Top: acts of hostility (piracy, site snatching, virus attacks).

Acts of Hostility (Piracy, Site Snatching, Virus Attacks) Targeting Ion Saliu, His Web Site, Theories, Systems, Software

By Ion Saliu, Crime-Stopper At-Large

Hostility, piracy, site snatching, virus attacks, hostile acts against

I. Hack–Attack: Hacking and Virus Attacks
II. Piracy, Pirating, Snatching, Hijacking Web Site SALIU.COM
III. Hidden Referrals to Web Site SALIU.COM to Disrupt Traffic
IV. Run Inexistent Scripts from SALIU.COM to Disrupt Traffic
V. Illegally Copy-and-Paste Ion Saliu's Web Pages
VI. More Cases of Hostility Targeting Ion Saliu and SALIU.COM
VII. Worst Cyber Crimes: Trojans, Hijackers, Dialers

Hostility, piracy, site snatching, virus attacks, hostile acts.

Hostile acts against my person and my web site started soon after the inception of
I noticed intense attacking and hacking against in the autumn of 2001. The details are presented on this web page:

  • This site is under hack attack: Code Red/Nimda Virus.

    Some of the offenders of that period:

    (Toronto, Canada) - - [07/Nov/2001:18:16:21 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-" - - [07/Nov/2001:18:16:30 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"

    Block assigned to:
    Concentric Network Corporation (NETBLK-CNCX-BLK-6)
    1400 Parkmoor Avenue
    San Jose, CA 95126-3429 - - [05/Nov/2001:20:46:23 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-" - - [05/Nov/2001:20:46:23 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
    ... - - [06/Nov/2001:07:01:15 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-" - - [06/Nov/2001:07:01:15 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"

    Concentric Network Corporation (NETBLK-CNCX-BLK-6)
    1400 Parkmoor Avenue
    San Jose, CA 95126-3429 - - [06/Nov/2001:19:34:40 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-" - - [06/Nov/2001:19:34:40 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
    ... - - [06/Nov/2001:20:01:53 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-" - - [06/Nov/2001:20:01:53 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"

    Pac Bell Internet Services (NETBLK-PBI-NET-8) PBI-NET-8
    Main Way (NETBLK-SBCIS-101424-17188) SBCIS-101424-17188 - - [07/Nov/2001:00:26:21 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-" - - [07/Nov/2001:00:26:21 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"

    Hostility, piracy, site snatching, virus attacks, hostile acts against Ion saliu.

    I noticed most disturbing facts in 2005: Acts of blunt piracy of my web site.
    Noticeable in 2005, they started more intensely to pirate my web site, to snatch it. I saw several pages with different names and addresses but displaying my web pages. Something like Celebrity, UDGROUND.COM, etc.

    UDGROUND.COM is a horrible case. The address bar always shows UDGROUND.COM, but the site displays every page at A look at the source code reveals this web trick:

    <FRAMESET rows="100%,*" border=0 frameborder=0 framespacing=0>
    <FRAME name=top src="../bbs/messages/595.html" noresize>
    </FRAMESET> - - [13/Aug/2005:00:19:45 -0700] "GET /bbs/messages/595.html/forum/archive/index.php HTTP/1.1" 500 616 ""

    I discovered the following Internet data for that source of piracy:

    Domain Name: UDGROUND.COM 
    Administrative Contact: fox, brandon 
    stimson loop road 
    stony brook, NY 11790 US 800-932-2333 
    Technical Contact: fox, brandon 
    stimson loop road 
    stony brook, NY 11790 US 800-932-2333 
    Record last updated 06-04-2005 06:08:00 PM 
    Record expires on 01-21-2006 
    Record created on 01-21-2005 
    Domain servers in listed order: 
    fox, brandon: 
    What the hell are you doing? You hijacked my web site, 
    Your site, shows in my log files as a referring domain. 
    But when clicking on the link, only shows pages that 
    belong to 
    That is piracy = a criminal act. 

    Their reaction to my action:

    "dude we are merely referring you traffic. think of it is a present - it is REFERRING!!!!"
    ----- Original Message -----
    From: "Ion Saliu"
    Sent: Thursday, August 18, 2005 11:20 AM
    Subject: You commit piracy!

