|
HolyWar III: Parodius Attacks
This is Tristan Bresnen of TSSZ reporting.
It was an event that was at first just a little way to vent some steam off by its intiator. What it turned out to be was an event that sparked incredible criticism, harsh comments, E-mail bomb threats, and even a legal threat or two. It was dubbed the Emulation Zone Attack, and it is considered the worst attack to occur in the Sonic the Hedgehog Internet Community in a year especially, if not the worst attack on Emulation sites. Almost all sites hosted on ZTNet, including Emulation Zone, were affected. Here's how it all began:
February 5, 2000
The news was broken early in the morning: The Sonic Stuff Research Group was gone; in place of it was a nasty fecalphiliac/hentai picture. There was no clue where it came from, or why it happened. We would not know any more for a few more hours.
Suddenly, Emulation Zone was updated; included was this explanation:
"Despite the latest rumors, EmulationZone.Org has _not_ transformed into a porn site. Emulationworld.com, our host, was affected by a malicious "inside" attack. To make a long story short, the server pointed to by the secondary and alternate DNS entry for emulationzone.org was redirected to a porno site by the webmaster at Parodius (Read the release below for more information.)
If you read the release below, you find out that the cause of the attack was the fault of the admin. (Zac Williams, not Brahn.) Judging by what he has said, I can't say that I defend his actions. Nevertheless, I consider this an unjust response by parodius.com. After all, what the hell did EmulationZone.Org do to them to deserve this?
So now, we must respond to the people at Parodius Should we boycott them, start an "anti-parodius" movement with button images or let the jerks be and do nothing at all? What do you think?"
His name was Jeremy Chadwick, and he used to work for ZTNet. Apparently, he was a little angry about his site clogging up; more on that later. Further on in the day, EmuForce had new details on the attack. These are the first words we hear from Jeremy Chadwick:
"What I would say is that ZTnet, LLC. made a mistake a year ago. They accidentally placed an incorrect nameserver down as their secondary and they've had a year to address this problem on the following domains:
zone.buttonglutton.com
zone.emulationworld.com
zone.neoemu.com
zone.consoledev.com
zone.emulationzone.org
zone.nofrendo.org
zone.darkmazda.com
zone.emusphere.com
zone.psyke.com
zone.dextrose.com
zone.emuunlim.com
zone.rainemu.com
zone.dtmnt.com
zone.hu6280.com
zone.system16.com
zone.emuarchive.com
zone.lonetreekennel.com
zone.emucamp.com
zone.moonlitcoalition.com
So, the person who is listed as the secondary was tired of ZTNet, LLC.'s inability to fix their brokenness on the InterNIC. So, instead of my DNS logs getting filled with blander I decided to force ZTnet, LLC., without touching hteir server or doing ANYTHING to them, or with them to fix their stuff -- so that their clients now know that they really aren't getting what they deserve.
That's all. Case closed. No opinions, just pure fact. Lev has my server listed as secondary for a bunch of his domains. I told him months ago to fix it. he didn't. I've told users and others still hasn't been fixed so last night I wrote a program which extracted the lame queries from the logfile and made DNS zone files with the information. I can't be blamed for it. Only lev's lack-of adminsitration can be blamed. I think it's funny that he's trying to make me the bad guy for FORCING him to do something about his lack-of administrative abilities."
February 6, 2000
Most of everything seemed to be fixed--at least on EmuZone's part; sites that were affected were back in full. That was checked out midday. However, reports that had come in say that due to DNS changes, some could not access the SSRG, and a few might not have been able to until the week's end.
Jeremy Chadwick had made a smart move on his part--he had blocked all E-Mail from affected domains, after potential E-Mail bomb threats had been made. The main page of Emulation Zone was updated with this rather blunt statement:
"Well, it looks like our good friend at Parodius has "spam blocked" all email from domains which he disrupted rescently. I actually got a reply from him concerning an inquiry on why he did what he did. I might post it later if people want to read it.
Oh, and here is the full text from with the quote on parodius.com is based upon. It's from the admin of ZTNET. I'm not defending anyone here, I feel you have the right to know.
'Sorry, I have no control over what they say to you. If they send threats to you, that is their business. Also, not to put too fine a point on it... when you directed the visitors to that material, did you do any reasonable checks
to assure that minors were not viewing it? No? Don't forward any of this crap to me. This is your problem, not mine.'"
