, even though it is a frequent security complaint.[1] Embedded images may be used as a web bug to track users or to relay information to a third party. Many ad filtering browser tools will restrict this behavior to varying degrees.

[edit] Prevention on the server side

Some servers are programmed to use the HTTP referer to detect hot-linking and return a condemnatory message, commonly in the same format, in place of the expected image or media clip. Most servers can be configured to partially protect hosted media from inline linking, usually by not serving the media or by serving a different file.[2][3] [4]

For Microsoft's Internet Information Services web server software, third party tools may be installed to combat inline linking and hotlinking.

Nearly all of these measures will transmit an alternate content. Most types of electronic media can be redirected this way, including video files, music (including mp3) files, and animations (such as Flash).

[edit] See also

[edit] References

  1. ^ Thomas C Greene (2007-2-20). Vista Security Oversold. theregister.co.uk. Retrieved on 2007-11-16.
  2. ^ Ross Shannon (2007-02-26). Bandwidth Theft. yourhtmlsource.com. Retrieved on 2007-11-16. “Some webmasters will try to directly link to your images from their pages. Luckily, a simple configuration change provides the necessary fix.”
  3. ^ How I Stopped a Bandwidth Thief. swollenpickles.com (2007-9-07). Retrieved on 2007-11-16.
  4. ^ Thomas Scott (2004-07-13). Smarter Image Hotlinking Prevention. alistapart.com. Retrieved on 2007-11-16.