    No kidding! REFERRING, huh? That's hijacking! The reader never sees in the address bar!!! What they are doing is piracy, not referring. They have an empty domain. Not even one sentence of abc... They fill the empty nut up with pages I CREATED. are committing theft. My web pages are my property entirely. The formidable Attorney General of the great State of New York deserves to hear about this matter. They know about this case now. The AG put away big bullies such as big shots on Wall Street...

    They are unconscious. They mess around with some powerful companies. You can go to my search page — it still shows My search page offers links to notable encyclopedias online resources, such as Microsoft's Encarta and Encyclopaedia Britannica Online. You go to Encyclopedia Britannica and you read materials owned by Encyclopaedia Britannica Online. Yet, the domain in the address bar reads! Obviously, Encyclopedia Britannica is not the creation of the rats at!

    Why would some take such serious risks? On one hand, they hope I would never notice such acts. On the other hand, they hijack web sites with good search rankings and therefore potential advertising revenue. Similar to what another nest of criminals do: Grik.Net. They make money off my effort, by stealing one of my web pages and then hijacking my website entirely. Curiously, the ads are by Google! I don't accuse Google of knowingly participating in a cyber crime.

    Something bothers me at once, however. Then it double bothers me. Google refused AdSense ads at my web site for the reason that my site was gambling and lottery related! I never make things up when I tell the truth. When I don't tell the truth it is very obvious that I try my hand at fiction. Now, the plain truth is that Google display their ads at thousands of gambling and lottery related sites; the ads convey messages to many more thousands of gambling and lottery sites. GRIK.NET is such a source site. What double bothers me is that the source, GRIK.NET, is also a showcase of criminality.

    I am sure the googlitsers don't do it knowingly. They surely are aware of this rule of natural economics: The more billions you have, the harder you might get hit by the formidably long and strong arm of the law; and the faster the billions will vanish, as the Enrons and WorldComs have proven…

    Google sends now around 75% of all the visitors that my web site gets. Am I crazy? NOT! NON! I always put Truth above anything. I always put Truth ahead of anybody. And, again, I furthermore have a serious problem with the caching at It's a genuine form of copyright infringement.

    Just click on these links:
    (That link appears in several referrals to, especially from; the link results in error 404.)

    The burden of guilt is shared by the web host of UDGROUND.COM: DIRECTNIC.COM. directNIC is run by Intercosmos Media Group, Inc., and also serves as domain registrar. Their address is:

     Intercosmos Media Group, Inc.
     650 Poydras Street, Suite 1150
     New Orleans, Louisiana 70130

    directNIC offers the following advice in their FAQ file regarding URL Redirecting:

    ""What does it mean to redirect a domain?

    Redirecting a domain means that when someone attempts to go to a website (types in a domain name in the address bar), he/she is automatically sent to another website.

    directNIC offers the option of automatically redirecting domains at no cost.

    Through this option, a user may redirect their domain name to a URL (uniform resource locator) (ex: of their choice. This allows the user to point domains registered with directNIC to pre-existing Web pages of their choice."

    No reference to the legality of URL Redirecting. Everything goes, according to directNIC! Any web target is acceptable! If I want to redirect my empty domain to or — no law can stop me! It is perfectly legal! DirectNIC may be in the jurisdiction of the State of Louisiana, therefore the core of their legal system may be different from the other 49 states of the USA. Still, no jurisdiction, regardless the State, may allow hijacking of other people's properties!

