Free Web Hosting a Fount of Malware

daria42 writes "It looks as if free Web space services are increasingly being used to host spyware, with Internet security firm Websense claiming more of such dodgy material was found on free hosting services during the first two weeks of July than in May and June combined. "These fraudulent, free personal Web sites have an average lifespan of two to four days, making them difficult to trace," said an executive from the company."

What are you gonna do?

[gbulmash]

Free sites are used as gateways to all sorts of dodgy propositions... malware, porn spam, etc. It's because they're so easy to get with fake identity info. Maybe they record your IP address, but you can start building your site at some free hosts without even having your e-mail address confirmed, and it's possible to disguise your IP address.

I'd say that the gov't should make these companies provide more authentication, but all it would do is prove a barrier against legitimate users while the criminals would just find a way around.

Outlawing free/homesteading sites would be likely be found unconstitutional in the U.S. and it would be a big fight to remove the safe harbor provisions for such sites to make them responsible for their users' malicious activities. I really don't know what we could do at a legislative level. At a personal level, I just refuse to visit any sites at angelfire, geocities, et al.

- Greg

Re:What are you gonna do?

[fastgood]

I'd say that the gov't should make these companies provide more authentication

Or the way privacy is going these days, charge a $0.01 setup fee payable only by credit card.

Re:What are you gonna do?

[QaBOjk]

I'd say that the gov't should make these companies provide more authentication, but all it would do is prove a barrier against legitimate users while the criminals would just find a way around.

Authentication.. how about a 'contract' stating you must actively use your free hosting account for 30days or get a penalty fee. Gives the hosting company a chance to catch up on whos doing what

Re:What are you gonna do?

[Jason1729]

So you refuse to visit any site at a big name free host.

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them. What a dangerous attitude.

Besides that, there are thousands of free web hosts just because you know the names of 10 or so of the largest doesn't mean you aren't visiting others.

Even if the majority of dodgy sites are hosted on free sites, the majority of content on free sites can be quite valuable.

As part of political free speech it should be constitutionally protected that free sites can operate without collecting personal information if they want. If the government forces personal authentication, they can track you if they don't agree with what you say. That will inhibit what legetimate messages you're comfortable posting, and it would be a serious blow to free speech.

Re:What are you gonna do?

[fireboy1919]

I think it's pretty clear that the problem is the same as spam: the opportunity cost is too low.

There are many, many things that one could do to make it reasonable. You could have them send a $1 bill, or pay a similar trifling amount through an online broker, or even require a waiting period during which content is machine-inspected for scamming.

I personally use a "free" server that pretty much keeps spam at bay by requiring a $1 bill sent through the mail in order to gain memebership.

Re:What are you gonna do?

[Osrin]

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them.

Alternately, you're saying that you have no interest in what poor people have to say.

Re:What are you gonna do?

[grazzy]

An couple of hours at many internet cafes cost more than a year worths of hosting simple html-files on some places..

Re:What are you gonna do?

[the+Man+in+Black]

My favorite part is the fact that he has Snow Crash on his bookshelf.

Yeah, I clicked it.

And so did you. You KNOW it.

Re:What are you gonna do?

[gbulmash]

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them.

Alternately, you're saying that you have no interest in what poor people have to say.

Actually, before these sites became such a wasteland of porn spam and malware, I stopped visiting them because they were some of the worst abusers of pop-ups, pop-unders, and other annoying advertising methods. The growing abuse of these services by spammers and other scum merely cemented my resolve to avoid them.

Sure, you lose out on some gems, but there is MORE than enough out there in the areas I will visit to compensate for what I'm missing. The amount of interesting information on the Internet increases faster than any one human can keep up with (except for my friend who, after a badly broken leg and 3 months on bedrest, came back to work and said he used all that time to "finish reading the Internet"). If my filters leave out some valuable voices in the free-web-o-sphere, I've still got LOTS of interesting and valuable choices remaining.

- Greg

Re:What are you gonna do?

[uncoveror]

"Free" web hosting has never been free. I have tried several of them to cut costs for uncoveror.com, and they all fed pop-ups, many of which pushed spyware like gator and bonzi if they were not closed carefully. I would rather pull the plug than do that to readers, so I went to paid hosting. Last time I checked, none of my banner or text ads fed spyware.

