About the SCENE

[Guest ShtSpk]

What is the scene

The scene aka the Warez scene is the pretty unknown worldwide network where people trade pirated goods, like dvd's, movies, games, applications etc. Warez refers primarily to copyrighted material traded in violation of its copyright license. It does not refer to commercial for-profit software counterfeiting. First warez is released by releasegroups, groups which are specialized in publishing warez. They copy a dvd or break the security of game, and will make it available for other people, as a so-called release. When these releasegroups finish a release it will be uploaded to sites. These sites are very fast private ftp-servers, and the first stadium in the distribution of a release. Eventually, at the end of the distribution, the releases are available for everyone on p2p-software.

The speed of this worldwide network is enormous. Within minutes a release can be copied to hundreds of other sites. Within an hour, it's available on thousands of sites and fxp boards.

Within a day or two it's available on newsgroups, irc and in the end, on p2p-software. It's not all one big happy family. The warez scene consists of certain groups/layers. At the top we have the releasegroups and the topsites. These groups are the scene core. The other groups officially are not a part of the scene. Though most people consist them as a part of the scene. Read more about the scene hierarchy here..

The scene isn't just a distribution network, it's far more than that. There are the scene rules which are there to guarantee good quality releases. If not, a release will be nuked. This means it will be marked as bad. Nuked releases are not spread well and the releasegroup will get a bad status.

Security is an important issue in the scene. Since their activities are illegal the sceners have to secure themselves, to be safe from the anti-piracy organisations (such as the feds, national anti-piracy organisations, etc) and avoid being caught in a takedown.

The warez scene hierarchy

The scene is build up in a certain hierarchy. To explain the structure of this, here is a global overview of the piracy food chain. Not all these 'layers' are a part of the scene. The anti piracy organizations and most of the other parties which are not in the scene themselves, do consider all these groups to the scene. Though they are not a part of the scene. In fact, the releasegroups and the people on the topsites hate these other groups. The reason for this is that fxp boards, irc traders but mostly peer to peer users endanger the scene. The sceners want to keep the releases for a limited amount of people. Since everyone who knows how to use a computer knows how to user p2p-software, all these people are able to download warez. This causes big losses for record labels, movie producers etc, what leads to the anti-piracy organisations, police/fbi-attention etc. This brings the sceners in danger, so that's why they disapprove these groups. FXP boards almost consider themselves in the scene. Irc-traders and newsgroups might know about the scene, and p2p-users definitely don't know about the scene.

Here is the hierarchy:

Releasegroups - Groups of people who release the warez into the scene. Often linked with Site Traders.

Topsites - Very fast FTP servers with people who trade the releases from the releasegroups to other (top)sites.

FXP Boards - People who scan/hack/fill vulnerable computers with warez.

IRC Trading - Users of IRC who download from "XDCC Bots" or "Fserves".

Newsgroups - People who download from alt.binaries newsgroups.

Peer-To-Peer - Users of p2p (peer-to-peer) programs like KaZaA but also BitTorrent who share with eachother.

We'll start at the bottom and we'll work ourselves up to the top of the piracy food chain.

Peer-To-Peer

Peer To PeerAt the bottom of the piracy food chain we have the peer-to-peer users. There seem to be two groups of peer-to-peer users. The first group are kids downloading some music now and then because they can't afford cd's. Second are the older p2p users who use p2p also for downloading games, programs, movies, etc. In the media, peer-to-peer users are being labelled as dangerous pirates. They are a lot easier to bust for the RIAA/FBI and there are quite some of them who are being sued by the RIAA for thousands of dollars. The level of security is very low, and it's easy to get access to all warez. This is why they endanger the sceners. The download speeds are quite low since you download from other users. Most p2p-users don't have a clue about what a long way a release has made until it's available for download in p2p software. It has been released, spread from topsites to fxpboards, then to irc/newsgroups and in the end it's available for the mass via peer-to-peer. The speed of p2p is the lowest, since users download from eachother.

