On December 24, I discovered a site that was frequently selling our software. Here is a summary of how we forced them to remove it.
I replied that I was surprised as he was, given that we had certainly not sold it.
He pointed me to the site www.****online.com (in order not to promote the site in any way I won't reveal the URL or other details of the company, e-mail me if you are interested in the specifics) that was offering our software.
The FRAUDULENT site was as follows:
As you can see their lead product was our very own MailList King (Note: MailiList King is mailing list management software, NOT spamming software), and they were using our logos for EZ-Pix and Amaze to promote other mail software. In fact, the page very much resembled our own home page and even using the same heading text, "Developers of the following leading software."
The domain name seemed familiar and I searched our e-mail archive to reveal a hit. A purchase had been made for MailList King only a few weeks earlier by a "Freddy C*****, London, UK" but had used a Hotmail address and looked rather suspicious, so we requested a non-freemail address to send the registration details to. They had replied saying that we could send it to admin@****online.com and the transaction was fulfilled.
Faced with this information I was rather taken aback, here was a company that was purporting to have developed our software, was actively promoting it via e-mail, and presumably selling it using the registration details that we had supplied in response to what now appeared to be a fraudulent order. Also users searching by the name of our software using the search engines might inadvertently end up on this site and purchase a fake copy.
I suddenly felt rather ill; that feeling that comes on when something that you have invested a great deal of time and effort on appears to be slipping away from you.
My first step in my plan to bring down the site was to discover the owner of the domain. Using Whois , I determined that it had been registered to "Astrid K***, Verona, Italy" and the e-mail address was the same Hotmail one that had been used for the fake order.
I composed a few different e-mails varying between the polite ("Oops, you appear to have mistakenly claimed that the software I spent years writing is your own") to the downright threatening, and in the end settled on the standard "or else" approach:
He responded within hours with the following defiant and downright illegal retort:
Pay extortion to a con-man? Never! I would rather give my software away, and have him deal with all the complaints that he was charging for a free product.
The domain record for the site revealed two other possibilities, the URL had been supplied by networksolutions.com and the DNS server pointed to the web hosting company, Pak***.net.
I also looked at the header of the message and saw that it had been sent from the IP address 203.81.***.199, which I traced using a TraceIP service to a small ISP in Pakistan.
So now we had three countries and at least two names all pointing to the one e-mail address , it looked like I was dealing with a major fraudster.
I immediately forwarded his message to networksolutions.com customer service and the abuse e-mail address for Pak***.net, asking both of them to take down the user's site.
NetworkSolutions.com responded first with the following:
Which was frustrating, but rather understandable. It would be a major task for a registration company if they needed to investigate the legality of a web site every time someone claimed a copyright infringement.
So I thought I'd try a different tack. Clearly our fraudster was located in Pakistan, while the registrant (payee) was located in Italy, presumably because a stolen credit card had been used:
But that proved to be a dead end with the friendly "Maria019" replying with the identical canned response as her first message (shortly after I received an automated e-mail from NetworkSolutions.com asking them to rate the customer service I received, boy was that ever an invitation for abuse).
I retired to bed for a restless night and awoke to find the following message from abuse@Pak***.net:
I hit a new low seeing my last avenue for assistance slip away. But then oddly I found I had been copied on another message sent by abuse@Pak***.net to the customer:
So I went back to the first e-mail from abuse@Pak***.net and examined the message header. Yup, it had been sent from the same IP address as our fraudster. He was clever enough to change the reply address in his e-mail software, but too stupid to consider the message headers.
I waited to see what response the real message from Pak*** would draw. While it could have sounded a little stronger (the "might" in the following line looked a little limp: "we might have to suspend your account") things were definitely looking up.
Soon after I received the following message from Pak***:
I don't know if Pak*** believed his story, but I got the feeling that if they could avoid losing a customer they would.
(I wasn't sure what he meant by the merchant cancellation but guessed that a customer had twigged it was a sham and made a complaint).
I also simultaneously received two messages from the fraudster who was still talking tough.
The first was the vague:
I wasn't sure if he was attempting to threaten me, convince me he was legit or was just having some mad tirade.
He was most certainly not a legitimate affiliate, we are very picky about accepting affiliates for MailList King and we had never even received an affiliate request from any of his names or addresses.
If he were a legitimate affiliate:
I checked his site and nothing had changed. He still hadn't removed our software or logos and was now trying to blackmail me to I reveal my source. I can't imagine why, presumably for no other reason than to send an abusive e-mail in broken English.
I formulated the comments above in an e-mail to the Pak*** abuse department, but thinking better of it, I saved it to my e-mail drafts folder for possible sending later.
I had the feeling that the threat of having his site removed genuinely concerned him, so I sent him the following response:
I waited about eighteen hours and still had no response, so I forwarded him his fake admin message with the following text:
Within minutes I received the following:
And with that single line I had won. I checked his site and all references to our software were gone.
Shortly after posting this, it was listed on Slashdot and various other sites. The reaction was overwhelming! Many people contacted me with offers to help, including some in Pakistan. They also flooded the fraudulent site's host provider with complaints and soon after his site was completely taken down.