* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

A bogus site selling my software, how do I handle this?

Hi all,

I've just come across a web site that is selling my software, at first I thought it was another competitor until I noticed the text was the same as mine and the screen shots were also mine, the site looks very good and convincing. They're asking for twice what I charge but have no checkout just a 'request a quote' form. They claim to be from the US but looking up the domain shows it was registered in Russia. Can I do anything about this? I've yet to contact them.

Thanks
Steven Lee Send private email
Tuesday, December 15, 2009
 
 
Hi Steven

The question is: how on Earth did they manage to sell YOUR software in the first place?!? Have they bought it from you and just reversed engineered / cracked the license part?!? I think this is the most important question that has to be asked first!
Vlad Send private email
Tuesday, December 15, 2009
 
 
I've no idea, I'm assuming they've cracked the trial or simply purchased a copy and have repacked it in some way.

Is there anything I do about it? Should I pretend to be a customer or simply ask them to remove it?

Thanks
Steven Lee Send private email
Tuesday, December 15, 2009
 
 
Contact them and ask them how you can optimize the supply chain. You should after all accomodate your "sales rep" as much as possible in order to fulfill the clients demand
Locutus of Borg Send private email
Tuesday, December 15, 2009
 
 
Can you tell by the IP address where it is hosted?  If it is hosted in the US, send the hosting provider a DCMA take down notification.

If it is outside the US (except Russia of course) research the protection laws there to see what your options are.
psant Send private email
Tuesday, December 15, 2009
 
 
The ip address is a US based host. I'll research the DCMA take down notification. Should I contact the web site owner first?

Thanks
Steven Lee Send private email
Tuesday, December 15, 2009
 
 
Hi,
this is exactly the same problem we are facing right now. I'll share what we have done and maybe something will work for you too.

Context: A bogus Vietnamese company called Safabyte (name later changed to ComponentForge) is pretending that it's developing .NET components. Most (if not all) are stolen from Rebex and other vendors. They reverse engeneered the component code (probably using the Reflector), renamed namespaces and few methods and started selling them under their own brand. They even used to be too lazy to answer support emails of their own customers and resubmited their to our own support under fake identities.

You can see the whole story at http://cheated.by.safabyte.net/

1) We have sent them a usual and polite cease & desist letter asking for clarification and removal of the infringing content.
No reply at first, after some time a lot of false excuses and lies.

2) We've asked their webhoster codero.com to take the website down (DMCA takedown notice). Codero had taken them down for a while.

3) We've asked their paymement processor Plimus to stop selling the infringing content. The webshop is not working now (we don't know whether it was shut down by a fraudster or by Plimus)

4) We've prepared a site with evidence and we are trying redirect their old client to this website. See http://cheated.by.safabyte.net/evidence.aspx

We want this website to appear high on search results when Safabyte or ComponentForge search term is used so they will not be able to continue the scam.

5) We've found other companies affected by the same fraudster and coordinated the actions with them.

6) We've started a blog (http://blog.safabyte.net) for posting more evidence about the case. There is also a twitter account dedicated to the case http://twitter.com/safabytescam

7) We've offered them a settlement. Only response were threads.

8) We've asked Plimus to send a notice to the cheated clients because in fact those clients are using the software illegally without knowing about it. No response from Plimus yet.

The case is still quite hot now and things are changing... Maybe you can try similar actions? Suggestions welcome.
Martin Vobr Send private email
Tuesday, December 15, 2009
 
 
@Martin,

Your action list is certainly to be kept in mind.

I've noticed on the website you set up (cheated.by.safabyte.net) that Safabyte names most of their products "NetXtreme" something.
As it happens, "NetXtreme" is a registered trademark of Broadcom in the USA and, not doubt, other countries for some of their network products. Therefore, they might be interested in Safabyte as well, and they certainly have a bigger legal dept. budget than you have...
Romain Send private email
Tuesday, December 15, 2009
 
 
First send the DCMA to their hosting provider.  Give the provider a couple of days to figure out what to do and then contact them.  These guys didn't play nice with you - you don't need to play nice with them.
consultutah Send private email
Tuesday, December 15, 2009
 
 
@Romain Good idea. Will try it if componentForge website will be operational again.
Martin Vobr Send private email
Tuesday, December 15, 2009
 
 
How do these people sleep at night? Oh, I know! On that new mattress your money bought them :-/
Bring back anon Send private email
Tuesday, December 15, 2009
 
 
I hope they don't sleep much and that they are working all the night. At least right now. Few hours ago they started a new brand. Now they are operating under XtraComponets name. New website, new payment processor, renamed components, updated documentation. It looks like it took them more time to set it up then will take us to write a new takedown notice to the new payment processor and hoster.

Details at http://blog.safabyte.net/introducing-brand-new-xtracomponentscom-scam-0
Martin Vobr Send private email
Tuesday, December 15, 2009
 
 
you might want to talk to a lawyer about sueing plimus. it may be illegal for them to help sell illegal software. I really don't know. it should be. they shouldn't be "asked" to remove it. plimus probably doesn't care and needs to be forced.
Contractor Send private email
Wednesday, December 16, 2009
 
 
@Martin

The sad part is they dare to refute you on your own blog.
schlabnotnik Send private email
Wednesday, December 16, 2009
 
 
This guy's got balls.
Bring back anon Send private email
Wednesday, December 16, 2009
 
 
Maybe he only got balls instead of brain?
Martin Vobr Send private email
Wednesday, December 16, 2009
 
 
I don't know. From a pure, killing people is ok perspective, this guy is smart. If he is not in the states, and is not in a country where there is a copyright treaty with the states, you are in trouble. I hope you can get him though.
Bring back anon Send private email
Wednesday, December 16, 2009
 
 
He might not even have cracked your software. A few years back, some russians cloned my entire site and registered it under a similar name. They replaced the credit card back end with their own, and stole credit card numbers, never delivering any product. Basically the same idea as phishing sites that usually clone banks, but in this case they were buying google ads to get traffic.

Surprisingly, there is very little you can do about this sort of thing when they are based overseas. I contacted the FBI and all they could do is forward info in a note to russian authorities who seem to have ignored it.

After a few months of defrauding people and creating lots of angry customers who eventually found my real site and wanted to know where their software was, or how come their credit card info was stolen, the site just disappeared one day. I assume the same gang just moved on to the next site they pull this scam on. Perhaps yours.
Scott Send private email
Thursday, December 17, 2009
 
 
@Bring back anon: Yes, it may look like it makes sense. But if they want to sell they must be visible and looks credible. It means - some traffic source (so we'll find them) and a payment processor (which will shut them down fast in order to prevent chargeback costs when notified). He cannot change internals of the component to cover the evidence - it would take months to write it from scratch. Smart move would be IMHO to realize that this scam is not going to be profitable and to move along.
Martin Vobr Send private email
Thursday, December 17, 2009
 
 
@Scott: Interesting story. It looks like FBI is no gain and you really have to hit the fraudster's wallet. And that publicity (which increased number of customers who find the truth) helped a lot.

Maybe it will help in this case too. Let's try an experiment:

Dear BOS forum reader. Could I ask you a favor? We are trying to place a website http://cheated.by.safabyte.net high on search engine results for ‘safabyte’, ‘componentforge’ and 'XtraComponents' keywords. This should help cheated customers find out about the scam. This will also make fraudster’s live harder and maybe he’ll stop this scam because the costs will overweight the benefits. Could you please place a link to the cheated.by.safabyte.net somewhere (such as your blog, website, twitter or some appropriate forum)?

Thanks!
Martin
Martin Vobr Send private email
Thursday, December 17, 2009
 
 
It's interesting you Rebex posted something is not true here. People who are interested in his comments, please check out out evidence. He have tried to removed my comments many times on his blog. But he cannot do it in here.

