Craigslist Scammers Phone / email List

PYDOT · 12-08-2011, 05:17 AM

Be aware of Getty Images Attackers and Scammers.

2 months ago we received a letter from Getty Images about a small image (less that 30 px size) which said it was copyright of Getty Images and we had to pay immediately a little more than 800$. I don’t know the exact sum as our attorney send the letter to the trash.

Why? Because we do have rights over the images and images are licensed via iStock and other providers.

The letter send via postal address is a scare legal tactic and included a snapshot of our website with the url where the image is supposed to be hosted.

To notice is that even the snapshot they took did not match the supposed image which was copyrighted by them. It seems nobody checks this letter before sending them.

You can see more about this letters here:
http://extortionletterinfo.com/

I think the ones that violated our copyright are the ones at Getty Images, especially because they took snapshots of our website including logo and other images for printing. So go guess…

What is even worst is the next issue:

We started to received DOS attacks on the website from specific IPS, they started to crawl the main website in such an offensive way that the CPU on the server where the webserver for the website is hosted sky rockets at 100 load each time. It caused us problems for a few minutes.

When investigating some of the IPs, they were all from Israel. Example: 192.114.71.13

A further inquiry reveals this are the companies Getty Images, PicScout hires to scan websites for copyrighted images. So not only they send us a letter requesting us money for an image which is different from what was posted online but now they started to DOS our website which is illegal.

No wonder they outsource this to a company in Israel to do the dirty work as I suspect they would be sued in the US for this dossing company websites.

They seem to run all their crawlers from Bezeq International.
Nice way to play Getty Images !!!
As they own iStock now they can kiss goodbye our business as well. We don’t like threats and we sure don’t like DOS attacks.

It seems we are not the only ones that faced this issue. Searching for this blocks of IPs from Bezeg will show you reports of other people as well which reported them on several websites.

PYDOT · #2 12-08-2011, 05:36 AM

Maybe someone should remind them that a denial of service or DOS (which causes downtime and interrupts an online business) is a federal crime in the United States under the Computer Fraud and Abuse Act law.

TimothyH · #3 12-08-2011, 06:28 AM

I believe I've seen similar threads on here about Getty Images. I'd certainly be wary of using their services.

JayNL · #4 12-08-2011, 09:21 AM

So much for Getty Images... I receveid a likewise letter from them as well once but they were right. I downloaded the image from a torrent site and hadn't paid for it. Removing the image was sufficient for them, thank god.

***bear*** · #5 12-08-2011, 09:24 AM

Quote:

Originally Posted by PYDOT

When investigating some of the IPs, they were all from Israel. Example: 192.114.71.13

Isn't the 192.xx range internal only? Where did you see that was from Israel?

**ishan** · #6 12-08-2011, 09:31 AM

Quote:

Originally Posted by bear

Isn't the 192.xx range internal only? Where did you see that was from Israel?

Do you mean 192.168.xxx.xxx ?

ISRAEL - http://whois.domaintools.com/192.114.71.13 Israel Petah Tiqva Bezeq International Previously Trendline

PYDOT · #7 12-08-2011, 10:37 AM

No, the IP is public.
192.168.x.x. is the one commonly used in internal networks.

This blog also reports the same internet provider but with a different range, this means they keep changing blocks to avoid blocking or being detected:
http://johannburkard.de/blog/www/spa...-picscout.html

It seems before they used the range:
82.80.248.0/21. Bezeqint-Hosting

I don´t have a problem if they scan websites for images. But one thing is a moderate crawl rate and another one is downloading 3000 url/pages in a 60 seconds period, which makes Apache suffer.
Imagine if every boot that scans the Internet decides to go on a killing spree like this.

This is considered a denial of service as we had to reboot the server to bring it back to a normal state and block the IP in the firewall, it mainly was attacking the blog but checking the log it was hitting every single url that is online in the Internet for the whole domain which are thousands of pages.

Also, this is a complete waste of bandwidth. Granted, just a couple of megabytes but its a waste of traffic and resources.
Google bot brings you website traffic and other bots bring you some benefit. If you don't like a bot you can block it with robots.txt but not this one as they change blocks.

Their bot doesn't bring us any benefit and I guess it brings 0 benefits to anyone as the only purpose is to detect if you have images hosted wish are copyrighted.

They use only Israeli IPs and they keep changing the blocks. They act more like a spyware or virus because I suppose others have blocked them as well in the past. I consider this an abuse, no wonder they use companies outside the US for this attacks.