A special kind of p2p system is BitTorrent. It uses a central location which coordinates the downloads, but it doesn't host any. The download itself consists of several pieces offered by various users. Such a coordinated group is called a torrent. BitTorrent is widely used, although it's rather insecure. It's easy to get access. The central distribution point is called the tracker. The tracker knows which users already have the file, and which users want to download it. The users who already have the download are called seeders, and the users who are downloading are called leechers. Every user who downloads a certain file, downloads a different part of the file. When the seeder goes offline, they can still download from eachother and all users can complete the file.

Newsgroups

Once upon a time when the internet was still young there were special interest groups that shared information and kept in touch by using a bulletin board type system. This system was designed to take advantage of the internet in a way an old bulletin boards couldn't; each location had a machine (news server) that would store all the messages of the newsgroups that were desired by it's users. A short time passed and the users of certain newsgroups thought that this system would be ideal to share files with each other. It's easy to access newsgroups but unless you are familiar with them, navigating and downloading files from the newsgroups takes more effort than p2p software. You can download from newsgroups using a newsreader, such as: NewsLeecher and Xnews. There are also pay newsservers, these are faster and can hold up the files longer than free newsservers. Free newsserver can be quite fast, and pay newsservers are even faster.

IRC Trading

IRC TradingAbove the peer-to-peer users we have the people who go to IRC for their warez. In general, these people intend to have a better knowledge about computers and the internet. Warez channels are often run by people who have access to a fair amount of pirated material.

There are generally two types of these channels. These are often feed by people from FXP boards or bad sites. First, there are Fserve (user-to-user) channels. They mainly use the mIRC client's File Server function and some scripts to share their warez directly from their hard drives. Second there are XDCC (server-to-user) channels. These are usually run by people who are into FXP boards or in the scene. They have access to fast, new warez. They employ people to hack into computers with fast internet connections and install XDCC servers (usually iroffer) which are used to share out pirated goods. There is a limited amount of people allowed to download a release at once, so when a release is popular you are placed into a qeue. That way good download speeds will be guaranteed. The download speed is often very good.

FXP Boards

FXP is the File eXchange Protocol. It isn't an actual protocol, it’s just a method of transfer making use of a vulnerability in FTP. It allows the transfer of files between two FTP servers. Rather than client-to-server, the transfer becomes server to server. The fxp'er just gives a command to 1 server to send files to the other server. FXP usually allows very fast transfer speeds although it totally depends on the connection of the servers. Still it's usually very fast since the hackers are able to hack very fast servers. The fxp boards layer in the piracy food chain is quite unknown and therefore rather safe. Though the hacker's activities are very illegal, and therefore dangerous. Security is important. The members are usually a lot smarter than irc-traders/p2p-users and have a greater knowledge about computers and internet.

The boards usually run a vBulletin forum with custom hacks. The boards work with a credit system. This can be an active credit system (whereby users need a certain amount of credits to get access to a server), or a passive credit system. A passive credit system means that once in a while the admins perform a deluser, to delete the inactive users. The board's members consist of scanners, hackers, and fillers. They each have their own tasks:

The Scanner

The scanner's job is to scan IP ranges where fast internet connection are known to lie (usually universities, company's, etc.) for vulnerable computers. We're talking brute forcing passwords from programs, or scanning on ports for certain programs which contain a bug. The scanner will often use slow, previously hacked computers for his scanning (known as scanstro's), using remote scan programs. Once the scanner has gotten his results, he'll post them at the board. This is where the hacker comes into play.

The Hacker

HackingHackers are the people who break into computers. There are many easy-to-exploit vulnerabilities. Hackers get in to a computer using an exploit to get in via a program's bug. An exploit is a script which uses the bug to get in the pc. The program/exploit he uses (of course) depends upon the vulnerability the scanner has scanned for. When in, the hacker runs installs a rootkit. This rootkit (usually a modified version of Serv-U) is the server where other people can download from. Most likely he will also install remote administrator software (usually Radmin), so he can re-enter the computer easily. Once the server is installed and working he'll post the admin login data to the FTP server on his FXP board. Depending on the speed of the compromised computer's (aka pubstro or stro) internet connection and the hard drive space, it will be used either by a filler or a scanner. The hackers from these fxp-boards are rather good, and are capable of hacking 100mbit's.

