I'm looking for a php or python script or utility that will help me hunt down warez, .mp3 files on my server. I want to be able to run it once a week so I can keep tabs on if customers are distributing this kind of stuff.

A while back I had a script like that, but I can't find it. Any suggestions? How do you deal with warez?

It's pretty tough because nowadays, people rename stuff from .mp3 -> .doc. As a simple procedure, you can basically do a updatedb as root then do a locate mp3, locate zip or something like that. Another thing you can try is to go through WHM and check out the quota's of your users. Most sites wont even use more than 10-20 MB of space. If you find one of your sites use up like 50+ megs, go through their account on the box looking for hidden folders, ex: ..., also extrememly large txt/doc files that don't open through a simple more or pico.

Look for the extensions, mp3, rar, r00, r01, etc, ace, a00, a01, and zip

Make sure anon ftp is off, and if they need it, make sure the anon user cannot write to the dir, if your running windows, make sure to install sp2, it fixes a major security hole that allows a person to excute commands remotely, basicly allow a person to install a remote deamon, such as ServU, G6, and make a members only ftp to distro warez....

Prohacker whats your ICQ number?

It seems to me if someone is distributing large files like mp3s and the like, they're going to be in the top few percent on the data transfer charts on your server. Checking your server logs would probably alert you to this type of thing, and you also wouldn't have to worry about a cron cgi putting a load on your server.

XismNet,
Why do you want it?

Why don't you just make a script that runs and logs all files that are over 1MB in size. Then you can manually check those files to make sure they are not any warez/mp3.

i believe http://www.netsaint.org/ has a module that can do this, and search for dodgy cgi scripts too.

Im Synergy on your list but I lost my UIN and now have a new ICQ.

im just curios is there any legal-backup for hosts searching up directories of their customers, it sounds kinda hm...strange.

If you're renting a room/apartment can the landlord come for an inspection? (actually I really do wonder that, I'm just going from what I can remember about threes company...) It's good as a host to have something about that in the TOS just incase though.

Well, if your site is using 10 mb of space and generating 10+ GB of bandwidth per month, I would think the host should be able to investigate what is going on.

Originally posted by Angel78
im just curios is there any legal-backup for hosts searching up directories of their customers, it sounds kinda hm...strange.

As far as I know, it's legal. In fact, I don't see any reason that it wouldn't be.

It really kinda depends on your agreement with the customer, but 99% of the time, its safe for you to look around their dir...

If you're renting a room/apartment can the landlord come for an inspection?

Depends on your area, when I was about 11 we had a landlord come into the house without knocking or anything, oh man my dad beat the crap outa him when he came though the door...
The landlord came back, with the cops claiming assult, and he was arrested for breaking and entering, as I remember there is a renters bill of rights....

i know that spying is the only way to stop piracy, but on the other hand you can upload some personal stuffy like love letters ..etc. So i guess if host is going to take a look at your place on his/her server that should be written in the TOS, AUP etc.. right?

Originally posted by Angel78
i know that spying is the only way to stop piracy, but on the other hand you can upload some personal stuffy like love letters ..etc. So i guess if host is going to take a look at your place on his/her server that should be written in the TOS, AUP etc.. right?

If something is so personal you don't want your host to read it, it probably shouldn't be on the server in the first place. A shared webserver is not the most secure/private place to store personal materials. Remember, the main purpose of a webserver is to SHARE and SHOW files to people.

Originally posted by Planet Z


Remember, the main purpose of a webserver is to SHARE and SHOW files to people.

Yes but not to server owner. just to couple of friends(private things, to exchange pics letters etc), and speaking of security of those files if someone breaks my password than its illegal (that what he is doing)..i still think that its just question of privacy and without warrning in TOS it illegal to do.

Originally posted by Angel78
Yes but not to server owner.

Sorry, my wording was bad. It doesn't mean that gives the right to the server owner to go through your files. I'm just saying in general it's probably not a great idea to store things that are very personal on a shared webhosting account.

ok i see :) i think that all hosts should update their TOS with this before ending beein accused by one of their customers.

This thread doesn't make too much sense to me. :rolleyes:

What's the point in having a TOS saying that certain illegal material is not allowed if the host is supposedly not permitted to search a client's site periodically?

Regarding the personal information... I would think most info would be in a .txt or .htm file and not in a .mp3, .exe, or .zip. If you have a web host browsing through your site reading all of your .txt files for example, then they have a problem. :D

I really don't think the aparment anology is very good. Let's see if I can think of a better one... :eek:

Maybe you should think of it as a Post Office. Each person pays monthly for their P.O. Box. (hosting plan). As letters come in (files uploaded) the employees at the post office (web host) watch for suspicious looking packages (files). If an envelope is stored (.txt file), the post office (web host) has no right to open it and read it. But if a package is delivered (.exe file uploaded) that is making a steady ticking noise (using lots of bandwidth) then the post office (web host) has the right to investigate further.

How's that? :D

you're kinda right people at the post office can examine the packages, detective in the store has right to take a look inside your bag,policeman may turn your flat inside out searching for evidences... cus its written somewhere in the law books, right? but hosting providers arent mentioned anywhere to have these rights without having their customers say : it is ok! thats why you have to have this in your TOS, otherwise your acting illegaly..just like those guys offering warez. It may sound strange but thats the way it is.

Originally posted by Angel78
you're kinda right people at the post office can examine the packages, detective in the store has right to take a look inside your bag,policeman may turn your flat inside out searching for evidences... cus its written somewhere in the law books, right? but hosting providers arent mentioned anywhere to have these rights without having their customers say : it is ok! thats why you have to have this in your TOS, otherwise your acting illegaly..just like those guys offering warez. It may sound strange but thats the way it is.

