Thu

25

Sep

2008

JED Under Attack, and How We're Defending It

Written by Toni Marie

If you visit the JED frequently you may have noticed periods of extremely long connect times or occasional outages in the past few weeks.

 
This is because the site has had a series of denial of service attacks resulting from individuals or groups attempting to create a new extensions site by scraping the JED.  These individuals created up to 12,000 simultaneous connections every day, for weeks, in order to gather this information.  This action prevented legitimate users from being able to connect and use the JED as they should.

The content of the JED is copyrighted by Open Source Matters and by the individual contributors. It is not permissible to copy it.  We recently instituted a trimming of our RSS feed to protect the JED listings from being copied, specifically because of the practice of creating new directory sites by compiling the feed into content.  The scraping circumvented our feeds and gathered information from the site directly.

Because of this, today we filed a DMCA complaint about one such instance.  We were able to prove beyond a shadow of a doubt that this new directory is a direct copy of our listings and their descriptions. 

We have taken this action to protect the functioning of our site as well as the work of those who manage the JED, submit extensions to the JED, and those who write reviews.

 

We put a lot of work in the JED, and for others to gain by scraping, and hurt the performance of the site in the process, is not something we can allow to go on.


25 Votes

51 Comments

Feed

  1. avatar Flavio Copes makes this comment

    2008-09-25 04:34:10

    Keep defending the fort! BTW, do those people know that Google will never send them a single user? PR8 vs PR0.. who scraped the content? LOL

  2. avatar unleash.it makes this comment

    2008-09-25 05:53:36

    Loosers

  3. avatar Nathaniel makes this comment

    2008-09-25 05:56:14

    Thanks alot for all your work guys. I love JED and would never use any other place.

  4. avatar yvolk makes this comment

    2008-09-25 06:39:58

    What a timely article! Just during previous three weeks I tried to find out (without much success), if it's legal to copy messages from Joomla! forum for my personal use (I want to play with Joomla! and my commenting system using real life data...). And guess what: I found, that Joomla! team doesn't have any strong and explicit legal position on this subject :-(
    The incident, described by Toni Marie, is a warning for all "Joomla! assets", and a good cause to think and discuss this "rights to copy" with community.

    Yet, I think, that author mixed at least three things in his description of the incident:
    1. Someone copied (downloaded) all publicly available information from JED.
    2. Someone arranged "denial of service" attack to the JED.
    3. Someone published information from the JED as its own.

  5. avatar Justin ZA makes this comment

    2008-09-25 09:24:39

    It is utterly unacceptable that this type of thing is happening - I was browsing the JED at this time and was concerned as to the performance issues.

    Good Job!

  6. avatar BBH makes this comment

    2008-09-25 12:21:24

    I'm very happy with the serious support JED has, it's not just a directory but a well managed website with serious staff behind it, keep up the good work.

  7. avatar toni.marie makes this comment

    2008-09-25 16:06:02

    yvolk: The official OSM position on copyright is that content should not be reproduced except according to an explicit license, unless you ask for permission. license@opensourcematters.org is the best way to find out if you can reproduce something.

    Otherwise, certain content is licensed using Joomla's own documentation license, the JEDL .

    If you don't see something marked with that license, it's best to ask before using.

  8. avatar Vic Drover makes this comment

    2008-09-25 16:48:13

    Keep up the defense.

  9. avatar yvolk makes this comment

    2008-09-25 17:00:46

    @Toni Marie: as I can see, the is NO explicit "License" neither in JED nor in Joomla! forum (JED has licenses for extensions only...). And yes, I really tried to find the right person in Joomla! to answer my questions "before using".
    As I understand, both JED and Joomla! forum contents may be seen as "Joomla! documentation", so JEDL is applicable to them?!

  10. avatar Rob makes this comment

    2008-09-25 17:21:47

    Quote:
    Keep defending the fort! BTW, do those people know that Google will never send them a single user? PR8 vs PR0.. who scraped the content? LOL


    Exactly! They can copy till the cows come home and Google will never show them any love. In fact, you can report the site to Google as malicious in addition to your other actions.

  11. avatar toni.marie makes this comment

    2008-09-25 18:35:26

    No, when you don't see something specifically marked as JEDL, it is assumed to be under the more strict OSM license. There are limits to fair use so unless the JEDL is clearly marked, you should ask permission.

  12. avatar jasellyn makes this comment

    2008-09-26 00:33:35

    I just do NOT understand why such hard-working individuals who give of their time and of themselves to share this INCREDIBLE resource (of NO cost to a user/admin looking for extensions) have to deal with such pathetic monkeys. How hard is it to ask permission for use, or, most importantly, WHY would anyone want to cause problems to JED? Maybe I'm just too old or naive to understand, or maybe I'm just over-protective of JED (heck where else can I go to find so much for my charitable site). But, beyond all that--I do agree with the other posters--keep up the defense! Thank you for your time and efforts!

