This is a very sticky topic and not at all easy to deal with. Probably the best i can come up with for you is something that prevents people from fetching the files when surfers click a link to them in a page that isn't yours. You can create a .htaccess file in the same directory as the videos and insert the following commands:




where of course you put your own URL of the directory containing the videos and whatever file extension you normally use. This assumes that your web host is running Apache, has .htaccess enabled, and has mod_rewrite installed (quite often the case).

Note that this allows the files to be fetched either if the link is clicked on from your own page, or if the user has simply typed in the link rather than clicking on it. Many hotlinks will use a two-stage method whereby the first click launches media player and passes the URL on to it as a second stage. This means that media player thinks the link has been typed in rather tha clicked, so the web server will allow viewing the file anyway. Many of the non-mainstream media players and downloaders do the same thing as well. There are many other ways to overcome this method so it may not help much at all.

You could also set up user authentication in which surfers are asked for a username and password before being allowed to download. This is probably more restrictive than you would want since no one can download without knowing the password. Of course, you could post the password right on the download page, but then the people hotlinking will probably post the password on their page as well. You would probably end up with all of the hotlinking still happening and very few visitors to your own site viewing the videos. This is pretty much the opposite of the desired effect.

One very simple thing you can do, and i did this myself with vegasusers.com for a good long while, is to put the video files in a subdirectory with a random name, such as /woij3/video1.wmv and point the links there, then every few days change the directory name and the links to something different such as /jgi3l/video1.wmv. This means that any links people have posted become invalid the next time you change them. This is a lot of work if you have lots of videos, but it does get the job done pretty reliably. The nice thing is that if you can tell when the hotlinks start appearing, you can wait until then to make the changes, whether that be daily or monthly. On the other hand, if someone puts a hotlink in a very popular high-traffic place and you don't catch it right away, you can still suffer major downloads in a short period of time.

What i do now is use a script i've written to serve up the video files and encode a timestamp into the URL. This timestamp is only valid for a few minutes. If someone clicks the link after this time limit they get an alternate (and very very tiny) file that says 'external linking denied". The videos themselves are stored in a locked directory that only the script can read. The script also tracks IP addresses and blocks them if there are too many accesses from the same IP address range in a certain time period. This seems to be about as foolproof as one can get. Unfortunately it requires CGI access on your server and the ability to set up locked directories.

I would be more than happy to give you a copy of the script and other instructions if your web host is willing to allow it.

references:
http://httpd.apache.org/docs/2.0/howto/htaccess.html
http://httpd.apache.org/docs/2.1/howto/auth.html
http://httpd.apache.org/docs/2.1/rewrite/rewrite_guide.html