
DSploit Scam and the Guy Who Made Our Small Income Gone Forever - evilsocket
http://dsploit.net/2014/04/28/dsploit-scam-and-the-guy-who-made-our-small-income-gone-forever/
======
TomGullen
“Never argue with stupid people, they will drag you down to their level and
then beat you with experience.”

The guy knows exactly what he is doing, there's really no chance they would
stop it on your request.

The best way to tackle these problems is try and find copyright material of
yours on his site, then keep issuing DMCA requests to his webhosts. We had
someone copying large parts of our site in a similar fashion for similar
purposes, it was a lot less effort for us to issue DMCA's and have his hosting
accounts suspended than it was for him to keep signing up for new ones. It was
a game of whack-a-mole but it worked in the end.

Trying to engage with them is often a complete waste of time, they will often
be irrational and defensive which is infuriating. If you goad them into going
into the offensive you are not going to come off well.

If you _must_ communication with these people, I think it's best to keep tone
neutral (not defensive or offensive), dry, entirely non personal (sign just
with your company name, not an employees name) and concise. Replies should be
well spaced so it appears a matter of non-urgency. Replies should also be
designed to make response difficult (not keeping an open ended conversation
going). Keep it as boring as possible for them. Unfortunately your first email
to the person went straight into offensive mode, was personal, impassioned and
appears urgent. Blogging about it isn't probably going to help either.

If he's not actually stealing anything from you, or doing anything illegal
then there's not much you can do. Best course of action would be try not to
care at all, and realise that he's probably actually not making any money at
all. I'm not saying this to make you feel better, I strongly suspect it's the
truth.

I do think it was a mistake not registering .org, a major TLD. As I understand
it, changing domain ownership by force is a lengthy process. It would of just
been easier to pay $10 a year for it.

If you want to be in a better position to protect yourself in the future
consider a trademark.

~~~
camz
I agree with essentially everything Tom suggests. I think that trademarks (TM)
is something a lot of people forget to use, registered (R) trademarks is
something I generally tell people to avoid because its often not going to help
unless you have a significant amount of intangible monetary value. It does
offer some protection like Tom suggests, but clearly it's not full proof.
Still its better than nothing.

------
jasonkester
On the income side of things, I can think of one way the the author of "The
most complete and advanced IT security professional toolkit on Android" could
bring in revenue without the need for Adsense or charity.

Perhaps, one could _sell_ said toolkit for _money_. Say, $370.40 for a
"Professional" license. Differentiated from the "Community Edition" currently
available on this and other dsploit sites in that it is a.) available after
tomorrow and b.) ever likely to receive an update by the original author.

That way, security professionals would gain access to this nice piece of
software, and the author wouldn't need to write blog posts like this one.
Better still, had he been doing this previously, he would have had seven
dollars available to pay for the .org version of his domain name, thus
avoiding the whole situation in the first place.

~~~
socialist_coder
Definitely. Just change your license so if businesses with incomes over $100k
a year want to use it, they have to buy the Professional license that costs
some appropriate amount (I'm thinking $2000 for a site license or $100 per
install, something like that).

As a game developer I've seen a lot of small tools start doing this. Don't try
and stop people pirating since you can't, but this way at least people who
work at a business who aren't personally signing the checks don't really care
if they have to pay a few hundred dollars to use their favorite & best tool.

------
ggreer
This is slightly off-topic, but I didn't notice the donation button in the
sidebar until typing ⌘+F, "donation"[1]. My inner patio11 thinks that
evilsocket is missing out on some cash-moneys. It's probably a good idea to
make a more prominent donation widget and add a call to action at the bottom
of the post.

Edit: Digging deeper (actually clicking on the donate button), I see
[https://pledgie.com/campaigns/22257](https://pledgie.com/campaigns/22257) and
it makes me sad. The video is dead, and it's unclear what donating will help
with. Will it add new features? Is it to support ongoing development? Does the
team have any previous work that shows what they're capable of?