A question that was asked on the Message Boards about how Chadwick was able to do this was answered by Andy Wolan:
"It's a long story. He used to work for EmulationWorld (EW), so he had access to everything. He is the one that configured, (actually misconfigured,) the secondary DNS info to point to his DNS server, NOT the correct ones at EW. He then left EW. The error was not fixed after a request to fix it was sent to the admin and thus, he used his server to attack be redirecting any DNS requests that went to his server to the porn site, instead of the correct locations.
The Secondary DNS info has been corrected, so a retaliation on his part is not possible, unless the secondary DNS info is changed to point back to him."
February 7, 2000
The debate heats up as E-Mail records between Wolan and Chadwick become public. Below is a transcript of a few:
AW: Hey y0shi, if the argument was between Lev and yourself, why did you
have to drag several sites into this battle? What the hell did we do to you?
JC; 1. There was no "argument."
2. I didn't "drag several sites" into anything.
3. There was no "battle."
AW: A good chunk of the traffic that flows into 'Zone is directed toward the Sonic the Hedgehog related subsections. Most of these visitors are minor under the age of 21. You redirected these kids to porno, are you some kind of sick bastard or something? Why not a message like "Error 666: Server hacked... hahahah" or something? That would have been equally effective. But no, you choose porno.
JC: I could care less what your site hosts. It's not for me to
maintain, and it's not related to me in any way. It's not my
concern.
Secondly, and most importantly, *NOTHING WAS HACKED*. You sit
there listening to the mindless blander that self-proclaimed
"news sites" post about situations, which is entirely false
and biased. FYI, not **ONE** site came to me personally and
asked for an explanation regarding what happened. However, there
was a posting on http://www.emuforce.com/ which directly
quoted me, which states the truth about the situation.
Do not state that anything was hacked when it was not. I don't
care where you heard this, or if you summoned it from the bowels
of your mind yourself. It's a lie, and that's FACT.
Finally, FYI, I hate porn. I do not look at it, I do not condone
it, and I do not provide it.
I asked individuals in #emu EFNet what would be a good URL
to redirect traffic to, something that I felt was suiting and
portraited my view on the entire fiasco.
An individual gave me a URL consisting of hentai, two girls
defecating. This is exactly how I felt: *expletive* upon.
If I were you, I'd spend your time complaining about why
your provider didn't inform you of the faulty NIC records for
a year, and why they didn't do anything about it for a year.
It seems Zach has already addressed this on http://www.ztnet.com/.
You should read it before opening your mouth. Your qualm is
not with me, as I am within my right to do whatever I wish
with *MY* server. If your provider cannot maintain his or her
own NIC records, as well as service, possibly you need a
new provider.
AW: And of most of all, y0shi, I'm surprised that you, of all the people, someone who is respected by the emulation scene, would do something like this. You have permanently tarnished your reputation.
JC; I didn't have a reputation to begin with. I wasn't part of
any "scene." You have very warped views, and I can already
tell you that you've fallen victim to the blasphemy that the
public spits out regarding "reputations" of so-called "scene"
members.
Try thinking for yourself. Don't believe the hype.
AW: Now I'm not defending Lev here, nor do I support his actions or his laziness, but if you are going to attack him, attack him, NOT me.
JC: I didn't "attack" anyone. I have no problem with any of the
sites your provider hosts. I have a problem with your provider
using my DNS server as a secondary when I didn't authorize it:
especially when I informed them of the problem a year ago.
Thanks for playing.
Here is a second message:
AW: ?? Then what was this about Lev not redoing the DNS entries? I call that an argument.
JC: 'argument'.
Your provider did not do their job to the fullest of their
responsibility. It's not an argument, it's just a fact.
This has nothing to do with me.
AW: "Oh boy, I always wanted to run a porno site and my wish came true."
Turning several sites into porno sites which had no quarrel with you
does not count as "dragging then in"... whatever.
JC: 'quarrel.'
I didn't turn several sites into anything. One would actually
hold your provider more responsible than to hold me responsible
for it. If they had done their job, it wouldn't have happened.
That's the entire moral of the story here.
AW: I call turning the site I run into a porno site an attack, if not on me, on Lev. After all, you got what you want by doing that.
JC: Again, I didn't turn your site into anything. Claiming such
implies that data was modified illegitimately, which in fact,
is quite false as we all know.
But you are right. I did get what I want -- I got your provider
to fix 19 domains. Your domain happened to be one of the 19. You
make it sound like I singled you out. I didn't single anyone out.
I simply made your provider fix the problem IMMEDIATELY, since
they've been aware of the problem for a year. Did they tell you
there was a problem during that entire year? Many of the other
site owners tell me ZTNet told them nothing.
