Hey Everyone,
I have a question about this site. I've been getting a lot of visits from it in the last couple of days.

http://0daycheck.eastgame.net/0day/categories/7_ÓÎÏ·

http://0daycheck.eastgame.net

Its obviously a warez site. Should I be worried? My game has basic protection but non paying customer are only able to download the demo version. They have to pay to get the links to the private section and I am not getting significant traffic to the private section. Could they be getting the rest of the game from somewhere else? Should I be doing anything about this?

Thanks.

Hey Everyone,
Could they be getting the rest of the game from somewhere else? Should I be doing anything about this?
It's so easy to get pirated that it just doesn't seem to be worth worrying about pirates visiting your site. You could do some clever things where the website changes behavior based on the referrer, but... nyeah. I think there's a greater danger of spending too much time defending against these guys. Seems smart to keep monitoring your web logs though.

-Erik

If you use separate demo/fullversion download you have little to worry. Anyway isn't worth it to waste time against them, I found thousand of warez sites and even if I reported to all piracy associations and to their ISP (which are all russians, lol) nothing happened :mad:

You said it, brother. Less than 2 months after release and my CD ISO is up on filesharing networks and multiple sites. The worst thing is hearing lame justifications from pirates like, "this way we spread the game around and give it more exposure." Bleh, bleh, bleh. I just have to let it go and move on to more important things.

-Erik

It's fun to notice, anyway, that the most successfull indie have all their games pirated... but they are pirated because they are successfull or they are successfull because they are pirated? :D

is there not some clever refererrer thing you can do to bounce back any clicks coming from that site? it seems silly to let the pirating scum hog your bandwidth if nothing else?

If you can modify .htaccess you can redirect specific referrals to your site to somewhere else. But usually htaccess is available only on dedicated server (I think, not sure).

Hey Everyone,
I have a question about this site. I've been getting a lot of visits from it in the last couple of days.

http://0daycheck.eastgame.net/0day/categories/7_ÓÎÏ·

http://0daycheck.eastgame.net

Its obviously a warez site. Should I be worried? My game has basic protection but non paying customer are only able to download the demo version. They have to pay to get the links to the private section and I am not getting significant traffic to the private section. Could they be getting the rest of the game from somewhere else? Should I be doing anything about this?

Thanks.

Had any purchases that were classed as "chargebacks"? Such as a stolen credit card?

Here is some info that may help, and may help others here as well. In fact, I've sent emails to some members here in reference to this.

The situation has a whole....
An individual purchased one of our products and within 48 hours, I noticed a odd entry in our server which was requesting the purchased edition. Since they are not stored on the server, there was no threat, but it was an odd request. I started reviewing the server logs and noticed quite a few odd entries that have never been there before. After careful examination, I found most of them were Asian based pirate sites. I kept searching the logs till I found a site located in the USA. It was a newsgroup site that listed binaries.
I did a quick search on their site and found our purchased edition listed. So, next step, open up my email client and subscribed to the newsgroup. Ran through it till I found it and downloaded my own product (sounds funny doesn't it). Scanned it to assure it was clean, opened it and there was the info in all it's glory. Looking through the customer files, I located the purchaser and purchased date. Yep, within 48 hours. I contacted the ecommerce company and gave them the order number and information. Turns out it was a stolen credit card. There are certain aspects I won't mention in a public forum as I'm sure the twits probably read posts in here. Needless to say, if the situation is the same, you'll be seeing a sharp increase in bandwidth usage, mostly from the Asian area. I made some alterations to my htaccess file which now provides the hacker sites with a 403 error. You'll probably notice they are linking to your screenshots. You can change the filename and your PAD file, then update as many distribution channels as possible. I'm using a "shared server" and there is no problem using the .htaccess file, although it's a lot of work :)
Check your server logs carefully as well as any of your sales (in case someone did the same thing with a stolen credit card). I also changed the ecommerce company to one I know probably would have picked up on this situation. Oh, and for what it's worth, when I called the ecommerce company, I felt that they really were not interested in speaking with me, hence, I went somewhere else.

Hope this was of some help....

Hi,
you can block visitors coming from certain sites by opening .htaccess and pasting the following:

order allow,deny
deny from www.warezdomain.com
deny from .warezdomain.com
allow from all

This will deny access to everyone coming from "www.warezdomain.com".

If you don't have access to the file .htaccess you should ask your hosting provider.
If you explain the problem, they will help you :rolleyes:

You can also block all demo (or other file) requests from warez sites.
If you want, i give you a script for this. Just PM or email me ;)

Greets,

Didier

one commercial dev I worked for, the CEO thought it was cool that they thought his at the time latest game was cool enough that pirates would release it in the Warez.

one commercial dev I worked for, the CEO thought it was cool that they thought his at the time latest game was cool enough that pirates would release it in the Warez.
You know, it isn't really such a compliment. The mentality tends to be not "this game is cool, so I will give it to my buddies" but more like "nobody has put this game out yet, so I'll be the first to do it, and my buddies will think I'm l33t".