If you want to improve your donation page, I think NeoVim[2] is a good example
to follow. The author explains what NeoVim is, what's been done so far, what
he'll do with the money, and why he's the right one for the job.

1\. That didn't find it. It just scrolled the page so my eye noticed the
button. You'd have to search for "sponsor" to find the widget.

2\.
[https://www.bountysource.com/teams/neovim/fundraiser](https://www.bountysource.com/teams/neovim/fundraiser)

------
doxinppl
Hi,

This guys name is "Martynas". He is from Lithuania. I have strong belief his
lastname is "Palaima" althought it is possible that it is fake.

His other handles: koawe, baseuse, martyboy31

Facebook:
[https://www.facebook.com/mydreamvoyage](https://www.facebook.com/mydreamvoyage)
Profiles on other sites: [http://uzdarbis.lt/t265784/nauja-rippln-plinta-kaip-
vesulas/](http://uzdarbis.lt/t265784/nauja-rippln-plinta-kaip-vesulas/)

~~~
doxinppl
feel free to contact me if you need more help finding out who this guy is.
After looking into it a bit more, I think his last name might indeed be
"Palaima".

I can dig for some more if needed as I do speak Lithuanian and would be happy
to out this asshole.

~~~
UweSchmidt
I would suggest that this is not the right way to go about it and would like
all to consider TomGullen's advice from this thread instead.

Problems:

\- "doxing" is a bad practice from 4chan; it could reflect badly on this
community and the organization behind it if some high profile case of doxing
would come from YCombinator's forum.

\- how much do you _really_ know about the whole thing? You've heard one side
of the story so far.

\- It seems to me that people have no business "serving justice" or feeling
"Dredd" from the safety of their computers in general. Standard legal measure
have not been exhausted, and I'd rather suffer the occasional smalltime
criminal than see civil society damaged by witchhunts.

~~~
ugexe
Would you agree going through legal channels will be way more
effective/possible if the problem maker's name/address are known?

~~~
UweSchmidt
I assume finding name and address are trivial in this situation once you go
the legal route. Helping the OP with some information privately is of course
helpful.

------
aaronbrethorst
I'd recommend treating this as an opportunity in disguise. Whatever small
amount of money you were making from ads and pledgie pales in comparison to
the amount that I suspect you'd make if you were to offer paid versions.

Keep giving dsploit away for free for people who want that. Call it the
'Community Edition,' or something similar. But, also offer a paid version.
Offer three tiers.

The bottom tier costs $nnn/year and entitles the user to nothing more than the
Community Edition, but with the corporate appeal of saying that this software
is commercially licensed. I note that the code is licensed under GPL v3. As
long as you can get all contributors to sign off on this, this approach
becomes even more viable. There are companies that have trouble with using GPL
v3 software (yeah, it's dumb, I know), and having a GPL v3 package suddenly
become not-GPL v3 can be incredibly valuable for them.

The middle tier costs some non-fractional multiplier above the bottom tier and
entitles the user to support. Support can be nothing more than an email
address: support@dsploit.net.

The top tier costs perhaps an order of magnitude more than the middle tier, is
labeled Enterprise, and comes with priority support. As patio11 is fond of
pointing out, priority support can be nothing more than a different email
address that _you simply answer first_.

------
camz
I would've cut down on communicating with the person. He's obviously
illiterate and his income is fueled by fraud. In my experience, you give them
a single friendly but frank email with 24 hours to respond and then you just
have to go through the proper channels. In this case removing his domain.

I'd like to believe the good in people. But, this individual's conduct from
the outset demonstrates bad faith.

~~~
evilsocket
and then what? what should I achieve with that ?

~~~
commandar
Not getting into a fruitless debate and/or antagonizing somebody that doesn't
have any interest in being reasoned with.