Sorry, but I disagree.

The purpose of the files that you upload to your site are for the viewing of others over the internet.

The files that you upload do not have rights. The server is owned by someone else and you are given permission to have access to it. There is no document that states that this information is private or that you own the files that are uploaded.

It is only a courtesy towards you, the webmaster, that would prevent a web host from reading private files uploaded to their (the webhost's) server.

Its a bad compairision but look at it like school/business lockers...

The lockers are property of the school/business, so if they feel you may be using these lockers for illegal purposes or keeping items that may be of harm to others, they have all right to seach them.

Post Office boxes are a bad comparision, becuase its a government organization usuallly, the US Post Office....
So differnt rules come into play there...

Usually a host should have something mentioned in there TOS to state what their privacy policy is for there users....

Why would you put private stuff on a public network?

Isn't the idea of hosting so you can share your information?

If you for some odd reason need your data private on your server space than encrypt it.

:rolleyes:

Originally posted by The Prohacker

Post Office boxes are a bad comparision, becuase its a government organization usuallly, the US Post Office....
So differnt rules come into play there...

Whatever the different rules are, they didn't effect my anology. :D

I was going to use ups as an example, but apparently they don't even read their packages since I had 3 left on the front stoop with "Require Signature" put on them (and no we didn't sign that little waiver on the back of their boards).

Anyhow, there's a reason the pentagon doesn't store their information on an outside network. It's meant to be private. I agree the host really shouldn't be looking through your text files and stuff however if they made a program to search through for certain keywords and one came up, I think that opening the file and reading the sentence or two where they keyword was found is fair. Being that hosts can get in trouble for even hosting sites that link to illegal files, the text files aren't a safety zone.

Now here's a question, how many hosts look through the databases (sql etc...) for the bad stuff?

how many hosts look through the databases (sql etc...) for the bad stuff?

Every host should check its databases sometime, main because of boards like these, the attachments are stored in the db and not a dir, but usually when you have a 1 gig database, it looks suspious.....

Aloha
in general if someone is doing illegal stuff on your property you have the right to check it out
a lot of times you will have to tell them so you could say to the user I think something is going on I am curious about these files
or you could just go in and check if you have said something like that in you tos
you can alsways just download them and look at them then you are not doing it directly ;)
anyway if you went to court becuase you pulled somebodys account for illegal activites chances are the judge would rule in your favor if not get a new lawyer

Originally posted by Honu
anyway if you went to court becuase you pulled somebodys account for illegal activites chances are the judge would rule in your favor if not get a new lawyer [/B]

I do not and will not put any warez on my site, but personaly I think its wrong for a host just to rump through ones files on a hunch. many time of files including .mov .mpeg .avi .wav, can eat a lot of space and BW, A school can not search a locker at all. The cops can't do it with out a warrant, and the student doesn't even rent it. A cop can not search your car without probable cause, and If my landlord walked in on me with out knocking I would probably shoot him, under the great Ronald's make my day law.

I think this needs some regulation in the form of, if you the host, think something is wrong, you call the athoritys, they get a warrant and search the server's files. oh wait we have this, its called the 4th Amendment of the Bill of Rights!


Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Thank you
Jason Miller:homer:

Try pulling that amendment at the schools around here. They searched the lockers whenever they felt like it. They usually announced after the fact that it had been done however. They kinda had to say something when 20 kids got pulled out of the classrooms and one got arrested by the on campus officer. So yes, they can and will search the lockers. A warning is great, but at the same time that's like telling someone at a drugbust you're giving them a few minutes to clean up before you burst in. I'd say just have it in the TOS and make sure the clients know about it.

Aloha

yeah it can be wrong for a host to go through files
if ya feel this way get the url and dl it yourself then open it if it is warez then ya know
anyways you are talking to a guy who thinks shoplifters should have there finger cutoff hand the second time
I am harsh on stuff like that
it is my machine they are renting space if I feel they are doing illegal activities I am going to check it out
I would put something in my TOS to the effect of illegal stuff can be searched at any time blah blah
not sure what the laws are elsewhere
here ya have a condo and it is used in drug sales the owner can loose it.
if you are caught having warez on your server by MS you may be in trouble because it is your server !

Coming back to the original discussion and forgetting TOS policies, I would suggest you use a small script based on the "file" command. This UNIX command determins (af far as I know) the real content of a file even though it is put under a different extensions (it looks for magic bits)

This is especially useful to track down .mp3 files renamed, and so on.
With .zip/.tar.gz (and so on) files you can do the following: launch the script above and, if the files is not in the original extension watch it by hand (this is a good sign of something illegal). Do the same if the compressed file is big. The same applies to .exe files and many others.

The other suggestions given here above are very useful: always watch for bandwidth usage!

Hope this helps.

Cheers, :)

school officer, a real cop with a real warrant, they are easy to get, but they are gotten just the same, If your teacher, or superintendent opened your locker, they are in big trouble.
Honu, I agree, it should be in the tos, if its in the tos, then they agree to it. if its not in the tos, I'm sure they would have a case, if you don't believe me, tell it to all the families, who's children's murderers are set free becouse of the 4th, and the fact that it wasn't followed to the tee.

Thank you
Jason Miller:homer:

Originally posted by Ihoppoet
school officer, a real cop with a real warrant, they are easy to get, but they are gotten just the same, If your teacher, or superintendent opened your locker, they are in big trouble.
Honu, I agree, it should be in the tos, if its in the tos, then they agree to it. if its not in the tos, I'm sure they would have a case, if you don't believe me, tell it to all the families, who's children's murderers are set free becouse of the 4th, and the fact that it wasn't followed to the tee.

