May i build a "underground site" on dreamhost?


#1

Underground site = disscus about bug , hacking , exploit , security v…v…
May i built it on your host ??
Do u acept ?? if you acept i will reg host immediately!!Thank you very much!!


#2

Perhaps you would like to refer to http://www.dreamhost.com/tos.html for more information on DreamHost’s Terms of Service. I suppose it is allowed as long as it does not violate any Country, Federal, State or Local regulation. You may also like to confirm with DreamHost on this matter here.

Check Out DreamHost Promo Codes


#3

As long as the site remained in the realm of discussions about these topics it would probably be ok, but as infinitaus said, it would be best to contact Dreamhost directly for a definitive answer.


Web Hosting Reviews | Get Around The Net


#4

we can only give you suggestions. But the best ways is as they said — check with DH support

Save $97 with promo code: [color=#CC0000]97YES Sign Up NOW[/color]


#5

If your intention is to spread information about how to crack software, exploit bugs and security holes, write viruses, etc., than I hope you and all your kind suffer some sort of unpleasant demise.


si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


#6

Harsh ad-hominem attacks, sir.

The world NEEDS sites like/by securityfocus (formerly packetstorm), l0pht, Fravia, bugtraq, pen-test, etc. The information about how this stuff works NEEDS to be available. Otherwise how are you and I going to learn about it ? Or do you prefer ignorance ?
Honestly, without good and decent tutorials and howtos on buffer overflows and a solid explanation on how they are exploited, I would not have been able to learn about those techniques. nmap would be a mystery to me. Fuzzing would make me think of textiles. Remote code execution would be equivalent in terminology to remote procedure calls. Remote root hole would render as some nifty kind of loophole. Black Ice would be some cool sounding game name. Hell, even debugging would be quite hard to learn without also learning how to crack software (at least if you’re serious about knowing assembler-level debugging).

This information needs to be available. You seem to assume that only the asshats of this world will get to see and use it. Not so – and I prefer knowledge about remotely exploitable security holes to be READILY available, and not just kept under lock and key by a select few organized crime figures. After all, if you have no idea how an attacker will attack your servers and services, how in the world are you going to implement them securely and keep them secure in the years to come ?

(and yeah, the byproduct of all this is that some script kiddiez and crackers are gonna get their dirty little paws on this stuff. Can’t be avoided. They’d get the exact same material in more hidden circles, anyway. IRC is an enigma to many already, FreeNet-based chat services are downright scary, and side-channel communications is not just for spooks anymore. Even knowledge about how viruses work, exactly, can be extremely valuable in defending against them :slight_smile:

To the OP : keep it legal. White papers on writing shellcode under constraints X,Y,Z is ok, directing people to use that stuff in an exploit against bigcorp.com is not, trading of illegally gotten goods is not (even if “just” intellectual), building botnetdrones is not (describing how they work, however, is), etc.
You might get into hot water with the abuse-department if you cross the line; and you will most certainly not be getting any help from them if a federal judge orders them to produce data relating to your account. All data.


#7

Do you even know what an “underground” site is?
If you did, you’d be very well aware that such sites don’t consist of legit security related issues, like securityfocus and such do. The “underground” (more accurately named “The Warez Underground”), consists of distributing mostly illegal contents via which persons in such a group will apply them to attack and compromise a remote system.

Cracking btw, is also still illegal in the US, as far as I’m aware. Irregardless of what you might think it does to benefit the internet, such places have no place here or anywhere else. Do such things on private “underground” discussion forums or with your friends, not publicly and definitely don’t ask your host if it’s “allowed”. Anyone asking such a question clearly shouldn’t be doing it in the first place.

As you said - keep it legal, and it’s fine. But as the OP stated explicitly “underground”, it would clearly indicate non-legal content. On that note, I certainly agree with you that legal security informations, such as exploits and the like, need to and should be made public. It does more harm than good to keep such information hidden or reserved for “elite” individuals/groups.


Chips N Cheese - Custom PHP installs and the like!


#8

I do applaud you for asking first, and you should follow up with DH. This is not really a question for technical support, your question falls under “abuse”. As this is a separate group, they may not respond as quickly as technical support does. Be patient and be honest with them about your intentions.