It took this "incident" to force your provider into doing their
job. If I was paying money for such a service, I'd be pretty
unhappy.
But all of the above is moot, solely because the problem was
addressed promptly by ZTNet. You should be cheering rather
than jeering.
I could care less what your site hosts. It's not for me to maintain, and it's not related to me in any way. It's not my concern.
AW: You would care if I were to sue you for loss revenue, loss of business, etc, etc. If I understand correctly, you were the one who misconfigured them in the first place.
JC: Are you threatening me with legal action? I expect an answer.
I didn't misconfigure anyone in the first place. Your provider
has known about the mess-up for over a year, and hasn't done
anything about it -- until extreme action was taken.
Your qualm is with ZTNet, not with me.
AW: Did I say anything was hacked? I was told the whole story from the beginning. I know it wasn't a hack. It was a redirection.
JC: To quote you:
"... Why not a message like 'Error 666: Server hacked... hahahaha'
or something? That would have been equally effective. ..."
AW: As for no one emailing you for the truth, (at least me,) I read your
statement on Emuforce and I read Lev's statement. What more is there to know?
JC: Exactly. Your provider admits fault, and everything will be
fixed. There's positive outcome from all of this, and that's
what I wanted to happen anyways.
I'm very glad ZTNet was quick to address the issue. It saves
all of us time and pain.
AW: Oh, and you felt it was ok to turn the site I run into a toilet?
JC: I've already explained this to you. See above.
AW: I have my arguments with Lev. I wasn't too surprised why this happened once I learned your reason behind the "attack".
JC: 'arguments'.
There wasn't an "attack." I suppose that's why you put it in
quotes. You could also call it a "hack," or a "breech of contract,"
or a "violation of my domain name involving all of my data and
all of my website visitors."
You could even go to the extreme to call it "theft."
The longer you continue to use an incorrectly attempted synonymn
for what really happened, the longer your anger will last.
AW: My, you under estimate your influence. It's a shame to see you just toss it to the crapper. Do whatever you want, it's you reputation. Distroy it if you want.
JC: 'Destroy'.
There is no reputation involved. You just like to think there
is. Of course, aren't you the one with the reputation? Threatening
legal action, claiming I'm the reason for your site "being
hacked?" Sounds to me like you have more of a reputation to
live up to, and you're looking for someone to blame.
Please stop trolling for a scapegoat.
I didn't "attack" anyone. I have no problem with any of the sites your provider hosts. I have a problem with your provider using my DNS server as a secondary when I didn't authorize it: especially when I informed them of the problem a year ago.
AW: Then screw around with his stuff or charge him for DNS traffic to your server.
JC: I hate to break it to you, but there's two things I don't do:
Harm someone else's equipment or servers via illegal methods
of machine compromisation. In English: I don't condone
hacking or forced entry in any way, and I do not do it. I'm sure you've used the cliché "It's a sue-happy world."
I don't sue people, because it's a waste of everyone's time
and money. It's silly; plain and simple. Silly.
I take responsibility for my own equipment and my own server.
Not someone else's.
AW: Look, all I ask is a public apology on your part for turning the 'Zone into a porno site for the day. I do not appreciate being the pawn in this little game.
JC: 'appreciate'.
I think the apology you're gripping for already came from your
provider.
Once again, I didn't "turn your site" into anything.
I don't care if you don't give aflying (expletive) about the
"emulation scene" or whatever.
Apparently you give enough of a "flying (expletive)" to waste my time
looking for a scapegoat for your anger, when the correct thing
to do would be to hold your provider responsible.
I know I would. But then again, if you want something done
right, you're best off doing it yourself.
AW: If you do this simple, stupid request, you will avoid a lot of headaches from other people trying to bother you indefinitely over this insident.
JC: 'incident'.
Your provider already apologized for the problem, and admitted
fault. It's been fixed (a lot faster than usual, for your
information; the InterNIC usually takes longer). It should've
been fixed a year ago, but there's no sense in stating something
ZTNet already did.
All is cool.
AW: If not, fine. Don't bother me if people bother you over this incident. I will have no control over them if you don't.
JC: 'incident'.
This sounds to me like you're proposing threats. This entire
Email has been forwarded on to Zach and Brian of ZTNet in
the hopes that they will deal with your threatening behaviour.
Any future Emails from you or other members of your "staff"
will be forwarded to admin@ZTNET.COM with no response from me.
Thank you.
