I Just Nuked India Muahahahah

by gxd5
49 replies
So, I am checking the stats on my server logs, and I notice a huge spike in traffic on one of my directory sites. SWEET! Did it go viral? Am I getting stumbled or dugg?

I pull up the referrer log, and what do I see? Hundreds of sequential hits coming from india. They are going down my directory A-Z. Oh man, looks like I'm getting snarfed. Someone is ripping my database.

Now, I have been around long enough to know that is part of the game. People will steal your content, that's how it goes. But, you don't have to go down without a fight.

I have most of my proprietary data displayed as images or inside of flash containers to make straight ripping difficult. But, it's hard to stop a human army from just typing it in. And that's what a lot of people do. THey go to elance, hire 200 indians, and blip, your site db is snarfed.

Whatever. I decide to strike back.

First, I find an unstoppable Rick Roll. The javascript on the Rickroll makes the video hop around the screen, opening multiple windows, making it almost impossible to close.

Next, I target their IP range in my app config file. Any time I get visitors from those addresses, they are going to visit Ricky.

I flip the switch on my black ice, and BOOM. The activity stops. Satisfied that there are now a room full of Indians an ocean away listening to Rick Astley and clicking on windows, I go back to reviewing my logs.

A few minutes later, they are back. Hmm... determined little suckers. How are they getting around me? Ah, they are using different IPs. Okay. I add the new IP's into the config list and add a cookie. Now, they will have to clear this cookie each time they come to the site.

I flip the switch, they stop again.

Twenty minutes later, they are back. It's on like Kong now. They want a fight, they got one.

They are using proxies to get at me now. Fortunately, they dont know about the HTTP_FORWARDED_FOR cgi variable. They are sitting ducks. I tag their proxy footprint to the black ice, and just to be sure, I flip on my geo IP database and geotarget all of india.

Usually, I use my geo IP database to target ads. Now, I am targeting these snarfers trying to steal my site. There may be collateral damage now. I am taking out the entire country. Innocent Indians may be caught in the Rick Roll. But how many Indians need a US only directory?

To make it even more annoying, I implement a rate limiter. Even if they get by all of my defenses, they will have to snarf me slowly, the way I like it.

All the code is in place. I click the button.

BOOM.

The activity stops now for good. I give it a few hours, pull the black ice down, and watch the logs. All is quiet on the Western Front. The forces of good have triumphed. My database is safe for another day.
#india #muahahahah #nuked
  • Profile picture of the author SamstaUK
    Nice Work! I was planning that once I get really good at internet marketing(probably when I'm 87), I will build a massive list, then rickroll all of them
    {{ DiscussionBoard.errors[682489].message }}
  • Profile picture of the author mmoconnor
    Thanks for sharing your experience and your solutions to the problem.

    You should put this little saga into a detailed ebook and sell it.

    I would love to be able to do what you did but I wouldn't know how to start.

    This is certainly information I would be willing to pay for.

    A while back I had a jerk who was using proxies to visit my sites several times every day and fill out my autoresponder forms with nonsense. I didn't know what to do and just put up with it until he finally got bored and went away. I would have happily paid to learn how to put a stop to the problem.
    Signature

    http://MargaretFlanigan.com

    {{ DiscussionBoard.errors[682536].message }}
  • Profile picture of the author XiahouDun
    Great experience, thanks for sharing. Using Rick Astley was really a good idea, if you have to go to war, do it the funny way
    {{ DiscussionBoard.errors[682656].message }}
  • Profile picture of the author flnz400
    I dunno what the hell you just said, but that's why I hire people like you!

    kidding, I understand, just can't execute it on my own. So, that's why I hire people like you! lol
    {{ DiscussionBoard.errors[682772].message }}
  • Profile picture of the author Floyd Fisher
    Dude, that's [H]ard.

    I bow to your greatness.
    {{ DiscussionBoard.errors[682863].message }}
  • Profile picture of the author Gabe77
    Man, if that happened to me I would be lost in total confusion. Good thing you know to get around those stuff. It also made me realize that a spike in traffic isn't all that good. Plagiarizers might be busy working on my content. Thanks for the heads up.
    {{ DiscussionBoard.errors[682911].message }}
  • Profile picture of the author prabhakar
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[682972].message }}
  • Profile picture of the author Adaptive
    I agree on the ebook idea... if you can explain the thought process or the top 10 tools you used, you could have a great WSO.

