.htaccess files are lovely, lovely things. They do exactly what the name implies: control access to your files. About six months ago, I had problems with a bunch of l33t brats 'borrowing' my bandwidth and using a few of my photos on message boards.
So I decided to take their toy away.
A lovely thing about .htaccess files: if you place them in a directory, the conditions and permissions you set up affect all subfolders of that folder. So, if you want to protect all your images, just drop a single .htaccess file in your main images directory, and all subfolders are taken care of.
Here's the code that I'm using for my .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://YOURSITE.COM/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://WWW.YOURSITE.COM/.*$ [NC]
ReWriteRule .*\.(gif|jpg)$ – [N,F,L]
It's a good idea to do both yoursite.com and www.yoursite.com. Also, if you know of any other sites that you want to allow to use your images, be sure to add in a line for them in this file.
If the http_referer doesn't match one of the strings you've provided in those lines, the image request will result in a 403 error.
To use this code on your site…
Make sure you can see hidden files (files beginning with a .) with your FTP client. (It's really hard to edit or delete files you can't see.) Paste these lines into a blank text document, save it as .htaccess, and upload it to your images directory.
That should be all!