-Erik

one commercial dev I worked for, the CEO thought it was cool that they thought his at the time latest game was cool enough that pirates would release it in the Warez.

That was my attitude when I noticed Anime Bowling Babes had been warez'ed. Of course, that only really applies if you game is released by one of the big warez groups. It also led to a few support requests from people who hadn't bought the game asking for help with features which were only available in the registered version. But that was no problem, as they never replied when I asked for their order number.

You might as well have a chuckle, because you're not going to stop it and you're probably not being hurt that badly by it anyway ( assuming you've taken basic precautions to stop casual piracy. ) And if you didn't chuckle, you'd probably cry.

What gets me is you could work a minimum wage job for two hours and be able to buy my game. They probably spend more time trying to get it than it would cost them in hours to buy it. Some people are just plain stupid.


I heard there was a way to block people from certain countries visiting your website. Can anyone tell me how to do that?

Thanks for that info Didier. I'll send you a message.


I just found out these crack guys bought a game from me last week. And you guessed it they bought it through RegNow. I've heard some people say RegNow's fraud protection is minimal. Is this right? I might dump them and go with Plimus if this is the case.

Yes, I remember a thread from long ago that Dexterity.com has gone the route of blocking entire regions (China, Vietnam, Russia) based on their IP codes (I think). It might be a simple way to reduce your exposure to the problem but it certainly won't stop it.

That thread may have been on the old Dexterity board now that I think about it. You may have to e-mail Steve directly for more info or maybe someone here remembers how to do it.

one commercial dev I worked for, the CEO thought it was cool that they thought his at the time latest game was cool enough that pirates would release it in the Warez.
Out of curiosity, what was that commercial dev?

As for blocking entire regions - I'd like to do that. I'd block everything apart from japan, europe and america.

What gets me is you could work a minimum wage job for two hours and be able to buy my game. They probably spend more time trying to get it than it would cost them in hours to buy it. Some people are just plain stupid.
I think what you're missing in this equation is that the cost isn't the concern. It may be the rationalization and it may be the excuse they give, but it's not the concern.

The concern is getting the latest games, the fastest, and having the largest collection. That's what drives them and as such, the price of your game is irrelevant.

That thread may have been on the old Dexterity board now that I think about it.This might help:
http://www.indiegamer.com/archives/t-1928.html

As for blocking entire regions - I'd like to do that. I'd block everything apart from japan, europe and america.
If I had done that, I would have miss 57 sales so far in about 2 years... not bad eh ? :)

If anyone here knows how to block countries, I'd be greatful if you could let me know how to do it. I'd really like to scrape these free loaders off as soon as possible.

It might have been in the ASP newsgroups, but I think I remember someone saying that instead of blocking entire regions or referrals from warez sites, they just change the landing page to indicate that "piracy is wrong" or something like that. Apparently people coming from warez sites are potential customers as well, so you can either try to block them and not be completely successful, or try to convert them as regular customers and not be completely successful. One of them results in more sales opportunities than the other. One of them also results in more support problems than the other.

Any thoughts?

Any thoughts?
I rarely ever get a support request that isn't about the order process itself. Hmm. Let's go dig up numbers. Out of about 500 support e-mails, I have only 8 that aren't about the order process. I do have an atypically complex thing people go through when they order to set up an online account, but still...

So I am thinking that pirates wouldn't make a significant increase in support for me. If you have a game with all sorts of wonky bugs in it, then you might get more support e-mails from pirates, but then they are actually doing you a favor (for once), since fixing bugs will benefit you and legitimate users. I worry more about pirates making asses of themselves on my forum. If I get many more kiddies introducing themselves with "U ALL SUK THIS IS GAYEST GAME EVER!!!! OMG WTF", I'll have to moderate all first posts or something annoying like that.

I have reservations about a "please don't pirate" landing page for certain countries. I've got a "please don't pirate" message in the exit screen of my game, and a few people have been sensitive about it. I haven't heard enough misgivings for me to take it out, but it's probably as far as I want to go. For a country-specific landing page, eventually someone would figure it out how it worked by talking on the player forums. Then people would feel hurt about being singled out because of where they happen to live. Like I'm saying "We don't trust Hungarians!" (or Czechs, Russians, Thai, etc.) Already users from the "high risk" countries feel picked on because they have poorer economies and a harder time coming up with cash to buy games.

-Erik

Already users from the "high risk" countries feel picked on because they have poorer economies and a harder time coming up with cash to buy games.

