Hotlink protection, correct .htaccess rules?

Question

I saw on many blogs and also on many answers here on SO that people do Hotlink protection by using this code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

which is also suggested by this tool.

I might be wrong, but isn't it trivial to trick this code? Doesn't a scraper simply need to use a simple subdomains like these ones to bypass the hotlink protection?

http://mydomain.com.scarper1domain.com
http://mydomain.com.scraper2domain.net

---

EDIT: FYI I use this code that I think is more bulletproof, but i'm happy to read your comments/critics about it.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain\.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain\.com$ [NC]
RewriteRule .*\.(jpg|jpeg|png|gif)$ - [F,NC,L]

Answer 1

As most apache setups already redirect requests like example.com to example.com/, there is no need for the third condition in your edit. So the code would become

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain\.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|png|gif)$ - [F,NC,L]

Scrapers don't even need to use subdomains, as they can just fake the http headers being sent. No way to prevent this.

The rest of the code is okay. I would use this if I needed it.