Lars Wirzenius recently blogged about preventing image linking. I helped a friend setup this for his Movie pages.

There are several tarpits you can run into. Most notably some “smart” web privacy tools such as outpost will not just empty your referrer field, but place some bogus data in there “Field blocked by Output” or so.

Therefore i suggest only blocking links that come from offsite-locations that do start with http://

It is also a nice thing to actually send a warning image then, instead of just dening access. This makes the linking site uglier, and maybe someone will tell the referrer that he has “stolen pictures” on his site.

Because usually the one linking you will NOT get the error message due to caches. He probably found the image on your site, loaded it into his browser cache with a valid referrer, then included it on his page and still can see it just fine.

Also I suggest only applying this to some directory. You’ll want a way to include a image in your blog posts and have it being displayed in sites such as planet.debian.org correctly.