Re:What are you gonna do?

[kz45]

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them. What a dangerous attitude.

Besides that, there are thousands of free web hosts just because you know the names of 10 or so of the largest doesn't mean you aren't visiting others.

honestly, it's not even worth it. The providers of most of these "free web hosting" accounts load each "free" site with popups and advertisements. That alone will make me stay away from those sites.

Re:What are you gonna do?

[Jason1729]

The public library provides free web access, but not webspace.

You have blinders on.

Re:What are you gonna do?

[dotgain]

You're AC anyway, so I don't know why I'm bothering, but yes. they exist. I haven't got any directly bookmarked, and can't be stuffed digging through them to find the urls, but lately while researching Electronic Fuel Injection specifics, I've read a couple of great geocities pages.

There was nothing to download, no b/g music, okay the html was pretty boring, but very easy to read. And that's exactly what I was there for.

And there's dead links everywhere, man.

Re:What are you gonna do?

[Vlad_Drak]

Other commercial hosts are in no way less susceptible to identity issues than most free sites. Also, consider that commercial web hosts offer more of an attack footprint as they'll allow any random script to be uploaded (or host phpBB, etc). I worked for years and years in a senior technical role at one of the top three web hosts, and it's a very difficult job to ensure security across thousands of Linux and Windows boxes with all the mess that's out there. People that run their own dedicated servers are ever worse, as they're probably not monitoring their abuse@ mailbox at all. That mail will go upstream to the hoster's abuse box, which is already overloaded and understaffed. Someone's got to call the customer and get authorization to look at (usually for a fee). At least the free hosters probably have to just update a DB record to shut it off.

You cannot hold the hoster (free or not) responsible for the users, for many reasons. Hosters already have tight margins, and you'd be asking them to remove features and add expensive head count. I'd love to see Capitol Hill trying to draft a bill that doesn't obliterate the hosters without subsidies of some kind. That is, if they could understand the problem. I can see it now:
 
"Script interpreters must be compiled so as to not allow outbound socket connections without a valided National ID record"
 

Re:What are you gonna do?

[fireboy1919]

A dollar, a stamp, an envolope, and the need to fill them all out by hand are all part of the cost.

Doing that with the latency of snailmail certainly sets the opportunity cost too high for a site that's going to make less than a dollar.

At the very least, it separates the wheat from the chaffe: spammers won't use it because it costs anything, and they can get a site from the totally free content providers, whereas honest people will use it because the quality of service is so much higher than a spam-allowing service.

Only last so long

Next thing you know, the malware authors will just host stuff from infected PCs. I'm sure you can run a basic web server pretty easily.

Re:Only last so long

[KiloByte]

Exactly.
Banning free hosting or requiring registration won't accomplish anything. Of course, this fact won't stop the politicians from throwing another rock against free speech.

Re:Only last so long

[Virak]

Yes, because I'm sure they would never be so dishonest as to use a different port!

Re:Only last so long

[madscientist003]

I would imagine it would take more time and energy than most malware authors and the like would hope to expend. Most infected PCs are using a DHCP lease for their IP address, whereas the free hosting sites allow you to have a static URL for your storage and distribution needs. It's the motivation shared by spammers; expend very little energy, send out tons and tons of spam/malware, and some of it will stick. It's simply not worth the extra effort.

Free?!

I've been paying GoDaddy to host my Malware all this time?!

Suprise, suprise.

[rmccann]

Spammers and crackers abusing free internet facilities?! Perish the though.

How to trust ANY new web service?

[Ohmster]

It's not just fake hosting services with malware and other phishing scams. It's getting so that one gets suspicious of any kind of new service that crops up on the web. The other day, I got excited seeing this service that promised to turn my blog contents into a printed book. I tried it, but then got worried that it was a phishing scam. And cancelled my attempts to use the service. What does mean for the promise of "web services" in general? More on the "blog into book" experience here: ahref=http://mp.blogs.com/mp/2005/07/s_11.htmlrel= url2html-21790http://mp.blogs.com/mp/2005/07/s_11. html>

Re:How to trust ANY new web service?