  13. avatar yvolk makes this comment

    2008-09-26 02:15:39

    @Toni Marie: It's a funny thing: I can't find any existing "OSM License" :-(
    Where is it?
    Or do you mean, that OpenSourceMatters, on my personal request, will create some "OSM License" specifically for me? If so, I don't think they really have time for such tedious work...

  14. avatar Sabature makes this comment

    2008-09-26 09:36:24

    The only people I can think of who could do something like this are commercial CMS projects.

    I love marketing :D. (random chitter chatter)

    POWER TO THE JOOMLA !_!

  15. avatar Raymond makes this comment

    2008-09-26 10:04:03

    Totally disgusting... I am very happy with the service provided by JED, I did think it was a little strange when I got a service denial screen a couple days ago.

    Keep up the good work. I think if joomla.org added an extra layer of security... loggin etc as long as its free people will comply. That should prevent/deter attackers.

  16. avatar Mark Simpson makes this comment

    2008-09-26 11:18:42

    Good work JED team, thanks for your dedication.

    In response to earlier comments to the tune "Google will never send them a single user"... see http://www.box.net/shared/nxh2ea6se3

  17. avatar ongray makes this comment

    2008-09-26 15:43:13

    why trying to make something which is not yours look like yours. we need to recognize the afford, these people have done. The credits are will always belong to them. Of coz, I will always like to visit the original than the copy cat.

  18. avatar Radek Suski makes this comment

    2008-09-26 18:22:18

    I feel bit strange (and late) now but I think I have to ask it. We have created the new SOBI2 demo site with two directories. One of them should show SOBI2 as directory similar to JED and on this demo site we have used partially the categories structure of JED :(
    Now I wondering if it is allowed (I know bit late :()
    But as I said it is only demo site.

    Regards,
    Radek

  19. avatar brad makes this comment

    2008-09-26 20:14:12

    Yuri,
    I suggest you contact your own lawyer. It is never ok to copy anything, even if no license is specified. Perhaps you need to do some research on copyright law. In any case, a blog post comments section is not the right place to discuss this. Your own lawyers office is.

  20. avatar amy.stephen makes this comment

    2008-09-26 20:23:46

    Yuri - These are individual copyrights being violated. Late last year, Digg! modified their TOS to require those who submit content to also release their work into the Public Domain. Such is not the case here. It's not OSM's license - it's yours and it's mine and it's every single individual who has posted. There are a lot of good copyright and fair use resources easily available that explain this clearly. I hope that helps. Email your response or PM. Three posts are enough, I think.

  21. avatar Rich makes this comment

    2008-09-26 21:01:37

    My question is where is the line - copying the JED and presenting it as your own is clearly not proper, nor is doing any access that creates a DOS - we run sites

    so where is the limit - check these:
    Using site:extensions.joomla.org
    Google - 124,000 English pages from extensions.joomla.org.
    Yahoo - Pages (119,584)

    and you can't tell me Google/Yahoo doesn't make money on these listings - which, face it, are copies.

    So where is the limit - the whole community made Joomla a success not just an incredible core team

  22. avatar Lorenzo Garcia makes this comment

    2008-09-27 00:07:49

    @jasselyn: It's just a SEO effort to bring traffic from the search engines for their own gain, and not any serious effort to run an alternative Extensions Directory.

  23. avatar Lorenzo Garcia makes this comment

    2008-09-27 00:09:22

    You can find several problems with this kind of scraping.
    - They add the entries and then forget them. With the time they get inaccurate and obsolete and there are there without the 3rd party developers knowledge or consent. It give a bad user experience when the extensions don't exist or are vulnerable and hurt the Joomla project. It isn't either fair to the developers to get request (since they also are scraping the email addresses) when the developers have for different reason decided to withdraw their extensions.
    - We are spending much time to revise each extension before they get published. If the extension is downloadable, if it's installable, if there aren't any issues and when we find issues, we contact every single developer and ask them to fix the problems before they get be published. This for to give the community a quality Directory service. When they scraping the JED, they take the cream of our team's hard work and they really don't do any own work.

  24. avatar yvolk makes this comment

    2008-09-28 11:28:38

    I think, that rights to use (copy, publish...) JED, Joomla! forum and other "Joomla! assets" (i.e. "rules of the game") should be explicitly defined and be available to public. So we all will see, what's considered wrong and what is allowable from point of view of Joomla! community (and OSM as part of it). Now we have license for Joomla! documentation only. These subjects should be discussed here, inside Joomla! (and in this blog, if there is no other place...) and not outside with "my lawyer" or "on my personal site", because I am not the one, who is interested. This is why I don't see any good in private messages: this is task/problem/whatever of Joomla! community, and not my personal.
    Nothing personal, just business :-)

  25. avatar amy.stephen makes this comment

    2008-09-28 20:20:52

    Yuri -

    You have made it known that you really want a copy of the phpBB Joomla! Forum database - which has well over 200,000 people's work in it - in order to test your Joomla! plugin commenting system.

