Paul Markham

As you all know I'm no computer expert. Can barely type. ;)

Can we start to protect and educate our surfers?

Maybe by promoting sites and programs that will detect and slow these scum down we might help ourselves. I would love some input from the experts on this. I did find these and if you know of more post the URL.

http://www.safer-networking.org/

http://www.lavasoftusa.com/

Anyone got any better advice? I'm listening and will put up some advice on my sites Monday.

__________________



Blowout deal. 880 videos, 2,400 image sets, plus many RAW videos. $500.
PM me for a deal. Skype Paulmarkham70

Klen

Program a worm which will install million copies over world and add blocking of spyware links to .hosts file.

Zester

we can insert the .htaccess code in our sites to detect if those are installed in redirect them to a page which will educate them about it and how to remove it.

__________________
* Mainstream ? $65 per sale
* new male contraception

johnspider

Yes i think that is a good idea , as well taking these spyware companys one by one down whether through the legal system or complaining and reporting to there webhosts.

mikeyddddd

That's what I'm doing. Eveyone would benefit if each of us did this to get the spyware removed from surfers' machines one by one.

I may be losing some traffic by not letting those that are infected into my sites, but why waste a single bit of bandwidth if a sale may be stolen?

The biggest problem is keeping up with all the scumware that needs to be in .htaccess. Until this latest episode I was unaware of some of the names they were using.

I'd appreciate having a resource listing everything that should be in .htaccess.

__________________

Paul Markham

Getting the htaccess is good, educating the surfer to not fall into the trap is even better. IMO.

__________________



Blowout deal. 880 videos, 2,400 image sets, plus many RAW videos. $500.
PM me for a deal. Skype Paulmarkham70

RawAlex

Paul, I think that maybe what you should do is just drop your membership prices down to, say, $1 and see what happens. That would be good I think.

Paul Markham

As someone who is anti Zango I would of thought you would come up with a better post than that.

I'm looking for solutions, informing the surfer how to guard against his computer being hijacked seems a step in the right direction. It's closing the barn doors before the horse bolts. Do you have a better suggestion?

__________________



Blowout deal. 880 videos, 2,400 image sets, plus many RAW videos. $500.
PM me for a deal. Skype Paulmarkham70

onlytease

anyone like to share some htacess code to redirect zango installs?? please

__________________
Paul L - OnlyTease / Only-Opaques / Only-Secretaries / OnlySilkandSatin / Art-Lingerie / Layered-Nylons
Sponsor program at www.otcash.com

»Rob Content«

Paul you understand that you are working with people that spread spyware?

I see you adding your videos to megarotic all the time, you understand before you play a video it has a link to "download the megarotic toolbar" Toolbar that is spyware. So people who are watching your videos, that you put there, can also get spyware.

Just a thought, but maybe it's better to not work with the people you want to fight?

__________________

qxm

This would actually be helpful........anyone with an .htacess code please post it here. It is a small step but it is better than just complaining and doing shit...

__________________

»Rob Content«

I can feel the answer coming.. We need to adapt

__________________

Diligent

This would be the best solution I think...

All sponsors (AND BILLERS WITH AFF.MANAGEMENT, like CCBill & Verotel) make sure
there's a system in place (in their stats collection) that checks:

1: Domain Referrer (all affiliates must register domains they send traffic from)
2: Join ratio (if exceptionally good, raise flag to look into more deeply)
3: Browser Agent (if "Zango" etc., raise flag to match Aff-ID extra hard with Domain Referrer)

And then, whenever it's seems the true source of a sale can't be determined, send the sale amount into a pool that is distributed among all affiliates, depending on each and everyones normal stats.

If all sponsors does this, the assholes behind all this will see their income dry up.
Not immediately, but pretty damn fast..



I think this is the only way to do it.
This solution also has this benefit: if everyone does this, as an industry-wide solution, no sponsor loses any revenue, and no legitimate affiliate gets any less than what is rightfully theirs. Funds distribution from the pool hits everyone as equally right as possible.

__________________

GrouchyAdmin

I'm pretty sure 'Zango' is an identifier in the user agent. I haven't actually tested for it, as I do not have an infected system, nor will I create one on purpose without a personal or monitary reason.