Thank you
Jason Miller:homer:

Aloha

ihoppoet
yeah it can suck
my brother is a lawyer so I hear some sick stuff all the time
one of my brothers friends was murdered by a gang of kids one of them was around 12 the oldest was around 22 when they went to get the 12 year old
the mom replied well my kid was bored he needed something to do.
funny if I had a 12 year old and some 22 year old came to the door to ask if he can go out
I would tell him if I ever see him talking to my kid well ya get the picture.

My thinking is the server is your property

a Public school is not your property nor is a house you would have to get a search warrant for

it would still be case by case
as we all know the only people who gets away are usually the criminal

would be the best lawyer and a judge might not favor hackers anymore who would win if a tossup.

yes you own the server, but your renting it or leasing it out. so the best thing to compare it to is an apartment, someone owns it, but its not the renter, but the renter has renters rights, and the owner doesn't have the right to come and go as he/she pleases, unless that is clearly in the lease. With web hosting the tos is basicaly the lease. so spell it out clearly.

I guess its owners Vs. renters rights we are talking about.

At least thats how i see it


Thank you
Jason Miller:homer:

I think you find most terms do have it in there somewhere....you just have to read closely. Here is parts from one of ours.

***************************

17. WORLDZONE has no obligation to review account contents, pages, message-board postings, or statements in any way before those materials appear on WORLDZONE's servicer. Although WORLDZONE may or may not actively or regularly monitor the content of WORLDZONE members' pages, we reserve the right to monitor, and to investigate any complaints regarding any content of WORLDZONE members' pages, message-board postings, and to take appropriate action if WORLDZONE finds violations of these Terms of Service.

20. WORLDZONE makes no guarantee of availability of service and reserves the right to change, withdraw, suspend, or discontinue any functionality or feature of the WORLDZONE services. IN NO EVENT WILL WORLDZONE BE LIABLE FOR ANY DAMAGES, INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF THE USE OF, OR INABILITY TO USE WORLDZONE'S SERVICES OR ANY CONTENT THEREON. THIS DISCLAIMER APPLIES, WITHOUT LIMITATION, TO ANY DAMAGES OR INJURY, WHETHER FOR BREACH OF CONTRACT, TORT, OR OTHERWISE, CAUSED BY ANY FAILURE OF PERFORMANCE; ERROR; OMISSION; INTERRUPTION; DELETION; DEFECT; DELAY IN OPERATION OR TRANSMISSION; COMPUTER VIRUS; FILE CORRUPTION; COMMUNICATION- LINE FAILURE; NETWORK OR SYSTEM OUTAGE; OR THEFT, DESTRUCTION, UNAUTHORIZED ACCESS TO, ALTERATION OF, OR USE OF ANY RECORD.

***************************

So even if you consider it "unauthorized", then even then we are protected..it does not state if the access is by us, or by another.. However, we have the right to investigate an account, hence it is NOT unauthorized.

Originally posted by Webdude


So even if you consider it "unauthorized", then even then we are protected..it does not state if the access is by us, or by another.. However, we have the right to investigate an account, hence it is NOT unauthorized.

I not sure about these things in USA (guess i was sleeping on the I-law classes) but in Europe you are NOT alowed to put things in AGB (german for TOS) that can harm customers in any way and if disputet in front of the court these TOS parts arent worth a penny. So if there is any act,amandman or such a thing protecting privacy of people that leased or rented something from you no matter if its a apartment or web space, you can put whatever you want in your TOS if customers find out that you have been messing around with his stuff and that in any kind harmed his privacy (considering that you are not a policeman with a warrant) he has the right to sue you. On the other hand it can be that such privacy act in US does not exist...then you are right. (but when i think of police officers knowing that someone has something in his house but they couldnt enter the house before getting a proper permission from the court i suppose that there is such a thing as privacy protection. I guess that the only way to legally to that with warez is to inform police....and wait.

Aloha

good thread so far ;)

well I am sure besides country to country it varies as it does state to state it might also depend on prior cases.

I guess a TOS like posted would be good in the US as it will allow you to lock down an account or snoop if you will. and act as a binding contract

curious how many hosts have had probs with this ???
also seems most warez guys would just move on and then start trying to hack at you from all over.

I think most accounts by warez are not their accounts to begin with usually an account they hack into.

I know if it were my servers and someone did it I would first notify the person of what I had found and hope they move on quietly. Chances are %95 of the accounts are going to be legit customers who did not know they were getting there account used ?
so the responsibility would fall back on you.
do people agree with this ????

if it was a warez site I would tell him that I am locking down the account and see what he says again chances are he would move
I somehow doubt a guy with a warez site would try to take you to court but then again ya never know.

There's a difference here. If someone is, for example, selling drugs out of an apartment, it's not costing the landlord $$. However, with Warez, it costs hosts hundreds even thousands of $$ per month.

So if people really feel that privacy comes above all, be prepared to see prices for hosting skyrocket into the hundreds of $$ per month because hosts will cover their costs one way or another. We can make it like the insurance companies do it where everyone else covers the cost of a few people's fraud.

We use certain methods that compare hit to bandwidth ratios. If you get 100 hits and 10 gigs of bandwidth, your account will be checked out. In other words, if you arent doing anything wrong, then most likely your ratio will be ok.

You do realize a host can be liable for illegal content on their servers once notified, correct? Yet you would expect us to let our hands be tied and not be able to search the account. Cops have a right to legally search if they have probable cause, and the DMCA specifically gives hosts that legal right also. So the issue is dead.

By the way, informing the cops would accomplish nothing, they couldnt care less. In Germany, I seriously doubt they have any laws preventing a host from searching files on it's own servers. If so, then I can see why most servers would not have machines in Germany, nor will ever have till that changes. It would be a huge revenue loss for Germany, or any country, to have a law like that on webhosts.