[pentalive]

This is pretty bad, I was applying for a job - I was contacted by someone who said they were with a large employer here in CA, after some short question and answer they emailed me some forms that I was to print out and fill in, and fax back. Part of the process before any real interviews was a "background check" form. That form had everything an identity theif needs, ssn, old addresses, Jobs, Date of Birth all kinds of thinks. That added to the fact that these people's email address differed from the employer the said they were from.. It turns out that the applications and the Job was on the up and up, but I wonder...

Re:How to trust ANY new web service?

[patio11]

That would be a NASTY phishing scam.

"Hello, we are Human Resources Solutions International. One of our clients has contracted with us to process your recent job application. You have the option of either waiting for our letter to arrive via registered mail or entering your data in our secure web server located at https://www.scamyourbuttoff.com./ Please note that your application cannot proceed until we have completed our investigation, so it is in your best interest to respond promptly. Thank you and if you have any questions about your employment process please mail Mary Jo at nevergetareply@scamyourbuttoff.com."

Fire that off to 100,000 people and I'll bet probably half of the ones actively doing job searching will go to your website without a second thought.

Re:How to trust ANY new web service?

[baadger]

"Real" identification doesn't really exist, from the offset it's based on the trust of someone you (as a service provider) don't know or trust yourself.

For example:

Here in the UK to obtain a passport all you need is an address, to fill out a form, a british birth certificate and someone reputable (like a doctor, teacher, or your boss) to sign a photo to verify it's you and they trust in your identity.

You can order birth certificates online from the GRO for £11.50 with minimal information (name and place of birth). In todays world there is still no enforced requirement to have bank accounts or deal in anything but cash, have a telephone line, etc and I can't see what there is to verify some applications against.

Good 'social engineering', cunning, and a well chosen target from the right demographic and you can steal someones identity fairly easily.

Convoluted to sign up?

[Anakron]

From TFA:

They make you type in a word that has been obscured as an image to stop them from being set up automatically

Does anyone know how effective these schemes really are? Is there a study that measures how effective this is?

Re:Convoluted to sign up?

[redheaded_stepchild]

Well, according to this, they might even be TOO effective...
That may not be the exact answer you were looking for, though.

wondering...

[eobanb]

I was wondering, how do these people typically register accounts with free web services? Our site was having a problem with comment spam, so a CAPTCHA test tends to do the trick basically all the time. On the other hand, I've also heard about defeating the test by starting a porn site and then taking the image and showing it to visitors and basically just having them type the right answer and they get to see 10 pictures or something. What we ended up doing was a word riddle, like "The quick brown fox jumped over the lazy ___s" or "3 + 5 = _" So if automated registering of these accounts is a problem, that's what I would suggest. Or you could surely just prohibit any files with a .bat or .exe or .whatever extension, and only allow .html, .gif, .jpg, .png, .wav, .txt, and a few more. I mean, if it's a free service, you get what you pay for. If you really need to host programs it shouldn't be too much trouble for you to buy something for $5/month. All in all this doesn't really seem like that outrageous of a problem.

Re:Who would have guessed???

[Anakron]

Considering that it is in their best interest to make their scams believable, I'm actually surprised that they would refuse to pay for legit hosting. I'm guessing hosting costs are a tiny portion of the profit they expect to make.
Of course, these idiots who use free web space are probably bottom-of-barrel scum.

Re:Who would have guessed???

[superpulpsicle]

The dilemma is... if they got rid of free hosting. Then only those who can afford $$ monthly hosting bills can host. It's tough to shoot for democracy when only people with money can have a voice online. Let's not tear down the tree and the whole neighborhood due to a couple bad apples.

CAPTCHAs (was Re:Convoluted to sign up?)

[gbulmash]

They make you type in a word that has been obscured as an image to stop them from being set up automatically

Does anyone know how effective these schemes really are? Is there a study that measures how effective this is?

The type-in is called a CAPTCHA (an acronym for "completely automated public Turing test to tell computers and humans apart"). They can be fairly effective, but all they do is block robots from setting up an account. If I need 10 accounts, I don't necessarily need to automate it. CAPTCHAs are more often used effectively to block bulk botting stuff like blog spam, signups for free mail accounts, or other services (like whois at Netsol.com or Godaddy.com) prone to abuse and they can work well if well designed. But, again, they're to prevent robots from doing something, not humans.

Now, as CAPTCHA's get more obscured to try to defeat more sophisticated OCR elements, they become more difficult for humans to read. I recently developed one that I may use on some of my sites that uses identifying the contents of pictures. Demo here. Some of the people I've had test it said it was fun and they actually played it like a game.

- Greg

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[morcheeba]

I thought CAPTCHAs would be pretty effective, until I heard of this cool scheme to get around them:

1. Spammer X wants to sign up for 100 free email accounts at free-accounts-Y.
2. Spammer X has a small cache of porn.
3. Spammer X puts up a website to allow access to his porn & promotes it
4. To see Spammer X's porn, Joe Average must sign up at Spammer X's website.
5. Signing up involves, you-guessed-it, a CAPTCHA!
5a. Joe requests to sign up
5b. Spammer X requests an account at free-accounts-Y and gets a CAPTCHA request.
5c. Spammer X presents this same request on their website to Joe
5d. Joe solves the CAPTCHA and returns the info to Spammer X
5e. Spammer X passes that info to free-accounts-Y
6. Repeat steps 5a-5e for lots of Joes. Result: lots of email accounts for Spammer X.

As long as the CAPTCHA is not impossible, people will process them for you for almost free.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[Night+Goat]

That was a pretty fun CAPTCHA! I am a human, what a relief. May I suggest that if you end up rolling this out that you make a way for blind people to do it also, like maybe they can e-mail you for access. Although since you were so informative about CAPTCHAs, you probably already had something in mind for blind people.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

Now, as CAPTCHA's get more obscured to try to defeat more sophisticated OCR elements, they become more difficult for humans to read. I recently developed one that I may use on some of my sites that uses identifying the contents of pictures. Demo here. Some of the people I've had test it said it was fun and they actually played it like a game.

Sorry to burst your bubble there, but when I have no javascript enabled, all I get is a "Tell me if I'm human" button. I clicked on it and your script tells me I'm human. Even when I just typed in the validate.php URL in the browser, it still tells me I'm human. So, um. There is a serious flaw in your programming.

Re:Fount?

[Recovering+Hater]

I read that and at first glance thought it was a typo. But it's true that you don't see that word much. "It is a fount and or plethora of ..."

Re:Who would have guessed???

[generic-man]

Only people with money can get on-line. The vast majority of blogs and forums out there (Slashdot included) are populated entirely by people wealthy enough to afford an Internet connection of some sort. You don't see working-class people at the library updating their politiblogs because OMG did you see what Koz said this morning about the deficit what a total wonk I am totally trackbacking him right now!!!

Websense is a Censorship Firm

Calling them a "Security" firm is whitewashing who they really are.

read the article on Censorware.

Re:Fount?

[tidewaterblues]

Actually, fount is the British and the old poetic spelling of font. When this spelling is used, it generally means a fountain, spring, or source. Using the modern spelling, a font refers to a basin for baptizing people or holding holy water, (sometimes also called a laver), although it can refer to the old useage as well. However, I don't think the word can be used to mean "plethora".

BRAND-space in the URL.

[torpor]

this is why its so important to recognize the unique sociological challenge of the URL.

it is a namespace. thus, portions of it will be a BRAND space.

either people recognize when they are culting, or they don't. times that they do, are often predicated on the formulation of identity.

the URL is a human blank page. if you don't know the URL, don't go there...

Re:Fount?

[Compholio]

However, I don't think the word can be used to mean "plethora".

I've actually heard it a whole lot, but my parents were always big on vocabulary. At least in US English there's no "u" in font though:
http://dictionary.reference.com/search?q=font

Specifically:
An abundant source; a fount: She was a font of wisdom and good sense.

(you have to look at fount to see that the "u" is deprecated)

Re:Kill two birds with one stone.

[keytoe]

it is also easy hosting for malware/other dodgy 'things'.

Like <blink> tags and MIDI loops.

/shudder/

Re:Kill two birds with one stone.

[wibs]

I hope you're not serious.

