« A Silent Toon | Main | ANN: TopStyle Pro 3.11 BETA 1 »

Friday, July 23, 2004

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

That's a pretty sad statistic.

Going slightly off-topic, I've just downloaded the FeedDemon trial and, knowing it's written with Delphi, was wondering what you use (if it's a commercially available component pack) for the user interface. I've been having problems getting good looking menus and toolbars with Delphi and XP. FeedDemon has one of the nicest, cleanest UI I've seen in quite a while.

If it's not a trade secret of course... :)

Eww, how depressing :/ Have you thought about adding something to your blog template that detects referrals from those sites and adds a polite message to the top of the page directing them to your entry on piracy? You could do it with a simple Javascript check against the document.referrer string. I'm not suggesting blocking them entirely, just serving them a note with a link in addition to the standard page content.

Actually on second thoughts doing it client side would mean including the URLs of those sites in your JavaScript, and I imagine you wouldn't want to promote them even in your source code. A server side solution would work just as well (better in fact) but wouldn't be deployable on TypePad.

Why are the warez sites linking to you, and what do you think these visitors are hoping to find on your site?

Nick, I just went through a very similar thing, and what I ended up doing was putting together an .HTACCESS file to block from a list of unwanted referrers (or referrers with a keyword like "0day" in the url).

Let me know if you'd like a copy of it and I'll send it your way. It's really helped me cut down on my bandwidth costs by a lot.

Warez sites are naturally linking here to download the trial version of TopStyle since they have a hack out to make it work past it's trial date. Nothing more than that (assume it's a date based trial; I've been using Pro for a few years now).

Aaron's suggestion would be the best. It might get large after a while, but definatly worth while to cut down on all the wasted bandwith.

Perhaps there is a silver lining on that cloud. Maybe your product is being exposed to people who might not know about TopStyle of FeedDemon. If it makes you feel any better, I paid for TopStyle! :-)

I happen to believe that software activation is a VERY good thing. I am very pleased with my Macromedia DevNet subscription experience. I am really impressed by the Help > Activation > Transfer License option in Macromedia's newer products.

Maybe it is utopian thinking but I believe/hope that flexible/friendly activation like Macromedia's will cut down on piracy and allow vendors to sell more and charge less.

Nick, there's very easy possibility to block or redirect these visitors via .htaccess.
David, yes, IMHO it's utopian thinking, activation is a pain in the a** for legit users and crackable for crackers (generators for Microsoft's, Adobe's, Macromedia's software are widely available).

"Pookie," FeedDemon uses a customized version of ExpressBars (by Developer Express) for its menus/toolbars.

Simon, nice to see you here (and that you survived the quail dinner at SxSW).

My site (bradsoft.com) is ASP-based, so .htaccess isn't an option. Is anyone aware of an ASP equivalent to .htaccess?

Activation certainly won't stop crackers - they'll just hack the EXE to block the activation. However, it does cut down on the casual sharing of serial numbers, which accounts for a large chunk of software piracy.

David, most of these sites cracks for my software which are supposed to patch the trial version, so they link to my site so their visitors can download the trial version.

A big part of the traffic is due to their linking directly to images on my site.

Nick, I believe you can use global.asa (create this file in the root) and Session_OnStart event. Or via IIS manager. I'm not good with ASP (apache server is the best option in my opinion), so I can't help anymore, try to google a little. Here's a nice link for global.asa:
http://www.w3schools.com/asp/asp_globalasa.asp

"According to my server logs, 81.75% of my site's traffic this week came from warez and crack sites. This is a typical week for me".

You could start with a 'real' protection system on your products (forget about 'activation', it was defeated years ago with M$ XP, heh even months before the shops started selling it), followed for example with an Apache host.

"David, most of these sites cracks for my software which are supposed to patch the trial version, so they link to my site so their visitors can download the trial version.

A big part of the traffic is due to their linking directly to images on my site."

