So in order to get this protection, the only real hotlink protection which completely works, with the new version of the vShare script is to be running Lighttpd?

Hmm. That sucks for Apache users. Which will be the vast majority. Including myself. I could probably have this project run on Lighttpd, just don't have any experience of it.

I have seen these exact same links to the flv's on another video site. They have had them for a good while now. The url starting with /dl/ then two random directories exactly the same format as the vShare script. So I thought that site was being powered by vShare. A very hacked version looks wise, but functionally I thought it was vShare underneath. That site is running Lighttpd. I'd link to it but it's very NSFW.

But now having looked at what you mentioned, mod_secdownload, it seems that these links in this format are exactly what it requires. And in the example they give they choose the url prefix of /dl/. That explains it.

I guess I need to decide if I can run this project on Lighttpd. I read that another hotlink protection method is in the works, possibly for the next release of vShare, which will be php only? For people on shared hosting. I think a lot of Apache users would be interested in this also.