In the TOS, follow the link for abuse. You will find:

“… the hosting or storage of tools primarily used for cracking/intrusion or denial of service attacks is also prohibited, and will result in the account being permanently disabled without refund.”

So check with DH before putting down your money. While “discussion” about these matters may be permitted (and that is walking right up to the line, unless DH further tightens this aspect of the TOS, and therefore determines that you are over said line), posting code snippets will probably get you booted off.

Note that it does not matter if you or some other individual posts it, you are ultimately responsible for any content on your site.

With all due respect to you, your site may not be appropriate for this environment.

I do admit I am biased, as I am a network security professional. There are plenty of resources “out there” already for those wishing to learn exploits, develop exploits, and prevent others from using exploits. What new value will your site add to the net community? What is the purpose of your site?

Regards,
Rudy


#9

Not really, no. Underground means double-plus ungood as far as I’m concerned. We aren’t talking about some altruistic friend to computer security here. This is about warez, spamming, zombies, etc. “Unpleasant demise” is nowhere near as harsh as it should’ve been.


si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


#10

Yes. You, however, only seem have one definition thereof.

And here we have your mistake. The poster did not write anything warez-related. Sure there is a “warez underground”, but hell, look up the Computer Underground Digest (which has been in existence for 10 years, though sadly ended in 2k), Phrack magazine (yes, that’s underground), or fricking packet storm security before it was SecurityFocus.

You somehow mix information with intent. A collection of shellcode (http://www.metasploit.com/ fits that definition, doesn’t it ?) can be used in that manner. A collection of virus samples can. (how would http://www.clamav.net/ operate if it was illegal to keep an archive of such ?) A collection of known exploit code (bugtraq ! pen-test ! packet storm !) can. All of this content is not in any way, shape, or form illegal.

My point is that information about these and even the exploit code itself is not problematic. It should not be. The intent is not always clear. Once you have incontrovertible proof of intent … well, that’s another story; and if the forum is a hub for trading CC numbers and entire botnets, hell, call the FBI cybercrime unit.

It is even perfectly feasible for somebody to create an “underground” board for themselves and a couple of friends, and then compete against one another in breaking EACHOTHER’s systems (assuming they are under the legal control of those people and they agree to that). It can be great fun to poke at your friend’s security setup. In fact, it’s often educational.

It really depends on how you define the term “cracking” (which can mean breaching a system’s security by using premade tools … or breaking some software protection system … or circumventing some copy control technique …). Not all uses are illegal. In fact, some uses could be seen as falling under “fair use”, while others are made “illegal” by unenforcable EULAs. The act of cracking itself is not necessarily the culprit you’d sue for, but rather the copyright infringement that usually follows (or anti-circumvention clauses according to the DMCA, but that is a whole other debate). There are clearly illegal acts that could fall under cracking. The area, as a whole, is not, though.

[quote]
Irregardless of what you might think it does to benefit the internet, such places have no place here or anywhere else. [/quote]
On that point we’ll just have to agree to disagree.

[quote]
Do such things on private “underground” discussion forums or with your friends, not publicly and definitely don’t ask your host if it’s “allowed”. Anyone asking such a question clearly shouldn’t be doing it in the first place.[/quote]
Great defense. Because person X is ignorant now, he/she will be ignorant forever and should not even try to change :wink: Where do you think these supposed “underground discussion forums” are, if not on webspace, rented servers, or university computer networks ? :slight_smile:

[quote]
As you said - keep it legal, and it’s fine. But as the OP stated explicitly “underground”, it would clearly indicate non-legal content. [/quote]
It does not do so “clearly”. Illegal activities CAN fall under “underground”, underground does not fall under “illegal” automatically.

[quote]
On that note, I certainly agree with you that legal security informations, such as exploits and the like, need to and should be made public. It does more harm than good to keep such information hidden or reserved for “elite” individuals/groups.[/quote]
Some people disagree strongly with that stance, especially when the released information could negatively impact them directly. Cisco has been known to try to silence speeches on new exploits applicable to their appliances, for instance. :slight_smile:


#11

So let me get that straight. You wish DEATH upon people merely because they are TALKING about stuff you do not like ?