    Regards,
    Allen
    Signature

    Success only requires four words. http://www.warriorforum.com/blogs/ad...our-words.html

    {{ DiscussionBoard.errors[682983].message }}
  • Profile picture of the author Brawnydt
    Hah, that was an awesome read. You just rick rolled India. It's nice to read something different on these boards other than "How does I make moneys fast?"
    {{ DiscussionBoard.errors[683015].message }}
  • Profile picture of the author jbolte1976
    I'm sorry to hear about that, although I have to say it sounds like you are enjoying the "battle" lol.
    Signature
    Free Niche Articles for your sites and blogs!
    {{ DiscussionBoard.errors[683042].message }}
  • Profile picture of the author gxd5
    @prabhakar

    Don't worry man, I have mad love for India. It just so happened that the perps were from there
    {{ DiscussionBoard.errors[683110].message }}
  • Profile picture of the author valerieSONORA
    LOL I don't know about all that techy stuff but it sounded funny

    If you are making a video pop up it should be the beverly hillbillies. Then they won't wanna close it

    They are getting what they deserve trying to steal your content. If only everyone was that tech savvy to prevent info theft.
    Signature

    siggy taking a break...

    {{ DiscussionBoard.errors[683419].message }}
  • Profile picture of the author Kim Standerline
    Rick Astley

    Oh man that was cruel lol

    Another one who bows to your superior knowledge


    Originally Posted by gxd5 View Post

    So, I am checking the stats on my server logs, and I notice a huge spike in traffic on one of my directory sites. SWEET! Did it go viral? Am I getting stumbled or dugg?

    I pull up the referrer log, and what do I see? Hundreds of sequential hits coming from india. They are going down my directory A-Z. Oh man, looks like I'm getting snarfed. Someone is ripping my database.

    Now, I have been around long enough to know that is part of the game. People will steal your content, that's how it goes. But, you don't have to go down without a fight.

    I have most of my proprietary data displayed as images or inside of flash containers to make straight ripping difficult. But, it's hard to stop a human army from just typing it in. And that's what a lot of people do. THey go to elance, hire 200 indians, and blip, your site db is snarfed.

    Whatever. I decide to strike back.

    First, I find an unstoppable Rick Roll. The javascript on the Rickroll makes the video hop around the screen, opening multiple windows, making it almost impossible to close.

    Next, I target their IP range in my app config file. Any time I get visitors from those addresses, they are going to visit Ricky.

    I flip the switch on my black ice, and BOOM. The activity stops. Satisfied that there are now a room full of Indians an ocean away listening to Rick Astley and clicking on windows, I go back to reviewing my logs.

    A few minutes later, they are back. Hmm... determined little suckers. How are they getting around me? Ah, they are using different IPs. Okay. I add the new IP's into the config list and add a cookie. Now, they will have to clear this cookie each time they come to the site.

    I flip the switch, they stop again.

    Twenty minutes later, they are back. It's on like Kong now. They want a fight, they got one.

    They are using proxies to get at me now. Fortunately, they dont know about the HTTP_FORWARDED_FOR cgi variable. They are sitting ducks. I tag their proxy footprint to the black ice, and just to be sure, I flip on my geo IP database and geotarget all of india.

    Usually, I use my geo IP database to target ads. Now, I am targeting these snarfers trying to steal my site. There may be collateral damage now. I am taking out the entire country. Innocent Indians may be caught in the Rick Roll. But how many Indians need a US only directory?

    To make it even more annoying, I implement a rate limiter. Even if they get by all of my defenses, they will have to snarf me slowly, the way I like it.

    All the code is in place. I click the button.

    BOOM.

    The activity stops now for good. I give it a few hours, pull the black ice down, and watch the logs. All is quiet on the Western Front. The forces of good have triumphed. My database is safe for another day.
    {{ DiscussionBoard.errors[683427].message }}
  • Profile picture of the author Shukri Sudin
    LOL I wish i knew all those technical stuff
    {{ DiscussionBoard.errors[683439].message }}
  • Profile picture of the author nichebreakers
    What an entertaining post! I never thought of doing anything like that to ward off attacks.