-Erik

Agreed, but I didn't have much of a choice. I've never received business from one specific area of the world. Since my server logs confirm that all the pirates sites hitting my server are from their area, I didn't have much of choice. It's not something I like to do, but when they increase the access traffic 10x, all from the pirate sites, I had to take what action was appropriate. I know the sites are still hitting my server (although now, they are not using any bandwidth) as so far this month, 403's are at over 600, which is much lower than it was last month. I feel it's entirely up to the developer and the situation whether or not to block a specific region. I may eventually remove the block later on depending on the statistics at that time.

my research tells me that that link is part of the international software piracy org, 0day, seems that pirating software is some sort of competition.

That link is part of a search engine.

Also if you really want upcoming releases to be free from piracy. I have a few tips that go beyond anything that has been mentioned in this forum, to this date.

Because this is a public viewed forum, i am unsure posting it here would be a good idea.

Also if you really want upcoming releases to be free from piracy. I have a few tips that go beyond anything that has been mentioned in this forum, to this date.
You should contact EA or some other big publisher and then retire to the bahamas. ;)

my research tells me that that link is part of the international software piracy org, 0day, seems that pirating software is some sort of competition. Are you implying that "0day" is an international software piracy organization? :D Hahaha! 0-Day referrs to the duration the link remain, usually to avoid being caught. And yes, it is "some sort of competition".

Also if you really want upcoming releases to be free from piracy. I have a few tips that go beyond anything that has been mentioned in this forum, to this date. That's a pretty bold statement! (And I should know. I've been labled as making bold statments in the past!)

Because this is a public viewed forum, please private message me for that info. I can't see why you don't just post it here. If it really is that good, then there's no reason not to. If it relies on obfuscation, then you may as well just give up, because someone's going to defect at some point. Besides, obfuscation doesn't seem to help Windows much! ;)

ok ok here goes, but mind you this is a public board, no login required:

quite simple really, doesnt do much for initial release but will help on the updated versions (and that is where your return customers come in)

all you need to do is release version, say 165 for your initial release, then backwards-set each release, 164-163-162. Seems there are rules in even piracy. They are only interested in having the highest version number.
if the version numbers are lower they may crack it, but to release it on the network listed above, is very unlikely.

If you don't believe me, try it. Btw, you need only change the executable version number and have this info tagged into the executable on a simple properties check.

You may think it is bad enough that people are giving your software away, what is worse is that people may be selling your software out from under you on Ebay.

And making a tidy profit to boot, do this search video games on ebay, and search for "Chuzzle" you will find someone that has it, and read feedback, its obvious that its a pirated version.

Wow, he has more than just Chuzzle.. even games like Kahuna Reef. I guess he *could* be a partner of a portal/affiliate, but with a name like key_master10, it's unlikely. :)

Quite sad that warez sites targeted the casual scene as well as they have'been doing with AAA for decades...

The most effective and simplest defence against cracks in my opinion is this, it's really very simple:

- Lets say you have MyGame 1.0 with size 1000kB and someones makes crack on it. All cracks are checking the file size. Lets say you try the crack and it will work. Worst case is when they release cracked exe, but it's only case when the exe is very small, if it's big enough, they will release just the crack. Practically no websites host the cracked setups.

- When they release the crack and a lot of guys start to download it, you do one very simple thing - since all these warez sites link to YOUR setup on YOUR site, you simply change something in the code, add blank 10x10 bitmap to your sprites or whatever so the EXE file is bigger and compile the setup, place it on web. Do NOT change the version number. Now, the crack won't work. The cracking groups won't crack it again because it's cracked already by another group (unless your soft is very popular, and you can still make new version with yet another size). This won't harm anyone, the cracks just won't work.

Only bad thing is that dynamic exe patches won't work too, though.

When someone releases the serial, you can add it to your internal software black list and when someone uses it, display something like:
You've tried to steal this software. Your IP address and ISP was logged, if you won't purchase it in next 7 days, we will report your crime to appropiate law organs.

You can also add line "Use comment [random number] while ordering the software."

But simple message "Don't steal :( Want to buy this instead with 30% discount?" can work too.

And you don't have to log anything of course! :)

I don't recommend releasing newer versions with smaller number as someone else suggested because you are cheating your customers, because they think they've the newest version and that's not true!

Well, just some thoughts, hope they'll help.

Quite sad that warez sites targeted the casual scene as well as they have'been doing with AAA for decades... They'll distribute whatever's popular.

@JiriNovotny: You're close, but the best way to avoid casual cracking is to change the version and something in the code that changes the CRC on a fairly regular basis. You may get by adding a couple extra bytes to the end of the executable without anyone noticing. Nothing's gonna stop them from cracking, but if you can stop all the users from using that crack, you'll save a little skin. But not much. Bandwidth will still be eaten because they think the crack will work. You can just hope that a couple will buy the game because they can't crack it. (I'm not a member of the class that believes if a person is gonna crack it, they'd never buy it.)

That said, a simple serial generator will ruin things permantently. Just a thought.

