The Old Joel on Software Forum: Part 3 (of 5)

The anti-patch

A few weeks ago I saw with amusement and a certain degree of horror a partial patch for our humble application in several sites. Our application became very popular in less than 12 hours; people from all over downloaded our application and visited our web site. Not very concern, since we are a business to business micro-company, we took no action and enjoyed the show.

Several gigabytes later, and just to follow up, we decided to create an anti-patch. We re-released the application with the same version number but with some basic changes. This changes effectively neutralized the patch created, more or less. Since cracks cannot be recalled, the reputation of the “team” went to the floor. Reputation is very important in these circles it seems. They did retaliate with a short DDOS Attack.

Just sharing.

More on the same: http://www.inner-smile.com/nocrack.phtml

Can't sleep
Friday, October 17, 2003

". Since cracks cannot be recalled, the reputation of the “team” went to the floor. Reputation is very important in these circles it seems. They did retaliate with a short DDOS Attack."

why _do_ people make these kinds of stories up?

FullNameRequired
Friday, October 17, 2003

Munchhausen, but not by proxy?

Simon Lucy
Friday, October 17, 2003

What he posted is very possible.

If you don't have the experience with battling crackers and warez sites, just STFU.

Yes - cracking groups create cracks in order to gain reputation in their circles.

It is, indeed, odd that they retaliated with a DDOS attack, but it's possible.

Jericho
Friday, October 17, 2003

Jericho,

OK, it *might* be true but it seems exaggerated. Or at least something does not smell right. Consider:
"we are a business to business micro-company"
"Several gigabytes later"

Who is going to download gigabytes of B2B software? And how come a micro company writes software that so many people want?

And also the whole DDoS thing. What hosting setup (for a "micro company") handles "several gigabytes" worth of downloads but gets DDoS-ed? And what did the "team" use? TFN? Stacheldraht?
How many people do you need running zombies to make this feasible, and even weirder, why attempt DDoS-attacking a no-name micro company that does B2B stuff?

BTW, security question, how many DDoS zombies are in the wild nowadays? Anyone know of a survey or something on it?

It looks like bull
sounds like bull
feels like bull

But, I have to concede, it might be chocolate mousse with a strange texture :)

Gerrie Swart
Friday, October 17, 2003

You are right on many of the points you made.

>> "we are a business to business
>> micro-company"
>> "Several gigabytes later"

> Who is going to download gigabytes of
> B2B software?

It depends on the size of the software - maybe it has 100 MB, so 10 downloads = 1 GB.

Our software is a lot smaller than that, yet we still use about 2-2.5 GB of transfer per day.

> And how come a micro company writes
> software that so many people want?

This is possible - think of Napster, Kazaa, etc. However, these are not B2B apps.

> And also the whole DDoS thing. What hosting
> setup (for a "micro company") handles "several
> gigabytes" worth of downloads but gets
> DDoS-ed?

There are specialized hosting services for software companies - they host downloads, mainly.

Jericho
Friday, October 17, 2003

Jericho,
OK, point taken :) I'll stop being in nasty mode now. Dunno, I should probably not post on fridays ;)

Gerrie Swart
Friday, October 17, 2003

> A few weeks ago I saw with amusement and
> a certain degree of horror a partial patch for
> our humble application in several sites. Our
> application became very popular in less than
> 12 hours;

I forgot an important thing: you can use .htaccess to ban downloads from certain sites (certain referers).

Jericho
Friday, October 17, 2003

Gerrie,

>> It looks like bull
sounds like bull
feels like bull

But, I have to concede, it might be chocolate mousse with a strange texture :) <<

Thanks - best laugh I've had all day.

Mark

Mark Pearce
Friday, October 17, 2003

This is even more amusing :) Our software has a small size and it was downloaded thousands of times in less than a week. If your server cannot handle that, then look for a good hosting solution.

Individuals can use our software but we don’t expect purchases from them, we target other business.

The DDOS Attack didn’t affect our servers because it crippled the router.

And finally, why target us, a micro-company? I cannot answer that, I have no clue.

Can
Friday, October 17, 2003

As far as I know you can block ranges of IPs and domains using .htaccess .

This will not stop someone who clicks in a link to your site from the site you have banned. You would have to block individual surfers.

a
Friday, October 17, 2003

"
If you don't have the experience with battling crackers and warez sites, just STFU."

LOL...battlin crackers and warez sites? god help me. I regularly go looking for serial #'s related to my software and disable those I find..is that what you mean?
<g> its not so much a battle as an incredibly boring chore...

"Yes - cracking groups create cracks in order to gain reputation in their circles."

no shit?

actually that part I had no real issue with, but the overall implications were total bs.

stuff like this:
"Since cracks cannot be recalled, the reputation of the “team” went to the floor."

utter bollocks, the kind of grandiose claims that people make to impress people. In my experience the 'reputation' of the 'team' doesn't suffer much one way or the other, mostly they just find another way to crack it.
No one _cares_ There are a number of methods to bypass the copy protection I use posted to the internet, as I find them I tweak things so it no longer works, eventually they find another approach that does, the old methods stil circulate and presumably they stop working, but the people who use hacker sites seem to get used to it.

<shrug> boring and tedious for both sides I imagine.

then this little gem:
"Reputation is very important in these circles it seems. They did retaliate with a short DDOS Attack."

have you ever heard such genuinely posturing crap? I mean, fine, you want to get people to look at your website, but speaking for myself Im more interested in people who sound like they (a) know what they are talking about and (b) aren't trying to make themselves sound more impressive than they are.

total bs, right from the word go. there is a positive side though, it sounds like a good introduction to an interesting book to me....

FullNameRequired
Friday, October 17, 2003

>> "If you don't have the experience with
>> battling crackers and warez sites, just
>> STFU."

> LOL...battlin crackers and warez sites? god
> help me. I regularly go looking for serial #'s
> related to my software and disable those I
> find..is that what you mean?

Yes. And other things, like reporting pirated software sites to their hosting providers.

This way I can shut down about 30-40% of the pirate software sites.

Also, modifying our software so patches don't work anymore, etc.

>> "Yes - cracking groups create cracks in
>> order to gain reputation in their circles."

> no shit?

It is 100% true. Just download a few cracks, and read carefully the .NFO files included.

>> "Since cracks cannot be recalled, the
>> reputation of the “team” went to the floor."

> utter bollocks, the kind of grandiose claims
> that people make to impress people. In my
> experience the 'reputation' of the 'team' doesn't
> suffer much one way or the other, mostly they
> just find another way to crack it.

Yes, this is true. But that was the original poster's interpretation.

So, <SARCASM> hit him as hard as possible for not knowing enough about the cracking "scene" </SARCASM>.

Jericho
Monday, October 20, 2003

" <SARCASM> hit him as hard as possible for not knowing enough about the cracking "scene" </SARCASM>"

hi jericho...well..usually I wouldn't, but in this case he is claiming to be an expert, yet its painfully obvious he either has no clue or is deliberately giving a misleading image of how it works to impress us with his grandeur.

frankly I dont think he should be posting to a forum like this...he'd be more at home impressing 'management' type people, and more likely to fool them.

FullNameRequired
Monday, October 20, 2003