    Thinking about it, there's probably a ton of annoying javascript things you could do.
    {{ DiscussionBoard.errors[683443].message }}
    • Profile picture of the author gxd5
      Originally Posted by nichebreakers View Post

      Thinking about it, there's probably a ton of annoying javascript things you could do.
      You're right. You can use Javascript to make it almost impossible for someone to steal your data. But, the danger there is you kill yourself in the search engine rankings. If the search bot can't read it, then it won't get indexed.

      This story is about people stealing data. On the other hand, if someone is stealing the CODE for your web site too, and they happen to leave the links to your javascript files intact, they are completely at your mercy. There is no limit to the amount of fun you can have with them.

      Tip to warriors - if you are worried about someone stealing your page, make sure your javascript files are located separate from your main files, and link to them with absolute URLs.

      What I mean is, link to them like this:

      <SCRIPT LANGUAGE="JavaScript" SRC="http://mydomain.com/javascript.js">

      NOT like this:

      <SCRIPT LANGUAGE="JavaScript" SRC="javascript.js">

      What that does is make it so that if someone copies your code, the javascript files will still work. And, they will still be served from your server. If that happens, the plagiarists are TOAST!
      {{ DiscussionBoard.errors[684660].message }}
      • Profile picture of the author wtfdaemon
        Originally Posted by gxd5 View Post

        What that does is make it so that if someone copies your code, the javascript files will still work. And, they will still be served from your server. If that happens, the plagiarists are TOAST!
        Enjoyed the story, man.... nice to see another coder on the forums. I've been trying to get immersed into the warrior stuff, but a lot of it is a bit overwhelming at first - the techspeak, I understand completely... the warriorspeak, not as much.

        What kinda stuff, for example, would you recommend doing once they're linking to your Javascript?

        Thanks,

        WTFDaemon
        {{ DiscussionBoard.errors[685012].message }}
        • Profile picture of the author gxd5
          Originally Posted by wtfdaemon View Post

          What kinda stuff, for example, would you recommend doing once they're linking to your Javascript?
          Well, if they are linking to your javascript, you basically control that entire page. What can you do with that? The limit is your imagination.

          Here are some ideas:

          1. Place an opt-in form for YOUR list on THEIR page
          2. Redirect THEIR visitors to YOUR site
          3. Make them drop YOUR affiliate cookies on THEIR visitors
          4. Replace THEIR ads with YOUR ads
          5. Make them display a note saying, "The page you are reading was stolen from xyz.com"
          6. Make naughty pictures appear out of nowhere
          7. Make them Rick Roll THEIR OWN visitors
          8. Make all of THEIR links point to YOUR site
          9. Make their page pop under your ads

          etc.

          You can do funny stuff if people hot link to you too. But the funniest stuff is when they link to your javascript. Basically, they are giving you their page.
          {{ DiscussionBoard.errors[685427].message }}
          • Profile picture of the author wtfdaemon
            Thanks for the response.

            Are you doing this with a proxy mechanism, or purely through Javascript code?

            - WTFDaemon

            Originally Posted by gxd5 View Post

            Well, if they are linking to your javascript, you basically control that entire page. What can you do with that? The limit is your imagination.

            Here are some ideas:

            1. Place an opt-in form for YOUR list on THEIR page
            2. Redirect THEIR visitors to YOUR site
            3. Make them drop YOUR affiliate cookies on THEIR visitors
            4. Replace THEIR ads with YOUR ads
            5. Make them display a note saying, "The page you are reading was stolen from xyz.com"
            6. Make naughty pictures appear out of nowhere
            7. Make them Rick Roll THEIR OWN visitors
            8. Make all of THEIR links point to YOUR site
            9. Make their page pop under your ads

            etc.

            You can do funny stuff if people hot link to you too. But the funniest stuff is when they link to your javascript. Basically, they are giving you their page.
            {{ DiscussionBoard.errors[685879].message }}
            • Profile picture of the author gxd5
              @wtfdaemon

              >>>Are you doing this with a proxy mechanism, or purely through Javascript code?<<<

              Actually, most of the defenses were mounted on the server using server side scripting. Although you can do a lot of cool things with javascript, if they turn it off, you are in trouble.

              On the other hand, they can't turn off my server. They HAVE to interact with it in order to get the content. So, that's where I was fighting the battles.