We do not need to be talking about altruistic anythings. He did NOT say it was about warez, or spamming, or botnets. You just assume it does, and base your wishing DEATH upon him on it. Even arrogant pricks can sometimes make important contributions to a field, so altruism isn’t needed. At all.

“Underground” may be doubleplusungood (love newspeak), but if it is legal and within the limits of the ToS, hell, all the more power to that guy.


#12

I used the term “unpleasant demise” as an alternative to “failure”. However, for some of these creatures who turn PCs into their zombies, crack software for illegal distribution and spread spam/viruses/adware, death is entirely appropriate.


si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


#13

I started out on the internet in the “underground” scene, I know exactly what it is and what people do there. A reference to an “underground” site (IN quotes), almost always refers to an underground warez site. Individuals who are referencing a legit underground site, usually refer to it without the quotes (as “underground”, in quotes, implies the definition of underground itself is meant to be more than the word itself). Based off of his pure spelling, I’d say he has more of a chance being an “illegit” user than not.

[quote]
You somehow mix information with intent. A collection of shellcode (http://www.metasploit.com/ fits that definition, doesn’t it ?) can be used in that manner. A collection of virus samples can. (how would http://www.clamav.net/ operate if it was illegal to keep an archive of such ?) A collection of known exploit code (bugtraq ! pen-test ! packet storm !) can. All of this content is not in any way, shape, or form illegal.[/quote]
If you’d actually taken the time to read my post and digest it, I said a Cracking site, not a hacking/exploit/etc site. I believe I made it clear I was referring explicitly to an illegit cracking site at that. Sorry if I didn’t spell that out for you.

[quote]
My point is that information about these and even the exploit code itself is not problematic. It should not be. The intent is not always clear. Once you have incontrovertible proof of intent … well, that’s another story; and if the forum is a hub for trading CC numbers and entire botnets, hell, call the FBI cybercrime unit.[/quote]
Assuming you’re referring to cracking as above, since that part of my statement did indeed focus on cracking specifically, I’ll have to point out again that such content, including explicit discussions of said content, is illegal by US Law. Which, however, is exempted as you stated here:

[quote]
It really depends on how you define the term “cracking” (which can mean breaching a system’s security by using premade tools … or breaking some software protection system … or circumventing some copy control technique …). Not all uses are illegal. In fact, some uses could be seen as falling under “fair use”, while others are made “illegal” by unenforcable EULAs. The act of cracking itself is not necessarily the culprit you’d sue for, but rather the copyright infringement that usually follows (or anti-circumvention clauses according to the DMCA, but that is a whole other debate). There are clearly illegal acts that could fall under cracking. The area, as a whole, is not, though.[/quote]
If the two parties agree to it and they own the rights to the software and/or system and/or network they are cracking into. In this case said law doesn’t not apply as the uses are indeed legitimate/legal. If that’s what this person is doing, then that would be perfectly okay. I’m pretty sure I specified what type of cracking we were discussing here either way - the illegitimate kind.

This one is really quite simple and doesn’t get any more complicated. If you have to ask, then you’re already well aware of the legality of your content. If every person who created a website asked if their content was legal or not, I could see argument otherwise, but as I’ve rarely if ever seen that happen, it’s quite clear what the answer is to this person’s question. No.

[quote]
It does not do so “clearly”. Illegal activities CAN fall under “underground”, underground does not fall under “illegal” automatically.[/quote]
When you’re asking if your content is “okay” or not, and you specifiy, in quotes, “underground” - then yes, it does.

[quote]
Some people disagree strongly with that stance, especially when the released information could negatively impact them directly. Cisco has been known to try to silence speeches on new exploits applicable to their appliances, for instance. :)[/quote]
Yes, however the content is still legal - UNLESS there is some part of code within the given exploit (or whatever) that Cisco actually owns, then it would be illegal.

If the OP had originally specified, or even referred to another site as an example, the actual subject material for his site (rather than leaving us guessing), it would do much better than having us argue over such matters. As it stands currently, I suppose one could see it either way. Perhaps instead of bickering, we should just ask the OP to clarify :wink:


Chips N Cheese - Custom PHP installs and the like!


#14

Legal? Yes, IMO (though I am not a lawyer)

Within the TOS? I’m not sure about that… It is up to DH to decide.

