"What is that .htaccess thing?"
.htaccess is a ascii text file used to over-ride your Apache web-servers configuration and has many wonderful uses! This tutorial focues on preventing thiefs from hotlinking your images and those "chat-room" folks who like to pretend they are your favourite model by posting the url to one of your images.
note: when creating your .htaccess file, it must be saved with no file type extension! If your text editor won't allow you to save a file without an extension, most FTP clients will let you remove it after you've uploaded it to your server.

"Where do you put that thing?"
Wherever it's needed! You can have a single .htaccess file protecting your entire domain, protecting a single directory (eg. images/), or, have many .htaccess files, each protecting a different directory. Sometimes simple is better, using a single .htaccess file to protect your image directory will help you avoid problems managing/changing multiple files across your domains. I normally use a single .htaccess file in my document root directory and sometimes put niche-specific .htaccess files in some sub-directories.

"Show me that thing!"

AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.my-site.com/.*$ [NC]
ReWriteRule .*\.jpg$ http://www.my-error-page.com [R,L]

"What do those things do?"

AuthUserFile /dev/null
AuthGroupFile /dev/null
No passwords are required for individual users or groups of users

RewriteEngine On
Have to turn it on, before it will work.

RewriteCond %{HTTP_REFERER} !^http://www.my-site.com/.*$ [NC]
If the referring url "HTTP_REFERER" does not start with your domain "http://www.my-site.com/", then this conditional statement is true and the next "RewriteRule" encountered will be executed. Since Unix is case sensitive, the [NC] flag makes the statement case insensitive. The ".*$" at the end will match any string, allowing access from any location on your domain

ReWriteRule .*\.jpg$ http://www.my-error-page.com [R,L]
If the preceding Rewrite condition was true, and the request was for any url .* ending with .jpg we'll send them to the my-error-page url. This is accomplished with the [R,L] flag. R forces a redirect of the url, while L says this is the last rule, don't bother checking any more.

Since Unix is case sensitive, you should modify the RewriteRule to handle upper-case extenstions if you use them and you might want to include protection for gif files.
ReWriteRule .*\.(jpg|JPG|gif|GIF)$ http://www.my-error-page.com [R,L]
Would protect images ending in ".jpg", or, "JPG", or "gif", or "GIF"
If you use mixed-case in your image file names, the following rule could be used to protect strings ending in "JPG","JPg","JpG",Jpg"......,or, "GIF","GIf","GiF","Gif"......
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://www.my-error-page.com [R,L]


"Show me a bigger thing!"
It's a good idea to include error document handlers in your .htaccess files and additional Rewrite conditions to handle most variations of your domains.

AuthUserFile /dev/null 
AuthGroupFile /dev/null

RewriteEngine On
ErrorDocument 400 http://www.my-site.com/error-page.htm
ErrorDocument 401 /error-page.htm
ErrorDocument 403 http://www.my-site.com/error-page.htm
ErrorDocument 404 http://www.my-site.com/error-page.htm
ErrorDocument 500 http://www.my-site.com/error-page.htm
ErrorDocument 501 http://www.my-site.com/error-page.htm
ErrorDocument 503 http://www.my-site.com/error-page.htm

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.my-site.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.my-site.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://my-site.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://my-site.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://123.456.78.90/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://123.456.78.90:80/.*$ [NC]
ReWriteRule .*\.(jpg|gif)$ http://www.my-error-page.com/ [R,L]

note: there is an implied AND between each of the RewriteCond statements above.

"Some handy variations of ReWritecond..."

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^WebPictures.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Iria.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Stripper.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Copier.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Crawler.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Snagger.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Reaper.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grabber.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Sucker.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Downloader.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Siphon.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Collector.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mag-Net.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Snake.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^BackWeb.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^gotit.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Vacuum.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Pump.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^likse.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Memo.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^leech.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mirror.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Recorder.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Likse.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^attach.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Magnet.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bandit.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Ants.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Buddy.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Whacker.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^FileHound.*$

This code causes the applications to stop before they download any html, or images. The applications preserves the original url they requested and they would have to click it to visit your site. There are many of these offline-browsers available, check your logs occasionally for them. As an alternative to expliciting coding each one, and using the fact that they shouldn't pass anything in the HTTP_REFERER variable, the following should protect your images from them:
note: this could have an effect on friendly search engine spiders!

RewriteCond %{HTTP_REFERER} ^$
ReWriteRule .*\.(jpg|gif)$  -      [F]

"Some other handy things...."

RewriteCond %{HTTP_REFERER} ^http://www.password-trader.com/.*$ [NC]
ReWriteRule .* http://www.my-error-page.com/ [R,L]

The above rule could be used to send anyone coming from password-trader.com, with a request for anything(.* = a string(eg. url) of any length) to your error page.

RewriteCond %{HTTP_REFERER} !^http://www.my-site.com/.*$ [NC]
RewriteRule .*page1\.html$ http://www.my-site.com/index.html [R,L]

If someone was deep-linking into your a specific page on your domain "page1.html" the above rule could be used to redirect them to your index page.

You can create ReWriteCond statements that use almost any of your server's environmental variables including: cookies, DNS, IP's. Check the Apache URL Rewriting Guide or the URL Rewriting Engine for full documents on the Apache Web Server.

Funny Symbols listed above
! - negation
^ - start of string
$ - end of string
. - any character
? - repetition [0,1]
* - repetition [0,..,n]
+ - repetition [1,..,n]
\ - escape character
[NC] - ignore case
[R,L] - redirect, last

"I want them to hotlink me...."
If a search engine caches your page, the surfer clicking on your link won't see any of your images, or banners. This is a scenario where you might want the the search engine to be able to hotlink at least your banners so the surfer would only see it.