How your keycodes get onto a warez site..
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
Interesting reading. Thanks for taking the time to tell the story. This is the kind of injustice that makes me want to start hitting people. Michael 'Curiosity's always been my downfall' - The Doctor: The Caves of Androzani
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
Very grim. I've had problems of this sort myself in the past, though I never approached 7GB of piracy in a single day! I'm seriously considering abandoning distribution via the web entirely. Market via the web, distribute via CD which requires activation of some sort, and only allow one activiation per unique CD id. It'd be more of a hassle, and will increase overhead, but what's the alternative? Of course, this method would no doubt be vulnerable to some other ploy, but reliance on web-based distribution is becoming untenable.
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
I've thought about this and I think Microsoft has the best scheme. Make the user activate...once they've activated, make sure you have their IP, hardware config, etc. Hey, they're already downloading your software...what's a few minutes more online for an activation process, eh?
Hawaian shirts and shorts work too in Summer. People assume you're either a complete nut (in which case not a worthy target) or so damn good you don't need to worry about camouflage... -Anna-Jayne Metcalfe on Paintballing
-
Very grim. I've had problems of this sort myself in the past, though I never approached 7GB of piracy in a single day! I'm seriously considering abandoning distribution via the web entirely. Market via the web, distribute via CD which requires activation of some sort, and only allow one activiation per unique CD id. It'd be more of a hassle, and will increase overhead, but what's the alternative? Of course, this method would no doubt be vulnerable to some other ploy, but reliance on web-based distribution is becoming untenable.
LunaticFringe wrote: distribute via CD which requires activation of some sort I've thought about it too, but there are so many positives to doing it via the web that it's not really an option. In any case, much of the pirated software that I've come across in the last few days of investigation is shrink wrap off the shelf stuff anyway, so it's not a solution. One advantage of our method is that we were able to zap that keycode in our executable and post it back to the website in minutes, if it was on a CD we would be screwed completely.
-
I've thought about this and I think Microsoft has the best scheme. Make the user activate...once they've activated, make sure you have their IP, hardware config, etc. Hey, they're already downloading your software...what's a few minutes more online for an activation process, eh?
Hawaian shirts and shorts work too in Summer. People assume you're either a complete nut (in which case not a worthy target) or so damn good you don't need to worry about camouflage... -Anna-Jayne Metcalfe on Paintballing
David Stone wrote: Make the user activate...once they've activated, make sure you have their IP, hardware config, etc. I'm starting to lean towards this, we already distribute via the net anyway and so the client must have an internet connection. Something to consider. Of course there are probably ways around it as well. It's amazing how open and prevalent these warez sites are. Plus all the newsgroups dedicated to it on Usenet. I don't know much about how usenet works, but it seems to be the primary distribution method for this info and or files and it seems odd that no one has shut down these newsgroups. There is a lot of Microsoft software there and you would think Microsoft would have the clout to get it shut down.
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
Wow, what an unfortunate turn of events. X| John Cardinal wrote: Bottom line is that technically, we're out USD$20,000.00+ worth of licenses from the people that downloaded before we patched our software to not use that keycode (of course they will never be able to upgrade) I have to disagree here. You're not really out $20,000, because chances are that most of those people would have never purchased the product in the first place. They downloaded it for any number of reasons; some to try it before buying it; others to use it on a daily basis; and maybe some just because it was free. So you can't assume that everyone of those individuals would have eventually bought the product from you, assuming that they could all afford it. The fact that the pirated version can't be upgraded will probably cause those who can afford it and want to use regularly to buy it at some point. That's my feeling, and if that's the case, then you'll be fine. Still, I can't imagine the frustration you must have felt through this whole ordeal. Regards, Alvaro
-
Wow, what an unfortunate turn of events. X| John Cardinal wrote: Bottom line is that technically, we're out USD$20,000.00+ worth of licenses from the people that downloaded before we patched our software to not use that keycode (of course they will never be able to upgrade) I have to disagree here. You're not really out $20,000, because chances are that most of those people would have never purchased the product in the first place. They downloaded it for any number of reasons; some to try it before buying it; others to use it on a daily basis; and maybe some just because it was free. So you can't assume that everyone of those individuals would have eventually bought the product from you, assuming that they could all afford it. The fact that the pirated version can't be upgraded will probably cause those who can afford it and want to use regularly to buy it at some point. That's my feeling, and if that's the case, then you'll be fine. Still, I can't imagine the frustration you must have felt through this whole ordeal. Regards, Alvaro
Alvaro Mendez wrote: I have to disagree here. You're not really out $20,000, because chances are that most of those people would have never Yup, I know, which is why I said technically. I agree with all your other points as well, bottom line is that we're no Microsoft, we're a pretty small company and we're down a few days of work dealing with this so in expenses we're down the price of a license, the price of lost time and productivity of two of our senior staff dealing with this, a few hundred dollars lawyers fees to find out what's involved, lot's of long distance calls all over the U.S., bandwidth charges from our ISP, lost revenue when our site went down while the ISP was trying to block that referrer and real paying customers couldn't get through, delays for downloads of legit people because the file was being hammered so heavily on our site etc. In real expense just to deal with this, completely ignoring the lost sales potential we're probably out a few thousand at least which is big for us. The ironic thing is that the pirated license was for a single user and our evaluation allows for 10 users and has no other limitations except for one minor one that you can't change the user names so in effect if people did it to try it out, they actually got less features than they would have got by just trying it.