And let me guess they don't scan every single website on the Internet, they only scan companies in the US, UK, blogs, etc where they can send them a threating letters exhorting license fees for the images.

I guess they don't send a letter to someone in Nigeria as they know they are not going to collect a dime from them.

In another story, the letter send is not ilegal but inmoral. If there is a copyright issue, you should first contact the website owner, or file a DMCA. Not send a letter requesting money. They also decide how much they will charge you and they will keep sending letters even if the images was removed requesting the money. Like I said in our case the image was not the even the same but similar.

People like this are the ones that destroy the Internet. A blogger or website owner (I have read this stories) will just shutdown their website completely if they received a letter for 5,000$ in fees for images they have to pay. None of us, here hosting companies would exists as everyone would be scared to post anything online or create websites. Even forums like this would be sued just because someone posted an image online. They act exactly the way.

To add even more, I don't even know Getty Images and never used any image from their website. But I have read they do have images which are suppose to be free (royalty free) and they mix them with licensed one. Its like posting them on public so people grab them and then they start to send extortion letters asking money. How inmoral can this be? They post their own images online, mix them with images they claim to be royalty free and once people grab them, they probably take some which are licensed as well.

This is not my case. Images where bought (licensed) or created with Photoshop by the webdesigner but I assume not everyone has 100% of their images and content completely licensed. And if this is the case they have to send a warnings first.
So why we received this? Because we are a small company, registered in the US, have allot of licensed images from iStock so they know we buy them, perfect target to extract money.

The image in question was a small computer with a virus inside the screen. The letter from Getty had the original one which they claim is the same used in the website with a screenshot from the page, (you can see even in the letter its not the same), not only was the virus another one but the images was different. It was a computer with a virus inside as well but not similar and not the same. They claimed it looks similar to the one they hold a license.

They demand something close to 800$ for the image which looks similar. How big was the image? Like 80 px x 20 px more or less (I don't know exactly as the webdesigner removed it, even when it was just similar, we thought maybe the computer screen used was from the image, as it was composed from several elements, but I think any computer screen looks the same in that size, specially when its on the background and so small). You can buy the same images for 5$ in 20 times that size. Just to be safe it was removed anyway. Most people that received this indeed took the images in their original format, and some come with templates you buy online. So be aware now.

This guys are clear crooks, what can I say.

So next time, check your website and check your web server logs as well. You can be next, with the legal letters or with the DOS Attacks.

They do seem to go after small business mostly.

silasistefan · #8 12-08-2011, 10:52 AM

sorry, i understand you're mad, but i can't figure out how did you reach the conclusion that those guys from getty images are behind the "DDoS"? it could very well be a kid trying to download your site for it's own personal purpose, right?

just because the attack happened couple of hours/days after you got the letter?

PYDOT · #9 12-08-2011, 11:07 AM

Quote:

Originally Posted by silasistefan

sorry, i understand you're mad, but i can't figure out how did you reach the conclusion that those guys from getty images are behind the "DDoS"? it could very well be a kid trying to download your site for it's own personal purpose, right?

just because the attack happened couple of hours/days after you got the letter?

First, the letters they send seems to be automatic. They seem to grab the address from the domain Whois, print them on the email template, and then print the url where the image is hosted as well with the matching original.

Like I said the image was not the same. If this was a person or a real human being, you can clearly know its not the same image. They use a computer system or bot to match the images which probably checks certain pixels. This seems to be picscout.

So this is why I received the letter, because their bot matched the image, a person can see its different. Their computer bot probably considered its similar.

This means they use a bot to scan websites. They then match all images with their database, and if they find some similarity they grab your Whois data, and the next thing you get is a letter in your postal address with a random amount of money they come up with. I happen to know how to this bots works with images, and they are good but not perfect. It will match images which are quite similar or if it was heavily modified.

How do I know its them? Well Google it. Its not a secret the bots that come from Bezeq International, Bezeq Hosting or what ever the name is, is a company, group or individuals related to PicScout and Getty Images.

Why do they use their bots from Israel? I guess because what they do is considered mostly illegal in the US, or because they cannot hide/change their blocks that fast. I dint know why, but there are allot of complaints about IPs from this company and people researched this before and they are related to the scanning that Getty Images does for sending this letters.

My guess is that abuse complaints to that ISP go to the trash vs a hosting company that operates in the US. Their intention is to avoid being blocked by companies and I guess to avoid being sued they are physically hosting the bots in Israel to avoid the US law. But honestly I don’t know and I don’t care. What I do know is that the IP I reported is correct, as well the blocks and they are related to Getty Images or a company Getty Images hires for this scanning.

