Do the warez hunters actually work?

[conkermaniac]

The recent abuse problems on many free hosts have led many to design their own warez catcher. The most notable one here is probably WebDude's program. Many others have designed their own scripts.

Now, my question is this: do they really work? The elf has expressed his doubt by saying that no matter what, the warez webmasters will find a way to crack the security and then spread the word. Now, my thinking is that if these programs can already track down split files converted into .jpg's, it's already stopped most of the abuse. And the chances still are likely that warez webmasters will find a way through, eventually. However, as with all things, these warez hunters will improve. Just like bacteria has found a way to resist our anti-biotics, our medicine has improved to counter the stronger bacteria. I think this is a cycle that will continue.

What is your thought on this?

[the elf]

Quote:

Originally posted by conkermaniac
snip snip

Just to add to my "doubt" here, Microsoft had their ant-theft software cracked, and they are the richest company in the world. A piece of software that was going to stop BILLIONS of dollars of theft, poof, cracked, gone. I’m sure they paid a good penny to have the software developed. Now of course the warez masters don't have an actual copy of the warez hunter, but most people that set off to "crack" something, will stay dedicated to the project until it's done. Don't forget, 10 heads (warez masters a.k.a. crackers) are better then 1-5 (the developers). They will just keep going and going and going. They’ll spread the word because people like to brag, for an example, 1 retard cracked an old box I had online here (online for 3 days), sent email to himself along with a few buddies as root. Well, all I had to do was read the mail logs and find out where the mail went, call up the ISP and go "hello". Crackers account CLOSED! So, yes, they will brag because they think it's cool and to get a little useless respect in the warez underground. Respect from handicaps for handicaps, or people that just need to get a life. “look at me, I’m cool! I just shut down ebay, hehehehe”. FBI: And you’re only getting 10 years too! It takes NO SKILL to destroy something, it takes SKILL to create! Does it take skill to bust the little lawn dude, or does it take skill to create it?

Maybe my example was not the best in the other thread, but then I'm not out there to "abuse" free hosts so I have no idea how to "fool" the system nor do I really care. Give a warez master enough time, and you'll be cracked. Maybe not this month, but maybe 6 months down the line. And for the ones that use software to protect, I bet a few of them are cocky "I got software" and if they were cracked, would have no idea. No piece of software, I repeat no piece of software will replace good old fashion police work by the host.


Like I said before, your hunter may find a few accounts, but the ones it misses may be the big one, you know? I think too many people jump the gun by using software and thinking the problem is solved. For an example, my server monitor gives more FALSE alarms then actual failure alarms and I'm sure you people know many security systems give more false reports then actual reports. If you use it as a "find and destroy" you'll end up with a rather limited user base since nobody will trust you as a host. "They'll just delete my account, so @#%# em" or your system will cry wolf so many times you'll just send all the messages to /dev/null.

Sure you can change the software once you find a “loop-hole” but this process will repeat over and over and over. Hosts need something more then a “maybe”.

Also, I don’t really see a point why this was posted in this forum. There are more end users here then free hosts (I can count them on my fingers), and the question is aimed more towards hosts then the end user. By free host I mean just that, not “I have a resellers account and have space to give away” or “I had a free service but it died”.

Oh, and I don’t think anyone will take webdude serious when it comes to getting the script installed or just getting it for that matter. Asking for ROOT access??? Free or not, I’m not going to give anyone I don’t know or trust access to ANY server. So I guess it’s my loss eh? I also see no point in asking for such anyway due to the fact that if the abuser wants the software, they’ll just crack the server, get complete access to it and download the sucker anyway. The best and secure software is open software, not closed and “we need root access” software. If I developed such an application, I would release it into the public, let the abusers find all the holes for ME! Then patch them, so when you think of it, the abusers are helping me find the holes and patch them. In time, the OPEN solution would be more secure then a closed/blind one. Would you trust IIS (closed) or Apache (open) as your web server??

[Webdude]

As for WarezHunter, it doesnt have an auto-install (yet). This means it has to be specially built for each machine it is put on. I can promise you that none of you know how to do this. The script has to run as root, which means it has to be installed by root.

As for you not trusting me to give me root access, I really dont care. I would install it on another machine for testing purposes, and to help out another freehost and keep them from going under.....but I'm really not all that interested in putting my source on another person's servers. I have a lot more to lose than you do. I dont know if you will hand this software over to warez or go into competition with me using my own source.

Next, I am very well known in a number of places, here included. Why would I mess someone's system when I am in there as root? It would kill my rep. I'd be hesitant to log in anyway because someone could always turn around and say I did something I didnt.

As for WarezMasters, there is one way to get around deletion by WH....but I'm not going to tell you. Your files would be logged as "suspicious" for manual review. However, you cannot hide from it unless you find a way to hide from root, which is impossible.....and probably always will be so. I dont need to test it on another host now. I had WH turned off and letting Warez build up on WZ....and we have enough of them to do further testing. Quite a lot of them, and soaking about 20 gigs bw a day.

Oh and just so you know, warez is now hiding programs within midi, .wav, .au, and .mp3 files among others.....

