Following up a comment about the new Flash alter-ego, I noticed that I wasn't as protected from hotlinking as I had thought. Rather complacently, I had noticed my SlideShowPro Director (the content management system for all the site's pictures) had got both an htaccess file and a crossdomain.xml file which limits which allows you to stop other domains accessing the pictures, and I'd assumed that would be enough. Hm.

The brain hadn't clunked on to thinking to check what was in Director's htaccess file - such as a “RewriteEngine Off” line which overrode the site's overall htaccess file and its “RewriteEngine On” anti-hotlinking instruction. And I hadn't looked into what crossdomain.xml file would do, or rather not do. It'll stop other Flash movies serving pictures from my server, but wouldn't stop hotlinking in HTML. So, with Director unprotected by its htaccess file, anyone who could find a picture's URL could hotlink to it.

It's not too difficult to fix, though I've little doubt something else will break. See this thread and also stopping Director from stripping metadata.

Anti-hotlinking images

I don't want to start a war with whoever hotlinks an image, so this is the image I usually serve via the htaccess file.

When I have been a bit more irritated, I use an alternative image. While one could serve up something nasty, I prefer a 1 pixel high 1800cm wide transparent gif. It should blow the offending site's layout but will be almost invisible and force the other person to put time into tracking down why his site suddenly looks crap. And as they'll never be quite sure you really meant it at them….