This should work. change nozang.php to whatever you like; this example passes url=where_they_came_from, so you can log it for your own records, or whatnot.

You can add this to your .htaccess; This one is set to redirect anyone that has a user agent set to zango

__________________

rowan

This only solves the issue of replacing an affiliate ID... what happens when Zango pops up a Quickbuck (merchant) join page over the ccbill or epoch form?

st0ned

I may try and put up a site over the next few days which will be a command post of sorts. Including .htaccess codes, Sites to blacklist (Trading wise since these fuckers are spreading via TGPs), Contacts so we can try and shut them down, Maybe even make a fund where we can all chip in to get a legal team together. This shit is serious and we need to put a stop to it A.S.A.P. If anyone feels they can contribute something in organizing this, Please feel free to contact me.

__________________
Conversion Sharks - 1,000+ adult dating offers, traffic management, and consistently high payouts.
We will guarantee and beat your current EPC to win your dating traffic!
Skype: ConversionSharks || Email: info /@/ conversionsharks.com

Compdoctor

Are you aware of how many hacking boards are out there teaching the newbies how to hack? The only way you can stop it is by shutting down the boards that teach hacking, but good luck on that, becasue they are mostly hosted in countries other than the US

__________________
Content By Compdoctor- Original 3D Cartoon Work

3D Comics

Anime Resource Accepting Toon/Hentai Links

porn blogger

.htaccess wont help... anyone can change the user-agent on their software, they can pretend to be using IE6 or firefox if they want... this is how people were getting free wifi access @ starbucks for a while for purchasing windows vista.

honestly, there is nothing that you can do to slow them down, because it's harder for you to find a way to stop it, then it is for them to go around your methods.

__________________
heeeeyyyyy now!

^ the real biz, yo.

GrouchyAdmin

As a corollary: People who have Zango installed and actually pay for porn are not going to be these kind of people.

__________________

mikeyddddd

From one of the threads yesterday I picked up that zango also uses seekmo, hotbar and hbtools.

So in .htaccess use:

RewriteCond %{HTTP_USER_AGENT} zango|seekmo|hotbar|hbtools [NC]

As I said earlier, I'd like a more complete list of spyware headers.

__________________

uno

I got hit by some NASTY ones a day or 2 ago. The programs kept trying to ping sites hosted by web***.

__________________
-uno
icq: 111-914
CrazyBabe.com - porn art
MojoHost - For all your hosting needs, present and future. Tell them I sent ya!

Diligent

Well, in such a case QuickBuck (assuming they were a clean sponsor, which we all would find an amusing statement) should react to the numbers & referrers (or lack of!) on that specific affiliate account...

So, You're right... it wouldn't work as long as there are such blatantly shady sponsors co-existing alongside our industry.

Guess we would also need a systematic "scam merchant reporting" routine set up as well, and all billing companies should not only listen to us there...
But actually proactively monitor their merchants in pretty much the same way I suggested. And then SHUT THEM OFF due to a "no malware allowed" in their terms.

It would take efforts to get a unified going with this, that's for sure... but it would eliminate the problem.
IF ALL OPERATORS INVOLVED in the industry participated (at least down to the paysite biller level, affiliates can pretty much just inform their surfers)... then this *should* really be the best, most fair, and least complex solution!

__________________

hungry hungry hippy

bingo

8

qxm

I just posted an .htaccess in all of my sites........even the mainstream ones........

What freaking amazes me is that this problem affects all g-dam webmasters on this board and yet no one else seems to be concerned about this stupid spyware company (zango)......

It seems that the Quickbuck problem diffused the attention and then focused it towards that particular scam but if you ask me.......zango is the bigger scam here........at least I'm looking at the big picture.....

__________________

qxm

wrong post.........bump

__________________

Mutt

webair? u removed the spyware - what was the name of it?

__________________

Diligent

gxm:

You're definitely right there, I mean.. there's a small circle of people that are doing this, and have been for a while.
So there should be a lot of ill accumulated assets in action, I'm talking BIG deals here.
We really need to close the loopholes they're abusing, it's the only way to get rid of them.