The fact this individual asked before signing up indicates this individual knows the planned site may not be acceptable to DH, even if it is legal.

While “discussion” seems to fall within the TOS, how can one discuss, for example, buffer overflow or SQL injection attacks without referring to sample code?

As I read it, the TOS prohibits such samples.

Ju57 7rY1ng 2 5aV3 7H15 P3R50n 50m3 pR0Bl3m5 1n Th3 fU7ur3.

Regards,
Rudy


#15

[quote]
While “discussion” seems to fall within the TOS, how can one discuss, for example, buffer overflow or SQL injection attacks without referring to sample code?

As I read it, the TOS prohibits such samples.[/quote]
A very good point! I hadn’t even thought to check the TOS on specifics. :slight_smile:


Chips N Cheese - Custom PHP installs and the like!


#16

The OP should also note that DreamHost is based in the U.S. and will have to act on DMCA notices.

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#17

I’m coming from a different angle; I have seen several different underground scenes on the net, all claiming to be the actual, real, and only scene – so that’s why I have a problem with the loose definition :slight_smile:

[quote]
(…) Based off of his pure spelling, I’d say he has more of a chance being an “illegit” user than not.[/quote]

Hrrm. Might just be an indication to the contrary as well though. As in, “this is an ‘underground’ site, i.e. it’s not really all that underground” :slight_smile:

Maybe I misunderstood. However, I’d classify Fravia’s old reverse engineering site under just that auspice; it may deal with cracking, for instance, WinZip, in a tutorial form of how to use the BlackIce debugger; that’s walking the line. It’s educational content, and at the same time rather black hattish :slight_smile:

[quote]
Assuming you’re referring to cracking as above, since that part of my statement did indeed focus on cracking specifically, I’ll have to point out again that such content, including explicit discussions of said content, is illegal by US Law. Which, however, is exempted as you stated here:[/quote]

Hrrm. I might misinterpret US law then. I was under the impression that tools primarily facilitating circumvention of these protections can be acted upon under the civil law DMCA; however, information on such cannot (though of course this is all hotly debated in the surroundings of DeCSS and the associated free speech issues).
If it is indeed illegal to discuss the specifics of, say, breaking AACS or CSS, or more to the point, netfilter and Apache security, then the free exchange of ideas and free speech in general does not exist (assuming this is actually illegal by law, not just prohibited by private enterprise ToS :wink:

[quote]
If the two parties agree to it and they own the rights to the software and/or system and/or network they are cracking
into. [/quote]

Careful. I do not have to own the rights to the software I am using to try to defeat its security features. Case in point, I do not have to have the right to the Windows XP intellectual property to analyze and expose flaws in the Internet Explorer security model, legally, so long as I have the legal right to use the software in a regular manner.

And a point I tried to make is that the line of legitimacy is not easily defined (though as they say, I’ll know somebody crossed it when I see it :-P)

Then I misunderstood you. Though my take on it would be that the OP might be courteous. There are webhosters out there who do not believe in free speech, or hosting websites they might disagree with entirely, even though they are legal (and it’s their right to do so; Just somebody doing something legal does not imply that they have the right for me to sell them services to facilitate their activities :slight_smile:

The analogy I’d draw is asking the hoster whether adult content is allowed. DH’s answer is “yes, if it’s legal in California”. Adult content, per se, is legal; asking whether it’s ok to put it on your account is still due diligence, since many hosters shy away from that amount of traffic on shared hosts. Using IRC, eggdrop, BNC, etc. are all perfectly legal; but you damn well better ask your host if you can use them unless you want your account suspended (and here DH’s answer will be a resounding no – not because it’s illegal, but because those particular technologies attract a LOT of dDoS attacks).

Not necessarily. It might then still fall under fair use. That’s to be decided on a case-by-case basis.

[quote]
If the OP had originally specified, or even referred to another site as an example, the actual subject material for his site (rather than leaving us guessing), it would do much better than having us argue over such matters. As it stands currently, I suppose one could see it either way. Perhaps instead of bickering, we should just ask the OP to clarify [/quote]

Agreed ! Let’s delve into the underground and make him answer ! :slight_smile: