OK Folks, for years I've given away freestuff. Enjoy making it, appreciate all the many comments I get back about it. If you look at the top panel on this page you'll see that I'm the current featured freestuff provider.

The freestuff is currently turned off.

Why? ..... because on 21-March-2006 I had someone hack into the server and try and steal the Poser Tool Box from an area that they were not authorised for. There is no doubt about it, I'm not giving out details, I have the full server logs. I blocked the attack. This morning they tried again. I've pulled the plug on the server.

So lets think this through. There is code in the Poser Tool Box that flushes one of the temp directories. Its used for holding temporary files. Its a no brainer for me to alter the path and have it flush a different directory. Pick one.... Geometries? Poser? Windows? C:? So the guy was not able to get the file the first time and comes back for a second attempt. What will they be downloading? Are they feeling lucky?

I shall be writing to Peter Harley the Non-Executive Chairman at:-

iiNet Limited
Level 6,
Durack Centre
263 Adelaide Terrace
Perth
WA 6000
AUSTRALIA ( from the page http://www.iinet.net.au )

It will be a written letter not an email. A written document carries greater legal weight even if sent to another country. I shall include the log information that I have and will be asking for his assistance in this matter. Most if not all ISP's take computer crime very seriously. I doubt if iiNet will be an exception.

So to conclude:-

• Freestuff will be back when I'm sure that the back door is closed.
• No freestuff files are affected.
• If you have obtained any of my utilities or models legitimately you have absolutely nothing to worry about.
• If you get hold of a pirated copy of any of my stuff don't come crying to me that something bad happened.

Regards,

The incredibly thick skinned and more savvy than you'll ever imagine,

Sooooo sorry to hear about this Phil :( I hope things are worked out for you soon. Shame on the person who did this!!

erm Phil? I'd edit your post. by stating ". Its used for holding temporary files. Its a no brainer for me to alter the path and have it flush a different directory. Pick one.... Geometries? Poser? Windows? C:?" you can get into a SHIT load of trouble under various computer protection laws. trust me.. it is not worth the trouble at all! it's bad whats happened yup.. and it's good to stop the leak... but do you really want to be nicked for computercrimes???

Sorry to learn about this, Phil. I hope you get it resolved quickly.

Thats so sad ... But your completly right to closedown that server. When you like i can get to some of my old co workers to ask if they know a secure way to close your backdoor.? One thing i know from working in the Computer/IT industry is that those kind of clear specific file atacks are usely on demand. Some one knows where and what file they want and then the hackers are called in. I "my boss" have being ripped off in that way once. Iff you can use some help in anyway just mail me "you got the adres" Keep the head up Phil ! Chris

Khai, computer crime laws would only apply if Phil was distributing the malicious code. It's perfectly legit to store something potentially dangerous on your computer and if someone downloads it without permission it's their tough luck.

sorry, don't work that way.. read up on the law :( if you destroy anything on another machin with code you've written, you are responsible not the downloader. thats the law in the US and the UK and the EU. it's counted as an electronic attack.

You are such a wonderful person - I am so sorry to hear about this. Best Wishes to you. Thanks for all you do. seattletim

Well, regardless of what the law may say (and if it really says like Khai says, it's a stupid law anyway), I'd like to see the thief come whining about a flushed hard disk.. I mean.. I can just imagine the conversation: just exactely HOW did you get that code, my good man?! OOoh by stealing it from my server? Let's go to the police together, shan't we? Phil, I'm sorry to hear this. I hope someone in Aussiland is shitting himself right now.

Bastards... Thumbs up, Phil. I hope all will be fine soon :)

Good grief - hope you get your server locked up tighter. Why do some people spoil it for others? We've all enjoyed both your free stuff and paid products. So sorry to hear that you were almost another victim in cybecrime.:(

Sorry to hear about the hack attack Phil, I had out works website server hacked for no apparant reason a few months back, while there was nothing there to steal it was seriously annoying as far as downtime went. The ISP wasnt really very helpful to us, so we switched hosts. John

Sorry to hear it, Phil. Damn, it's incredible what some people will do just to avoid shelling out a few bucks.

