According to my server logs, 81.75% of my site's traffic this week came from warez and crack sites. This is a typical week for me.
« A Silent Toon | Main | ANN: TopStyle Pro 3.11 BETA 1 »
You can follow this conversation by subscribing to the comment feed for this post.
The comments to this entry are closed.
That's a pretty sad statistic.
Going slightly off-topic, I've just downloaded the FeedDemon trial and, knowing it's written with Delphi, was wondering what you use (if it's a commercially available component pack) for the user interface. I've been having problems getting good looking menus and toolbars with Delphi and XP. FeedDemon has one of the nicest, cleanest UI I've seen in quite a while.
If it's not a trade secret of course... :)
Posted by: Pookie | Friday, July 23, 2004 at 05:19 PM
Eww, how depressing :/ Have you thought about adding something to your blog template that detects referrals from those sites and adds a polite message to the top of the page directing them to your entry on piracy? You could do it with a simple Javascript check against the document.referrer string. I'm not suggesting blocking them entirely, just serving them a note with a link in addition to the standard page content.
Posted by: Simon Willison | Friday, July 23, 2004 at 06:32 PM
Actually on second thoughts doing it client side would mean including the URLs of those sites in your JavaScript, and I imagine you wouldn't want to promote them even in your source code. A server side solution would work just as well (better in fact) but wouldn't be deployable on TypePad.
Posted by: Simon Willison | Friday, July 23, 2004 at 06:35 PM
Why are the warez sites linking to you, and what do you think these visitors are hoping to find on your site?
Posted by: David Seguin | Friday, July 23, 2004 at 06:49 PM
Nick, I just went through a very similar thing, and what I ended up doing was putting together an .HTACCESS file to block from a list of unwanted referrers (or referrers with a keyword like "0day" in the url).
Let me know if you'd like a copy of it and I'll send it your way. It's really helped me cut down on my bandwidth costs by a lot.
Posted by: Aaron Epstein | Friday, July 23, 2004 at 07:30 PM
Warez sites are naturally linking here to download the trial version of TopStyle since they have a hack out to make it work past it's trial date. Nothing more than that (assume it's a date based trial; I've been using Pro for a few years now).
Aaron's suggestion would be the best. It might get large after a while, but definatly worth while to cut down on all the wasted bandwith.
Posted by: Philip | Friday, July 23, 2004 at 07:51 PM
Perhaps there is a silver lining on that cloud. Maybe your product is being exposed to people who might not know about TopStyle of FeedDemon. If it makes you feel any better, I paid for TopStyle! :-)
I happen to believe that software activation is a VERY good thing. I am very pleased with my Macromedia DevNet subscription experience. I am really impressed by the Help > Activation > Transfer License option in Macromedia's newer products.
Maybe it is utopian thinking but I believe/hope that flexible/friendly activation like Macromedia's will cut down on piracy and allow vendors to sell more and charge less.
Posted by: David Foltz | Friday, July 23, 2004 at 10:13 PM
Nick, there's very easy possibility to block or redirect these visitors via .htaccess.
David, yes, IMHO it's utopian thinking, activation is a pain in the a** for legit users and crackable for crackers (generators for Microsoft's, Adobe's, Macromedia's software are widely available).
Posted by: Olegas | Saturday, July 24, 2004 at 06:03 AM
"Pookie," FeedDemon uses a customized version of ExpressBars (by Developer Express) for its menus/toolbars.
Posted by: Nick Bradbury | Saturday, July 24, 2004 at 09:14 AM
Simon, nice to see you here (and that you survived the quail dinner at SxSW).
My site (bradsoft.com) is ASP-based, so .htaccess isn't an option. Is anyone aware of an ASP equivalent to .htaccess?
Posted by: Nick Bradbury | Saturday, July 24, 2004 at 09:19 AM
Activation certainly won't stop crackers - they'll just hack the EXE to block the activation. However, it does cut down on the casual sharing of serial numbers, which accounts for a large chunk of software piracy.
Posted by: Nick Bradbury | Saturday, July 24, 2004 at 09:23 AM
David, most of these sites cracks for my software which are supposed to patch the trial version, so they link to my site so their visitors can download the trial version.
A big part of the traffic is due to their linking directly to images on my site.
Posted by: Nick Bradbury | Saturday, July 24, 2004 at 09:28 AM
Nick, I believe you can use global.asa (create this file in the root) and Session_OnStart event. Or via IIS manager. I'm not good with ASP (apache server is the best option in my opinion), so I can't help anymore, try to google a little. Here's a nice link for global.asa:
http://www.w3schools.com/asp/asp_globalasa.asp
Posted by: Olegas | Saturday, July 24, 2004 at 10:50 AM
"According to my server logs, 81.75% of my site's traffic this week came from warez and crack sites. This is a typical week for me".
You could start with a 'real' protection system on your products (forget about 'activation', it was defeated years ago with M$ XP, heh even months before the shops started selling it), followed for example with an Apache host.
