It can be done using .htaccess. To do it you must have mod_rewrite installed. If you do the following would work for you:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ #if you have this line, it also means they cant type the url into the browser
RewriteCond %{HTTP_REFERER} !^[url]http://domain.yoursite.com/.*[/url]$ [NC]
RewriteCond %{HTTP_REFERER} !^[url]http://otherdomain.yoursite.com/.*[/url]$ [NC]
RewriteCond %{HTTP_REFERER} !^[url]http://yoursite.com/.*[/url]$ [NC]
RewriteCond %{HTTP_REFERER} !^[url]http://www.yoursite.com/.*[/url]$ [NC]
RewriteRule .*\.(mid|mp3)$ [url]http://www.yoursite.com/hotlinked.html[/url] [R,NC]
down in RewriteRule, put the file extensions that you dont want people to hotlink in separated by a | (pipe). do not include a dot. that will then forward anyone who hotlinks to yoursite.com/hotlinked.html or create a broken link for someone embedding a sound in their webpage. just replace all the above urls with the domains and subdomains on your site. those are the allowed urls. just use the domain because .*$ at the end is a wildcard that represents any page.