    The criminal hides under these klouds:
    	 Grigori Kochanov +380.572437428
    	 Grigori Kochanov studio
    	 Petrovsky str 7 fl 15
    	 Kharkov, Kharkov, UKRAINE 61002
    Domain Name: 
    Record last updated at 2005-02-01 14:58:07
    Record created on 2004/1/27
    Record expired on 2007/1/27
    Domain servers in listed order: 
    	 name: Grigori Kochanov
     mail: tel: +380.572437428
    	 org: Grigori Kochanov studio
    address: Petrovsky str 7 fl 15
    	 city: Kharkov
    province: Kharkov
    country: UKRAINE
    postal code: 61002

    I have a big problem with the FRAMESET tag implemented by the WWW Consortium.
    FRAMESET makes it very easy to hijack web sites. Every thick–headed moron of this great world of ours can hijack the most popular web sites of the planet with just a few lines of HTML code. The moron only needs an empty domain name, without a single word! The WWW Consortium must implement a defensive tag; e.g. NO_FRAMESET. NO_FRAMESET in a META tag or inside the HEAD tag should prevent other web sites from illegally filling up content from the targeted web site. Otherwise, legal action against site hijacking becomes mission impossible!

    I have also another big problem with the caching of web sites.
    Even when it is done by the search engines — I still have a problem. The search engines do not really need caches of the web pages they index. Just clicking on the (current) page in the search–results list will do. Caching encourages even more pirating in cyber space. I saw how my site was cache–pirated by a Celebrity– via a vicious cache.cgi script. I have learned that the government of Canada intends to make web-caching ILLEGAL. Great idea! I hope all the governments in the world implement similar legislations.

    The email address:
    is false now.

    That's how easy it is for the Cyber criminals these days. Get an email, commit the crime; then cancel the email account. Get another email account, etc., etc., etc. Can you see a clear way of fighting cyber crime? Right now, I can envision a terrible situation. Every bastard of this huge world of ours will register a domain name for a very small fee. The small fee is a great thing, but also a big pain in that part of the body the classics called ass. One small registration fee and the petty criminal will hijack every great web site of the Internet. For example: WWW.CRIMINAL.COM. The first page, will redirect (i.e. hijack or snatch) to page2.html will redirect to page3.html will redirect to page_m.html to page_n will redirect to the major universities of the world. Not to mention redirecting to government websites for the purpose of terrorism — even make money by advertising on political terrorism pages!

    The law enforcement agencies around the world must work together better in the fight against cyber crime. Right now, the Internet is largely a no–man's land.

    Hostility, piracy, site snatching, virus attacks.

    Another disturbing act is hidden referrals to my web site.
    Legitimate referrals show clear links to web sites or pages. No authority may stop web linking. In my case, looks like some haters want to affect negatively the ranking of by the search engines. The referrals usually come from pages that refer to pornography. Again, linking is legal. The problem I have is the fact that those unpleasant referrals are hidden. They are, actually, scripts that run invisibly to the Internet surfer. Another reason for such trick is to cause traffic problems to a web site. The hidden referral to opens the page 2000 times a day, with no reader! Just open the page many times in order to cause problems to legitimate Internet searchers and would–be readers of the page! Here are some illegitimate referrals: - - [13/Aug/2005:00:07:58 -0700] "GET /strategy.html HTTP/1.0" 200 38708 " - - [13/Aug/2005:00:20:39 -0700] "GET /strategy.html HTTP/1.0" 200 38708 " - - [13/Aug/2005:00:25:56 -0700] "GET /strategy.html HTTP/1.0" 200 38708 " - - [13/Aug/2005:00:09:51 -0700] "GET /strategy.html HTTP/1.0" 200 38708 " - - [13/Aug/2005:00:15:21 -0700] "GET /strategy.html HTTP/1.0" 200 38708 " - - [13/Aug/2005:00:21:13 -0700] "GET /strategy.html HTTP/1.0" 200 38708 " - - [13/Aug/2005:00:24:50 -0700] "GET /strategy.html HTTP/1.0" 200 38708 " - - [13/Aug/2005:00:31:47 -0700] "GET /strategy.html HTTP/1.0" 200 38708 " - - [13/Aug/2005:00:38:08 -0700] "GET /strategy.html HTTP/1.0" 200 38708 "

    The pirate nest is a domain named EASYGAMBLING.INFO. They went out of business on August 13, 2005. Then they came back to life!