Sorry to hear about the attack. Good luck with yor follow up.

geeze Louise, what's wrong with people?!! that's lower than a snake's belly, Phil and they deserves everything they get...even a flushed hard disk ;)~ I really believe what goes around, comes around...there's nothing sweeter than seeing someone bring the same bad karma back on themselves that they've put out...thanks for all you've given the community in the past, both freestuff and outstanding products!! Karen

Glad you nailed the creep(s), Phil!! Thanks for all the good stuff!!

phil, I'm 100% opposed to hackers doing what they did to you. however, my experience is that there may be unforeseen consequences for coders who insert those directory-erasing subroutines into hacked versions. I recall one chap who was so angry about folks trading his video app (for OS X) via bitTorrent and limewire, that he wrote a similar version that flushed the hacker's home directory. no doubt they deserved it, but as a result this coder faded into obscurity and probably had to quit selling his apps, as he became infamous as the second person to write what became known as a "Malicious OS X trojan" (the first malicious OS X trojan was a version of Word that also erased the hacker's home directory).

Phil Sorry to hear about the attacks on your site. It's ashame that a few people can ruin it for others. I hope things work out for you when you get a hold of the ISP for further action. Let's hope they keep logs. Thanks for everything that you have done. Adrian

The sad thing is that, lets say Joe hacks into Betty's system through a trojan virus or an open portal. He can now use Betty's system as a gateway and download Phil's stuff. What IP address is visible? Betty's. So when she gets a nasty letter from her ISP she's got no clue wtf they're talking about. Most tracking never bothers to go deeper then the surface.

The bad thing is that this hacker could be using an Elite Proxy so the IP address may not be the perp. And if Aust doesn't keep good logs or the Proxy was so good that it didn't have a forwarding IP, it's going to be hard to trace. Adrian

IP masking, yep familiar with it. Malware, that too. I wrote that it was easy to create, I then sowed the seeds of doubt. There are more ways to skin a cat. Well DAZ has just shown their support by deleting my post over there. I'm currently getting the server back up and running, some freestuff is back on line.

Sorry to hear about the problems, Phil.

Don't let the @$$holes get to ya...
Oh! and FWIW, I just read your posts over there after reading they were deleted.. the thread's still there with your posts.

Message edited on: 03/25/2006 13:43

Tried again. I still get a message no longer available page. May be their server?

Any how ..... I think that now all the freestuff is back up. Thanks again folks :)

a thought just occured to me that even though the hacker stole the program from your server, he would still have to accept your EULA during installation, wouldn't he? I think most EULA's mention something to the effect that the vendor accepts no responsibility for any damage that may occur by installation and use of said program...so wouldn't that release you from repercussions if the program did flush his hard disk? I could be wrong, but it's a thought ;P

Well they would have to ask me for a registration file first.
I don't think the person is the sharpest knife in the draw. :)

If someone deletes a reply off Daz's forums, then you can get the message not found error. I'll either browse to it again, or i I have an old message reply alert, using that usually works fine.

Just because you click accept on the EULA doesn't mean you've read it or actually agree with it. Honestly - I don't think i've ever read a EULA.

kathym....good point, I'll bet many people don't...however, just because you make a personal choice not to read it before you accept its terms, my pov tells me that you've acknowledged you will abide by the terms...just as if you sign a contract without reading it, you've legally accepted the terms... if a court of law upholds a lawsuit against an individual, filed by a hacker who illegally downloaded a program, installed it, ran it and incurred damage to his computer, or filed by someone on the basis that they didn't read the EULA, then there is absolutely no hope for this world...but, that scenario actually happening wouldn't surprise me in the least as it seems way too often I've seen where a criminal seems to have more rights than a victim...Karen

OMG Phil! I'm so sorry to hear that this happened to you :(

Poser tool box wouldnt work without the registration so even if he got the file it would be no use. I like the idea of deleting parts of his runtime with an altered version of the program and I am guessing that he wouldnt complain to the law about it, anyway.