Originally posted by Webdude
There's a difference here. If someone is, for example, selling drugs out of an apartment, it's not costing the landlord $$. However, with Warez, it costs hosts hundreds even thousands of $$ per month.




For bandwidht right? or you as host have to kinda pay microsoft tons of bucks cus someone was distributing warez from your server?

Are you sure that DMCA gives you right to "investigate" by reading someone`s letters, mails on your server, forgett the whole warez thing im talking about normal legall customers that dont need host who is from time to time going to take a look if there is something interesting on their account. Still think that if i dont sell anything (warez etc) host has no right to view data on my account. And if that`s the case i have the right to take legal actions against him...and yes privacy is important and thats why its protected by the laws.

For bandwidth. Up till now, software companies have done litte about warez.

Oh c'mon now. You really think a host is a bit interested in your love letters or whatever they are?? I know "some" people think their account's are special and they are the only ones on a server , but when a host has a number of servers and thousands of users then there is absolutely nothing special about your account. Unless you distribute warez or need support, the host most likely will never know you are there. The ONLY reason we would investigate an account is if it was Reported to us as against the TOS (in which we would access by web first) or if we saw a low number of hits with a high number of bandwidth(in which case we would access it internally).

I have a better analogy for this case. Let's say you(host) have a spare bedroom(disk space), and you lease that space out to make extra income. Suddenly you find some expensive things missing(bandwidth) around the house occasionally and the person(client) steadfast denies any theft. What do you do?

1.get a gun and shoot him :)))

2.no, just kidding if we signed a leasing contract i am not allowed to enter his part of the apartment, so i would first ask him about that and than inform proper authorities..and if they keep fooling me around (they usually do that, its the only way to spend soooo much taxes payed by all of us) then i think i would consider No . 1 :)

i know it sounds stupid that you are not alowed to enter part of "your" apartment but till he is paying the rent you cant do anything about it, you can inform police if you think that he has done something illegal but if you enter that room you made a big mistake. belive me last semester i had huge exam from civil law and there are hunderts of such paradoxes, and its normal that i suppose that customer has right for privacy and you that host has right to do what he wants (thats wrong :)) cus i am just a customer(web developer) and you are in the hosting business(host)...and what is more important i m leaving tommorow to spend my holidays in Croatia :) so for next 2-3 weeks no more hosts,no more "can you make green letters on red backround" customers and noooo exams :) just big blue sea and girls... ppl have a nice summer :)

Nothing is private anymore Like it or not someone has the right to check up on what your doing
Especially on the internet.If your on my server or even just on my pipe you better believe I have the right to know what your doing.
Dont get me wrong I truly think everyone should have their privacy but I also think hosting companys should have the right to keep their business legit and if to do that means checking on your content,Well deal with it because thats life.Like it or lump it you have little choice.

well i know that hosts must find way to keep ther business legit but doing it with illegal measures...hm i dont think so, i know that internet isnt safe place to keep important data but on the other hand i'll take that risk that hackers could posiblly view my data..on the other hand i dont want my hosting provider to see them..and no it IS ilegall to do such things but im aware that it is the only way...hm where is this world going:confused:

Legal and illegal is determined by how much you pay your lawyer.Argue all you want but it is true.If you plan to do something illegal plan to get pinched.I would hope my host would take any means necessary to keep the rif raf off thier servers
"necessary" may not be perfect but I would rather they do their part to prevent crud from getting out rather than sit and watch

Okay... I'm never watching threes company again. While the whole apartment thing was just an example, it's turned out to be a bad one because let's face it, all contracts are different and there are different laws for everything.

I really don't think we're talking about hosts going through each and every page of your account reading every little juicy detail about how jim and suzanna got back together and then decided to open a donut shop. More of the host typing in a few commands to have the system check on any unusual activity (such as the bandwidth to hits ratio). If something does come up, the host takes a quick look to see if anything appears to be not in the right. If it's fine, the host zips out and continues on their merry way, if not, the user gets dealt with as stated by the TOS.

Now e-mail is another thing. I would personally never EVER touch a user's e-mail. The e-mail is my draw the line point. That's off-limits, do not pass go, do not collect 200kb of information.

It's more of a security guard at a stadium. You buy your ticket for your seat (webspace), and start down the hall. If the security guard (host) gets suspicious he does a search. It isn't always one particular person though. They might do a group of people not always singling anyone inparticular out. It's just a safety precaution so no one else gets hurt. Each and every person buying a ticket, is a potential risk so the owners of the stadium have to make sure everything is ok by having the security guards do checks once in awhile.

There... now someone can rip up that example (watching Unbreakable did serve a purpose!).

Here is something you might want to consider. as a webhost you are currently not responsible for what is published through your server, if something is reported to you as being illegal you check it out, its illegal , you delete the account end of story. if however you make provisions to check things out before they are reported to you, your now liable for everything published on your servers, ie your monitoring as you stated so if anything slips past you that's illegal, your at fault.
the best policy is state it isn't allowed, delete if reported. if your worried about bandwidth make sure you have a hefty overbandwidth charge.

Steve

Originally posted by teck
It's pretty tough because nowadays, people rename stuff from .mp3 -> .doc. As a simple procedure, you can basically do a updatedb as root then do a locate mp3, locate zip or something like that. Another thing you can try is to go through WHM and check out the quota's of your users. Most sites wont even use more than 10-20 MB of space. If you find one of your sites use up like 50+ megs, go through their account on the box looking for hidden folders, ex: ..., also extrememly large txt/doc files that don't open through a simple more or pico.