It was not a DDoS, it was a DOS the last time. Blocking them with the firewall works. Still, you can use thousands of computers (DDoS) or a single one, it doesn't mean its legal.

My guess is that its a mistake in the configuration crawl rate of their bot which went crazy on our domain just like they send me the letter by mistake as well. But Im pissed because they are harassing me, online (bots) and offline (letter). I want them to leave me alone. And you can consider that we are their clients, because we buy from iStock and Getty bought them. This is an excellent way to lose customers.

silasistefan · #10 12-08-2011, 11:15 AM

right... now it's clear for me.

So... why don't you ban all Israel IPs from your servers? Do you have customers there?

PYDOT · #11 12-08-2011, 11:19 AM

Quote:

Originally Posted by silasistefan

right... now it's clear for me.

So... why don't you ban all Israel IPs from your servers? Do you have customers there?

That is ratter radical just like people banning China completely because of attacks.

I cannot do that. Why would the whole country pay for something 1 company is doing. It would be unfair to block the whole country range.

I will probably just ban the Internet service provider block instead. Or it would be even better to find out just the IP range the bots are using. Other people have banned their whole ISP block, but I don't know how popular that ISP is in Israel, if its a major one you would banning allot of possible visitors and customers.

Omnibot · #12 12-13-2011, 11:03 PM

Same here.

We just got hit today by 192.114.71.13 devouring several GB of traffic over the period of a few minutes time.

My Hannukkah gift to Bezek Telecom is a permanent ban on 192.114.x.x. Any legit users in that range can go find another telco.

PYDOT · #13 12-13-2011, 11:28 PM

I have further investigated this and it seems what Picscout is doing is ilegal after all, not to mention the DOS attacks reported here, which is considered a Federal Crime.

I was really wondering why they are using telcos in Israel for this and another reason is because they are faking user agents and are not respecting robots.txt either, the last one can be considered abusive but faking user agents can be also considered ilegal in some countries. They also seems to be doing IP spoofing.

The thing is pretty clear, they try to hide their location and try to hide their bot agents. They are spoofing their bots, and this is also one of the reason they come from Israel, with this telcos they also change the block of IPs very fast. What is even worst I found out they spoof their user agents as well.

This people act technical like criminals. So it seems Getty Images doesn't want to have anything to do with them and they hire PicScout which again hires other companies in countries where the US law cannot touch them to make the dirty work.

I have founds other stories as well where their bots took websites offline or the provider shut them down them for CPU abuse or dos issues. I cannot imagine how much damage they have done already in the Internet, we hosting companies are in a better positioned to handle this bots, but imagine little Joe having his website in a 5$ shared plan and getting this bots. Now imagine as a hosting provider having several websites in the same server being hit by their bots and they even mask their IPs, fake their user agents and honestly act like a real DOS attacker. When I first detected this I was sure it was someone attacking us, until I researched and linked them to PicScout.

This people need to make some explanations. Otherwise PicScout can be considered to be hiring this hackers and being charged for attacking other networks, accessing them without authorization and faking or avoiding to being detected and blocked in their attacks. Not to mention the fact itself that dosing is illegal, and the minute they hit us it costs us money, staff time and even downtime.

Maybe they should expect a letter as well for the damages caused.

andr0meda · #14 12-13-2011, 11:45 PM

Why not send advocate notice to them? Their actions are not respectable and why should we wait?

**kpmedia** · #15 12-14-2011, 04:03 AM

This reminds me of the Munax spider. In 2009, it was getting out of hand with that bot. It would crash into a server with hundreds or thousands of requests, almost creating a DOS in the process. Supposedly it's the spider for some crappy no-name search engine.

Blacklist IP:	192.114.71.13 ( bzq-114-71-13.static.bezeqint.net )
IP Location:	Israel , Tel Aviv , Tel Aviv-yafo
IP Owner:	Bezeq International

The reason for adding in Blacklist:	Unknown Spam Bot masking himself as a normal user
Latest SpamBot Visit / Activity	29 Mar 2014, 16:30

Do any Crawler Bots use this IP ?:	Yes
Is this IP on a Blacklist ?:	Yes
Total Browsers from IP:	55 browsers »
Create Record Time:	14 Apr 2012, 05:13

Craigslist Scammers Phone / email List

Sunday, August 31, 2014

Getty Images attacks websites

Getty Images attacks websites

Getty Images attacks websites

Blog Archive