    Domain Name:EASYGAMBLING.INFO Created On:13-Aug-2004 12:04:59 UTC 
    Last Updated On:14-Aug-2005 04:23:17 UTC 
    Expiration Date:13-Aug-2006 12:04:59 UTC 
    Sponsoring Registrar:R159-LRMS 
    Status:ACTIVE Status:OK 
    Registrant ID:C4918058-LRMS 
    Registrant Name:Sergey Melikhov 
    Registrant Organization:Moonspell Info 
    Registrant Street1:Telecentra 7 Registrant City:Kazan 
    Registrant Postal Code:420000 
    Registrant Country:RU 
    Registrant Phone:+7.9047614956 
    Admin ID:C4918058-LRMS 
    Admin Name:Sergey Melikhov 
    Admin Organization:Moonspell Info 
    Admin Street1:Telecentra 7 Admin City:Kazan 
    Admin Postal Code:420000 
    Admin Country:RU 
    Admin Phone:+7.9047614956 
    Billing ID:C4918058-LRMS 

    They snatch other web sites via vicious scripts. The source of the search script appears to be here:

    title Vioxx Approval /title
    frameset cols="*" rows="*" framespacing=0 border=0 frameborder=0 noresize
    frame src=""

    Hostility, piracy, site snatching, virus attacks, hostile acts against

    Another hostile act is incessant attempts to run scripts from, when knowing that such scripts do NOT exist!
    The message board script is ran illegitimately hundreds of times a day, even though error 404 pops up every time. The only reason is intent to disrupt activity at The most abused script at is the linking script: I removed it it years ago. That script might have been requested a hundred thousand times to no avail! The file–not–found error popped–up a hundred thousand times to no effect! Only vicious behavior can perform such insane acts so many times, for so long!

    Here are some illegitimate requests: - - [13/Aug/2005:00:08:00 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 15527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts)" ~ Host: Asia Pacific Network Information Centre - - [13/Aug/2005:00:13:20 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 15527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" ~ Host: Mebtel Communications; - - [13/Aug/2005:00:13:21 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 15527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" ~ Host: RIPE Network Coordination Centre, Amsterdam - - [13/Aug/2005:00:13:34 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 15527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" ~ Host: Optimum Online (Cablevision Systems) - - [13/Aug/2005:00:23:22 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 15527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" ~ Host: Pac Bell Internet Services, rback26c.irvnca SBC06923412800020050113165857 - - [13/Aug/2005:00:25:08 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 15527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" ~ Host: Asia Pacific Network Information Centre - - [13/Aug/2005:00:27:40 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 15527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts)" ~ Host: Asia Pacific Network Information Centre - - [13/Aug/2005:22:25:45 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 15527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" ~ Host: Asia Pacific Network Information Centre - - [13/Aug/2005:09:10:26 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 12137 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322)" ~ Host: Verizon Internet Services; - - [13/Aug/2005:09:13:17 -0700] "POST /cgi-saliu/ HTTP/1.1" 404 15527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" ~ Host: Asia Pacific Network Information Centre

    Illegally Copy–And–Paste Ion Saliu's Web Pages.

    Searching on Ion Saliu at Google yields over 13,000 results (more than 40,000 web pages in July 2006).
    About 1000 of them are web pages I created. Most web pages displaying the name Ion Saliu are legitimate. Still, a few dozen web pages listed by Google are the result of illegal copy–and–paste of content from There are cases when other pages copy entirely pages from The "authors" remove the inner linking. But the authors are so lazy that they forget to remove Ion Saliu from the copy–and–paste process. I do hit hard some of the bastards, especially when I know who they are!

    Here is a number of cases of illegally copy-and-paste content from
    (These suckers removed Ion Saliu, but copied my Roulette.htm page way beyond the law–breaking point!)
    (Hidden referring via hidden scripting, copy–and–paste.)
    (Hidden referring via hidden copy–and–paste.)
    (Just places the name ION SALIU in many sections in order to increase page ranking. The name is white on light background, so that is hardly visible!)
     (Hidden referring via hidden scripting, copy–and–paste.)
    (Hidden referring via hidden scripting, copy–and–paste.)
    (Hidden referring via hidden scripting, copy–and–paste.)

    Hostility, piracy, site snatching, virus attacks, hostile acts target Ion Saliu.