People that don't know even the basics of HTML, or how to create a website shouldn't be allowed

You're right, only people who already know everything should be allowed to attempt anything. Let's keep math books out of schools and close the freeways, because only mathematicians and NASCAR drivers have any right to numbers and cars. I don't know about you, but my first site was almost 10 years ago on Angelfire, and it was crap as all of them are. Then I bought books, viewed source, and have done a number of sites professionally with all that fancy high-tech wizardry I never would have even known existed if I hadn't started somewhere.

Maybe this would also get rid of the million's of those MySpace or Piczo type websites that plague the internet with the writings of illiterate 13 year old girls.

Sure, their sites might be pointless and juvenile, but I can't remember the last time I spent an hour reading a site before slapping my forehead and saying "Oh, now I understand why this sucks, it was written by a 13 year old!" That just doesn't happen, because the only people who ever end up at those sites are the 13 year olds who write them and their other 13 year old friends. This "plague" does not affect most people in the slightest, and if it affects you then perhaps you shouldn't be allowed to use the internet because of a lack of basic navigation skills.

People can be so quick to discourage and dismiss beginners, it makes me wonder how anybody ever learns anything.

Re:Who would have guessed???

[British]

Don't numerous ISPs throw some free web page space, quite often WITHOUT pop-up ads or such ad-related garbage?

I mean with Comcast and its millions of customers, you get some web page space to hotlink images, etc. Sure, you can't do certain questionable web pages(hacking, porn, etc), but still it is included with the cost of your monthly bill.

Heck, even AOL has web page space.

Again, if there's malware being sent out on free web page sites, perhaps its time for them to go.

CAPTCHA has been completely compromised

[merreborn]

Spammers simply proxy the CAPTCHA images, and re-present them on their own sites. Users of their sites then process the CAPTCHA for them, and they turn around and use the user's input to register on the original site.

For example, say compuporn.com wants free geocities accounts. compuporn.com offers free memberships on their site; when Joe Sixpack loads the signup page, compuporn.com runs a script that starts a new registration at geocities.com, and copies the geocities CAPTCA image, presenting it to Joe Sixpack at compuporn.com. Joe Sixpack puts the correct string in for the CAPTCHA, compuporn.com takes Joe's string, and uses it at geocities.com.

Viola. Compuporn.com has a new geocities account, without any OCR, and without any employees of Compuporn.com interpereting the CAPTCHA by hand.

Your CAPTCHA is not immune to this attack either.

Re:Who would have guessed???

[Have+Blue]

This is why the first amendment is more properly phrased like this: You have the right to speak, but you do not have the right to be heard. There is, likewise, no obligation to facilitate the speech of others.

If it's not feasible to give away web space for free, for whatever reason, it will disappear, the same way free dialup accounts and AllAdvantage disappeared. There is no "they" here, only the collective actions of every ISP and web host in the world. They don't let you on the radio or on TV or in newspapers for free, why aren't you complaining about that?

In Other News...

[__aaclcg7560]

Researchers have discovered that the Microsoft Windows operating system (all flavors) has been hosting spyware, virus and other malicious crap that comes off the Internet and spreads it to other computers attached to the same LAN at a faster rate than any other time in the last 10 years. Microsoft released a statement saying that Windows does it better than Linux and encouraged all users to immediately upgrade to Windows Vista. :P

The Register has a slightly different take

John Leyden at The Register has a slightly different take on this story. Essentially Websense is a company trying desperately to sell its "security products" through a campaign of FUD and blatantly obvious "alerts". I think most people here see this as the latter, while most of Websense's target audience probably fall into the former target audience.

Re:Who would have guessed???

[gravteck]

This is extremely short sighted. When I graduated high school I had a decision to make. Proceed onto college at a very good and prestigious school, or continue my life of amateur and professional ski competitions (err... the stuff you see in the X-games if you watch that kind of thing). I chose college because I didn't know where I'd be at 30 after a skiing career. Most of my friends went the other route. For three years many of them have been in various ski bum situations where they are homeless living out of a van, or going couch to couch. Internet forums, postings, and bloggings via the public library were the only way for my friends to stay in contact with the outside world and keep up to date on competition updates or aiding the search for sponsorship opportunities. Conversely if you were someone who was out of work and money was tight. You might use the library to search for work, or keep a resume or blog on free hosting in order to better chances (however small) at future employment.

Re:Who would have guessed???

