p2pnet - rss feed: DirIndexFaker, reloaded
p2p news / p2pnet: Sony BMG, Vivendi Universal, Warmer Music and EMI, the venal members of the Big Four Organized Music cartel, are terrorizing their customers like there’s no tomorrow, simultaneously trying to gain control of how music is distributed online, and by whom, and to bludgeon people like you into buying ‘product,’ as they term the grossly over-priced, low quality digital files they’re attempting to palm off via the likes of iTunes.
OM clearly hasn’t heard of critical mass and while it accumulates, members of the p2p community are keeping things interesting.
Yesterday we reported on an application being developed to stymie Organized Music’s attempts to find new victims.
It’s a php script that, “generates fake apache directory indexes for the purpose of slowing, and overloading with false positives the RIAA/MPAA’s spider bots,” as Steve, its creator, described it to p2pnet.
“I’d like to add the ability to load the web page much more slowly so it also takes the spider a very long time to examine the fake file list,” he said at the end of the post.
“The problem is that this will also place a high load on the person running the scripts server. So as soon as I can think of a solution to that one I’ll implement it.”
No problem. In fact, almost no sooner said than done >>>>>>>>>>>>>>>>>>>>>>>>
DirIndexFaker’s A Hit!
By Steve - Quicksilverscreen.com
Wow! I’ve gotten such an overwhelmingly postive response on DirIndexFaker, mostly thanks to a writeup over at p2pnet.net, that I’ve decided to answer a few questions, and incorporate a few of the suggestions I’ve received.
One insightful comment I received over at p2pnet.net noted:
A big minus is that reloading the page actually gives different results. All a bot would have to do is to load the page twice and check whether the results are different.
However, this is easy to fix. By changing the random-seed to take just the date as a seed, an not the time in microseconds, you can make sure that generated content remains the same for one (or maybe several) days.
Well, I implemented that. Now the Index will only update once every twenty four hours.
Another frequently requested feature was to add a delay so that the script would load SLOOOOOWLY, well that’s done. It will be enabled by default, so to disable it you must comment a line at the top of index.php.
Another frequently requested addition was a ‘tarpit’ style maze to keep the bot stuck in recursive loops, well I haven’t finished it yet, but I’m working on it. 
A lot of people wondered if the RIAA, MPAA, or other copyright goons would come shut them down for running this. My answer is no. If they do try, you will be able to sue the crap out of them for failing to perform due diligence in their research. You see the data in the fake files is not random, it is actually the source code of the script itself over, and over again. 
So to prove your innocence in court all you must do is open the ‘mp3′ in notepad. Even a public defender could handle that case.
You can get the updated version here.
Anyhow thanks for all your support, and remember to email if you have any suggestions for future versions!
[Just in case, there’s also a copy here.]
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local political representatives. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance.
Read:-
no tomorrow - Happy Christmas from the RIAA, December 15, 2005
December 16th, 2005 at 1:33 am
Umm, can someone answer this:
The fake files are actually the source code for the script, right?
If the source code is copyrighted by Steve, and someone (RIAA) tries to download the fake file, have they just infringed Steve’s copyright?
People who actually run the script have received a licence from Steve to run the script, but people who download the script through a(n accidentally) misnamed file DO NOT have the rights to the source code, hence they infringe Steve’s copyright.
December 16th, 2005 at 1:50 am
I am running this script on www.rockmep2p.com , and will keep it updated as Steve does too. Now if we could just get everybody with php enabled web servers to run this script, that would be awesome!
Thanks, Smitty
December 16th, 2005 at 5:21 am
Nothing like a get back for those little Xmas presents these goons want to send out. Doing this can do nothing but add to their time and wasted efforts to chase their tails.
The more the merrier in this case. Consumes computer cpu, bandwidth, and time. Something they have no compuntions about doing for the average user. Returning the favor in spades would be such a welcome present from average Joe.
December 16th, 2005 at 8:20 am
Ok, so the plan is to attract and tar pit RIAA spiders. So is there any information about these?
- IP numbers they come from?
- User Agent strings?
- Do they obey Robots.txt?
- What source information are they working from?
It seems like you really want to keep users and search engines away from the dirindexfaker page but then how will the RIAA find it?