    Many of us have tried without success, it appears, to impress upon you that distributing that work would require permission from over 200,000 authors.

    Personally, I am grateful that the Joomla! forum administration have been good stewards of my work and that they protect my rights and the rights of other community members.

    From this point on, Yuri, I will only publish your comments on this topic *if* you have new information to share and if your responses related to the post. I hope you understand.

    All the best,
    Amy :)

  26. avatar brad makes this comment

    2008-09-28 21:48:36

    Yuri,
    I think you are missing the point again. Just because a website lacks an official copyright statement does not mean you can copy it. Copyright/ownership is an inherent right of people, wherever they are. Does an artist of a painting have to add a copyright statement to make copying his painting by you wrong?

    It's all wrong, you wanting a copy of the forum database, people creating duplicates of JED, even people copying the Joomla website design which was not released to the public.

    The license for Documentation exists to allow people to copy it (under conditions). I strongly do suggest you read up on copyright law as you are showing time and again that you misunderstand it.

  27. avatar Steve makes this comment

    2008-09-28 22:29:49

    I don't see the problem.

    It's all very simple, if the content is not supplied via a RSS feed or similar output it's not to be used without permission because it does not belong to you.

    Am I missing something here, why is a lawyer needed to grasp such a basic concept.

    Good work guys, keep up the defense for the unfortunate souls that either don't or won't understand.

  28. avatar Nick Kotarski makes this comment

    2008-09-29 14:55:26

    I suppose it just goes to show that the people attempting to scrape the site were pretty clueless.

    1) Making 12,000 simultaneous connections.
    2) Thinking that no one would notice/object.

    Stupid. Stupid. Stupid.

    Nick

  29. avatar Augh makes this comment

    2008-09-29 16:57:50

    I just want to be sure I have the acronym correct, JED = Joomla Extension Directory. I really can't claim to be a newbie anymore, been lurking for quit a while, but still need to be sure I have some of these items straight. :)

    FYI - the spell check on this comment box sees Joomla as a typo, do you have the ability to add words to your spell checking dictionary?

  30. avatar toni.marie makes this comment

    2008-09-29 18:35:22

    Yes, JED is short for the Joomla Extensions Directory.

  31. avatar mbrown makes this comment

    2008-09-30 02:49:07

    I can not believe someone would do this. this is not right. I am glad that joomla and OSM has this matter taken care of.

  32. avatar steveometer makes this comment

    2008-09-30 06:33:30

    I have the occasional spammer, but something that large would make me go insane

    SoM

  33. avatar Robintel makes this comment

    2008-09-30 14:36:06

    Hi!

    I've noticed some parallel directories (and I cannot remember the URLs) containing MY work. Of course they provided links to my site. But they used MY server's bandwidth to provide their users with MY extensions. Not so nice.

    All the extensions that I share on JED are to be included in JED and JED alone.

    Keep up the good work, guys.

  34. avatar Jason Hull makes this comment

    2008-10-01 20:37:31

    Is it under attack now? I cannot get to it... getting a database error

  35. avatar Robintel makes this comment

    2008-10-03 15:50:57

    @Yvolk

    I have published my extensions on JED. If someone else publishes my extensions on a different location it distributes my work without my consent. How simple is that?

    I have published my extensions on JED because I chose so. It's the only place that has my approval to distribute my generated content. Any other place is both disrespectful and illegal.

    I hope you can grasp the concept.

  36. avatar chris mc makes this comment

    2008-10-05 04:31:29

    some questions ...

    so we have the denial and the stealing of bandwith and thats illegal,noone disagree with that..

    But if " The content of the JED is copyrighted by Open Source Matters" so why the hell you didnt remove the provocative "MACEDONIAN LANGUAGE" as we greeks asked????

  37. avatar toni.marie makes this comment

    2008-10-06 14:47:58

    The JED is not a place for political matters. As long as submissions fit our guidelines, it is not our place to decide what is valid from a political standpoint. We absolutely will not remove an item simply because another political group asks us to.

    We reserve the right to reject submissions that are politically provocative or inflammatory, but we do not feel that the mere mention of a geographic area whose name is in dispute fits this definition.

  38. avatar HRZ makes this comment

    2008-10-06 17:09:29

    So how to prevent scraping. I've invested hundreds (if not thousands) of man hours developing a local database. when I launch, how to I prevent someone from copying my data.

