Free Web Hosting a Fount of Malware

daria42 writes "It looks as if free Web space services are increasingly being used to host spyware, with Internet security firm Websense claiming more of such dodgy material was found on free hosting services during the first two weeks of July than in May and June combined. "These fraudulent, free personal Web sites have an average lifespan of two to four days, making them difficult to trace," said an executive from the company."

What are you gonna do?

[gbulmash]

Free sites are used as gateways to all sorts of dodgy propositions... malware, porn spam, etc. It's because they're so easy to get with fake identity info. Maybe they record your IP address, but you can start building your site at some free hosts without even having your e-mail address confirmed, and it's possible to disguise your IP address.

I'd say that the gov't should make these companies provide more authentication, but all it would do is prove a barrier against legitimate users while the criminals would just find a way around.

Outlawing free/homesteading sites would be likely be found unconstitutional in the U.S. and it would be a big fight to remove the safe harbor provisions for such sites to make them responsible for their users' malicious activities. I really don't know what we could do at a legislative level. At a personal level, I just refuse to visit any sites at angelfire, geocities, et al.

- Greg

Re:What are you gonna do?

[fastgood]

I'd say that the gov't should make these companies provide more authentication

Or the way privacy is going these days, charge a $0.01 setup fee payable only by credit card.

Re:What are you gonna do?

[Jason1729]

So you refuse to visit any site at a big name free host.

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them. What a dangerous attitude.

Besides that, there are thousands of free web hosts just because you know the names of 10 or so of the largest doesn't mean you aren't visiting others.

Even if the majority of dodgy sites are hosted on free sites, the majority of content on free sites can be quite valuable.

As part of political free speech it should be constitutionally protected that free sites can operate without collecting personal information if they want. If the government forces personal authentication, they can track you if they don't agree with what you say. That will inhibit what legetimate messages you're comfortable posting, and it would be a serious blow to free speech.

Re:What are you gonna do?

[fireboy1919]

I think it's pretty clear that the problem is the same as spam: the opportunity cost is too low.

There are many, many things that one could do to make it reasonable. You could have them send a $1 bill, or pay a similar trifling amount through an online broker, or even require a waiting period during which content is machine-inspected for scamming.

I personally use a "free" server that pretty much keeps spam at bay by requiring a $1 bill sent through the mail in order to gain memebership.

Re:What are you gonna do?

[Osrin]

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them.

Alternately, you're saying that you have no interest in what poor people have to say.

Re:What are you gonna do?

[gbulmash]

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them.

Alternately, you're saying that you have no interest in what poor people have to say.

Actually, before these sites became such a wasteland of porn spam and malware, I stopped visiting them because they were some of the worst abusers of pop-ups, pop-unders, and other annoying advertising methods. The growing abuse of these services by spammers and other scum merely cemented my resolve to avoid them.

Sure, you lose out on some gems, but there is MORE than enough out there in the areas I will visit to compensate for what I'm missing. The amount of interesting information on the Internet increases faster than any one human can keep up with (except for my friend who, after a badly broken leg and 3 months on bedrest, came back to work and said he used all that time to "finish reading the Internet"). If my filters leave out some valuable voices in the free-web-o-sphere, I've still got LOTS of interesting and valuable choices remaining.

- Greg

Only last so long

Next thing you know, the malware authors will just host stuff from infected PCs. I'm sure you can run a basic web server pretty easily.

Free?!

I've been paying GoDaddy to host my Malware all this time?!

Suprise, suprise.

[rmccann]

Spammers and crackers abusing free internet facilities?! Perish the though.

How to trust ANY new web service?

[Ohmster]

It's not just fake hosting services with malware and other phishing scams. It's getting so that one gets suspicious of any kind of new service that crops up on the web. The other day, I got excited seeing this service that promised to turn my blog contents into a printed book. I tried it, but then got worried that it was a phishing scam. And cancelled my attempts to use the service. What does mean for the promise of "web services" in general? More on the "blog into book" experience here: ahref=http://mp.blogs.com/mp/2005/07/s_11.htmlrel= url2html-21790http://mp.blogs.com/mp/2005/07/s_11. html>

Re:How to trust ANY new web service?

[pentalive]

This is pretty bad, I was applying for a job - I was contacted by someone who said they were with a large employer here in CA, after some short question and answer they emailed me some forms that I was to print out and fill in, and fax back. Part of the process before any real interviews was a "background check" form. That form had everything an identity theif needs, ssn, old addresses, Jobs, Date of Birth all kinds of thinks. That added to the fact that these people's email address differed from the employer the said they were from.. It turns out that the applications and the Job was on the up and up, but I wonder...