    More Cases Of Hostility Targeting Ion Saliu And
    Why do some people live only to cause trouble to other people? Why do they spend their lives devising ways and means to disrupt the normal activity of normal humans?

    You might not have heard of this. There are now web sites that promise to shorten long URL addresses. They offer a so–called short–hand URL service. I will list here a few of such web "services" that hit my web log in sizable numbers.

    This is one more piracy method. I can see in the web log thousands of referrals from web URL shortening sites. The "referrals" are still illegitimate. They hide the referring in "secret" scripts. The main purposes are to diminish the ranking of my web pages by the search engines and/or to cause traffic problems for 336 referrals; 321 referrals; 168 referrals; 151 referrals; 78 referrals; 454 referrals; 370 referrals; 182 referrals; 96 referrals; 86 referrals; 84 referrals; 81 referrals; 80 referrals; 76 referrals; 76 referrals; 75 referrals; 70 referrals; 70 referrals; 68 referrals; 67 referrals;

    Some of the aforementioned web services promised to me to "kill" the spamming links in their databases. Yet, illegitimate referrals still show up in the daily web log at!

    The Worst Cyber Crimes: Trojans, Hijackers, Dialers.

    The Worst Cyber Crimes: Trojans, Hijackers, Dialers, Etc.
    The cyber attacks have turned worse than imaginable! My computer has been literally invaded by hijackers, Trojans, worms, dialers… Here are some of the bastards that must be obliterated, physically, if no other solution exists. Apropos (dialer), PeopleOnPage (hijacker), ISTBar, YourSiteBar, SurfAccuracy, etc.

    Only a high performance anti–spyware application can fight with good success against this type of the worst cyber criminals. If the criminals are not blasted off, no more computing would be possible.

    Even if you don't connect to the Internet, working at your computer turns into a very difficult task. A hidden dialer, for example, keeps trying to connect to the Internet. We click on 'Cancel', but the dialer keeps coming back! The dialer attempts to call unknown–to–you phone numbers from your computer. That might cause you trouble, although you are innocent. You are forced to reboot numerous times, because Windows detects invalid operations or faults in numerous applications.

    Law enforcement worldwide must pay very close attention to this crime. The criminals must be punished very severely. The punishment must be also highly publicized as an efficient deterrent.

    Cyber crimes are no longer jokes. Cyber crimes have become the most dangerous form of warfare: a worldwide guerilla war against the computing community.

    A new criminal act has emerged in 2006: The dialog box popup. There are effective pop-up blockers out there, especially from Google and Yahoo. The bastards found new ways to fight the popup blockers. Annoying popup dialog boxes will scare you that there are serious problems with your system - especially the registry. The false alarms go like this (includes their punctuation):

    "Message from Microsoft to System.
    Microsoft Windows has encountered an Internal Error.
    Your windows registry is corrupted.
    We recommend a complete system scan."

    Of course, they do a free scan showing mostly bull; no real problems. They don't fix a single error until you pay for a different version of the software. These new pop-up services have become a terrible headache!

    Here is a list of the most common offenders:

    There is no way to avoid those pests. They intercept your Internet connection and they follow you wherever you go. They must be obliterated!

    I checked and I believe all those domains represent one group of bastards. They hide their tracks skillfully. My fighting method might be more efficient than filing complaints. I go to those addresses and contact them. I curse them like they never heard before. Other people are strongly encouraged to do the same!

    The irritating worms, viruses, annoyances on the Internet.

    New hostile acts: pop-up dialog boxes, false system errors alerts.

    Read more on piracy and hostile acts against Ion Saliu:

    More to come, cyber bastards!

    Humans of honor and dignity, please bear with me!

    Ion Saliu

    Ion saliu's theories, systems, software are the most sought-after, plagiarized and pirated in the digital era.

    Hostility, piracy, site snatching, virus attacks agaisnt Ion Saliu.

    | Home | Search | Help | What's New | Download Software | Odds, Generator | New Writings | Contents | Forums | Sitemap |

    Internet hostility, piracy, site snatching, virus attacks.