Posted by: Robert Johnson | Saturday, July 24, 2004 at 10:58 AM
"David, most of these sites cracks for my software which are supposed to patch the trial version, so they link to my site so their visitors can download the trial version.
A big part of the traffic is due to their linking directly to images on my site."
Nick, read this article (it should works on any content, not only images) and apply it to the trial files that you offer. Of course, it only works on Apache.
http://www.alistapart.com/articles/hotlinking/
Posted by: P | Saturday, July 24, 2004 at 11:01 AM
Robert, there is no "real" protection system - they can all be broken. I've used a number of different tools, and each has been hacked. All I can do is try to implement techniques that cut down on piracy w/o being a hassle for legitimate users.
Posted by: Nick Bradbury | Saturday, July 24, 2004 at 12:32 PM
Thanks for the tip, Olegas. I'm actually already using Global.asa to redirect visitors from warez sites, but this doesn't handle links to images on my site, which I believe accounts for the majority of the warez-related bandwidth.
I'm not aware of a fast, reliable way to stop this (at least, not one that doesn't require replacing every img tag with an ASP function call).
Posted by: Nick Bradbury | Saturday, July 24, 2004 at 12:53 PM
Nick -- A simple solution, the good folks at IISMods (not affiliated with them, just a happy customer) make a really neat product called URLrewrite for IIS.
Visit http://www.iismods.com/
It's an excellent URLrewrite engine that allows you to do a number of things -- We use it when we are replacing a client's legacy website with something new to do clean redirects on old page requests.
In their examples section is:
--- snip ---
Stop people from linking to your files, images and wasting your bandwidth.
Example mod_rewrite.ini
----------
1: Debug 0
2: Reload 1000
3: RewriteCond HTTP_REFERER theirsite.com .zip /denied.htm
4: RewriteCond HTTP_REFERER theirsite.com .gif /denied.htm
--- snip ---
Try it out -- priced VERY reasonably. Again -- no affiliation with iismods, but just an insanely happy customer. We site-licensed both their products on our hosting platform.
BTW, I'm an old old old Homesite customer -- if there's anything I can do to help you with the URLrewriting stuff, don't hesitate to touch base...
Posted by: David Schmidt | Saturday, July 24, 2004 at 10:01 PM
What? $39.90 for a IIS Rewrite Engine when you have a more robust, efficient, powerfoul and FREE rewrite engine on Apache? ... LOL.
Nick, please, consider seriously to switch to an Apache host.
Posted by: someone | Sunday, July 25, 2004 at 03:52 AM
I know how to rewrite URLs with ASP.NET but not ASP, sorry :(
Posted by: Cory Nelson | Sunday, July 25, 2004 at 04:50 AM
Thanks for the tip, David - I'll take a look at IISMods.
Posted by: Nick Bradbury | Sunday, July 25, 2004 at 09:20 AM
If you run IIS 6, check http://msdn.microsoft.com/asp.net/default.aspx?pull=/library/en-us/dnaspp/html/httphandl.asp
and search for "Protecting Your Images".
Posted by: Laz | Sunday, July 25, 2004 at 12:46 PM
Interesting that you have posted this. By far, the most visitors that have come to my blog through a search engine have come using the search phrase "FeedDemon Crack" and have been directed to my post about your efforts to thwart crackers. Hopefully, a few of them read about it and maybe decided not to steal from you, but that's probably being a little too optimistic.
Posted by: Josh | Sunday, July 25, 2004 at 01:28 PM
Josh, I have to confess that the main reason I created that post was so Googling for "FeedDemon Crack" would turn up a page or two of hits about my post. However, I had no illusions that this would dissuade crackers from stealing - instead, I just wanted them to stop asking me for support.
Posted by: Nick Bradbury | Sunday, July 25, 2004 at 09:33 PM
Im currently here sitting, wondering how stupid these "crackers" are for cracking a FREE version of Topstyle when Topstyle Pro obviously is a much better target to crack. Doesn't sound a bit pointless?
I mean if you crack a free version, who exactly are you taking money from? Nick you've commented on how stripped down it is? so exactly what is the point of creating a crack for it???
oh and Nick, Apache is a far more secure and robust, customisable and stable HTTP server software. IIS is an comparativley an open safe compared to Apache.
Sadly, Nick, Piracy can't be erradicated, outside the OpenSource scene, cuz even with light there has to be darkness.
Posted by: t94xr | Sunday, July 25, 2004 at 10:51 PM
Like most windows apps/services IIS doesn't use dot files to edit/store configuration data. If you want to block IP's you just need to go to the properties of the relevent web site in the management console and on the "Directory Security" tab there is an "IP address and domain name restrictions" section. You don't need to buy any third party tools and you certainly don't need to change web servers.
Posted by: Nicholas Hanson | Monday, July 26, 2004 at 12:02 PM
"there is an "IP address and domain name restrictions" section. You don't need to buy any third party tools and you certainly don't need to change web servers."
Totally useless ... what about if Nick wants to block every request from warez sites?, typing manually hundreds of IPs/domains each day? :P.
What Nick needs is a powerfoul rewrite engine.