The Filler

Filler Now if the pubstro is fast enough and has enough hard drive space, it's the filler's job to fill the server with the latest warez. The filler gets his warez from other pubstro's, filled by other people. Fillers sometimes have site access, and fxp releases from there to their pubstro. These people who are in sites and in fxp boards are considered corrupt, and if other sceners find out, they will be scenebanned (banned from all sites). Though it is said that it happens quite often. Once he's done fxp'ing his warez, the filler goes back to the board and posts the leech (download) login data, so other people can download from it. Fillers (with site access) all try to post a release the first. It's kinda like a race, whoever wins it, gets the most credits. The speed of these pubstro's depends on the connection of the hacked computer.

Pub/Pubbing

Pubbing is not so important anymore nowadays. This scan/hack/fill methods are from the old days when many universities and business ftp servers had write access enabled on anonymous ftp-servers. So instead of breaking into a computer, they would just upload their warez and give the IP address to their friends. This was very popular but died out for obvious reasons. It works like this; there is someone who scans for ftp servers with anonymous logins with write-access. Once found, a pub was tagged (a folder was created with the name "tagged.by.name"). The idea was that if a pub was already "tagged" other pubbers would leave it alone. This apparently worked for a while, with people respecting other people's tags and leaving the pubs alone. But it certainly hasn't worked for a very long time.

A method against retagging is dir locking. This is used in pubbing to stop people which are not allowed to get into the directory of the tagger (and slow the server down). There are a couple of dir locking tricks. The first and easiest is to create a maze. When you create a made you create hundreds of (sub)directories, so people won't be able to find your warez, since you would have to open them all to find it. Second is UNIX tagging. That's about a magical character, the ÿ (alt+0255) which is an escape character on UNIX machines. When one gives a directory a name containing that character, the name will be displayed different from what you typed. The creator can get in by typing theoriginal name. Last is dir locking NT systems. More about this and other dir locking here.

Topsites

Next on the list and at the top are the site traders. Site trading is basically sending releases from one site to another. Releasegroups publish their releases on these sites, so they are the first stadium in the distribution of warez. From there on, a release will be spread all over the world.

The Sites

TopsiteThese sites have very fast internet connections. 10mbit is considered the minimum, 100mbit good, and anything higher pretty damn good. The sites have huge hard drives. 500GB would probably be the minimum, and they can get up to dozens of terabytes. These sites are often hosted at schools, universities, people's work, or datacenters. Also certain countries have the preference. The Netherlands and Germany have fast internet connections, and are located in the centre of Europe. Sweden also has a lot of fast connections, buy in Sweden these are also very cheap. These sites are referred to as being legit. This means that the owner of the computer knows that they are there and being run, which is the opposite of pubstro's. Fast connections mean a lot to some people. If you have access to a 100mbit line (and are willing to run a site there), there are people who would quite happily pay for and have a computer shipped to you just for hosting a site that they will make absolutely no profit from. Commercial use of site access is not something common, most people do it just for fun, not to make money. Standard site software are programs such as GlFTPd and DrFTPd. As well as running FTPD, the sites run an eggdrop bot with various scripts installed. The bot will make an announcement in an IRC channel when a directory is created when an upload is completed. . It will also give race information, since just like on fxp boards, the site traders try to send a release as quickly as possible to another site. That way he will earn credits. The more credits, the more he can download. The speed between topsites can reach about 15 MBps.

The People

There are basically three ranks in sitetrading: siteops, affiliates and racers. Siteops (Site-Operators) are the administrators. There are usually between two and five siteops per site. One is often the supplier of the site, another the person who found the supplier and guided them through the installation of the FTPD. The other will be friends and people involved in the scene. One or more of the siteops will be the nuker. It is his job to nuke any releases that are old or fake. Affiliates are the releasegroups who pre their releases on the site.

Racers are the people who will race releases between sites. Usually they will have access to a number of sites and will fxp release as soon as they're released. FXP'ing a release will gain credits. The ratio is usually 1:3, so fxp'ing 3 GB will get them 9 GB credits on the site. The race is to upload the most parts of the release at the fastest speed. Racing starts shortly after a release is pre'd.