Re:How to trust ANY new web service?

[patio11]

That would be a NASTY phishing scam.

"Hello, we are Human Resources Solutions International. One of our clients has contracted with us to process your recent job application. You have the option of either waiting for our letter to arrive via registered mail or entering your data in our secure web server located at https://www.scamyourbuttoff.com./ Please note that your application cannot proceed until we have completed our investigation, so it is in your best interest to respond promptly. Thank you and if you have any questions about your employment process please mail Mary Jo at nevergetareply@scamyourbuttoff.com."

Fire that off to 100,000 people and I'll bet probably half of the ones actively doing job searching will go to your website without a second thought.

Re:Who would have guessed???

[superpulpsicle]

The dilemma is... if they got rid of free hosting. Then only those who can afford $$ monthly hosting bills can host. It's tough to shoot for democracy when only people with money can have a voice online. Let's not tear down the tree and the whole neighborhood due to a couple bad apples.

CAPTCHAs (was Re:Convoluted to sign up?)

[gbulmash]

They make you type in a word that has been obscured as an image to stop them from being set up automatically

Does anyone know how effective these schemes really are? Is there a study that measures how effective this is?

The type-in is called a CAPTCHA (an acronym for "completely automated public Turing test to tell computers and humans apart"). They can be fairly effective, but all they do is block robots from setting up an account. If I need 10 accounts, I don't necessarily need to automate it. CAPTCHAs are more often used effectively to block bulk botting stuff like blog spam, signups for free mail accounts, or other services (like whois at Netsol.com or Godaddy.com) prone to abuse and they can work well if well designed. But, again, they're to prevent robots from doing something, not humans.

Now, as CAPTCHA's get more obscured to try to defeat more sophisticated OCR elements, they become more difficult for humans to read. I recently developed one that I may use on some of my sites that uses identifying the contents of pictures. Demo here. Some of the people I've had test it said it was fun and they actually played it like a game.

- Greg

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[morcheeba]

I thought CAPTCHAs would be pretty effective, until I heard of this cool scheme to get around them:

1. Spammer X wants to sign up for 100 free email accounts at free-accounts-Y.
2. Spammer X has a small cache of porn.
3. Spammer X puts up a website to allow access to his porn & promotes it
4. To see Spammer X's porn, Joe Average must sign up at Spammer X's website.
5. Signing up involves, you-guessed-it, a CAPTCHA!
5a. Joe requests to sign up
5b. Spammer X requests an account at free-accounts-Y and gets a CAPTCHA request.
5c. Spammer X presents this same request on their website to Joe
5d. Joe solves the CAPTCHA and returns the info to Spammer X
5e. Spammer X passes that info to free-accounts-Y
6. Repeat steps 5a-5e for lots of Joes. Result: lots of email accounts for Spammer X.

As long as the CAPTCHA is not impossible, people will process them for you for almost free.

Websense is a Censorship Firm

Calling them a "Security" firm is whitewashing who they really are.

read the article on Censorware.

Re:Fount?

[tidewaterblues]

Actually, fount is the British and the old poetic spelling of font. When this spelling is used, it generally means a fountain, spring, or source. Using the modern spelling, a font refers to a basin for baptizing people or holding holy water, (sometimes also called a laver), although it can refer to the old useage as well. However, I don't think the word can be used to mean "plethora".

Re:Kill two birds with one stone.

[wibs]

I hope you're not serious.

People that don't know even the basics of HTML, or how to create a website shouldn't be allowed

You're right, only people who already know everything should be allowed to attempt anything. Let's keep math books out of schools and close the freeways, because only mathematicians and NASCAR drivers have any right to numbers and cars. I don't know about you, but my first site was almost 10 years ago on Angelfire, and it was crap as all of them are. Then I bought books, viewed source, and have done a number of sites professionally with all that fancy high-tech wizardry I never would have even known existed if I hadn't started somewhere.

Maybe this would also get rid of the million's of those MySpace or Piczo type websites that plague the internet with the writings of illiterate 13 year old girls.

Sure, their sites might be pointless and juvenile, but I can't remember the last time I spent an hour reading a site before slapping my forehead and saying "Oh, now I understand why this sucks, it was written by a 13 year old!" That just doesn't happen, because the only people who ever end up at those sites are the 13 year olds who write them and their other 13 year old friends. This "plague" does not affect most people in the slightest, and if it affects you then perhaps you shouldn't be allowed to use the internet because of a lack of basic navigation skills.

People can be so quick to discourage and dismiss beginners, it makes me wonder how anybody ever learns anything.