Andy Wolan was quickly interviewed by TSSZ's Sonic Scene about this situation.
Sonic Scene: 1) First off, can you simply believe that Parodius's Webmaster did this? It is indeed malicious, and it seriously affected several major emulation sites.
Andy Wolan: Ya, I believe he acted alone. It's not hard for him to do what he did on his own.
I saw the secondary DNS entry for emulationzone.org point to
parodius.com for awhile. I just thought that they joined emulation
world, so I though of nothing. If I knew that they were not, I would of questioned the admin.
SS: 2) Do you think he had some right to do it? From what I've read, apparently, some secondary DNS servers were re-directing to his servers, causing clogging problems, or something along that line. That'd be a good reason, but it was still wrong to do.
AW: I agree with him for taking action against the unwanted DNS traffic to
his server. I also agree that Zac, the head admin, put things on the
backburner too much. (He sometimes fails to answer questions that I ask
him.)
However, the way Parodius's Webmaster resolved the matter was way beyond acceptable. I would have accepted a message that said "DNS processing refused for this and that reason. Complain to so and so" or even something along the lines of "Error 666: this server has been
hacked/attacked... hahaha."
Instead he decided to redirect traffic to porno sites. I find that highly offensive and even perverted. After all, a large chunk of the traffic that flows into emulationzone.org is towards the Sonic the Hedgehog related websites. Minors who are under the age of 21 view most of these websites. He redirected these minors from a safe website to a porno website, and he did so WILLINGLY AND ON PURPOSE. I don't know about you, but exposing indecent material to minors is only done by sick individuals.
And what pisses me off is, we did NOTHING to Parodius's Webmaster to
deserve this crap. He had no right to infringe on our content because of a petty battle between him and Ztnet's admin.
SS: 3) Briefly, how angry are you at this? I've read some pretty angry stuff on MBs since this mess erupted.
AW: Bad timing. First the message boards on some pages being displaying
porno now this. I would have let this slide by if the jerk redirected
people to anything else but a porno site. I would of even let this go by if he apologized for his behavior. Because he didn't, I am willing to start a boycott against his business.
SS: 4) And, finally, do you know if ZTNet might take some legal action against the webmaster of Parodius.com due to this? Or are you surprised this hack didn't happen earlier?
AW: Their hands are tied. They could of prevented this, so there is little
they can do.
However, the site ops and viewers of Emulationzone.org can press legal
action against him for indecent material, loss of business etc. I'm not sure how far or worthwhile the "loss of business" will get, but I image that he could get jail time for purposely exposing minors to porno. There is no honor in exposing kids to that type of material, for whatever reason. The thing to remember here is, the admin of Parodius.com was the one that misconfigured the secondary DNS entries in the first place.
I'm am not too surprised to hear someone complain that Zac is lazy.
However, I am deeply surprised that his laziness expended to the point
of putting something like that on the back burner for that long,
considering that the Parodius.com's webmaster even emailed him to
correct the problem.
February 8, 2000
We have heard a lot from the victim's side, but how about the person that intiated it all? Indeed, we are now going to show you the other side of this Holy War; the side of Jeremy Chadwick of Parodius Networking. The Sonic Scene conducted an interview with him, and here it is in its entirety.
Sonic Scene: I've heard that not one news guy came to you so far and asked for the facts about what happened last weekend with several ZTNet sites.
Chadwick: That's correct. No one's "interviewed" me, none the less any
news service asked me simply what happened (for their own
benefit). Of course my peers asked, but naturally they were
very receptive of the entire situation and all of them agreed
with my decision.
SS: That said, I've E-mailed you asking for the facts, from your point of view. So, simply put, what are the facts?
JC: It's a long story. Very long. I'm not in very good health at
the moment, but you luck out, since I'll tell you all of the
facts from day one -- including a piece of information that
no one seems to know (although it's not in my favour).
A little more than a year ago, I started "working" as a
member of Zophar's Domain. Brad and I are good friends, and
have always remained good friends; I had a lot more spare time
than I have now, so I volunteered to help maintain and configure
the necessary CGI scripts and other "UNIX-oriented" aspects of
www.zophar.net.
I was brought on staff, and at the time, Sam Michaels (SwampGas)
was also (supposed to be) maintaining the CGIs and what not.
The reason I was brought on to the staff seemed to be because
Sam wasn't doing his job as far as CGI maintenance went. He
didn't have much experience with it all, and he had a deep loathing
hatred for perl (the programming language).