-
Interesting reading. Thanks for taking the time to tell the story. This is the kind of injustice that makes me want to start hitting people. Michael 'Curiosity's always been my downfall' - The Doctor: The Caves of Androzani
-
David Stone wrote: Make the user activate...once they've activated, make sure you have their IP, hardware config, etc. I'm starting to lean towards this, we already distribute via the net anyway and so the client must have an internet connection. Something to consider. Of course there are probably ways around it as well. It's amazing how open and prevalent these warez sites are. Plus all the newsgroups dedicated to it on Usenet. I don't know much about how usenet works, but it seems to be the primary distribution method for this info and or files and it seems odd that no one has shut down these newsgroups. There is a lot of Microsoft software there and you would think Microsoft would have the clout to get it shut down.
John Cardinal wrote: I'm starting to lean towards this, we already distribute via the net anyway and so the client must have an internet connection. Something to consider. Of course there are probably ways around it as well. You could use encrypted web service calls (using a SOAP toolkit if you aren't using .NET)...I've always thought that sounded like the best solution. There are always ways around something, but a little protection is better than none.
Hawaian shirts and shorts work too in Summer. People assume you're either a complete nut (in which case not a worthy target) or so damn good you don't need to worry about camouflage... -Anna-Jayne Metcalfe on Paintballing
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
Thanks for sharing this with us, Can Visa really pursue an investigation into China ? John Cardinal wrote: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. err.. could it be ....al-Queda :omg:
-
Thanks for sharing this with us, Can Visa really pursue an investigation into China ? John Cardinal wrote: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. err.. could it be ....al-Queda :omg:
-
So for anyone who is interested in how a license key gets onto one of those piracy sites I can now speak from experience: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. Last weekend hits to download our software on our website go through the roof, 1000 times more than normal. We backtrack the link and find it's a Chinese site that does nothing but provide license keys, cracked versions of software etc. We find that a link has been placed to our software with the license key and regto name 4 days after it was purchased. We get pissed off, immediately update the download to not work with the keycode in question, problem is that hundreds and hundreds of people have already downloaded and our software is mirrored at tucows which takes forever to update. They continute to download at an astonishing rate, we're over 7GB of bandwidth on Sunday alone. There can't possibly be this many people actually interested in the software, I get the feeling that they are people that would download anything if it's free. We can't simply move the file on our site to break their link, it's linked to by thousands of shareware sites, tucows etc. Our isp tries all day to block anyone coming in with the referrer of this chinese cracker site, ultimately manages to only cause everyone coming to any page on our site to get a permission denied and finally gives up and can't do anything about it. (it's an IIS server, not unix). Mean while, while all this is going on, we contact our lawyers, they start rubbing their hands together, I realize this is going to cost a lot of money so we opt to try to sort it out ourselves. We call the Canadian and U.S. big anti software piracy groups. They basically laugh at us and say give is $5,000.000 to sign up and we'll take a look at it. At this point I'm even more pissed off so I decide it's time to just phone and find out what's going on. I phone the credit card owner, they have no idea what our software is and it turns out have many other charges they didn't authorize. (note, this is a nice older couple, no chance they did this, their credit card info was stolen). I phone the person who we emailed the license key to, he works in another state entirely from the credit card owner, turns out their network was hacked into and our software wasn't the only one that was stolen through thier network and email, they have sinced patched and have kept all the records for any criminal investigation.
While download.com and the like were useful a couple of years ago, they don't make sense these days (google results, ad words, ...) and they add even more pain than predicted since, as you said, they basically mirror versions of your software that you are willing to retire. When you knw that, on top of that, download.com requires authors to pay only to upload the software, it makes me wonder whether download sites are gone nuts at all. Don't be disgusted, in your next software product, keep a central download site, and upgrade often your product with new keycodes (especially if it's popular).
-
I've thought about this and I think Microsoft has the best scheme. Make the user activate...once they've activated, make sure you have their IP, hardware config, etc. Hey, they're already downloading your software...what's a few minutes more online for an activation process, eh?