__________________

Quickdraw

and check all the sites you trade/link with at http://cheaterhell.com (not mine, just useful.)
Might not be a bad idea to check who your trades are linking to as well. Like TheHun does. No need to send surfers to a spot where exploits are only 1 click away.

uno

I had so many I can't be sure which was which. I kept getting sent to this ip: 209.200.45.73, not sure which domain.

__________________
-uno
icq: 111-914
CrazyBabe.com - porn art
MojoHost - For all your hosting needs, present and future. Tell them I sent ya!

Thurbs

in all seriousness, this issue is moot. most of these infected users are one, not interested in wasting time to fix it, or simply don't understand the problem and then get all scared about breaking their computer (which by all rights works, just with more ads) in an effort to fix it.

sad to say, people still act like its a big mystery box with a screen that could breakdown completely if they press the wrong OK button.

Mutt

it's an Apache default page instead of the standard Webair placeholder page.

i will keep an eye out to see what shows up there.

thanks

__________________

uno

You can do a reverse-ip lookup on the server to see what's hosted there. www.whois.sc

__________________
-uno
icq: 111-914
CrazyBabe.com - porn art
MojoHost - For all your hosting needs, present and future. Tell them I sent ya!

GrouchyAdmin

Haha. Someone running on a CPanel machine? More likely than not it was someone who was using one of the cheap virtualhost accounts, or even more so, a mismanaged system where they made one for themselves.

All of the points raised in here are kind of moot. All Zango has to do is stop modifying the User-Agent, and there's no explicit way to track without an invasive Active-X control that searches the system's GUIDs.

So basically, yeah, it's kind of pointless - all you can do now is scoff and redirect. In the future, probably not even that.

__________________

qxm

So wut u r sayin is bend over and take it in the ass?...that doesn't seem much of an option 2 me!

__________________

GrouchyAdmin

What I'm saying is "Even if you make a tiny impact, they'll change their tactics."

To wit: Do whatever you feel like doing, it likely isn't going to change much. For as many people that hit your site that get redirected to "OMG U HAVE SPYWARE," there's another 500 installing BearShare.

Right now, you can test them by a User Agent. If they change that, you've got basically nothing that you can do. You have no control over the surfer, unless you want to just blindly turn them away. That's simple. I've provided information on how to do that.

There's far too much money in sales to those who running the Zango ads. They don't care if you don't sell their product; someone else will.

__________________

babydred

here ya go

__________________
New niche?

D

Encourage peeps to format their hdd once a year as part of standard maintenance.

Makes a very small impact, but there's not a lot of second-guessing involved.

__________________
-D.
ICQ: 202-96-31

Quickdraw

That ip is on this DNS-- jctwebhosting.net (around 48 domains all pretty much same owner)
These domains are on the ip
Bestaudiocodes.com
Bestaudiocodes.net
Bestvideoringtones.com
Flashvideocodes.com
Friendshangout.com
Grabvideocodes.com
Makemyvideo.com
Myimagelinks.com
Mymusichangout.com
Mystarlinks.com
Myvideolinks.com
Series-of-articles.com
Toolbarvideos.com -- I downloaded the exe on this page and Prevx1 calls it a "Suspicious Self Modifying File"
Toolsforfriendster.com
Toolsformyspace.com
Toolsforyourprofile.com
Youtube-video-codes.com

sumphatpimp

What can we do to slow down Spyware programs?

stay away from porn sites.
thats where they have all that stuff.

Zester

hmmmmmm....... a press release about how to remove shit like Zango from your computer ?
as long as the surfer actually reads it.

or maybe building our own little software that removes Zango ?
this Zango removing software should be installed the same way/method Zango was installed.
if the surfer was tricked to install Zango maybe he will be tricked to install this software which removes it. (by promising porn or whatever...)

__________________
* Mainstream ? $65 per sale
* new male contraception

Klen

Dont forget is more important to PREVENT then to HEAL.So you can add link to your site prevent yourself from spyware.You just need to explain how to add code into .hosts file (in windows it's on windows/system32/drivers/etc)
So surfer need to put into .hosts file some ip adress and www.zango.com and zango.com ,so then automaticly anything with zango will automaticly redirect to ip adress.