[toast0]

Probably the nicest way to handle this is to serve the JS slowly.

It doesn't break their page if you take ten seconds to serve the JS, but it makes their page slow, and nobody likes a slow page. And it's pretty obvious where the slowdown is coming from.

If it's easy, make it fast from your site and slow if the referer doesn't match or isn't present. Or just make it always slow, whatever.

[nine_k]

This also has the natural consequence of limiting the bandwidth spent serving third-party hotlinked downloads. But the expense of the bandwidth is the primary problem with hotlinking, AFAICT from the article.

I could imagine two network interfaces, or two LBs, one internal and unmetered, another external, which serves a particular amount of megabytes per day, and throttles connections accordingly. Maybe even add some HTTP header, like X-bandwidth-limit: "Dear hotlinkers, I'm not going to spend more than $5 / mo on serving you; host your own copy."