Perhaps a better approach would be to add entries in your main .htaccess to redirect the RIAA and *only* the RIAA to this page and then to get really aggressive about tar pitting and disabling them, perhaps combining it with some long lived and rapid fire requests back at their source websites.
Feels like this whole plan needs a bit more planning. What are we actually trying to do here? Poison MP3 web Searches in the same way as the RIAA tried to poison P2P searches? Is that productive?
December 16th, 2005 at 8:58 am
This is one of the funniest things I’ve read in weeks.
Good job!
All I can say is if I win the Megamillions, I’m sending you a big check for this great idea.
lol.
Hope it helps fry those goons’ rotted out brains.
December 16th, 2005 at 9:21 am
Ha ha ha, yes, genius!!
Sue the crap out of them Steve!!
December 16th, 2005 at 9:35 am
Would it be possible to make a website/non-website owner use a similar version of the DirFake files to counter the ISP snoop law. I don’t know how it would be done, but crashing a few ISP’s would almost definitely cause Europe to repeal their Snoop Law.
December 17th, 2005 at 8:51 am
Mwahahahahahahahah! This has to be one of the funniest articles I’ve read. Serves the RIAA right for trying to sue us. Too bad I don’t have a web server to put this program on.
Absolutely bloody brilliant!
Next step: one for the Gnutella, G2, and ED2K networks that won’t confuse real filesharing software.
December 18th, 2005 at 2:26 pm
- IP numbers they come from?
You would have to asume they come from different (random) IPs
- User Agent strings?
If they are smart they would probaby try to hide their identity, so they would be advertising as eather IE or even Firefox
- Do they obey Robots.txt?
If they want to find something probably no
- What source information are they working from?
If by that you mean what they are looking for - probably list of artist names, titles of songs and albums…
“What are we actually trying to do here? Poison MP3 web Searches in the same way as the RIAA tried to poison P2P searches? Is that productive?”
This could poison the system, but if you look at 3rd answer its clear what to do. Put this script in a place where robots wouldn’t go (robots.txt) and mp3s in a non-hidden robots-visible folder
But as I said in a comment to previous story - if your busines is web-hosting stay clear!!! It’s hard to make a living if your source of income is taken away as evidence… even if there is no actual evidence, you have to wait for a long time before you get to court…
December 19th, 2005 at 7:08 am
>>A lot of people wondered if the RIAA, MPAA, or other copyright goons would come shut them down for running this. My answer is no. If they do try, you will be able to sue the crap out of them for failing to perform due diligence in their research.<<
I am reminded of a comment made a few times too often by a certain nephew of mine. He would frequently insist that Law enforcement can’t do this or can’t do that - it’s a violation of constitutional rights. While it might be true that they are not technically allowed to violate your rights, it certainly doesn’t keep them from doing it; and when the time comes to explain why or on what premise the person’s rights were violated, it’s amazing how often they are able to produce credible “probable cause” — and make it stick in a court of law.
To suggest that OM won’t shut down those sites is a bit naive. If they even suspect they’ve been duped, you can bet next year’s salary that they’ll close down the site faster than you can sneeze. So, later, you sue them for failing to perform due diligence in their research. I have a feeling that by the time the matter could come to trial, they will have easily covered their bases.
I am not disparaging the use of DirIndexFinder — au contraire! I love it. I am merely suggesting that anyone planning to use it should do so fully aware of what the repercussions might be.
Here in America, they can’t get away with violating a person’s constitutional rights, and they certainly can’t get permission to do so from a federal court that meets in total privacy. They can’t take away your right to unreasonable search and seizure without a warrant, and they can’t deny you the right to confront your accusers and to know what evidence is being used against you.
Guess again:
Inside America’s Secret Court: The Foreign Intelligence Surveillance Court — http://fly.hiwaay.net/~pspoole/fiscshort.html
If you don’t know about the FISA, you are in for one helluva surprise.
December 20th, 2005 at 5:51 am
It might be slightly more effective to put the script into an .m3a, .m3u, or .cue file which are actually text files, thus a more intelligent ‘bot (if they are capable of such a thing <snicker>) would be expecting text when examining these files as opposed to the headers of an .mp3 file.
Perhaps this should be put on SourceForge so change requests and bug reports can be submitted? <just kidding>
–TurboGeek