The original author of the CGIs on www.zophar.net is Infe, a
very talented individual. Sam didn't want to maintain Infe's
CGIs, and you know, I can't blame him -- they're a huge mess
(and most likely still are).
Needless to say, I started maintaining them and fixing them acc-
ording to what needed to be done (eg. what came down the chain
of command).
Now, as we all know, Zophar's Domain was one of the original
"customers" of ZTNet. For those who don't know, ZTNet is owned
by Zach Williams, and maintained by Zach as well as some other
"employees" such as Brian (last name unknown).
Therefore, it was a given that I had a shell account on the
machine which hosted www.zophar.net.
During the first month or so, I got a lot done, and there was a
lot of positive outcome from most of the work I did. Naturally
there were problems from time to time, but I did my best to
address them quickly, even though in a few of the cases I could
have done much better.
In the middle of all of this, SwampGas shows up out of no where
and starts, in my opinion, feeling very "threatened" or what not.
I was there doing what he was supposed to be doing, without
telling him anything. I didn't particularly like him (and still
don't), but usually that's because technically inclined people
want to do everything their own way. Two egos butting heads,
mainly.
As SwampGas slowly began to "push" his way back into maintaining
the CGI scripts I had been working on, including some new ones,
we bickered constantly about my use of perl versus C, and tons
of other miscellaneous things which really don't play a role to
the story.
Brad really didn't "do" anything about SwampGas "poofing in"
out of no where to "re-claim" his job, if you know what I
mean. Brad's a mediocre mediator, and on top of that, a very
"strange" manager.
As it turned out, I slowly was pushed out of my position at
ZD, transparently at that.
Therefore I began to focus on more "low-level" things, like
the actual server configuration and other things -- things
which ZTNet's employees were supposed to be taking care of.
Primarily, by Zach.
During the last 3-4 weeks of my "employment" (I wouldn't even
call it that, though), I managed to find an exploitable bug
in ZTNet's server (Debian Linux, for who care) which allowed
me to successfully get root. Once I achieved this, I simply
placed a setuid root shell in my home directory, and removed
the exploit. I set the permissions on the root shell so that
only it was accessible by me, to ensure that other shell
users could not use it to violate the system. For your infor-
mation, I never backdoored or violating system security by
doing what I did. I did not harm the server(s) in any way,
and I never abused (by my standards) what I had received.
The goal of this shell was solely to provide me with the ability
to fix things on the ZTNet server which I had informed Zach
of, but had not done anything about them in a decent time frame
(starting to sound familiar?).
Here's the part which is "questionable," meaning not many
people know this, and it hasn't been brought up for quite
some time.
Parodius had been out of operation for a period of about a
year (if my memory serves me correctly). So, with my acquired
root shell, I decided it wouldn't hurt anyone if I used the
ZTNet server to host parodius.com's DNS (keyword: just the
DNS).
So, off I went, submitting a form to the NIC (as me, not as
root, and not even from ZTNet's machine), asking to change
NS.PARODIUS.COM to the IP of ZTNet's server. I also registered
a domain at this time, one which will remain nameless (no it
isn't pornographically-oriented; I hate porn altogether. See
below for more information) as to protect the current owners,
and set it up to use NS.PARODIUS.COM as it's primary DNS server.
I also (naturally) set up zonefiles for PARODIUS.COM and
the other domain on the ZTNet server, pointing the IPs of the
machines *TO ANOTHER MACHINE NOT EVEN PART OF ZTNET*. What this
did was allow me to have DNS hosting with ZTNet, while keeping
*ALL* of the web traffic off of their server. The server I pointed
it to was in Albany Oregon, for an ISP who I was working for at
the time.
During this time, Zach found out about the shell, and proceeded
to come entirely unglued. We're talking so unglued that he
yanked my account off ZTNet entirely. He went absolutely berserk,
redefining the word "freak-out." I don't remember anyone acting
so crazy in my entire life. I laugh when people act outrageous,
because I see so much of it every day; I'm sure most people do
as well, with shows like Jerry Springer on television and what
not. It's all crazy, and that's why I was laughing about the
entire scenario.
The domain registration went through, and the DNS server
modification (on the NIC) for NS.PARODIUS.COM went through
as well.
For everyone's information, I told no one about this. No one.
This is where I made *MY* mistake, which was later corrected
as you will see. I should have informed Zach of what I had
done, but I did not.
Naturally I resigned my staff position at Zophar's Domain, and
that's how all of that became what it was.
"So what about the DNS server using ZTNet's IP?"
Well, as it turns out, ZTNet started registering domains, or
getting new customers.
When you register a domain, you're asking for a primary and
secondary DNS server. Their primary and secondaries are
NS1.ZTNET.COM and NS2.ZTNET.COM.
It just so happened that the IP for NS2.ZTNET.COM matched
the one which I had assigned (with the NIC) for NS.PARODIUS.COM.
I'm sure you see *EXACTLY* where this is going.
I should state something in the clear, however. The InterNIC
asks you to provide two pieces of information on a domain
registration: the *NAME* of the nameserver, *AND* it's IP
number. They have to match in the NIC's internal database for
the assignment to go through -- or at least that's what we've
all been told.
Obviously that was a lie stated by the InterNIC; proof is
the fact that a ton of ZTNet domains had my nameserver listed
as their secondary when they should've had NS2.ZTNET.COM
listed.
"But wasn't the IP of NS.PARODIUS.COM on ZTNet? So how did it
get changed to be you?"
Naturally after I saw what was going on, I felt the need to
fix Parodius's DNS set up on the NIC. I filed for a modification
to change NS.PARODIUS.COM to 205.149.163.62 (Parodius' IP
number), and voila.
Now, here's another part of the story that your readers need
to focus upon.
After I had done this, I brought the entire situation to
Zach's attention (as he's admitted on www.ztnet.com). This was
about a year ago. I made it clear that some of the domains he
had been registering had my nameserver listed, and I have a
feeling Zach knew about what had happened (between the zone
files for that domain I registered and parodius.com on his
server, and the information via WHOIS), and indirectly ack-
knowledged the problem.
Zach did acknowledge it, as I remember him spewing off something
about "how it didn't make too much of a difference since it was
the SECONDARY which was messed up, not the primary."
Sadly enough, Zach doesn't understand how DNS works. There's a
lot of things Zach doesn't understand regarding UNIX and Inter-
net administration. But, his assumption was his own.
So there you have it, the history of how everything became how
it was.
I'd just like to make a few points clear to everyone regarding
everything. I do take responsibility for what is mine, and that
includes my mistakes. I shouldn't have moved NS.PARODIUS.COM to
one of ZTNet's IP numbers; but I did not expect to be "fired"
from my position as someone who helped out in the administration
of the server. I didn't expect Zach to have a hernia regarding
me having root on his machine, especially when all I had done
in the past was give him positive supporting advice on how to
fix problems (severe ones at that) with their machines.
But, with that said and done, I want to make the second point
clear: I *DID* inform Zach of what had happened, even though it
was *AFTER* it had already happened. ZTNet has had *OVER A YEAR*
to simply file for domain modification and get the secondary
changed over to NS2.ZTNET.COM on their domains. A year. It
takes less than 3 minutes, per domain, to file for modifications.
Nothing that I did I deem as inappropriate (regarding the
above story). As any individual who knows me will tell you, my
biggest requirement to be a friend of mine is that I trust you.
I won't lie (this interview is proof), and that is exactly why
people trust me. It really blew me away that someone didn't trust
me when all I had done was positive work for them in the past.
That's all.
SS: There are many people, not just webmasters, out there who are very angry at what happened. Would you like to say anything to those people?
JC: Of course, and this is something I am stating personally (NOT
speaking for all of Parodius).
Your anger isn't really justified, when being applied to me.
Let me ask you this. What do you do when you get Email spam?
I'd estimate that 98% of the Internet just deletes it. They
ignore it. They assume that since they don't have to see it,
that there is no problem.
Do they actually do anything about receiving the spam? Do
they examine the headers and contact the administrator of
SMTP server which is incorrectly configured to allow public
relaying? Do they even, at the least, contact their ISP
to complain about receiving spam? Do they know that Email
spam is actually *ILLEGAL* in the state of California?
I don't work this way. When I receive spam (i.e. see a
problem), I block the SMTP server sending it to me. If
repeated spammings occur after the block, I contact the
administrator of the SMTP server and inform them of the
problem. If they do nothing, I contact their uplink pro-
vider. I refuse to let things like this go by unnoticed.
Basically, my point here is that everyone seems to assume
that "just because they don't see the problem, that there
isn't one."
Nineteen of ZTNet's domains had been misconfigured for over
a year. If after reading my above story, you decide to respond
to this statement with "Yeah, because you used their IP number
for your own personal reasons!", the response I will give you
is "You're wrong."