Actully all MP3 files have a 'signature' that can be picked up with the file command

Try this to find them

cd /home (or whereever your home root is)
find . -exec file {} ';' |grep MP3 2>/dev/null

Originally posted by Keeg
if your worried about bandwidth make sure you have a hefty overbandwidth charge.

Steve

Thats Kind of harsh for those of us who have large files that are not warez, dont you think? The internet has long been advertised as a way for artists to get their works seen outside the system, cheaper easier and faster, but really with this additude its not cheaper or easier, I for one have had it easier and cheaper getting my film seen at film fests than on the internet.

why not just charge what you pay for it in regards to over use, its not like its added work or time for you, and it would make it easier on your users, and would probably bring you more business.

as far as searching through someone elses files, its just wrong, and it wouldnt supprise me if people started uploading safty programs that distroyed the servers hard drive if opened. I'm sure its comeing someday.

Thank you
Jason Miller:homer:

If we run into an account that has large 'legal' files, then we become familiar with that account and already know it's ok the next time it shows up. Also, when curious about a file or set of large files(such as r00,r01, etc), we download them and open them safely within a sandbox (program trap). I also have Norton's Security on my PC 'just in case', and extensive backup for easy PC restore also.

Our intent is not to invade privacy, but to protect all our clients from malicious users, protect ourselves against unneeded costs, and to avoid liability for illegal files on our servers. Trust me, we couldn't care less about love letters or whatever you may have there. We are interested in the files that cost us. If the files are legit, well, we have to eat the bandwidth cost. If they are illegal, they are gone. On our free host section, all files are required to be linked to a public html page because we do not allow storage. We have that rule for the very reason we are discussing. For either host, you are not guaranteed file privacy, only personal info privacy meaning we will not release your personal info to any third parties.

For the pay host, if people really want so much privacy that I can't even search a drive on a computer that I own, then here are some options.

1) Pay more. I discussed this earlier.
2) Or we can remove high bandwidth sites automatically without checking the account to see if they are legit or not.
3) You can live with the fact that you are simply leasing a bit of space on a harddrive, and the owner of that drive has the right to search his drive any time he feels the legit need to do so due to bandwidth usage, resource usage, etc, etc.
4) Get your own server. I suggest getting your own server, starting a host, paying thousands $$ in bandwidth because every warez in the world is loading your servers because they know you wont search their accounts, hence dont know what is going on. You would change your mind fairly quickly about the beliefs you state in this thread and you would soon start searching accounts.
5) Offer a better idea.....

Originally posted by Webdude
You can live with the fact that you are simply leasing a bit of space on a harddrive, and the owner of that drive has the right to search his drive any time he feels

no he caaaaant :) he can not act as a policeman. You as a host may rise the prices because of this to insure your self but you CAN'T take a look inside rented web space when ever you are interested to see if their is something usable there...i know that all hosts get used to practice this...but it doesnt change the fact that this is harming privacy and therefore illegal. It sounds much more better that what Steve said that you as host have to wait untill someone complains about that customers of yours and than hmm "investigate"(which is still harming privacy but if he really has warez on his account i dont think that he will sue you)...but by just simply taking look at every account and files there that due bandwidht usage are kinda suspicus to you, you are breaking the law.

And what is more interesting you said we take these files and open them on our PC..since when you are alowed to use things that customers have on your server..is it like testing and if you like it you may buy it?
Or you have written somewhere in your TOS "if we find anything interesting on your account we have right to download and use this files or at least see how they are built (php for example) and then use this "insider trading" for our purposes...":angry:

Breaking who's law?? By U.S. Law, it is practically required that we do so in order to avoid liability. Besides, you are taking things all out of whack. For one, as I said before I really couldnt care less about your stuff you may have on there. We don't go thru every account, that's what logs are for. We watch the top 10% or so, and investigate when we find large files being downloaded and no legit page content. The times we download files are to see if they are illegely distributed software. As I said, in this country, we have every right to do so.

I will let other webhosts take over this thread. I don't like arguing with brick walls. It's like trying to argue with Tim Greer :D

webdude show us the law that states either A you have to or B you are allowed to go through others files, on space that you lease. the fact is, as long as they pay, its their space not yours.

Thank you
Jason Miller:homer:

Part copied from the summary of the DMCA1998:
**********
Limitation for Information Residing on Systems or Networks at the
Direction of Users
Section 512(c) limits the liability of service providers for infringing material on
websites (or other information repositories) hosted on their systems. It applies to
storage at the direction of a user. In order to be eligible for the limitation, the
following conditions must be met:
! The provider must not have the requisite level of knowledge of the
infringing activity, as described below.
! If the provider has the right and ability to control the infringing activity,
it must not receive a financial benefit directly attributable to the
infringing activity.
! Upon receiving proper notification of claimed infringement, the
provider must expeditiously take down or block access to the material.
In addition, a service provider must have filed with the Copyright Office a
designation of an agent to receive notifications of claimed infringement. The Office
provides a suggested form for the purpose of designating an agent
(http://www.loc.gov/copyright/onlinesp/) and maintains a list of agents on the
Copyright Office website (http://www.loc.gov/copyright/onlinesp/list/).
**********

Now you know where to look for it in the DMCA yourself. It does not say we HAVE to, but it says we have the right to do so in order to control infringing content. Another outlook on the subject is when I download the files, I download them just like everyone else does....I goto it's address. If it is publicly available in that way(or anon ftp) then I as the host have as much right to view the files as anyone else. If I do that, and find it is illegal files, the account is gone. I do not have to search an account to get the files. The files show up in my logs, they are linked to, I click the link and download the files via http. Perfectly legal....and it only takes one illegal file. The law states I have the right to transmit the data placed on my servers. If I were to search an account via ftp, http, or ssh, it is still data transmission.