Hawaian shirts and shorts work too in Summer. People assume you're either a complete nut (in which case not a worthy target) or so damn good you don't need to worry about camouflage... -Anna-Jayne Metcalfe on Paintballing
As much some people will say it's an invasion to their privacy, live online activation is the future against software piracy... M$ got a lot of heat when they used it for Windows XP, but now Adobe and some other companies are using this technology. --------------- Tired of Spam? InboxShield for Microsoft® Outlook® 2K/2K2/2K3 http://www.inboxshield.com
-
Thanks for sharing this with us, Can Visa really pursue an investigation into China ? John Cardinal wrote: On September 11th we get an order for one license of our software. We email the unique license key to the address provided. err.. could it be ....al-Queda :omg:
Vivek Rajan wrote: Can Visa really pursue an investigation into China ? Probably not, but who knows where the person that did it originally came from. I doubt it was China. And we found that the keycode originated through a usenet newsgroup then ended up on a number of sites, that one was the worst. The others all respected a DMCA notice I emailed them, but the Chinese site is a problem and everyone I've talked to agrees that it's pretty much hopeless to go after a chinese site. Vivek Rajan wrote: err.. could it be ....al-Queda Heh heh, they have an odd interest in business software if that's the case. No, it's probably done like this: Someone who is interested in our software posts on usenet a request for a crack or keycode for our software. Some punk somewhere takes it as a challenge and the rest is history. Why the perpetual usenet cracking newsgroups aren't shut down is a mystery to me, they seem quite able to shut down newsgroups for other reasons or at least limit them. My next project is to find out how Usenet works and if there is anyone in control of it. Probably a waste of time but who knows, you never know unless you try and there are a lot of very big software publishers affected on those newsgroups so maybe they can help.
-
While download.com and the like were useful a couple of years ago, they don't make sense these days (google results, ad words, ...) and they add even more pain than predicted since, as you said, they basically mirror versions of your software that you are willing to retire. When you knw that, on top of that, download.com requires authors to pay only to upload the software, it makes me wonder whether download sites are gone nuts at all. Don't be disgusted, in your next software product, keep a central download site, and upgrade often your product with new keycodes (especially if it's popular).
-
As much some people will say it's an invasion to their privacy, live online activation is the future against software piracy... M$ got a lot of heat when they used it for Windows XP, but now Adobe and some other companies are using this technology. --------------- Tired of Spam? InboxShield for Microsoft® Outlook® 2K/2K2/2K3 http://www.inboxshield.com
LukeV wrote: MS got a lot of heat when they used it for Windows XP, but now Adobe and some other companies are using this technology. And others have been using it for years.
David Wulff The Royal Woofle Museum
"I live very much in the real world, it's just not the same world shared by most other people"
-
As much some people will say it's an invasion to their privacy, live online activation is the future against software piracy... M$ got a lot of heat when they used it for Windows XP, but now Adobe and some other companies are using this technology. --------------- Tired of Spam? InboxShield for Microsoft® Outlook® 2K/2K2/2K3 http://www.inboxshield.com
LukeV wrote: live online activation is the future against software piracy... How so? There are Windows XP pirate copies all over the internet.
-
As much some people will say it's an invasion to their privacy, live online activation is the future against software piracy... M$ got a lot of heat when they used it for Windows XP, but now Adobe and some other companies are using this technology. --------------- Tired of Spam? InboxShield for Microsoft® Outlook® 2K/2K2/2K3 http://www.inboxshield.com
LukeV wrote: live online activation is the future against software piracy It will be (already is) cracked, like any other protection. It's the never ending fight of the shield against the sword
In every work of genius we see our own rejected thought. - François Rabelais
-
Vivek Rajan wrote: Can Visa really pursue an investigation into China ? Probably not, but who knows where the person that did it originally came from. I doubt it was China. And we found that the keycode originated through a usenet newsgroup then ended up on a number of sites, that one was the worst. The others all respected a DMCA notice I emailed them, but the Chinese site is a problem and everyone I've talked to agrees that it's pretty much hopeless to go after a chinese site. Vivek Rajan wrote: err.. could it be ....al-Queda Heh heh, they have an odd interest in business software if that's the case. No, it's probably done like this: Someone who is interested in our software posts on usenet a request for a crack or keycode for our software. Some punk somewhere takes it as a challenge and the rest is history. Why the perpetual usenet cracking newsgroups aren't shut down is a mystery to me, they seem quite able to shut down newsgroups for other reasons or at least limit them. My next project is to find out how Usenet works and if there is anyone in control of it. Probably a waste of time but who knows, you never know unless you try and there are a lot of very big software publishers affected on those newsgroups so maybe they can help.
John Cardinal wrote: Probably not, but who knows where the person that did it originally came from. I doubt it was China. Don't be so quick to dismiss China. When Microsoft, IBM, et al look into where most of their pirated software is coming from, China always comes to mind.
Five birds are sitting on a fence. Three of them decide to fly off. How many are left?