The scene / topsite system

SystemIn the scene hierarchy we already explained what a topsite is. Here we'll provide some more detailed information about topsites and their system, and the scene system. Security ofcourse is a very important issue. Topsites are very private. A typical topsite configuration will only allow users to login from a certain ident and host (or ip range), with SSL encryption on all FTP sessions. FTP bouncers are commonly used to hide the topsite's real IP address, and to share network load. Most users will connect through proxy's. That way the sites won't see their real ip-addresses.

IRC

All site members are present in the site's irc channel. These channels are mostly located on private or very secure irc-servers, and you'll need to connect via SSL. Apart from SSL there are more security measures. You cannot just join the channel, you have to invite yourself, by using a command line when you are connected to the site. That way people who are not a member of the site, will not be able to join since it's secured with invite-only or with a channel key (password). Second, the channels are often protected with FiSH. FiSH is a irc addon which encrypts the messages in a channel. That way people who don't have the proper fish key, won't be able to read the messages. In that irc channel, the members and site ops can talk to eachother. Also there is a site eggdrop bot present, which will make an annoucements when a releasegroup publishes a new release on the site, or announces when a members starts to upload a release. Also most sites will have an announce channel. This channel automatically displays the lastest releases just after they're pre'd. More about this below.

Credit system

The site works with a credit system. Site-ops and commonly affiliated are exempt from this system, they have a free leech account. This credit system works according to a ratio. Most common is 3:1, this means when you upload 3 GB, you can download (or fxp) 9 GB. When a member doesn't pass the minimum monthly required amount of upload, he'll automatically be deleted. Credits can be lost by uploading a bad release which gets nuked. Nuke multiplier affects the amount of lost credits.

Affiliates

There are basically three ranks in sitetrading: siteops, affiliates and racers. Siteops (Site-Operators) are the administrators. There are usually between two and five siteops per site. One is often the supplier of the site, another the person who found the supplier and guided them through the installation of the FTPD. The other will be friends and people involved in the scene. One or more of the siteops will be the nuker. It is his job to nuke any releases that are old or fake. Affiliates are the releasegroups who post their releases there right after they are finished. Each affiliate has access to a private, hidden directory on the topsite. This directory is used for uploading new releases before they are made available to other users.When a new release has finished uploading on each of the group's sites, a command is executed to simultaneously copy it into a directory accessible by other users, and trigger an announcement in the topsite irc channel. This command is called the PRE-command. "To pre" refers to executing this command. Pre-releases may be also relayed to external pre-announce channels to inform other couriers/sitemembers/users from fxp-boards that a new release is available for racing.

The warez scene relies on strict release standards, or rules, which are written and signed by various warez groups. Click here for more info about the scene-rules.

Release database

DatabaseWhen a group pre's a release, the release will automatically be registered in the pre-database. This is huge database which contains all the releases ever release into the scene. This release databases records release names and their release date & time, although fields vary from database to database. Examples of other common fields include genres (for mp3 releases), sections, and nuke details. Release databases are maintained to provide release groups with a service for checking existing release titles, to avoid a dupe (duplicate). Also users are able to check whether or not, for example, a movie was already released, the releasedate, the status (nuked or not) and more. Release databases are updated by automatic processes that either recurse selected topsites searching for new releases (spidering), or catch pre-release announcements from site channels.

Nukes

If a group publishes a release which already has been released by another releasegroup, it's a dupe (duplicate). Then the release will be nuked. This means that it's marked as a bad release. Releasegroup try to avoid nukes, since this will give them a bad reputation. Except for dupe, releases can be nuked for other reasons too. First of all, there are 2 types of nuke:

- Global Nuke

Nuked because of the release itself. It is nuked because something is wrong with the release, for example: sound errors, dupe, freezing video, bad rip, etc. If a group realise there is something wrong, they can request a nuke. Common nuke releases:

» Dupe

» Bad aspect ratio

» Bad inverse telecine, the process of converting framerates was incorrect

» Interlaced, black lines on movement as the field order is incorrect

- Local Nuke

Nuked because of the environement. Individual sites will nuke for breaking their rules, for example: no telesyncs, no dvd's subbed in languages other then english and dutch, etc. So there is nothing wrong with the release. Because of these releases are nuked locally, they can still be traded on other sites.

p.s. all credits goes to the original author(unknown)

[Guest pratik]

Good stuff....

A beginners guide to scene.....

[Guest ZackZero]

Great guide! :)