If you use one of the built-in templates of FoF Upload you could entirely disable the bbcode and markdown image tags using extend.php. Not sure if we have an example somewhere but it shouldn't be too complicated. bbcode is easy. Markdown maybe a bit tricky if this isn't an option exposed publicly.
If using bbcode or markdown inside of FoF Upload, there are still solutions. You could modify the #URL filter of the TextFormatter template to a custom filter that's domain-restricted, or just use the rendering callback to remove links that aren't allowed before the HTML is returned to the visitor. That way you could use a custom image URL that shows an explanation for the replacement. A separate bit of javascript would be needed for this to work during previews as well.
If you use the proxy feature of HTTPS only or my Rich Embeds extension with the image proxy enabled, you might be able to create a rule at the webserver level that blocks any request to the proxy script for an image that isn't allowed (the image URL will be one of the query parameters).