It's quite possible that he reported you to Adsense specifically as a petty
demonstration of the "power" he wields. And while your site may have been your
only income, his was probably one of dozens more, so it didn't really matter
to him.

Short version: you had a lot more to lose and nothing to gain compared to him.

~~~
evilsocket
that's life I suppose, fortunately I have a job :)

~~~
dragontamer
And the blogpost you made is ultimately feeding the troll. It is confirmation
that he "won".

Even if you do care about these events, sometimes it plays to your advantage
to keep things off the blog.

------
asuffield
There's a lesson in here about making threats you aren't prepared to carry
out, and another one about making advertising your only revenue.

When you sign up to an advertising-only business model, you are putting the
advertisers in charge. Your business is now all about keeping them happy.

~~~
psykovsky
aren't all businesses about keeping someone happy?

~~~
asuffield
Yes. This is about picking your customer. If your customer is the advertising
network then their desires are very different compared to, say, somebody who
wants a network analysis tool.

It's a good idea to pick customers whose interests align with yours.

------
rsync
"Do you know that what you are actually doing with dsploit.org is illegal?"

It is ? Certainly it's crummy and dishonest and just the worst sort of blah
blah blah ... but is it actually illegal ?

How is it illegal ?

~~~
dvirsky
I think it falls under the definition of Cybersquatting as described here:
"Cybersquatting (also known as domain squatting), according to the United
States federal law known as the Anticybersquatting Consumer Protection Act, is
registering, trafficking in, or using a domain name with bad faith intent to
profit from the goodwill of a trademark belonging to someone else"
[http://en.wikipedia.org/wiki/Cybersquatting](http://en.wikipedia.org/wiki/Cybersquatting)

~~~
gambiting
What happens if he is not in the US though? US laws don't apply
worldwide(thankfully).

~~~
ubernostrum
The US law is basically just the same as the cybersquatting provisions of
ICANN's Uniform Domain-Name Dispute Resolution Policy, which is binding on all
registrars worldwide.

------
dylz
I really doubt that's valid whois data for one, considering his past history
in theft, HYIP, and scams. Google the email.

    
    
      Registrant Name: Tony Buar
      Registrant Organization: RoadInvest
      Registrant Street: 60 Cleveland St, London   
      Registrant City: London
      Registrant State/Province: Other
      Registrant Postal Code: W1T 4JZ
      Registrant Country: GB
      Registrant Phone: +44.07852369123
      Registrant Phone Ext: 
      Registrant Fax: 
      Registrant Fax Ext: 
      Registrant Email: modzer8@gmail.com

~~~
tankenmate
Due to ICANN's new policies if you report incorrect or inaccurate whois data
the registrar is forced to investigate and potentially pull the
registration(s).

The whois inaccuracy complaint form can be found here;
[https://forms.icann.org/en/resources/compliance/complaints/w...](https://forms.icann.org/en/resources/compliance/complaints/whois/inaccuracy-
form)

This will probably force the problem maker to go to a new registrar and also
pay for privacy protection next time; at least you are increasing his costs.

You could also engage in a UDRP complaint if dsploit is a trademark;
unregistered trademarks are harder to defend however.

------
lwf
From
<[https://support.google.com/adsense/answer/2659114>](https://support.google.com/adsense/answer/2659114>):

> Suspending an account provides the publisher with 30 days to make the
> relevant changes to their sites. If you have been suspended, you’ll still be
> able to log into your AdSense account. However, no ads will be shown for 30
> days, and you’ll notice a payment hold automatically added to your account.
> At the end of this suspension period, we’ll automatically re-enable ad
> serving, remove the payment hold, and monitor your account to ensure
> compliance.

However, there doesn't seem to be an appeals mechanism in the interim.

~~~
evilsocket
I should change the whole website purpose :)

------
nothxbro
Sorry to hear that. You must have known that this day was coming though?
Basically you were living on borrowed time from Google. If the revenue was
that much of a priority to you, you should have laid much lower than you did
and certainly not make threats to people who have no issue with doing
fraudulent things.

If you lay down with pigs, you are gonna get dirty

If you play with fire you will eventually get burned

etc..