So yes, hosts do have every right to search and investigate whatever is on their machines. They have just as much right to do that as they have a right to shutdown accounts that are being used illegally. However, rarely do I ever have a prob with a paying customer. It is always ones on our free host that we have probs with. And since they are not paying, there are no issues you have with that, right?

The above is just a summary, you will have to go read that entire Section 512(c) of the DMCA to get it all. You will find I am correct.

so correct me if i am wrong: if i have a site with password protected directories in which there are, i have no idea, for example my artwork and im collecting lets say 20 $ from people intereted in viewing this contect, than host has right to view my contect without paying these 20 $ just because i use a lot of bandwidht for which i'm paying right?


"if the provider has the right and ability to control the infringing activity" heh yea right but where is stated that he has the right to search your directory?

Originally posted by Ihoppoet
webdude show us the law that states either A you have to or B you are allowed to go through others files, on space that you lease. the fact is, as long as they pay, its their space not yours.

Thank you
Jason Miller:homer:

Unless I'm missing something, if you don't sign a contract that specifically says that the space on the server is yours, you have no rights. You can't just create rules and regulations without a contract that states this. :eek:

Originally posted by Angel78

"if the provider has the right and ability to control the infringing activity" heh yea right but where is stated that he has the right to search your directory? [/B]

Where is it stated that the webhost does not have this right? :eek:

:) it is stated somewhere in civil law few § about protecting privacy..and if not mentioned in DCMA than civil law comes first in this case :)

DCMA also says nothing about that hosts are not allowed to kill people so i guess i should stop sending support tickets...my host can get angry and shoot me cus it is not written in DMCA that he dont have licence to kill :) right?

Tell you what, since you are too lazy to go read the DMCA yourself, I am not going to continue this areguement since evidently pointing you right to where it discusses this seems to not be heeded. So now, I move the burden of proof over to you. You specifically give me a link to these laws you claim exist that prevents me from searching accounts.

"it is stated somewhere" simply is not good enough. Who stated it? You?.....Where is it stated? your website?....in those cases, it doesnt count. Until you deliver that proof, your arguement is /dev/null

Originally posted by bdraco


Actully all MP3 files have a 'signature' that can be picked up with the file command

Try this to find them

cd /home (or whereever your home root is)
find . -exec file {} ';' |grep MP3 2>/dev/null

Damn Nick, that's pretty cool!

bash$ find . -exec file {} ';' |grep MP3 2>/dev/null
find: ./no.doc: MP3, 128 kBits, 44.1 kHz, JStereo

Nice one...

Actually, I can point you to a statute that said murder is illegal. However, You cannot point me to a statute that says that it is illegal for a host to search account. To protect ourselves against liability and to gain the legal immunity offered by the DMCA, checking suspect accounts is the only way to do it.

As my understanding goes, a host is not allowed to use any client's materials. However, we have the legal right to ensure that content within any account is legal. Our Terms of Service is also a legal and binding contract unless there is specifically something illegal in it such as "We reserve the right to hunt you down and shoot you if you break our TOS" or similar.

I also have a friend, Copyright Attorney, who will be review this thread shortly. She is unaware of any Law, that as you claim, that says it is illegal for us to do such. You are more than welcome to post a link to such a statute.

Originally posted by Angel78
DCMA also says nothing about that hosts are not allowed to kill people so i guess i should stop sending support tickets...my host can get angry and shoot me cus it is not written in DMCA that he dont have licence to kill :) right?

All i have to say i that: if was a host, and a account was big, and took up lots of bw, and little hits; i would shutdown the account, notify the client, and then look through the clients files. If I found any warez i would notify the fbi, if i just found mp3's i would reopen a blank account to the client with a parking pge that has info about copyright laws, muic, and mp3's. i think telling the fbi would be a good thing, it would stop the client from going to you other people and trying that bull on you guys :D

You wouldn't notify the FBI, you would contact the BSA more than likley, and they still wouldn't do anything if they weren't large, and had several complaints...

You prolly wouldn't get a response from them, you just delete the account and go along, and block their IP and email from signing up again...

Originally posted by rae
All i have to say i that: if was a host, and a account was big, and took up lots of bw, and little hits; i would shutdown the account, notify the client, and then look through the clients files.

And if you found MP3's that he has the rights to, and is selling, or .movs or avi's or any other large file that he owns, and is making money with, by shutting down his site becouse you had a hunch, well you just hurt his buisness.

Hosts, all a customers wants is what he or she pays for, they want to space and bandwidth they pay for, and they want it to run smoothly. The only contact a customer should have to have with the host, is when starting the account, and when they get a monthly or yearly bill.

someone here said everyone is intitled to make mistakes. yes in your personal life thats true, but hosting is a business, and when you a business make mistakes that effect others they have the right to take action.

Originally posted by Webdude
You cannot point me to a statute that says that it is illegal for a host to search account.

In federal law, constitutional law take supiriority over anyother law, and make know mistake, someday someone will push it to far, and the 4th Amindment, will slap you back. Thats the American way. got to love it.

Thank you
Jaosn Miller:homer:

Ihoppoet hops off his soapbox now.

There are currently aren't any laws preventing you from looking in your clients directories. However I think to a certain point it is wise to respect their privacy.

Couple of things I've picked up from this thread.

1. Warez is generally on all TOS as illegal, and grounds for account termination.

Anyone got a problem with this... see a lawyer.

