"Defacing" Sites Without Intruding? 42
clambert asks: "In putting the finishing touches on a recently launched site, I decided to place one of the many 'Powered By PHP' logos on the bottom of the page. Being tired, I carelessly put in a direct link to the file on the server offering the image. The next evening, I was informed that there was a large, offensive picture on the bottom of every page. Apparently, the webmaster of the remote server thought it would be funny to replace the 900 byte PHP logo with a 121KB 'photo' (I'll spare everyone from the details). This was done without contacting any of our admins first, and was clearly a move to deface our site's presentation. Would bandwidth have been their concern, they wouldn't of increased the size of the image being requested. Although we're not considering it, my question is who would have the upper hand if this were a high profile case brought to court. Intentionally defacing a site's appearance, but without breaking into the any of the site's servers." Publishing content on the web largely boils down to a matter of trust. If you are going to link from your homepage to an image, or another web page, you are trusting the author of the web page (and the administrator of that web server, assuming they aren't one and the same) to keep that content intact. So what should happen when that trust is broken, if anything?
What "trust"? (Score:2)
This is akin to taking out an ad in the phone book for a resturant that you like (without permission or affiliation with said establishment), and a week later it's closed up shop and a beastaility pr0n bookstore has gone up in its place. Sad, unfortunate, and deceiving perhaps, but nothing illegal. After all, its THIER image that you were telling client browsers to load, and from my understanding it was without their permission.
Just be glad they haven't come after you for using their bandwidth illegally, and learn from your mistakes.
Slashdot running out of ideas? (Score:3)
Re:You're kidding, right? (Score:5)
Are you an idiot? (Score:2)
--
If its on their web site (Score:3)
IANAL.
Re:Got what you deserve (Score:1)
Of course they read the questions. That's how they reject the questions I ask, which could really benefit from the combined knowledge of several thousand geeky people, and only accept questions that are laughable, like this one, or that could be answered by 30 seconds of googling.
--
You're a moron who got exactly what you deserved (Score:4)
Now explain to me again why you feel so hard done by? If it had been my server that was getting spammed by your link, I would have replaced it with the goatse image.
--
Re:yeah, it's called... (Score:2)
HA! (Score:3)
I'm guessing that, if you look at the terms of use of that "made with PHP" logo, it will stipulate that you can't call it off their site. Odds are, they saw you violating their terms, figured they'd have a little fun and pulled the old switcheroo. I know it sucks for you, but it seems fair to me. Once you start using other folks' bandwidth without their permission, I figure they've got the right to determine what data they're going to serve you.
-Waldo
Couple questions. (Score:2)
Can you demonstrate that the guy who ran the site did this specifically to deface your website? How do you know he wasn't defacing his OWN site, and yours just got defaced inadvertently?
Re:OT: Re:Hey Slashdot... (Score:1)
Good in theory, but if you killed some jerk that broke into your house you would probably be sued by the morons family instead.
Another funny example. (Score:3)
So what does a community do to an eBay dealer that they don't like? That's right. They registered the domain name, and placed a picture on that URL. It was a suitably blurred image of an ass crack, with some words about getting screwed by the particular seller.
Well, all but one of that seller's items (and he constantly used that technique on all of his auctions) didn't get bids. Everyone got a good laugh that day. Maybe not the seller. Who knows if he had a case or not, but he wasn't about to pursue it.
Its not your content, you can't complain. (Score:2)
Of course, its not really a bandwidth drain on them, of course not. Its just a puny 900 bytes. Why would anyone care? Of course, if you weren't the ONLY one doing it, it might add up after a while. The owner did something that made it clear what his position on the issue was. Sure, he could have just changed the name or something benign like that, but instead he felt like making a point.
He did not deface YOUR webpage. He changed HIS. The fact that you were lifing images off his site realtime and he decided to change one of those images to inflict you is besides the point.
-Restil
Re:OT: Re:Hey Slashdot... (Score:1)
Well put. What if, instead, he merely unplugs all of his own equipment from his own sockets, and then plugs the big, mean, nasty transformer into another one of his own outlets and sends the spike through his own wiring. Without unplugging my extension cord. That seems like a closer parallel to the case we're discussing anyway.
Ain't this fun? ;)
You're kidding, right? (Score:4)
Moral of the story? Download the image and put it on your own server - don't expect your laziness to be an excuse.
Jeesh.
Hey Slashdot... (Score:4)
Well, the other day the jerk hooks my extension cord up to some big, mean, nasty transformer and sent 100,000 volts into all of my electronic equipment. He didn't contact me or anything!
What do you think, fellow /.'ers, will I win the lawsuit?
Got what you deserve (Score:2)
yeah, it's called... (Score:1)
Re:Use the referrer http header (Score:1)
Re:Use the referrer http header (Score:1)
A lot of sites do things like this:
1) incoming request for
2) serve a page instead
3) displays lots of ads
4) provide a link to self
5) referr tag is self?
6) serve content
Having obvious binary data be replaced by webpages, or worse, having them effectively be changed from static to dynamic content, makes sites a horrible mess for multimedia search engines and the like. This is the same sort of behavior as making pages only linked through javascript, so smaller browsers, search engines, or browsers that haveed javascript disabled aren't able to get to those pages.
Of course, one guy did that on purpose, because he paid for his bandwidth and his page got popular; he wanted to have as few hits as possible...
OT: Re:Hey Slashdot... (Score:1)
I agree with your sentiment, and realize you're joking, but in the hypothetical example you pose, you would probably win. Sure, you've stolen from him, but that doesn't give him the right to damage your equipment. He could file criminal charges for the theft and might even be able to make you pay his entire electric bill. You could still sue him in civil court for damaging your stuff (maybe even press charges as well.) Once he pulls the plug, the theft stops. What he does after that is a poorly considered act of vengence.