@SoniCron: Well, I've made pretty smart serial checking and I'm pretty sure noone will reverse engineer it in the next few years. It's not that hard to make and I enjoyed creating it very much. And I'm not talking about change at the end of the code, but any change that will affect the size of the file. If they can't use the crack and get option to get the full version with big discount, it MAY convert some of them.

Changing the version won't work because they will release new crack. Point is that you must keep the SAME VERSION. They won't release new crack because there is one already. Yes, they can release new crack, but the old one will be on the net too and it won't work. And they will have same names. They'll be for same versions. And you can again just make some little change in the code and stop it from working too.

And if you convince the guys who wanted to use the crack to buy your software, it's not bandwidth wasted. That's really small minority of people, however, there are almost always more cracked versions than the legal ones.

Point is that you must keep the SAME VERSION. They won't release new crack because there is one already. Yes, they can release new crack, but the old one will be on the net too and it won't work. And they will have same names. They'll be for same versions. And you can again just make some little change in the code and stop it from working too.There's always MD5.

There's always MD5. And MD2. And MD4. And SHA-1. And SHA-2 256. And SHA-2 384. And SHA-2 512. And RIPEMD-160. And PANAMA. And TIGER. And ADLER32. And CRC32. What's your point?

That keeping the version number the same is of no value when it's possible to check the file's "version" by obtaining its checksum.

Ah, so on crack sites, you would see something like:

Warcraft 3 XE$#$SAGDS$[]3232
Warcraft 3 2%X?%MDI$#89@!`~

... ? You simply don't understand how this cracking machinery work, man. Think more.

MD5 sums don't look quite as ugly as that, but in any case it's not like such a thing represents a significant obstacle to those looking for a crack. It's a bit like a long version number. Just copy, [CTRL]-f and paste to find your crack among a list of cracks. Heck, you could even program the crack to obtain the executable's checksum and apply the appropriate patch automatically.

In that case you would need all the previous versions. You spend 5 minutes making new one and they'll be cracking it for long hours. They'll drop off. However, I had to release just one or two and there wasn't any working crack. They will simply wait for the new version, so the cracks always work only few days. And that's not bad at all.

And how can normal user obtain the checksum?

Btw... they can't know that it don't work already. They try it once and forget about it. And angry crack-users can't contact them, because normal people usually never can.

Just copy, [CTRL]-f and paste to find your crack among a list of cracks. Heck, you could even program the crack to obtain the executable's checksum and apply the appropriate patch automatically. Nothing will ever stop someone from cracking your software. However, you can minimize the effect by keeping casual users from cracking the software easily. I had no idea you could search for the checksum, as I'm sure most people don't. If you want to get something, it's definately possible. It's just a matter of how difficult it is to get it. Hell, distributing the already cracked version via P2P is the easiest method. Which is why all you folks should have Sharaza running 24-7 with several differently named copies of your games being shared. Enough "chuzzle-1.0-with-KEYGEN-PARADOX.rar" being shared by Raptisoft will flood the searches with not-really-cracked versions, thus making it harder to find the real one. Many will give up, I promise. ;) Hmmm, that gets me thinking... (http://forums.indiegamer.com/showthread.php?t=3471)

In that case you would need all the previous versions. You spend 5 minutes making new one and they'll be cracking it for long hours.Does that mean you're changing the validation code with every update? If not, it's a trivial matter to crack the new version after you know how to crack the old one. Heck, you could even automate the process by programming the crack to search for the location of the game's validation code (since we know what it looks like), and patch it accordingly.

And how can normal user obtain the checksum?As easily as being told where to find the software that will calculate the checksum for you.

Enough "chuzzle-1.0-with-KEYGEN-PARADOX.rar" being shared by Raptisoft will flood the searches with not-really-cracked versions, thus making it harder to find the real one. Many will give up, I promise.
Then they'll upload the full version of the game and stop worrying about the crack. You can't stop or even slow down the hardcore pirates. Don't waste development time worrying about them.

Then they'll upload the full version of the game and stop worrying about the crack. You can't stop or even slow down the hardcore pirates. Don't waste development time worrying about them.

I think he meant that this would only work on casual pirates.

It's a pretty funny idea :)

I think the same applies for "casual pirates" too (is it me or this "casual pirates" really sounds funny? :-P); they'll just release the full version.

"Casual" and "indie" games are sold over the net. So they are made "downloadable" (when it comes to size). Sure, web hosts usually don't allow such software in their servers, but there is always P2P.

Personally i'm gonna put a simple anti-crack mechanism on my game. I don't think that i can do anything else to prevent people stealing my software, anyway; if they want to do it, they'll do it. It's software we're talking about and it's lost war.

Why not use Armadillo to protect your game? Its dirt cheap considering what you pay for it. They claim its never been cracked. I don't know if that is true though.