First
off, I'd like to state that, to my knowledge, Article Bot has no
privacy statement. This allows them to do as they please with their
software. Whether its ethical to anything is another issue.
Because
of all the discussion around trojans and alike, I want to set the
record straight and say that ArticleBot is not infected by a trojan. It
is working just like it was intended to do. Good news right? Not
exactly. To dispel any myths and other misunderstandings I conducted a
number of tests including some very advanced IP packet tracing.
Although these same methods are employed by the countries best cyber
warriors at the NSA, you too can duplicate most of these findings.
What
I did was spin some projects to see what would happen. What I will show
you is not a now and then issue, it is an ongoing process.
At startup, the Article Bot application does a regular GET
http://www.nebadawn.com/
and requests a page named in the following fashion
"username-accountnumber.txt". This file holds information about your
account and instructs Article Bot on if you have paid or not. This has
to be considered a normal action and should not be thought of as
anything out of the ordinary. No information is being passed to the
server in any other way than the fact that by requesting the page, a
log entry will show you opened ArticleBot. This should be the only
handshake between your computer and Article Bot's servers.
A closer examination reveals that
http://www.nebadawn.com/ is registered to Andy Skinner, co-creator of Article Bot. That is also fine. Here is how you can see for yourself:
http://www.dnsstuff.com/tools/whois.ch?ip=nebadawn.comNow
this is where things start to get interesting. Nothing happens until a
the user does a spin. When spun, you see an entry in the log that
Article Bot (with no other applications running) makes an FTP
connection to the same
http://www.nebadawn.com/
server as before. FTP as most of you know is used for file transfer and
is not useful for any other task. This raises a big red flag. Next, I
find that a file is being uploaded to the server with the telling name
of "username-accountnumber-spin-projectname.htm". It has the exact same
naming convention as the license check. Fair to say it is not a
coincidence. It turns out that this file is a complete copy of the
first spun page in the project.
Why would Article Bot upload a
copy of the page? Furthermore, when you create a sitemap, Article Bot
will create a file called
"username-accountnumber-links-projectname.htm" and upload it to a
different directory on Andy's domain. At this point, the user has sent
a full page from the project (the template), the full url of the site,
and the full list of keywords used in the project.
So what can
you do to take a look at this? Plenty. First, if you have a firewall
that allows you to block outgoing connections on an application by
application basis you can set it up to ask you to confirm each time
Article Bot tried to connect. As stated above, you should expect the
License check, but after that you will see your FTP connection attempt.
You should block this if you do not want Article Bot to trap your
information on your project. If you have Norton Utilities or other
software that allows for the undeleting of files, you can take a look
at your ArticleBot directory. There you will find all the files
uploaded as they are then deleted to hide the tracks.
To summarize:
- Article Bot connects to a domain owned by Andy Skinner to do a license check
- Article Bot creates and uploads a copy of the first spun file to his domain
- Article Bot deletes the uploaded spin file from the user's local machine
- Article Bot creates and uploads a copy of the user's sitemap for the project
- Article Bot deletes the uploaded sitemap file from the user's local machine
As
you can see, Article Bot has been receiving a copy your templates and
keywords from every project you've created. This has been going on at
least from build 1114, and most likely the full life of the software.
Article Bot is getting a copy of everything you do.
It is
possible to use the software without them getting a copy of your work.
If you would like to protect yourself, there is a very good and FREE
firewall. It might look like there is a cost, but they allow private
users to download and run forever with limited features. It has
everything you need to protect yourself from this data copying.
Kerio Personal Firewall 4 (http://www.kerio.com/kpf_download.html)
To
look at the files deleted on your hard drive,use this undelete utility.
It is a free download and it works on all windows systems.
Active Uneraser (http://www.uneraser.com/)
Protect
your work, setup the firewall. Check out these claims from the screen
shots of the actual log, then make a decision for yourself.
Screenshots
License handshake
The log file showing the ftp connection
How to setup Kerio to block Article BotThe
first thing you need to is run ArticleBot one time. During this you
will be prompted to allow the program do access the License server. Say
yes. After this, but before you spin any projects, find the Article Bot
logo in the list of applications on the Kerio Main Screen (graphic 1).
Now click on the "packet filter" button. The next screen (graphic 2)
will not have actual settings in it, but since I am using my already
setup version to show, mine has the entry already in the list. You will
next click on the "add button". This brings up the Filter Rule dialog
(graphic 3). Give it some name then go down to the box called "Remote".
To the right of that click "Add". From the list select "Address". In
the address enter the IP on the image (
66.162.142.57).
Keep in mind that ArticleBot might be able to change IP over time, but
that should not be a problem. Click "OK" to add the address to the
list. Click "Add" Again and this time select "Port" from the list. In
the dropdown select "FTP-control". This should make the next number 21
by default. Click ok to save. Now that you have the remote side set,
make sure the Direction is selected to "Both" and Action to "Deny".
Click on OK and you are set.
Graphic 1
Graphic 2
Graphic 3