Nick, read this article (it should works on any content, not only images) and apply it to the trial files that you offer. Of course, it only works on Apache.

http://www.alistapart.com/articles/hotlinking/

Robert, there is no "real" protection system - they can all be broken. I've used a number of different tools, and each has been hacked. All I can do is try to implement techniques that cut down on piracy w/o being a hassle for legitimate users.

Thanks for the tip, Olegas. I'm actually already using Global.asa to redirect visitors from warez sites, but this doesn't handle links to images on my site, which I believe accounts for the majority of the warez-related bandwidth.

I'm not aware of a fast, reliable way to stop this (at least, not one that doesn't require replacing every img tag with an ASP function call).

Nick -- A simple solution, the good folks at IISMods (not affiliated with them, just a happy customer) make a really neat product called URLrewrite for IIS.

Visit http://www.iismods.com/

It's an excellent URLrewrite engine that allows you to do a number of things -- We use it when we are replacing a client's legacy website with something new to do clean redirects on old page requests.

In their examples section is:

--- snip ---
Stop people from linking to your files, images and wasting your bandwidth.

Example mod_rewrite.ini
----------
1: Debug 0
2: Reload 1000
3: RewriteCond HTTP_REFERER theirsite.com .zip /denied.htm
4: RewriteCond HTTP_REFERER theirsite.com .gif /denied.htm

--- snip ---

Try it out -- priced VERY reasonably. Again -- no affiliation with iismods, but just an insanely happy customer. We site-licensed both their products on our hosting platform.

BTW, I'm an old old old Homesite customer -- if there's anything I can do to help you with the URLrewriting stuff, don't hesitate to touch base...

What? $39.90 for a IIS Rewrite Engine when you have a more robust, efficient, powerfoul and FREE rewrite engine on Apache? ... LOL.

Nick, please, consider seriously to switch to an Apache host.

I know how to rewrite URLs with ASP.NET but not ASP, sorry :(

Thanks for the tip, David - I'll take a look at IISMods.

If you run IIS 6, check http://msdn.microsoft.com/asp.net/default.aspx?pull=/library/en-us/dnaspp/html/httphandl.asp
and search for "Protecting Your Images".

Interesting that you have posted this. By far, the most visitors that have come to my blog through a search engine have come using the search phrase "FeedDemon Crack" and have been directed to my post about your efforts to thwart crackers. Hopefully, a few of them read about it and maybe decided not to steal from you, but that's probably being a little too optimistic.

Josh, I have to confess that the main reason I created that post was so Googling for "FeedDemon Crack" would turn up a page or two of hits about my post. However, I had no illusions that this would dissuade crackers from stealing - instead, I just wanted them to stop asking me for support.

Im currently here sitting, wondering how stupid these "crackers" are for cracking a FREE version of Topstyle when Topstyle Pro obviously is a much better target to crack. Doesn't sound a bit pointless?

I mean if you crack a free version, who exactly are you taking money from? Nick you've commented on how stripped down it is? so exactly what is the point of creating a crack for it???

oh and Nick, Apache is a far more secure and robust, customisable and stable HTTP server software. IIS is an comparativley an open safe compared to Apache.

Sadly, Nick, Piracy can't be erradicated, outside the OpenSource scene, cuz even with light there has to be darkness.

Like most windows apps/services IIS doesn't use dot files to edit/store configuration data. If you want to block IP's you just need to go to the properties of the relevent web site in the management console and on the "Directory Security" tab there is an "IP address and domain name restrictions" section. You don't need to buy any third party tools and you certainly don't need to change web servers.

"there is an "IP address and domain name restrictions" section. You don't need to buy any third party tools and you certainly don't need to change web servers."

Totally useless ... what about if Nick wants to block every request from warez sites?, typing manually hundreds of IPs/domains each day? :P.

What Nick needs is a powerfoul rewrite engine.

I currently have a count of 420 referrers coming from Nick's FeedDemon Crack posting since I linked to it. I also have a few more from web searches.

