Courtesy of fravia's pages of reverse engineering
The info below is general anonymity lore, available (almost) all over
the Web, yet -no minor deed!- the data below have been collected and organized in
December, under heavy snowfalls, by A+heist and your +ruly
~
(12 December 1998)
Hey! I hope that you are a commercial smut site visitor
I hope that some of the readers that have found this page (that I sincerely wish to be
copied and spread everywhere on the web :-) are commercial smut site visitors, because the
main purpose of this specific section is to destroy those sites, and therefore I believe
we have to hit them hard on the only place where it will hurt them (on their wallets).
I have in the last couple of years conducted a lonely battle against commercial smut sites
(see General Smut
sites busting), and I have now realized that that very lurid 'commercial' logic is
-unfortunately- against me: for every site that I have successfully destroyed there have
appeared ten more on this huge (and increasingly useless) web of ours. So I'm changing
tactic, and I'm doing it right now.
I'll continue to deliver commercial smut site "busting knowledge" for the
pleasure of myself and few other 'enlightened' ones, but I'll start -right now- to deliver
commercial smut site "ruining knowledge" for the masses, in order to gain the
great final battle for a free -not commercial- web.
Therefore in the never lost hope of being able to destroy all those obnoxious commercial
smut sites that are polluting the web I would like to give any reader the possibility of
accessing commercial sites for free using all the tricks I know of (I repeat that I have
NOTHING against nude images, if given away for free, I'm against people polluting our web
in order to scrap some money exploiting slaves instead of freeing them... I'm not a
'puritan' censor: I'm just against all commercially oriented bastards).
Take note...
<legal backcovering on>
"I would like", that's what I wrote above... c'mon, that's obviously just
a wish of mine. I'm not saying that anyone should do something illegal really,
because in that case (which is not this case) the content of this very page you are
reading -My Gott- could be deemed illegal (by some contorted legal minds, in some
countries, under determinate circumstances) if used with malice. The following information
is only given as "general anonymity knowledge" and as "commercial smut
sites busting knowledge" for educational purposes. It is just web-lore! (As
such available on all relevant usenet groups). The idea is that you (potential site
ruiner) may understand what COULD happen (which is an important knowledge per se:
why should you be denied the awareness of these techniques?).
Of course, cela va sans dire, I never attacked myself any site with this kind of
'low level' approaches (in fact I would eventually use much harder ones :-) Moreover I do
not condone these approaches in the least... or at least not very much.
<legal backcovering off>
Let's begin
First off, I suggest you browse either using Netscape or using Opera. I will not give you
here any instruction pertaining to M$IE browsers, for the simple reason that I don't like
Micro$oft and I don't like the people using their products.
First thing to do, is to keep a low profile while surfing the web.
The first thing to do is to eliminate any tracking possibility based on your cookies.
If you use the web a lot, then you probably have collected several cookies on your hard
disc without realizing it, see my anonymity section.
Cookies are information snippets stored in your harddisk when you visit a site, designed
and useful FOR THE SITE you visited
A Cookie is a little nugget of information that is sent to your browser from a World Wide
Web Server. This block of data can be anything, a unique user ID generated by the server,
the current date and time, the IP Address of where the browser is logged onto the net or
any other chunk of data that you want.
After a browser receives a cookie it will then send that cookie (nugget of info) to the
server that set it whenever it requests an html page. The browser will only send the
cookie to the server that originally set it. This means that I (at my server) can't tell
if you (some browser) have cookies that other sites have set. In other words I can't steal
cookies I haven't given you by using HTTP protocols. Yet my cookies can be nasty enough to
protect my site from people that are not accessing it through the PATH I want them to do
it (which is the case for most smut servers).
Basically, then, cookies are small pieces of information that are sent automatically from
a server to your computer. They are stored on your hard disc, where they act as labels,
showing that you have visited a particular page. If the user goes back and visits the same
website at a later date, the web server will detect the presence of one of its cookies on
the users computer, and can stuff its databases and eventually modify the page
accordingly. Ever wondered how does Yahoo mail recognize you when you login?
So you definitely want to silent cookies. To shut them off, see the instructions on my anonimity page: basically Then, second
step, avoid Java and Javascript. As you'll be able to learn on my dedicated javascript pages, you can do almost
anything with a good script, among other things you can get a readers address!
Once a site grabs your email address (if you'r not using a chain of pseudos), all they
have to do is to run is a simple e-mail check through a place like Yahoo and they can find
out where you get your internet service from, where you live, your name and home phone
number.
Ok, next you need a way to get into these pay sites. Since they are "pay" sites
(duh) they will want money from you. And that is their weakest point :-)
So you will need to download a credit card generator. There are hundreds of these little
programs, which will create valid credit card numbers for you to "use" at the
commercial smut pay sites.
Since for obvious reasons there is NO possibility to check immediately a credit card
number (else anyone could easily bruteforce such a database until they would get valid
numbers), and since, for obvious reasons as well, the 'clients' of the smut sites want to
drool immediately over their images...
OK, of course anyone that pays in order to access a commercial smut site
is just a plain stupid luser... of course there's NO NEED WHATSOEVER to pay for something
on the web... anyone can have tons of backdoors for free, immediately, just
performing on good old Hotbot (or any other search engine with similar algos) a
query like
+"index of" +bond -james +jpg
...and substitute 'bond' with what your more or less excited
fantasy craves... but we are trying here to get morons, not accomplished searchers, to
ruin those sites... and educate those very morons at the same time :-)
...they will accept the faked credit card number, they will give you
access, and you will be able to roam around their sites 'eventually gaining root :-) until
they realize that you've had them. At that moment they will delete your account, usually
between 10 to 40 days after you have signed (at least a week). If you need a credit card
numbers app, just query +"credit card generators" in any good search engine,
you'll find a dozen dozens.