[Cracker]

Quote:

Originally posted by Webdude
I dont know if you will hand this software over to warez or go into competition with me using my own source.

You may be right about others handing the software over to warez, but what's wrong with going into competition? The more hosts that develop their own warez busting software, the more helpless the warez people are! I think you care more about how lucrative the product will be (and how rich you will get off of it) than about the integrity of the internet.

[Webdude]

Did I ever claim this was open source? Of course I want to make money. Why does everytime someone develops something and are concerned about competition, this point comes up? My bills arent free such as mortgage, electric, phone, internet access, etc. I have kids that when they get old enough I want to send them thru college and them have nice things. I developed this software to do that, I host for a living to pay current bills. Dont try to give me a guilt trip about not making it open source or free.

Tell me why I would install it to someone else's server "for free" to help them out before it is ready for release, to have them use MY source to compete with me??

[the elf]

Sure, you've been here for two years and lots of people trust you, but.. I don't. Not yet anyway. This is the first actual talk we've had (btw, nice to meet you ) so I'm sure you can understand me now? When it comes to business, you can't rely on what people say (oh he's nice etc).

Well if I wanted to get technical with your application, I could. Create a new compression format, label the first line (header) or the first 10 lines as a jpg, mark the rest with the warez content. Make sure the format is compatible with browsers (i.e it loads), chop them up, make a few crappy pages and create a program to make filter the jpg crap and re-create the file. Now the file is no longer masked, or renamed as a jpg, but it (to your software) a "uncompressed" jpg with actual software within in. So that to your software, again, it's just a crappy site with big jpg, and when it gets labeled "suspicious" and you check it out, all you see is a high traffic, crappy looking web site. But, it's a clever warez site.

edit: still need to learn how to spell

[Webdude]

Quote:

Originally posted by the elf
Well if I wanted to get technical with your application, I could. Create a new compression format, label the first line (header) or the first 10 lines as a jpg, mark the rest with the warez content. Make sure the format is compatible with browers

Quote:

From WarezChasers.com
The software can identify disguised file types (eg: a zip file that has been hidden as an image type), detects and identifies all files hidden within images

It detects those and kills them right away....they dont even go into the "suspicious" list. There are programs out there that let you hide programs within "working" images or multimedia file. You can download one of these images with a porgram in it, and your graphics program can open and edit the image. You can download an mp3 with a program hidden in it, and winamp, among others, will play the mp3 just fine. WH has no problem finding those.

As for you trusting me, yes I do see your point, and saw it before. I dont expect anyone who doesnt know me to let me log in as root. At the same time, no-one can expect me to install it to another freehost whom I dont know the owner.....

[the elf]

OK ok, you got me there... When I get some free time later today, I'll try think of some more ways.

[Webdude]

LOL. If you allow zips or rars though, it kinda defeats the whole thing anyway. Warez will just upload their stuff zipped up. We will be working on a way to determine what programs these hold though.

[Cracker]

Quote:

Originally posted by Webdude
Did I ever claim this was open source? Of course I want to make money. Why does everytime someone develops something and are concerned about competition, this point comes up? My bills arent free such as mortgage, electric, phone, internet access, etc. I have kids that when they get old enough I want to send them thru college and them have nice things. I developed this software to do that, I host for a living to pay current bills. Dont try to give me a guilt trip about not making it open source or free.

Hmmm, remind me that if I ever win a 30+ million dollar lottery and I open my own ultimate free webspace host to also dedicate my time to writing a warez busting program that's "open source."

[Canuckkev]

I agree that software cannot be completely trusted to eliminate warez, manual review must be done to be sure. But, perhaps for larger hosts, it is more economical to let a few warez sites through, rather than spending hours finding them manually. I don't know, I don't run a large free host ( or small one). If the warez site is using massive bandwidth, then they stick out, and you can delete them. If they use very little bandwidth, and they are missed by the software, does it really matter?

[conkermaniac]

Quote:

Originally posted by the elf


Well if I wanted to get technical with your application, I could. Create a new compression format, label the first line (header) or the first 10 lines as a jpg, mark the rest with the warez content. Make sure the format is compatible with browsers (i.e it loads), chop them up, make a few crappy pages and create a program to make filter the jpg crap and re-create the file. Now the file is no longer masked, or renamed as a jpg, but it (to your software) a "uncompressed" jpg with actual software within in. So that to your software, again, it's just a crappy site with big jpg, and when it gets labeled "suspicious" and you check it out, all you see is a high traffic, crappy looking web site. But, it's a clever warez site.

I thought I already mentioned that most warez hunters designed by hosts can easily catch that...

[the elf]

Quote:

Originally posted by conkermaniac


I thought I already mentioned that most warez hunters designed by hosts can easily catch that...

Seems you missed the posts from webdude.

P.S. I'm still thinking!

[conkermaniac]

Quote:

Originally posted by the elf


Seems you missed the posts from webdude.

I was just pointing it out.

[the elf]

Quote:

Originally posted by conkermaniac


I was just pointing it out.

lol