I thought it was funny to have so many visitors coming from Nick's site to my own. I think I'm getting some spillover of people going to Nick's site looking for cracks and serial numbers.

IIS's IP restrictions are used for banning *visitors* based on their IP - so I don't think I could use this to stop warez sites from linking to my images.

An yes, I realize that Apache is more reliable and powerful than IIS. However, the chances of me ever having time to move my domain, database, forums, etc., to a different server are about nil.

I know it will cut in your budget, sells might go down etc.

CD Delivery Only - No Online Downloads

Look @ Nero Burning ROM - He has done a good job at cutting down on hacks.

Might want to learn how key generators are being created and attempt to stay ahead of them by one step - Make them work for their money - make nightly builds that change the encryption scheme this way they have to work again and again to build key generators, until they get tired of building key generators once a week just for your program... Problem is that there is not much more you could add to the software, so who would want to buy it if what they can get off an older version (from warez) would do the trick? Make it web based? (Too much money in resources I guess) I don't know Nick... I had told you a while ago about the one website hosting your RSS reader (and he has taken it off since).

What are your legal alternatives outside the US?

It's a battle which you can only win by continuing to fight.

I am new at this whole game and I appreciate good work when I see it and it's a shame to see that 12 year-olds still don't have shit to do @ home

Good Luck Bud

I would suggest you to setup apache 2 on a different port on the same machine running IIS. In your HTML pages, link your images to the apache server on that port, e.g.
img src=http://bradsoft.com:8080/feeddemon/screenshots/1_sm.gif

Then use all the power of mod_rwrite and leave all your ASP code working the old way.

"An yes, I realize that Apache is more reliable and powerful than IIS. However, the chances of me ever having time to move my domain, database, forums, etc., to a different server are about nil".

Well, Nick, everything has a cost. In this case the cost of staying with M$ HTTPd crap (IIS) is more expensive than switching to Apache, but hey, it's your forum, your database and your life :)

But if you choose staying with IIS don't came in two weeks crying because IIS rewrite parsers/engines suck, tha latest WebDAV IIS exploit has ruined your webpage, etc, etc, etc ;)

whoa Peter Jackson - hey man.
Great job on Lord of the Rings aye :D

Hi Nick,

I'd check the HTTP Referer (yes, I know it's spelled wrong) to see if it matched a warez site. If so, you could do a couple of things. You could just display a blank page. You could display the same page with a polite warning. You could display a normal page, but link a corrupted binary that the patch doesnt work for.

Or, my favorite, display a page with a corrupted binary, and set a cookie. That way if/when the pirater comes back (via a search engine or direct link, and thus avoiding the refferal scheme) you can check the cookie to determine if they tried to pirate it. Wont stop it all, but would help and frustrate quite a few.

Here's some code to check the refferer (not mine, taken from web):

[code]
Dim strHost, strReferer, blnCheckReferer

strHost = Request.ServerVariables("HTTP_HOST")
strReferer = Request.ServerVariables("HTTP_REFERER")

strReferer = Right(strReferer, Len(strReferer) - (InStr(1, strReferer, "://") + 2))
strReferer = Left(strReferer, InStr(1, strReferer, "/") - 1)

[/code]

Thanks for the code, Zachory. I'm actually doing something along these lines already, though. The real bandwidth loss comes from warez sites displaying my images, and this can't be prevented using ASP referrer sniffing.

Ahh. Perhaps these would be helpful then:
http://evolvedcode.net/content/code_antihotlink/

Open Source ISAPI Filter for IIS:
http://www.michaelbrumm.com/leechblocker.html

Alternatively, you could take the nasty route of storing the images in a database. Then you access it from an ASP page which binary writes back to the page by pulling from the database and displaying. Ie:

If its external, you can catch it because the page being a "middle man" between the viewer and the image. You can then just check the refferal in image.asp since it is being queried first.

Heh, it edited out my img tag example. Here it is:

[ img src="http://www.mydomain/image.asp?index=myPic.gif" ]

The comments to this entry are closed.