Hide your location
Now that you have found the simple tools you need to fake a credit card number, just wait
a minute: before you use them you will need to hide your "identity" on the net.
This is the most time comsuming part and at the same time the more useful part of the
whole attack scheme.
Many use the service of Anonymizer (http://www.anonymizer.com)
to keep from being traced, but unfortunately anonymizer itself logs all visits in order to
see where your going (because THOSE data are the wealth for the anonymizer guys... just
like your supermarket's 'special frequent buyer' card will let them know how much you cry
~ shit ~ make love with your beloved one so the anonymizer and ALL search engines are free
just in order to GATHER DATA on you... never forget this simple truth)
Therefore, instead of the Anonymizer, you can use something that works samo samo, but
won't log.
It is a very simple device (duh) called a proxy server. Basically
it is just a firewall of sorts, that makes it seem as if you are living and getting your
internet from somewhere else.
This is how it works: Surfing Normally
your account > access > commercial smut site
your account < send data < commercial smut site That's how it happens when you surf
the usual way. You bustthe site and they can see what your IP was, and eventually trace
you back, and eventually * contact your ISP, and eventually you're in trouble (not easy if
you chain pseudos, but, hey, why should you risk anything?).
When you use a proxy server, they will think you live somewhere like South Korea, even if
you live in Luxembourg.
This is how a proxy server works: Surfing with a Proxy Server
your account > access > proxy server > access > commercial smut site
your account < send data < proxy server < send data < commercial smut site
So what you are doing is logging into a proxy server from your ISP account. Now, if the
proxy server you find doesn't care about who you are, then you go to a commercial site you
want to explore ~ bust ~ destroy ~ whatever you fancy.
Since you live -say- in Luxembourg, the commercial smut site would normally see that you
live there, and try to retaliate.
Yet, let us say your using a proxy server you found somewhere in South Korea or in some
other middle of nowhere where they don't understand anything about this stuff... The
commercial smut site sends all its data (read: lusers' images) to the proxy server in
South Korea, while the proxy sends the data to you. The commercial smut site just figures
that you are some horny luser from South Korea! But what happens when your target site
finds out that your using a fake credit card number? They just notice that someone from
South Korea signed up. Then they figure out it was a proxy and anybody could have done it.
They also don't want to waste time on a not very expensive account.
Now that you know about proxys, you need to find your arrows. Finding a proxy is easy, the
time consuming part is finding a good one. You can find proxys on the search engines by
typing in keywords like "public proxys" or "free proxys", or you can
perform a research on the relevant usenet channels to find all the proxys you'll need for
the next one thousand years.
Once you find a promising one, do the following:
either
or
As promised, I have done research and have uncovered some very interesting things I believe those using Opera, specifically 3.50, should know. Preferences->Advanced: This is where the Cookie logging option is. As you said about Netscape, this should be disabled. Another interesting thing here is Referrer Logging. This option allows those monitoring a given site to see where you came from, and quite possibly where your going. This is a definite uncheck. Preferences->Multimedia: Here resides if Javascripting is enabled. Don't see Javascript? It's under scripting languages. Unchecking this box takes out javascript. Why is this important? The best way to keep yourself safe from javascript bombs is to not enable it in the first place. Kinda like having a mine sniffer. Remember where this is, just in case you DO need javascripting enabled for certain pages. Preferences->Link Presentation: For the true paranoids, set both non-visited and visited links to the same color, and the same format (underlined, bold, ect.) A nasty trick that I have not come across, but I can imagine, is someone setting their page refresh rate to gather information. An option here, Enable Document Loading, when unchecked, prevents this. If you have any question about whether your preferences are giving away anything about you that you DON'T want, check out your Opera.ini. Also, unless moved, Opera's cache is located at c:\opera\cache MheadM$IE users will have to figure out these hints on their own :-P Once you have the proxy installed, you have to find out if it is a good one or not. You will need to go to http://www.tamos.com/bin/proxy.cgi, for instance. If that bot will say "proxy server detected" that means that they're keeping track of your IP nevertheless, and that means you may get detected. Play it on the winning side: time to find a new proxy! Once you get a proxy that says "proxy server not detected" visiting the above link, you will know you have found a useful proxy. Just to be certain check it once more! For instance visit the Anonymizer's snoop page at: http://www.anonymizer.com/snoop.cgi and see what they say. Now go ahead! Sign up for commercial smut sites with a fake credit card number that you got from one of the many generator programs... and stay anonymous! Have fun with it, and just imagine what else you could do... moreover faking credit card numbers is NOT always necessary, since you can, easily have as many "true ones" as you need... Many reversers just pick up receipts from parking lots, from mall floors, from air-lounges ('first class' duty free shops are a incredible Bonanza for anyone that just happens to have a little visual memory :-) and then use the credit card numbers on those receipts on the lines explained above. Of course I'm only joking, I'm just paradoxically speaking, the above approaches would be, I'm afraid, quite illegal in most countries of the "real" world... in the real world you should NOT annoy these advertisement spammers, you should never do it, ¿?, even for a good cause like getting rid of those awfully stupid commercial smut sites :-)
Site Busting
homepage links anonymity +ORC javascript wars academy database
bots' wars tools cocktails antismut CGI-scripts search forms mail fravia+
Is reverse engineering legal?