Have a happy hotlink Christmas


Deck the halls, hang the mistletoe and fill your website with a cheezy snow effect. Yes it’s Christmas! My favourite time of the year, but if you want to go straight onto the naughty list, all you need to do is hotlink to external JS files without permission.

Over the years, I’ve programmed Christmas twinkles, Christmas trees and snow for many of the world’s largest websites so three years ago, I posted a Three.js 3D snow effect on my blog. And since then, it’s spread over the internet like wildfire. I love when people use my stuff – that’s why I share it!

But rather than take the files and host it on their servers, people have been hot-linking to my image and JS files. Of course, you all know to only ever hot-link to JS files that you can absolutely trust – like Google hosting JQuery for example. To hot-link to any old JS files can at best cause your pages to break, and at worst, open yourselves up to any crazy code running on your website!

My server’s been crushed by the weight of websites linking to my files, the current biggest culprit is an Arabian weather website that seems to get 10,000s of hits a day. I could have just moved the files, but my server would still be having to deal with the 404s, and that’s quite a lot to deal with.

I asked on twitter what I should do, typically most people responded that I should replace the snow with a particular body part. My favourite suggestion was to make yellow snow :) But boringly, I replaced them with 0 byte files, and I added an alert to the JS files. Have you got any better ideas? Let me know!

And, um. Happy Christmas!