~~~
evilsocket
you know, sometimes I'm maybe a little naive

~~~
sambeau
Being moral isn't the same as being naïve, no matter how much harsh people
tell you it is. It is a sign of moral strength to not immediately bite back.

------
oceanplexian
Sending empty threats is dangerous and can be legally exposing. Either get a
lawyer or forget about it.

Why in the heck would you send an email (with broken grammar no less) over
something that might involve legal action? It's unfortunate but you're lucky
to lose some ad revenue and not get sued.

~~~
evilsocket
I have a lawyer who can manage this thing, it's just not worth it. Regarding
the grammar, English is not my native language (although this is not an excuse
of course).

~~~
sambeau

      English is not my native language (although this is not an excuse of course)
    

I'm a native English speaker and I believe that that _is_ a valid excuse.

~~~
unclenoriega
This reminds me of all the times I've read a passage online where the only
indication that the writer wasn't a native English speaker was the apology for
the (assumed) poor English.

------
ozh
TL;DR: relying on Adsense as your only income is way too hazardous.

~~~
gcp
AdSense can and does cut you off for no sane reason and good luck finding a
human to fix things for you.

------
raverbashing
Good luck with the hopeless Google support

------
PhilipA
One of the issues, is the lack of competition. Most small sites doesn't have
much real alternatives when it comes to Adsense, and a ban could close you
down.

I got banned a some years ago, because my girlfriend thought it would be a
good idea to click on the ads on my website. She clicked once or twice a day,
and thought she helped me... I have been banned ever since. So I welcome any
competition in this space!

~~~
pravda
If I hired some people to click Adsense add on somedomain.com, could I get the
site owner banned? Or do the clicks have to come from the same IP as the site
owner?

------
y-apply
You should have taken care of it without even contacting him. He would have
never known it was you.

------
troymc
Some suggestions:

1) Make sure your site complies with the AdSense TOS and then hope Google will
restore AdSense eventually?

2) In the meantime, serve ads from a different ad network.

3) There are many other ways to leverage web traffic into revenue. Do a little
research (or thinking). I see you now have a donation button. Many other
possibilities exist.

4) The long game: File for a US trademark on dSploit. Apparently nobody
currently holds a US trademark on "dSploit", for any purpose. Once you have
the trademark, you can get some domain registrars to shut down anyone using
dsploit TLDs.

~~~
voicereasonish
> 1) Make sure your site complies with the AdSense TOS and then hope Google
> will restore AdSense eventually?

This just doesn't happen. Google couldn't care less. At all.

> 2) In the meantime, serve ads from a different ad network.

Google has a massive monopoly. There just aren't any decent competitors with
the inventory.

------
leorocky
I'm amazed that adsense was bringing in enough money to pay for anything. You
generally need 100k+ visits a day just to break into minimum wage territory.

~~~
patja
By minimum wage territory I guess you mean the range of $50 - $100/day? You
must have a pretty low ecpm to only earn that much from 100k visitors/day. My
experience is at least 6x that range.

~~~
leorocky
My experience has been about $1 per 1,000 visitors. But that was a while ago
and I didn't publish content about mesothelioma. Mostly programming stuff.

------
bsg75
> and usually I trust in human comprehension and intellect

Mistake #1 when dealing with someone who is already doing something dishonest.

------
EpicEng
>The 48 hours takedown notice was indeed fake, I'm not the kind of guy who
does this kind of things and usually I trust in human comprehension and
intellect...

Well... good luck with that. Why would anyone have qualms about pursuing a
legitimate take down notice?

------
spiritplumber
Go to 138 Spruce Drive North Washington (Butler), PA 160 and have a friendly
and nonthreatening conversation with the guy. Bring friends.