    How do I prevent another competing site from saying I copied their data. The data I have is found in multiple places: phonebooks, competing sites, magazines, yellow pages, etc.

  39. avatar undoIT makes this comment

    2008-10-12 18:04:08

    Just to be clear, the extensions that are licensed GNU/GPL or another General Public license can be distributed on other sites, correct? It is just the extension descriptions that cannot be copied. If I understand correctly, the main problem here is scraping of written content, which is unethical. Is there specific licensing information on how the RSS feed can be used?

  40. avatar Robert makes this comment

    2008-10-14 21:12:44

    Great news. Someone needs to make some precendens agains pirate scraping!

    Please if somone can delete this political provocator cris mc, since his commentaries are way off the topic.

  41. avatar carsten888 makes this comment

    2008-10-15 17:35:47

    I love JED. Keeping this info in one place, where extensions are checked before they get published, is good for the community. The community trusts these extensions. Installing extensions from other sites can be realy dangerous and should be discouraged. I found most of my extensions were copied to an English site. Who knows what code they have added to mine.

    Attacking a site which spreads open-source software? what idiots!

  42. avatar Robintel makes this comment

    2008-10-16 15:22:50

    Help!

    I can't understand German and I noticed an alternative JED containing my extensions. Please help me remove my extensions from that site. Please!

    Example of one of my extensions being redistributed: http://www.joomla-erweiterungen.de/1.0.x-messenger-chat/simple-yahoo-messenger.html

  43. avatar kimberlee makes this comment

    2008-10-21 02:56:25

    Brainy Mugs-New Wave Thieves
    I agree with the warning to protect Joomla assets and I further agree the JED community may want to enforce the copy rights. That attack is a basic "RIP OFF."

    As an Artist it's a sick sad feeling when one sees their own hard work reclaimed by another as if they have entitlement, but sad to say it happens every day, there is nothing 'new' under the sun. Look at generic branding of major products.

    I was wondering what was going on with the site a few weeks ago!

    PS. People used to tell me "it's a form of a compliment when someone copies your work" but I don't feel that way, I feel riped off! I'd donate a few bucks for the cause.

  44. avatar Ken Walden makes this comment

    2008-10-22 20:45:33

    Beware of the little copy cat people. Developer logs into JED to update extensions. Developer does not know the copycat sites. Un-knowing end user downloads extension from copycat site - and knows no different. When developing group releases an update - then un-knowing end user probably does not know about the update. Why do this????? It's diluting the kool-aid, which will frustrate many.

    Don't copy JED. Write a legit review of the extensions(after you have tested for a week) - and point to JED. There is no way copy cats will ever steal away JEDs authority. What a waste of resources and time. To copy cats: Focus on building something yourself and make it real!

    Best regards to the JED community for works that are totally awesome and not taken for granted by ALL.

  45. avatar Alek makes this comment

    2008-11-07 09:12:04

    Why would they get any traffic. They would have too keep it coming to get the updates and all. Hope google will ban them

  46. avatar Aleksander makes this comment

    2008-11-07 09:14:10

    Hope you will manage to defend off whatever tries exploit your information.

  47. avatar Darren makes this comment

    2008-11-07 14:40:26

    Quote:
    Keep defending the fort! BTW, do those people know that Google will never send them a single user? PR8 vs PR0.. who scraped the content? LOL


    Hi, yeah that was going to be my point. Not only will they not send them a single user, they will ban them from the search engines for duplicating content. Google aint stupid and if they let things like that happen we wouldnt have the excellent results we have today, it would be more like Ask.com ;) (this is off topic by the way but i recently found that ask.com are allowing malware writers to get visitors for them) shame on you Ask! you really must be desperate.

  48. avatar Yuradink makes this comment

    2008-11-22 21:53:05

    I'm glad I reazd this who thread of comments; will be sure to steer clear of someone's J!products and services. I don't like their "business" model and will spread the word.

  49. avatar mikes makes this comment

    2008-11-28 11:25:33

    I hope you find them and kick their butts!

  50. avatar widcater makes this comment

    2008-12-25 07:45:38

    Thank you, I love JED too,and I will submit my firt extension!

  51. avatar Parth makes this comment

    2009-01-07 16:37:09

    Thanks for the action guys..JED needs to be defended!

Add Comment


    • >:o
    • :-[
    • :'(
    • :-(
    • :-D
    • :-*
    • :-)
    • :P
    • :\
    • 8-)
    • ;-)

     
    ©2005-2009 Open Source Matters, Inc. All rights reserved.    Joomla Hosting by Rochen Ltd.    Empowered by JXtended    Accessibility Statement    Privacy Policy    Log in