2.
a) A host found with Warez or other illegal content (according to their countries laws) is liable for that content even if it "belongs" to a 3rd party.

b) Warez invariably involves big files, big bandwidth charges, etc... Which in turn remove these facilities from legitimate customers.

c) I believe there is a clause somewhere regarding "reasonable cause" whereby you good old law enforcement can check. In this particular case law enforcement is the host... Why? See point a)

So taking all of points 2 into consideration a host will probably take an interest in something eating up mega bandwidth and affecting customers... They have reasonable cause and if they find something that is illegal they have every right to terminate.


What gets me about this thread is the scenarios that are being dug up.

1. The $20 content with host dropping everything to go surf and grab what your members are already paying for.

Given what I know about hosts... this will be, if anything, one individual who's goofing off and who will probably be job hunting shortly thereafter. The good ones will be too busy working on support issues, etc... to do anything else.

2. Copying all the "good stuff" from your accounts.

This is plain and simple copyright infringement and you'd have every right to sue your host if they did this... Again, chances are, the employee would be looking at door soon enough.


I guess the final point is that until you yourself have experienced being the "Responsible" party you will not understand why a host has to take measures to ensure they won't be taken to court. If you don't like that, get your own server and accept the responsibility yourselves.

Ok, that's it... Dang, where'd that Orange box spring from?? ;)

your logic is flaud, the host is never law enforcement, they may be rule enforcement but never law. If you were to use this argument in court you would be at the very least laughed out.

"I guess the final point is that until you yourself have experienced being the "Responsible" party you will not understand why a host has to take measures to ensure they won't be taken to court. If you don't like that, get your own server and accept the responsibility yourselves."

Well if you go through files, with out permition of the renter, you are inviting a court case. when I have the backing to build my real site, which will contain many large files, some well over 200mg, you can bet if I find out my host has went through my files, outside of opening his browser and looking at my pages, they will find themselves in court. A persons site is often their Business, and that sir is none of your business. You are not a cop, you are not law enforcment in anyway. If you think someone has warez on there site, then you go to there site via your browser, and if your right, you call the cops then you do NOTHING but what they tell you to do!

I think this argument has gone as far as its going to go, everyone has an opinion, and none of our opinions are going to change. The only way we will have an answer is when it does finaly go to court.


Thank you
Jason Miller:homer:

Originally posted by Ihoppoet
your logic is flaud, the host is never law enforcement, they may be rule enforcement but never law. If you were to use this argument in court you would be at the very least laughed out.
I just knew you were going to take that and bite. You've pretty much rephrased my "law enforcement" comment and made it what I was trying to get at... law provides rules... therefore rules enforcement means that you are applying the law that applies to you and your clients...

Doesn't this support what I was trying to say?

Common sense dictates that I'm not suggesting that hosts are police powers.

As for the rest of your response... You've picked and chosen stuff that you can argue back at without reading it properly... I'm not suggesting that hosts should screen every bit and byte but I am saying they should check stuff that sets off alarm bells.

To do a complete review of every sites content would be time consuming, not to mention impossible and counter productive... Let's be practical here.

I think this argument has gone as far as its going to go, everyone has an opinion, and none of our opinions are going to change. The only way we will have an answer is when it does finaly go to court.
I guess in this much we agree. Once the thing goes to court someone might actually realise that the law provides a Catch 22 situation and until that is resolved no-one will feel entirely comfortable with the situation.

Originally posted by Ihoppoet
(snip)A persons site is often their Business, and that sir is none of your business. You are not a cop, you are not law enforcment in anyway. If you think someone has warez on there site, then you go to there site via your browser, and if your right, you call the cops then you do NOTHING but what they tell you to do!

Whoops... missed this bit...

Ok, with regards to the above I disagree 100%... If I found warez on the site and it's part of my service supplied to them then, as per my TOS, the domain infringing it goes on immediate suspension (note: NOT the resellers whole slew of accounts if there is one)...

Client and reseller (if applicable) are immediately notified and pointed to TOS...

Of course if it's a case of Anonymous FTP being abused from outside then the files are removed and I'd monitor the situation... In this case the domain wouldn't be blocked. If it continued I'd request that anonymous ftp be changed to a user/pass access only.

Bottom line, if my TOS says, no warez and a client breaks the rules they can expect the rules to be applied. Business or no business if you accept the consequences as do any of the businesses employees if they get caught but their boss.

I figure that's fair enough...

Ihoppoet: So you think it's ok I upload the latest games to my account and then give the FTP login info so they can download it?

Guess I violated a former clients privacy then because I deleted those files when I saw them and closed the account.

show me where I said warez was ok? All I am saying is invasion of privacy, and breaking the 4th Amendment are far worse CRIMES than warez.

Thank you
Jason Miller:homer:

Rights? Your on my property(MY server)and you expect me not to check in from time to time to make sure your staying straight?When is the last time you signed a lease?I know on my apartment my landlord can check up on me at any time within reason.
End of discussion if your breaking the law you have very few rights.If your not breaking the law why would you give a damn about me checking up?

.

Originally posted by York1
Rights? Your on my property(MY server)and you expect me not to check in from time to time to make sure your staying straight?When is the last time you signed a lease?I know on my apartment my landlord can check up on me at any time within reason.
End of discussion if your breaking the law you have very few rights.If your not breaking the law why would you give a damn about me checking up?

Well I think if I was you I would call your attornty general, becouse your land lord doesn not have that right.

also, thats the same argument a lot of cops use. if your not breaking the law why would you care if I search your car house what ever?

Maybe I don't trust you with my files, Maybe just maybe, I dont think you as a host have the education or know how to search my files with out messing something up. or maybe its just a matter of when I pay you, its no longer yours its mine for the time we aggree on, and I just don't want you on my property! I know this is a sterio type but it's most likely true 90% of the time, web host tech = comic book store guy from the Simpsons. :homer: . There are things I demand from a host,

1. I get what we agreed on, space bandwidth, no more no less.

2. you make no mistakes that effect me in any way

3. you leave my stuff alone.