The reason I say "You're wrong" is because the real reason
for the failure isn't my fault, and in a way, it isn't
ZTNet's fault either (!!!). It's actually the fault of the
InterNIC for not checking to make sure DNS servers names and
IPs match in their internal database.
How can I justify this reasoning? It's easy. We're human. We
make mistakes. When something is misconfigured, or when a
machine crashes, it's always due to human error. Always. The
machine crashes because, well, humans invented it.
I'm not trying to pass the blame off regarding me setting
NS.PARODIUS.COM to one of ZTNet's IPs. I did that under a
very bad assumption, and indeed I was wrong to do so. How-
ever, all of this could've been avoided if the InterNIC had
been doing (and still ISN'T doing!) what they said they did.
SS: Second, I've seen how angry the emulation sites affected are at this. Just how angry are you that you're getting all the blame?
JC; I wasn't angry about it until I received two lawsuit threats;
one INDIRECT threat from Andy Wolan (owner of emulationzone.org)
and one from "uzplayer" (owner of emucamp.com).
The threats didn't anger me as much as they did make me laugh.
Basically, the concept is, if your provider isn't providing
the service you want...
---> !! CHANGE PROVIDERS !! <---
Rather than changing providers, these emulation site owners
look and search so hard for a scapegoat, and in the proceed,
DEFEND the people who caused downtime for them in the first
place!
These sites have *BEEN DOWN* (by my standards, and by ANY
UNIX administrators standards) for OVER A YEAR!
How can I be held liable for something your ISP has been
aware of for over a year? Look at the WHOIS information:
who's the Technical Contact for your domain? Zachary
Williams of ZTNet.
When you're a webmaster, or simply a customer, it doesn't
MATTER who made the mistake! You're down. You lost potential
business (well, in this case, there is no business involved,
so that's out the window). It shouldn't matter what mistake
was executed; it's obvious your provider can't provide the
services you desire.
So if you're not happy with your service, then change providers.
That's how it works in the Real World(tm).
It's that simple. It really is.
SS: Third, are you afraid of the small chance that possible legal action that might be taken against you? (I'm not saying it will happen, I don't even know if it will, but there's always that chance.)
JC: I've had two lawsuit "threats" so far.
One threat came from Andy Wolan, the owner of emulationzone.org.
Andy stated that I "could legally be held for displaying porno-
graphic content to minors." Andy's threat was later "muffled"
by the following statement from him, after I asked "Are you
threatening me with legal action?":
"So, will we sue you? I doubt it. However, it's not my call since I don't
own half of the sites on the EmulationZone domain. I can't control their
behavior. If you want to avoid a headache, do what I asked: make a
public apology for redirecting the visitors to porno instead of doing
something that is considered professional. Just do it to end this
matter. Otherwise, don't blame me for any repercussions that might
happen."
A tip for you, Andy. Legally I am not held for providing that
content; the provider who contains the data and provides the
upstream link of the content is to be held liable.
Can you sue HotBot or Google or Lycos for providing pornographic
links when a child does a search for "sex?" Sure, in that case
they're LOOKING for sex, but your argument is that it's a
minor. See below for my full view on the entire matter.
Basically, I can't hold Andy liable for the statement he made,
because the official owner of the emulationzone.org
A note to your readers: Andy's original threat stated the same
as his above quote ("Don't blame me for any repercussions...").
I forwarded this threat on to Zach Williams of ZTNet, who told
me:
"Don't forward any of this crap to me. This is your problem, not mine."
If you look at who the Administrative contact is for the
emulationzone.org domain, you will see it is Zach Williams
himself. Therefore, legally, he is to be held liable for
all content which comes from that domain.
I would also like to state that I set up a spamblock list
for the emulationzone.org domain right after receiving Andy's
Email. I don't take well to threats.
Andy went around the spamblock by using his dialup Email
address to send me Email.
The second lawsuit threat came from "uzplayer" (real name
unknown), owner of emucamp.com. The statement was made over
IRC, when I personally went into #emucamp EFNet when I was
informed from an anonymous source that people in that channel
were stating "I hacked a DNS server." I went in to the channel
solely to offer the individual (and emucamp.com) the truth
regarding the entire situation.
I cannot provide a log, as I do not log my IRC sessions for
obvious reasons, but I can get one if necessary (I'm sure
some of the individuals in that channel have logs ;-) ).
During the conversation, "uzplayer" stated that because of
his "lost business," that he would be "contacting his lawyer."
When I asked "uzplayer" if he was threatening me with legal
action, he told me "Yes! And I'm going to sue you for every-
thing you're worth!"