Please see: http://tips.xtracomponents.com/blogs/rebexandthetruth/archive/2009/12/17/is-rebex-telling-you-the-truth.aspx
RebexDoesNotTellTheTruth Send private email
Thursday, December 17, 2009
 
 
It's interesting you Rebex-Martin Vobr posted something is not true here. People who are interested in his comments, please check out out evidence. He have tried to removed my comments many times on his blog. But he cannot do it in here.

Please see: http://tips.xtracomponents.com/blogs/rebexandthetruth/archive/2009/12/17/is-rebex-telling-you-the-truth.aspx

Reader will have his own conclusion.
RebexDoesNotTellTheTruth Send private email
Thursday, December 17, 2009
 
 
It's interesting you Rebex posted something is not true here. People who are interested in his comments, please check out our evidence. He has tried to removed my comments many times on his blog. But he cannot do it in here.

Please see: http://tips.xtracomponents.com/blogs/rebexandthetruth/archive/2009/12/17/is-rebex-telling-you-the-truth.aspx
RebexDoesNotTellTheTruth Send private email
Thursday, December 17, 2009
 
 
Dear anonymous RebexDoesNotTellTheTruth, thanks for giving us a wonderful opportunity to prove you wrong on this reputable forum where no one can accuse us of manipulating the discussion.

The evidence you posted only proves that you learned from your past mistakes and modified our public API to mask any similarities. However, internally, both our components are still the same. They still have the same shortcomings and the same bugs.
And we can demonstrate these to anyone interested. There is only one problem - if we published any of these bugs now, you would just fix them (unless we publish some of the more tricky ones) and claim they were never there...

So how do we get around this? We downloaded one of your products few hours ago and set up a mirror at http://mirror.safabyte.net/ - you are welcome to do the same.
Please visit the website and publicly confirm that the XtraFtpProSuite_2010v1.0_Trial.exe file with these checksums was actually created by you and not modified by us or anyone else in any way:
  Product: Xtra FTP Pro Suite (Trial)
  Filename: XtraFtpProSuite_2010v1.0_Trial.exe
  SHA1 checksum: 849c222ff4d53f4bbf73549e7e4a9ddb32635e3c
  MD5 checksum: b4effa5506b9ce9342d3ccb55a13ef4f
  Download date: 2009-12-18
If this is not the file available for download at your website, please post a link to a proper file and publish its checksums.

I am also posting the same information for out product to prevent anyone for claiming we changed it later:
  Product: Rebex File Transfer Pack (Trial)
  Filename: RebexFileTransferPack-Trial-1.0.3588.0-DotNet2.0.exe
  SHA1 checksum: 50f5c96619d28a5fe3a572f4688292e5958d1eba
  MD5 checksum: 687309408152e92aa6468b13a9101ea5
  Download date: 2009-12-18
Please confirm these checksums.

As soon as you confirm all these checksums (both here at the forum and in an e-mail to support@rebex.net), we can finally start publishing some proof we have.

We also asked our contact at your current payment processor - Gate2Shop (www.g2s.com) - to subscribe to this forum and confirm these checksums as well. I hope they do so soon.

I ask all the readers here to confirm these checksums as well as soon as possible to prevent him from changing the files at his server.

Lukas Pokorny
Lead Developer
Rebex.NET
Lukas Pokorny Send private email
Friday, December 18, 2009
 
 
Update: The easiest way to calculate file checksums is using this Microsoft utility: http://support.microsoft.com/kb/841290
Lukas Pokorny Send private email
Friday, December 18, 2009
 
 
It has been nearly a week since we gave XtraComponents this unique opportunity to prove in an independent forum that their components don't contain any code stolen from Rebex. This is not really surprising. They would be unable to prove that because their components ARE in fact based on code infringing on the intellectual property of Rebex and other vendors. Their silence indicates they are well aware of this.
Martin Vobr Send private email
Thursday, December 24, 2009
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz