33

Edit: Thanks for all of the answers, guys! I think I'm just going to include some kind of text on my webpage telling users to only download from the links provided. The thing is that there have been some legitimate and illegitimate websites that have picked up on my software, so it would be safer just to tell users to avoid any website that I don't link to.

Thanks a lot for all the help!

Original:

The software I've created is hosted on what you could call a "bad" website. It's hard to explain, so I'll just provide an example.

I've made a free password generator. This, along with most of my other FREE software, is available on this website.

This is their description of my software:

Platform: 7/7 x64/Windows 2K/XP/2003/Vista
Size: 61.6 Mb
License: Trial
File Type: .7z
Last Updated: June 4th, 2011, 15:38 UTC
Avarage Download Speed: 6226 Kb/s
Last Week Downloads: 476
Toatal Downloads: 24908

Not only is the size completely skewed, it is not trial software, it's free software. The thing is that it's not the description I'm worried about--it's the download links.

The website is a scam website. They apparently link to "cracks" and "keygens", but not only is that in itself illegal, they actually link to fake download websites that give you viruses and charge your credit card.

Just to list things that are wrong with this website: they claim all software is paid software then offer downloads for keygens and cracks; they fake all details about the program and any program reviews and ratings; they and the downloads site they link to are probably run by the same person, so they make money off of these lies.

I'm only a teenager with no means to pursue legal action. This means that, unfortunately, I can't do anything that will actually get results. I'd like my software to only be downloaded off my personal website. I have links to four legitimate locations to download my software and that's it.

Essentially, is there anything I can do about this? As I said above, I can't pursue legal action, but is there some way I can discourage traffic to that website by blacklisting it or something? Can I make a claim on MY website to only download my software from the links I provide? Or should I just pay no mind? Because, honestly, it's a bit of a ways back in Google results.

gnat
  • 21,442
  • 29
  • 112
  • 288
Abluescarab
  • 521
  • 5
  • 14
  • 9
    If it is also hosted elsewhere, see what you can do about keeping the other hosting sites high up in the search order. I presume other bigger companies are also being victimized by this web site, and if they can't do anything with their resources and legal firepower, there's probably not much hope for you to change things. I'd pay it no mind (and not get too excited about the alleged number of downloads, which I am sure is just to convince other potential victims it is popular). – James McLeod Jun 21 '12 at 22:54
  • see my answer. Out of curiosity, what is the site? ps never try to get into legal action around software, ALWAYS AVOID IT ALL COSTS! – Jeremy Thompson Jun 22 '12 at 04:20
  • next time switch to sourceforge.com :) – Sourav Jun 22 '12 at 12:57
  • 1
    @Sourav I already host my software on SourceForge. – Abluescarab Jun 23 '12 at 23:21
  • 2
    @CodeInChaos Please don't insult my software. I never told you to download it, nor did I expect it to be the greatest thing ever. – Abluescarab Jun 23 '12 at 23:22
  • 1
    @Abluescarab I consider publishing security software that's insecure irresponsible. I don't expect it to be the greatest thing ever. But I expect a password generator to create secure passwords. And your program creates very weak passwords. – CodesInChaos Jun 24 '12 at 09:58
  • 4
    @CodeInChaos Can you please explain what's insecure about the passwords? Perhaps I can correct it in a future version. – Abluescarab Jun 25 '12 at 01:32

6 Answers6

36

Unfortunately there is little you can do. I think you have the answers on your last paragraph. As far as making claims on your web site about other sources - put an app signature on your site, explain than some "less than desirable" sites are listing your apps and it should only be downloaded from <here> or <here>. Do not name or provide any information about those sites - it opens you up for legal action (and raises their profile in Google). Most savy users will track the original source down. There is little you can do about others. Also be aware that 'your' app on their sites is probably your app plus extras - hence the need for a signature.

Péter Török
  • 46,427
  • 16
  • 160
  • 185
mattnz
  • 21,315
  • 5
  • 54
  • 83
23

Assuming the site is located in the US:
Consider a "DMCA takedown notice". (yes, google the direct term) Spend some time researching the requirements, but you don't need an attorney to file the complaint. The wikipedia article is a decent start.

There are sample letters that will serve your purposes.

You'll start with the offending website; they'll ignore you (most likely).
Go to the hosting company for the bad website. They may or may not ignore you.
Keep going upstream from there.

There are some options you can take with Google and other search providers, but I'm not as familiar with those. The above will help you research what to do.

To help in your hunt... Network Solutions Whois is a site you can use to lookup domain registration.
Based upon that information, you may need to perform an ARIN / RIPE search to see who owns the block of IP addresses and is therefore going to be able to help you find the website provider.

Long term - put a link to the correct site in all of your applications. About screens, splash screens, and wherever you can find screen real estate are places to consider.

K.Steff has some good points about the limits of what can be done. You're not completely powerless, but you may not have all the options you wish you did.

  • I'm +1-ing this, but I'd like to stress that this works only in the USA (for both parties) and that DMCA takedowns aren't legally binding in many, if not most, other countries. And a well-developed 'warez' site is probably registered in Africa or Asia, which means chances of success are slim. – K.Steff Jun 22 '12 at 00:03
  • 1
    @K.Steff - RU has a number of the warez sites too, don't forget. ;-) Agreed, and that's why I added my caveat about the site being in the US. I hesitated to call it a warez site since the more "legit" ones aren't as interested in scamming you as they are in distributed cracked code. Yes, that's a thin distinction I'm drawing. –  Jun 22 '12 at 00:06
  • 1
    Or both - distributing cracked code, that scams you at some point ;) Russian crackers are not to be underestimated... – K.Steff Jun 22 '12 at 00:10
3

You could place a self check in the program to check the size / hash of the executable to make sure it is the original binary you are distributing. I would recommend leaving that section out of the source code if you are distributing it in source form as it could cause problems for people legitimately adding on to the software.

maybe even implement this in the installer but that would be easy to get around.

Joe
  • 339
  • 4
  • 14
  • 2
    Putting a self-check inside the EXE is difficult: the code of the self-check changes the hash of the EXE. – Mason Wheeler Jun 21 '12 at 23:46
  • 1
    I was thinking a pre-load executable that just checks the hash and starts the main program. you could bind these together and it would look like 1 executable then sign that one for the download. – Joe Jun 22 '12 at 00:01
  • 4
    A piece of advice: use the OS infrastructure to confirm the signature. Also use public key encryption, instead of just hashing. – K.Steff Jun 22 '12 at 00:08
  • 2
    @MasonWheeler - the classic approach is for the hashing function to omit an embedded buffer from the check; this buffer can then be overwritten without changing the result. – Bevan Jun 22 '12 at 09:56
2

Report these sites as Phishing sites to, e.g., Google Report Phishing Page:

If you believe you've encountered a page designed to look like another page in an attempt to steal users' personal information, please complete the form below to report the page to the Google Safe Browsing team...

gnat
  • 21,442
  • 29
  • 112
  • 288
Itamar
  • 159
  • 4
1

Finding and complaining to their hosting provider is the place to start DMCA complaints are only legally binding in the US but hosting providers in other western countries tend to take them seriously as well.

Failing that work your way up the hosting chain as far as possible. Data centers and upstream providers do not like to deal with complaints regardless of the country. No one wants to be associated with viruses and adware.

stoj
  • 249
  • 3
  • 5
  • Thanks for the suggestion! I checked out their whois information, and their hosting provider is also a bit... disreputable. – Abluescarab Jun 23 '12 at 23:30
1

I know this has been answered, but...

I have always used a PAD file and this way I can change my software listing on shareware sites.

Eg

<XML_DIZ_INFO>
  <MASTER_PAD_VERSION_INFO>
    <MASTER_PAD_VERSION>4.0</MASTER_PAD_VERSION>
  </MASTER_PAD_VERSION_INFO>
  <Company_Info>
    <Company_Name>Example Software</Company_Name>
    <Address>123 Main Street, City, Country</Address>
    <WebSite_URL>http://www.example.com</WebSite_URL>
    <Contact_Email>contact@example.com</Contact_Email>
  </Company_Info>
  <Program_Info>
    <Program_Name>AwesomeApp</Program_Name>
    <Program_Version>1.0</Program_Version>
    <Program_Release_Month>August</Program_Release_Month>
    <Program_Release_Year>2023</Program_Release_Year>
    <Program_Category>Utilities</Program_Category>
    <Program_Language>English</Program_Language>
    <Program_OS_Support>Windows</Program_OS_Support>
    <Program_Description>This is an amazing software application.</Program_Description>
    <Program_System_Requirements>Windows 10 or later</Program_System_Requirements>
  </Program_Info>
  <File_Info>
    <File_Name>AwesomeAppInstaller.exe</File_Name>
    <File_Size>5.0 MB</File_Size>
    <File_Description>Installer for AwesomeApp</File_Description>
    <File_URL>http://www.example.com/awesomeapp/installer.exe</File_URL>
    <File_SHA256_Checksum>1234567890abcdef...</File_SHA256_Checksum>
  </File_Info>
</XML_DIZ_INFO>
Jeremy Thompson
  • 219
  • 2
  • 11