              @atterno

              Chinese hackers and Indian snarfers. We should get all these stories together and make a book called Chicken Soup for the Internet Marketer's Soul
              {{ DiscussionBoard.errors[687679].message }}
              • Profile picture of the author Fernando Veloso
                Originally Posted by gxd5 View Post

                @wtfdaemon

                >>>Are you doing this with a proxy mechanism, or purely through Javascript code?<<<

                Actually, most of the defenses were mounted on the server using server side scripting. Although you can do a lot of cool things with javascript, if they turn it off, you are in trouble.

                On the other hand, they can't turn off my server. They HAVE to interact with it in order to get the content. So, that's where I was fighting the battles.

                @atterno

                Chinese hackers and Indian snarfers. We should get all these stories together and make a book called Chicken Soup for the Internet Marketer's Soul
                Oh boy, now you got me laughing real hard.

                Ops, someone woke up the neighbors!

                :p
                Signature
                People make good money selling to the rich. But the rich got rich selling to the masses.
                {{ DiscussionBoard.errors[687693].message }}
                • Profile picture of the author Randy Bheites
                  You dRickRolled all of India? Epic. Sumit would be proud.
                  Signature
                  have a great day

                  {{ DiscussionBoard.errors[687742].message }}
  • Profile picture of the author Steadyon
    Yes, as well as what the OP said, we also hit the hackers with a forced continuity program with a paid 0888 number to ring that no one ever answers, and we never reply to their hacking support email requests. We also bombard them with newsletters that they can't unsubscribe from.

    That'll teach the suckers ;-)
    {{ DiscussionBoard.errors[683473].message }}
  • Profile picture of the author GuerrillaIM
    Will that still work if they use high anonimity proxy based in states? What about if they use the TOR network? If it does then that rox!
    {{ DiscussionBoard.errors[683476].message }}
    • Profile picture of the author gxd5
      Originally Posted by GuerrillaIM View Post

      Will that still work if they use high anonimity proxy based in states? What about if they use the TOR network? If it does then that rox!
      You can't stop a truly dedicated snarfer. There is no way. You can just slow them down. I was lucky that they were not more sophisticated or more patient. If they were, they would have won. If you can see something on your screen, you can steal it. Sad but true.

      That said...

      Trying to prevent the theft is just the first step. The next line of defense is your data itself.

      Most directories salt their listings. Basically, what that means is you put fake entries or unique keywords into your data that you can search for later. These can be typos or completely made up listings. The bottom line is, they are not real and they are easy to find. If you find them in someone else's directory, you know they have been stealing from you.

      At that point, the game is back on.
      {{ DiscussionBoard.errors[683536].message }}
      • Profile picture of the author PatriciaJ
        I didn't understand half of that but if the result is getting less plagiarised articles submitted to my directories you get my vote
        {{ DiscussionBoard.errors[683548].message }}
  • Profile picture of the author danielgb123
    Haha, made no sense but made me laugh so hard
    {{ DiscussionBoard.errors[683513].message }}
  • Profile picture of the author MeTellYou
    great stuff Even my wife who's not at all into computers or anything like that listened attentively.
    Congrats!
    Signature
    [UPDATED] FREE 1-ON-1 MENTORSHIP: Student Makes $12,000 His First Week Of Running Ads
    Skype Me! Skype: yourebookwriter
    {{ DiscussionBoard.errors[683557].message }}
  • Profile picture of the author terryd
    That was cool!

    Where do you learn how to do that kind of stuff, it would come in handy?
    Signature

    {{ DiscussionBoard.errors[683597].message }}
    • Profile picture of the author reynald2790
      You really have nice content. That's why you have high clicked in India. Good work and keep it up.
      Signature

      Hi! I am Reynald Laque Logan | Reynald Logan Dreams, 22 years old. Living in Dumaguete City “The City of Gentle People.” I am a pure Filipino Citizen. I am a Freelance Provider preferably working at oDesk.

      {{ DiscussionBoard.errors[683607].message }}
  • Profile picture of the author matthewd
    Most of what you said went completely over my head,
    but I got the point... BRILLIANT!