[gravteck]

The assumptions you make in this reply are ridiculous. If you own skis you are not poor? This assumes the skis are recently bought. Of course you totally ignore the possibility that they were owned before someone was a ski bum. Slacker living off other people? Tell this to the hundreds of ski bums who spend their nights working restuarant jobs to make rent in the small apartment they usually share with 4-5 other people. Come back home? You assume their parents support them being ski bums... I can tell you that this is definitely not the case. This makes it sound like any struggling artist or writer who is out living in a similar manner doesn't have it rough because they could easily just return home. Besides, who says these ski bums, or artists, or writers are complaining. They're attempting to live their dream! The fact that free hosting services help legitimate people who are currently financially strapped is a postive thing! The fact that people always have a choice to lead a different life that may be more financially secure is a piss poor argument for requiring payment for web services. The world would be pretty stale if everyone only took paths that were financially conservative from a well-being standpoint.

From the Hoster's view

[Kamiza+Ikioi]

There's hosting that's free as in beer, and hosting that's free as in speech. While I know you can easily find that I've argued that free as in beer is often the more important factor, many times people over look free as in speech.

Free hosting, in promoting both free's, does a great job. Unfortunately, it just takes a couple bastards to ruin it for everyone else.

Free as in speech hosting is different. The key here is to not charge too much, and to put in place your hosting policies to afford as much privacy as you possibly can. Here is an example of what I have learned, YIAAH (yes, I am a hoster):

• Honor your customer's privacy. This means that you tell them what you will and won't provide to 3rd parties, explicitly. DO NOT BE VAGUE! If you are based in the US, explain: "If a US court orders us to reveal your identity, then by law, we must."
• Tell your customers what speech you won't allow. If you don't allow spam (I sure as hell won't), tell them. Let them know which forms of speech you support. Everyone has their limits, and for someone to find the free as in speech host right for them, this is vital information for them to know, and will save all parties a lot of headaches.
• Charge a fair price. If you can offer hosting for free, go for it. If, however, you are like 99% of the rest of hosting, charge only what you must. Don't be afraid of a little profit. Profit allows you to expand, and gets you through the slow months. Have fair refund policies. This is important, and will give you a good reputation. Bad reputations in hosting last, forever. Good refund policies are more important than what you charge. Fly by night operations tend to run by the unwritten evil-rule: NEVER REFUND! Thus, if you haggle over a refund, you will be labeled as a scammer.
• For the love of all that is holy, KNOW THE TECHNOLOGY! This is listed last, but it surely the most important. If you have never hosted before, then you probably have no clue what you are up against. You better damn well know: firewalls, trusted sources, DNS, scripting/programming, IDS, load/bandwidth balancing, and a slew of other things that I could sit here for hours listing. Above all (I'm an old school thinker), you better damn well know hacking. I mean this in the sense of black hat hard core hacking. If you don't know how they can get in, then you are at a great disadvantage to the black hats. To this point, I would add: Work with other hosters! Hosters are a usually very helpful community that works together. Fellow comprimised hosts only hurt you. From their ultra-high bandwidth comprimised machines, they can reign down terror on you. Get involved in a large community of hosters, be it by OS (linux, windows, bsd), or by variant (CPanel, Ensim, Webmin... or generic RedHat, Suse, etc.). Few are truly experts. I'm the first to say, I am certainly not an expert, and I've done this for several years now. But, I know where to go for help and advice, and I have enough technical knowledge under my belt to survive long enough to get that help.

Basically, be honest and up front, know your limits, ensure your operation is financially viable, and know your shit. Getting into the hosting business sounds a LOT easier than it really is. If you get into it for moral purposes like me (as part of a not-for-profit incorporation), it is even harder. Free as in speech hosting is NOT a cash cow. There are also few rewards and thanks. Your days will be spent not only providing services equal to other top hosters, but without the benefit of a fat paycheck (or any paycheck at all).

The rest of your time will be spent always looking over your shoulder for complaint e-mail. If you host bands, maybe one of them slips in a copyrighted song on their hosting, and one wrong move with the RIAA can shut you down. Maybe someone makes a threat via e-mail, and then you have someone demanding user identity, or trying to enforce the Patriot Act on you. Maybe a site ju