104
This is a normal behavior. The files aren't parsed through a php file, so there is a direct call. This is normal, but can ofcourse be fixed.
Some sites let all images go through a php file, and check on the referer. The problem is that more and more people have software on there pc (NIS - Zonealarm) that blocks the referer at default settings.
You `could` however check wether the user is logged in or not. But then you will have to include mainfile.php for every image call, and could be a real minus for the cpu of you server
You might want to check these pages:
http://www.alistapart.com/articles/hotlinking/
http://www.webmasterstop.com/tutorials/prevent-hotlinking.shtml
http://www.htmlcenter.com/tutorials/tutorials.cfm/159/php/
And, if you really want to look into solutions for coppermine:
https://xoops.org/modules/newbb/viewtopic.php?topic_id=16542&forum=4 (the solutions are for the original version, but with a bit php knowlodge and logic it is possible to implent into the XOOPS version)