Sorry to hear about this. Your stuff is of excellent quality and very reasonably priced, I just don't understand why anyone would try to steal it. Wish you the best of luck tracking down that hacker.

Quote - Poser tool box wouldn`t work without the registration so even if he got the file it would be no use.

The person probably didn't know that when they hacked. They probably thought they were going to get a working program.

Damn. Sorry to hear about the hack. It seems like everyone is getting hacked these days. :( bB

Phil, a couple of years back when I was just getting into Poser, yours was the first freestuff I got, and you were kind enough to e-mail me to help me install it. I still have it on disk somewhere. I'm sorry to hear you had trouble with hackers, and I hope your excellent freestuff will be back online sometime soon. Best wishes for getting the problems sorted out.

Phil, I really hope you nail the bastard. Kai, did you have a bit of a brain fart back there? You tell Phil he can get into a lot of trouble and you QUOTE hime word for word? Duh, not smart. I agree with your point though, the law takes the wrong side in that sort of case. The EULA might cover you in law. What if it said something like this: "By installing this software you agree to the following: You are a low-life thief who steals other peoples' hard work by devious and unlawful means. You have never paid for any software, everything on your harddrive is stolen, hacked, cracked or pirated. In fact you got this very installer by stealing it, didn't you? Anyway, you feel it is time to turn over a new leaf and start being honest. The first step is a purging, to get rid of all your ill-gotten gains and all the work you have ever done with stolen software. Click YES if you agree."

obm890 - do you think anyone who stole software is going to actually delete their gains? They're stupid .. but probably not that dumb.

obm...how terribly funny! you've a great, sharp wit ;)~ lol

Kathy, he wasn't serious. If you read the "EULA" he posted, it was meant to be funny :)

ROFL! I like that EULA. And since, per definition, people never read EULAs.. he'll just click the Yes to get on with the install >:o) MUAHAHAHAHAHAHA! No, I normally never read EULAs either....

<u>xantor</u> - I like the idea of deleting parts of his runtime with an altered version of the program and I am guessing that he wouldn`t complain to the law about it, anyway.

What, you're never heard about any of the lawsuits where a burglar gets hurt while breaking into someone's home, then sues the victim for damages? Seriously, it happens. Never underestimate the audacity of a human being.

Phil- Just found this thread and read through it. Unfortunately, there are alot of idiots in the world that don't give a damn about anyone else. They attack the company or the name- they don't think about the people- or care. Like alot of others, I've downloaded alot of your stuff over the last 2 almost 3 years- not to mention beta testing for you. Hope you get it all worked out and the Hacker's caught soon before he hits someone else.

We got hacked over at PlanIt 3D a while back, and we don't even have any stuff for sale, it's all freebies.

They just did it for the Hell of hacking us. Sometimes I wonder about these @ssholes.

Nail the f^ckers Phil...with EXTREME predjudice ;)

The thread is still at DAZ. The "not available" message happens when someone deletes their message, or if someone you have put on "ignore" posts to the thread. It throws the indexing off; the link takes you to, say, the second page of replies, but there's only one page that you see, so the error message is generated. You can see the thread by editing the URL so it goes to the first page, or by clicking on the second-to-last page of replies, instead of the last.

This really sucks. I hope you nail him.

I highly recommend Voodoo. :)

Go get 'im Phil! I hope you pull the plug on the dipstick!

DAMN! just loaded up a copy of "Wardrobe Wizard" that I obtained and now all my porn is gone!!!! Damn you PhilC! :P j/k sorry to hear that this happened dude. We should all be on the look out for illegidimate copies of his stuff. I'm not saying to go looking for trouble but if someone happens to come across something...

Two wrongs don't make a right, installing malicious software onto the pc of someone who tried to hack your server would make you just as bad as them.