Posted by: some | Monday, July 26, 2004 at 12:21 PM
I currently have a count of 420 referrers coming from Nick's FeedDemon Crack posting since I linked to it. I also have a few more from web searches.
I thought it was funny to have so many visitors coming from Nick's site to my own. I think I'm getting some spillover of people going to Nick's site looking for cracks and serial numbers.
Posted by: Jason Row | Monday, July 26, 2004 at 12:22 PM
IIS's IP restrictions are used for banning *visitors* based on their IP - so I don't think I could use this to stop warez sites from linking to my images.
An yes, I realize that Apache is more reliable and powerful than IIS. However, the chances of me ever having time to move my domain, database, forums, etc., to a different server are about nil.
Posted by: Nick Bradbury | Monday, July 26, 2004 at 03:13 PM
I know it will cut in your budget, sells might go down etc.
CD Delivery Only - No Online Downloads
Look @ Nero Burning ROM - He has done a good job at cutting down on hacks.
Might want to learn how key generators are being created and attempt to stay ahead of them by one step - Make them work for their money - make nightly builds that change the encryption scheme this way they have to work again and again to build key generators, until they get tired of building key generators once a week just for your program... Problem is that there is not much more you could add to the software, so who would want to buy it if what they can get off an older version (from warez) would do the trick? Make it web based? (Too much money in resources I guess) I don't know Nick... I had told you a while ago about the one website hosting your RSS reader (and he has taken it off since).
What are your legal alternatives outside the US?
It's a battle which you can only win by continuing to fight.
I am new at this whole game and I appreciate good work when I see it and it's a shame to see that 12 year-olds still don't have shit to do @ home
Good Luck Bud
Posted by: Nick Tulip | Monday, July 26, 2004 at 10:57 PM
I would suggest you to setup apache 2 on a different port on the same machine running IIS. In your HTML pages, link your images to the apache server on that port, e.g.
img src=http://bradsoft.com:8080/feeddemon/screenshots/1_sm.gif
Then use all the power of mod_rwrite and leave all your ASP code working the old way.
Posted by: Russ | Wednesday, July 28, 2004 at 08:06 AM
"An yes, I realize that Apache is more reliable and powerful than IIS. However, the chances of me ever having time to move my domain, database, forums, etc., to a different server are about nil".
Well, Nick, everything has a cost. In this case the cost of staying with M$ HTTPd crap (IIS) is more expensive than switching to Apache, but hey, it's your forum, your database and your life :)
But if you choose staying with IIS don't came in two weeks crying because IIS rewrite parsers/engines suck, tha latest WebDAV IIS exploit has ruined your webpage, etc, etc, etc ;)
Posted by: Peter Jackson | Thursday, July 29, 2004 at 02:09 AM
whoa Peter Jackson - hey man.
Great job on Lord of the Rings aye :D
Posted by: t94xr | Thursday, July 29, 2004 at 07:39 AM
Hi Nick,
I'd check the HTTP Referer (yes, I know it's spelled wrong) to see if it matched a warez site. If so, you could do a couple of things. You could just display a blank page. You could display the same page with a polite warning. You could display a normal page, but link a corrupted binary that the patch doesnt work for.
Or, my favorite, display a page with a corrupted binary, and set a cookie. That way if/when the pirater comes back (via a search engine or direct link, and thus avoiding the refferal scheme) you can check the cookie to determine if they tried to pirate it. Wont stop it all, but would help and frustrate quite a few.
Here's some code to check the refferer (not mine, taken from web):
[code]
Dim strHost, strReferer, blnCheckReferer
strHost = Request.ServerVariables("HTTP_HOST")
strReferer = Request.ServerVariables("HTTP_REFERER")
strReferer = Right(strReferer, Len(strReferer) - (InStr(1, strReferer, "://") + 2))
strReferer = Left(strReferer, InStr(1, strReferer, "/") - 1)
[/code]
Posted by: Zachary Tong | Thursday, July 29, 2004 at 08:24 PM
Thanks for the code, Zachory. I'm actually doing something along these lines already, though. The real bandwidth loss comes from warez sites displaying my images, and this can't be prevented using ASP referrer sniffing.
Posted by: Nick Bradbury | Thursday, July 29, 2004 at 08:50 PM
Ahh. Perhaps these would be helpful then:
http://evolvedcode.net/content/code_antihotlink/
Open Source ISAPI Filter for IIS:
http://www.michaelbrumm.com/leechblocker.html
Alternatively, you could take the nasty route of storing the images in a database. Then you access it from an ASP page which binary writes back to the page by pulling from the database and displaying. Ie:
If its external, you can catch it because the page being a "middle man" between the viewer and the image. You can then just check the refferal in image.asp since it is being queried first.
Posted by: Zachary Tong | Thursday, July 29, 2004 at 09:37 PM
Heh, it edited out my img tag example. Here it is:
[ img src="http://www.mydomain/image.asp?index=myPic.gif" ]
Posted by: Zachary Tong | Thursday, July 29, 2004 at 09:40 PM