"uzplayer" also attempted to use the same justification that
Andy Wolan did, which was that "minors were involved." Again,
it desn't fly.
I was told by numerous individuals (including some who are
part of the "EmulationWorld" group) that "uzplayer" is known
for making preposterous claims, and that this isn't the first
time he's threatened lawsuits against people. I was told to
simply ignore the statement and go back to taking a nap.
I've yet to receive any legal notification from a lawyer
(ours or someone elses), nor receive a court subpoena.
SS: You did redirect visitors to a pornographic picture, and I, along with many others, are very confident that some of those visitors were minors.
JC: The "minor" argument is nothing more than a myth. It
doesn't stand up in court. The reason for this is pretty
obvious:
There's no way to 100% guarantee someone's age.
Credit card validations are easy to get around; CC# gener-
ators have been around for 10+ years, and all people who own
CCs are 18 or older.
Those "This site contains adult material and blah blah" dis-
claimers are nothing but (pardon me) bull*expletive*. If kids want
to see it, they'll click on it! They wouldn't be looking at
porn if their parents were around -- or so we'd hope. They're
as legitimate, in the court of law, as the "You can download
these ROMs if you delete them after 24 hours" disclaimer.
There isn't a software package on the market which blocks all
the T&A that your kids will see. They'll see it either in a
banner ad from a service who doesn't provide porn (take for
instance that Maxim ad), or they'll get smart and ask a
friend how to disable NetNanny on their PC.
The problem starts at the same place as the solution: in
the home.
If you don't want your kids being exposed to "the dirty old
Internet," then don't let them on it. That's right, I'm
telling parents to stifle their child's growth if they really
feel that's the correct way to go about it.
On a final note: I hate porn. I don't like it, I don't view
it, and I find it to be a waste of time. The reason I picked
the URL in question was because I asked a series of associates
for URLs which might be suiting for the situation.
A hentai picture of two naked women defecating pretty much
represented how I felt at the time, and how I still feel:
*expletive* upon.
SS:Thank you for your time.
JC: Thank you for yours.
February 9, 2000
The final phase of this Saga. Andy Wolan had reacted to the interview above. Take a look at his comments:
"* He admits to purposely misconfiguring the DNS servers and he even used the ZTNET server for his own use without ZTNet's permission.
* He gave no apology for disrupting service to the 'Zone or any of the other websites. He didn't even apologize for wasting my time. We did
nothing to him, but yet he expects us to take his crap without any
remorse? And he is surprised to hear people cry "law suit" for what he
did to our websites?
If someone was to do that to your website, how would you react? Would
you give them just a "slap in the wrist" or would you demand
satisfaction?
* I'm not going to press charges, as I said, because I don't have time, unless I can get some outside help. If others on the site want to go after him, they will have my support. Personally, my time is too
valuable to waste on a piece of trash like Jeremy. He can downplay the
charges all he wants. However, the truth is, neither one of us knows for sure how this matter will turn out in a court of law. Both sides have good arguments. The twists in this matter would make for an interesting case.
Note how he gave NO reason on why he won't apologize? Remember, I asked for a simple public apology in exchange to block any future "lawsuit" attempt.
* I do legally own emulationzone.org. However, I don't want me name
appearing on the DNS record, so it does not appear on the record. (Ya,
like I want people to know where I live.)
* Did I send him a threatening email? No. Was my emails reasonable for
what just happen? Yes. But I'll let you be the judge, since I CC'ed all the email in our dialog. I personally feel that he shut-off email
service just block off any complaints that he knew he deserved getting. Asking for a reply to an email message and getting it does not count as "spam"."
Epilogue
One can easily imagine that this was the worst problem that Emulation Zone, and possibly other Emulation Sites, had faced in a very long time. Public opinion was just as harsh. Almost everyone wanted to take on Chadwick. Parodius.Com still has fragments of Attack info remaining on its site. ZTNet.com still has a bit of information on what happened right now. On Emulation Zone, though, unless you dig deep, you would never notice that it happened now. And perhaps that is the best thing to come out of this.
A point must be made here. Many people have limits. When those limits are pushed to the maximum, sometimes all Hell can break loose. We have seen examples of this in real life events. Jeremy Chadwick had an issue with DNS logs. When he couldn't take it anymore, it managed to affect many sites and their visitors. It proves that some 'solutions' to problems can be just as devastating on the Web as they can be in the real world. Perhaps this Attack will teach us to stand guard at all times in both worlds. You may never know what could happen next.
|
|