4. things run seemlessly.

for you none comic book store owner types out there I am sorry, but you other 90% out there, keep your mits off my stuff.

Thank you
Jason Miller:homer:

Ok, I'm for agreeing to disagree...

As things go I wouldn't have you on my server if I couldn't reserve the right to ensure that you were using it correctly...

You wouldn't go on my server because you don't trust me not to look.

As far as I can see you only have one solution... Get your own server.

That's it for me on this thread.

(Edit/Update)... I believe that I said I'd agree to disagree and yet I feel like the post below paints me like someone who wants to continue.... I'm finished with the thread.

this argument is going no where. you say its mine I can do what I want, we say, we rent it and we have rights, I am sure with in the next few years some one will sue a host for doing this, and this argument will have an answer. For now I say let this topic die. Its pointless isnt it.

this will be my last reply unless there is something else posted I have to rant about.

Thank you
Jason Miller:homer:

The laws pertaining to physical -vs- virtual are different. You see, you do not LIVE on the hard drive. Hence, privacy laws pertaining to physical locations do not apply here.

The laws pertaining to hosts are Data Privacy Laws, and even those only pertain to information such as your private info....It means we cannot give your information out and that is all it adds up to.

The DMCA provides recomendations for hosts to go by. By carrying out those recommendations, we are granted immunity from lawsuits. So if you were to attempt to sue a hosts for that, you would find yourself automatically losing the case, and slapped with a countersuit for the troubles you caused.

If your account shows up as suspect in our records, we have the right to search it for illegal content. I do not care about your files, love letters, etc. I do not want your scripting, I do not want your mp3's. I do not care about files you own, only files you DO NOT own that you are distributing on MY servers.

For some reason this thread is very annoying to me. It seems like all it takes is a little common sense, but people try to create laws that don't exist and refuse to back up what they say. :rolleyes:

When you sign-up for a webhosting plan with a web host, you are their customer. You abide by their terms of service. The only rights that you have, within the little bit of disk space that you are given, are written within the terms of service. You can't create your own rules for the host to go by because you're their customer, not the other way around.

Remember, your files are on a shared server environment. What you upload to the server could effect a hundred other people and it's the host's responsibility to monitor all scripts and files to make sure that they are not negatively effecting the experience of other client's on that server.

Yet another point that's obvious... You are the host's customer. You don't pay for the dedicated server, the host does. Therefore, the host is responsible for abiding by the network's terms of service (yes they have rules too).

There's no way that a host can trust each and every one of their clients to not upload files that may violate their network's terms of service. By periodically checking certain files on the server that are suspicious, the host is simply protecting their financial investment.

There are no rules anywhere that could possible prevent a web host from doing this.

You can't compare webhosting to renting a house, places where you live and personal possessions are protected by the 4th amendment, a better compairson would be school/business lockers, which has been covered by the Supreme Court, and ruled that they can be searched for security purposes because those are property of the owner of the building. And he has the right to search anything he owns, because he can be liable for items found on his property....

Originally posted by Ihoppoet


And if you found MP3's that he has the rights to, and is selling, or .movs or avi's or any other large file that he owns, and is making money with, by shutting down his site becouse you had a hunch, well you just hurt his buisness.

Hosts, all a customers wants is what he or she pays for, they want to space and bandwidth they pay for, and they want it to run smoothly. The only contact a customer should have to have with the host, is when starting the account, and when they get a monthly or yearly bill.

someone here said everyone is intitled to make mistakes. yes in your personal life thats true, but hosting is a business, and when you a business make mistakes that effect others they have the right to take action.



In federal law, constitutional law take supiriority over anyother law, and make know mistake, someday someone will push it to far, and the 4th Amindment, will slap you back. Thats the American way. got to love it.

Thank you
Jaosn Miller:homer:

Ihoppoet hops off his soapbox now.






But see now, I wouldn't aloow mp3 or avi's or any other media except for files like small wave files and small mid files. Therefore that would make sure no one gets their account killed for selling music or other types of media...

"I am sure with in the next few years some one will sue a host for doing this, and this argument will have an answer."

Don't tell me because a decision is made in some random US court room that it makes it correct world wide. Here in Europe we can only laugh of many of the decisions made in the US court rooms (nothing against the US in general).

Originally posted by WZS
Here in Europe we can only laugh of many of the decisions made in the US court rooms (nothing against the US in general).

OT: I am also from Europe (greetings to Denmark, BTW), don't look down on US courts. For me it's a different culture, and there are some thinks I really like about the States and some I don't - but this is true for all countries or cultures.

Well, I don't look down on general decisions made but some of the things that have happened within the last 5 years are just way off.

I can't see this happening in any other country - but we all know that the US has to be the biggest in everything even in weird court room decisions :stickout

But you are right, it is a different culture.

Originally posted by teck
It's pretty tough because nowadays, people rename stuff from .mp3 -> .doc. As a simple procedure, you can basically do a updatedb as root then do a locate mp3, locate zip or something like that. Another thing you can try is to go through WHM and check out the quota's of your users. Most sites wont even use more than 10-20 MB of space. If you find one of your sites use up like 50+ megs, go through their account on the box looking for hidden folders, ex: ..., also extrememly large txt/doc files that don't open through a simple more or pico.

You make it sound like MP3 files were illegal. They aren't. It all depends on how they are used. Just like you can use a Microsoft Word file to distribute child porn, you can use MP3 files to distribute copyrighted songs.

I find a lot of small bands are using the MP3 format to distribute copies of their own songs to their fans for free. This is perfectly legal.