Great advice and thanks for sharing your knowledge on the topic. I couldn't help but think though, what if they moved shop and tried to use his stuff from another portal?
I came across this great article, which, I think, addresses the issue from a more comprehensive standpoint.
I'm not fan of only allowing hotlinking via specific domains, because you can never keep track of all of the web-based feed readers out there.
If you forget to add a certain web based feed reader (like reader.google.com) to your list of approved domains, you've just ruined your feed for any subscribers there, which is why I prefer to only restrict specific domains.
I understand it about the favicon. I'm using a CDN for my images. I've added your code to the .htacces file of my CDN (subdomain).
But I'm not seeing a 403 on the favicon file?
Most browsers cache favicons, so I'm sure you're just seeing the cache. Unfortunately, some browsers actually require you to reset the entire browser to clear the favicon cache.
At this time:
The turkish site seems to be back to normal
It looks they noticed that you cut them off from your files and sought out a new design. Fortunately, they are no longer stealing your files.