    I LOVE it!
    {{ DiscussionBoard.errors[684670].message }}
  • Profile picture of the author ramrod0403
    I don't honestly understand half of the language in there but love the way you enjoyed your battle with them...it got me laughing...You should sell your technique lol...and with every purchase goes a different artist with bad hair day style. or maybe try bon jovi or queen with the 'we are the champion' bit
    {{ DiscussionBoard.errors[684689].message }}
  • Profile picture of the author MizzCindy
    You Rick Rolled 'em! That is hilarious! I didn't understand all the particulars, but it was certainly the most entertained I've ever been while being technically boggled.

    Great job!
    {{ DiscussionBoard.errors[684742].message }}
  • Profile picture of the author gxd5
    I am glad that you enjoyed the story I think I used too much nerd speak. Maybe I should translate the technical parts to explain them better
    {{ DiscussionBoard.errors[684985].message }}
  • Profile picture of the author Brett2000
    Gxd5,

    Yeah, that's great, I don't need a translation but others here might.... sometimes I feel just like that myself - usually it's countries like China, or Russia... I can't see what these scums are getting out of pointless server attacks
    Signature

    Thanks, Brett
    Business Blog: http://www.profit-internet.com
    XSitePro 2 Custom Template Design: http://www.xsitepro2webtemplates.com
    Custom ECommerce / Membership Websites: http://www.bgswebdesign.com
    *ask me for Warrior Discount and save...

    {{ DiscussionBoard.errors[685013].message }}
  • Profile picture of the author Gene Pimentel
    I love it! You made my day
    {{ DiscussionBoard.errors[685138].message }}
  • Profile picture of the author Roey Pimentel
    I can translate for you:

    Good guys - 1
    Bad guys - 0

    {{ DiscussionBoard.errors[685180].message }}
  • Profile picture of the author Hackbridge
    Sweet! Yeah it was a good read. It was like a Rocky Balboa fight

    603
    {{ DiscussionBoard.errors[685310].message }}
    • Profile picture of the author Steve Sanchez
      So how long did this episode take. It sounds like it was over a couple of days. Great read, I wish I knew half of the details about how you accomplished that.

      Thanks for fun story.
      {{ DiscussionBoard.errors[685426].message }}
      • Profile picture of the author gxd5
        Originally Posted by Steve Sanchez View Post

        So how long did this episode take. It sounds like it was over a couple of days. Great read, I wish I knew half of the details about how you accomplished that.

        Thanks for fun story.
        It only lasted for a few hours I was fighting them in real time while I was doing other stuff.
        {{ DiscussionBoard.errors[685784].message }}
  • Profile picture of the author atterno
    Its nice of you to have shared the story, gxd5. Kind of reminded me of the times when my file server was almost completely taken over by chinese hackers. It is a real adventure to fight back seeing them come hard at you every time you defend yourselves. Immensely enlightening experience, if you've been hacked at least once in your life.
    {{ DiscussionBoard.errors[685928].message }}
  • Profile picture of the author mtucker
    Sweet story!! Glad to see you were truly a "Warrior" today!! Cheers!
    {{ DiscussionBoard.errors[687754].message }}
  • Profile picture of the author superstylefactor
    Lol... that was a pretty good read, another lesson added to my newbie list of the never-ending possibilities of IM. i think it was a pretty cool thing doing what you did. Someone once said to me, knowledge is power, and it's definitely something that can be capitalized on! And here, what you did was driving home that point in a different angle! Thanks!
    {{ DiscussionBoard.errors[687922].message }}
  • Profile picture of the author gxd5
    I was bored, so just for fun, I made a new widget called the Javascript Hand Grenade.

    http://grenade.widgetropolis.com

    I will also post the link to it in a new thread

    It lets you generate javascript code that will let you rick roll people that copy your pages. If you decide to play with it, be careful you don't rick roll yourself in the process!

    This is for fun only!
    {{ DiscussionBoard.errors[688495].message }}
    • Profile picture of the author terryd
      Originally Posted by gxd5 View Post

      I was bored, so just for fun, I made a new widget called the Javascript Hand Grenade.

      Javascript Hand Grenade

      I will also post the link to it in a new thread

      It lets you generate javascript code that will let you rick roll people that copy your pages. If you decide to play with it, be careful you don't rick roll yourself in the process!

      This is for fun only!
      Damn, I want to rick roll myself just to see it work!
      Signature

      {{ DiscussionBoard.errors[688577].message }}
  • Profile picture of the author gxd5
    DO IT!
    {{ DiscussionBoard.errors[688582].message }}

Trending Topics