Criminals physically robbing homes who were shot by the owner have actually won civil cases for the pain and suffering of the gunshot received while commiting a crime. (Which is why you should shoot to kill.)
Re:OT: Re:Hey Slashdot... (Score:1)
Ain't this fun?
I guess once we've bit into this flamebait of an "Ask Slashdot", might as well run with it.
Humor offtopic ... (Score:1)
Louis Wu
"Never, ever, EVER trust a telepath. I'm going to have that tattooed on my eyelids."
I've done this myself on eBay.... (Score:4)
Imagine my surprise when I found it was some lamer selling burned CD's of encoded anime fansubs. Being friends with people who encode fansubs (freely) I was most put out by the fact that some scumbag was attempting to profit from it. There was only one thing I could do...
Since the lamer had linked to a (huge) wallpaper image on my site to use as his page background I did the sensible thing: renamed the wallpaper, downloaded the picture of Sting3r (the goatse guy) and stuck it in place of the wallpaper's original filename.
Needless to say eBay pulled the auction in short order, something they wouldn't have done if I'd simply cried "copyright infringement!"
This lowers the bar, even for Slashdot (Score:2)
If you are going to steal someone's content, at least copy the goddamn image.
So you're telling me.... (Score:5)
Its their website, they can do what they will (Score:1)
Besides, you don't have the right "not to be defamed/defaced/insulted/accused/". There is, however, the right to free speach. This means that I can say right here, that your site is pornographic, innappropriate, or illegal, irrelevant of whether or not it is true. If the right to free speach only applies in so far as YOU or some other person thinks people are speaking the truth, it doesn't mean shit.
You forgot the *OTHER* 2 S's... (Score:1)
1) Shoot
2) Shovel
3) Shut up
---
nuclear presidential echelon assassination encryption virulent strain
Re:once upon a time... (Score:1)
* Warning: Don't click that unless you know what you're doing; you probably know what's there already anyway.
Re:ridiculous solution? I think not. (Score:1)
Unless.... (Score:1)
ridiculous solution? I think not. (Score:2)
I don't know about that. I think that's a damned amusing way to handle the situation. I mean, which would get your attention faster:
1. A image that says "STOP STEALING MY CONTENT"
2. A image so lewd that your users start emailing you and letting you know that there is some weird porn on the page you're serving up.
I think the porn was a great solution.
Re:OT: Re:Hey Slashdot... (Score:1)
Follow the boom? more like smell the smoke
ONEPOINT
Re:If its on their web site (Score:4)
Also you could consider the bigger problem. Bandwidth theft. I'm not sure of the following ( i don't know of any legal cases ) but from what I have learned is: I can not take an image from your server without your permision. Even if the image is free to use ( public domain). I have to copy it from your site to mine. then I can have it on my site.
ONEPOINT
Re:WEAK!!! (weak thinking on you part) (Score:1)
Use the referrer http header (Score:3)
BTW.. there's a way to automate that kind of behavior, i.e. remind people not to link directly by changing the image, kind of like an anti-theft device: Use the referrer http header field, check whether it's present and if it is and it's not your site then serve whatever you deem should go on their thiefing sites.
Re:easy on the trigger... (Score:1)
If you kill someone for breaking into your home, you will find yourself in front of a judge explaining how you knew the intruder was trying to rob you. Killing someone to protect yourself is an affirmative defense. The burden of proof is on the defendend.
It is entirely possible that the intruder was there to report an accident, call an ambulance, or thought they were walking into their friend's new house, but were really just lost.
Even better! (Score:1)
Make a javascript that opens a window of itself! while(true) { window.open("evilscript.html") } muhuhahaha! No one would ever go to their site again! They would also call M$ for tech support.
D/\ Gooberguy
How do I... (Score:2)
Re:ridiculous solution? I think not. (Score:1)
It was no a great solution in respects to the defacement of the person(s) web site whom decided to link to the image. While it seems a bit harsh, I agree that it was a great way to convince the webmaster to discontinue the links to the image's location. However, I just don't see it as a reasonable way for someone to convince another developer to stop linking to their images.
Defacing Web Sites (Score:2)
Either way, it is entirely the administrator's call on how to modify his/her files. While this case makes it very apparent that the admin didn't appreciate people using his bandwidth, it still seems a bit ridiculous that he would replace the file with pornographical content rather than just slapping a "STOP STEALING MY CONTENT" image or something similar. After all, 900 bytes wouldn't exactly crush his bandwidth (assuming the network is on broadband connectivity), unless multiple developers were linking to it.
Now, if this defacement had been something similar to the defacement of the NASA site (article [macworld.com]), then you would have a case.
Well, in conclusion: I suggest that anyone linking to web site files (namely images) save them onto hard disk and upload them to their own hosting account or server. There's no legitimacy in using someone else's bandwidth. Of course, make sure the administrator gives you explicit rights to use the image in the event it is copyrighted.
Defacement 101 (Score:3)
There are other ways to deface websites even if you aren't fortunate to have the administrator link to one of your images. For example, if the website has a search feature and lists the "top-10 search queries", just search for "fuck you" or "this website sucks" over and over.
Websites with open submission queues for stories allow easy defacement by filling them with profanity.
Open discussion boards like Slashdot but without Slashdot's antitrolling features (the lameness filter) are big targets:
Linking to an image another site is unwise for another reason -- the administrator of the other site can delete the image. If it's not a commonly-found image, you've lost it! But if you copy it locally, you may get into copyright-related trouble. So it's kind of a dilemma. But in your case, you should have definitely copied it locally...