Texts tags

From XPUB & Lens-Based wiki

tags (working title)

tagging in the FXP scene

FTP (File Transfer Protocol) is a popular file transfer technology that for example, allow to manage the files of a website remotely. This can be done using a separate client or directly in a web browser. The "FXP scene" name comes a from technique used in FTP transfers that permits to remotely transfer data from one FTP server to another. Using this trick on servers that allows it, allow someone on a very modest Internet connection (as modest as a 56k modem and lower) to move Gigabytes of data from one server to another in seconds if the two servers can handle such a bandwidth.

ftp://204.97.99.22/ / /. Tagged/i hate f**k pubstealers/this scene will die if lamer cunts f**k shit up/COM3?/thanx/to iSDN for original scan/da / ve/


During a brief period of time in the early days of the 00s, the Internet became a vast jungle of poorly maintained servers. These machines were leftovers from the late dotcom boomers, individual and small companies that were providing web hosting and server administration with little understanding of network security. For approximately two years this provided an extraordinary terrain for script kiddies and other amateur pirates, their playground: public FTP servers.

A typical target server would be a server providing a FTP access to its users. There is nothing wrong with that, unless you realize that anonymous access is enabled allowing anyone to connect. Connecting as anonymous will then direct to a 'pub' folder providing limited shared content and upload. Finding a 'pub' was not rare, but some administrator would disable or prevent anonymous users to be able to add files to it. Fortunately for the 'pub' seeker, a lot of these amateur admins would also share the whole hard drive of the server or forget to lock the users in their own personal directory. Of course complete access to the content of the machine does not necessarily mean you can actually upload your own files anywhere you want. But in an operating system, there are many locations where anyone can write all kind of data: from a user directory with write permissions set to anyone, to the system temporary folder.

All together such a setup would provide a reliable high speed public network storage, fitting perfectly the purpose of mass sharing illegal material, cracked software and various music and videos files.

To find such a server was relatively easy to do for anyone at this time and was the task of the scanner: human or bot. The less computer literate pirates could simply use a web engine and browse the Internet looking for cheap looking websites and then try to connect to the same address using a FTP client, while more sophisticated freebooters would simply write a small program randomly connecting to IP addresses to test if an anonymous FTP service was available and then try to find a writable folder.

Once a 'pub' found, it is then tagged to mark it as the sole property of the individual or the group who discovered it. This tag was just a directory path mentionning the name of the pub owner. For example:

/tmp/.test/=-=/-/=-=Tagged by GT!!!!!=-=/-/=-=/Filled.by.S/c/a/r/f/a/c/e/for/(^.^)Y0FXP(^.^)/


The thing is that this tag, is not visible easily when you are inside of the base folder, you can read the tag only by looking at all the subfolders it contains. In the example above, the tag indicates the pub was discovered by 'GT' and then the content located in the last folder was uploaded (filled) by Scarface, both members of the group or FXP bulletin board called Y0FXP. Once filled with pirated material, the complete URL would be made available privately or publicly on IRC channels or dicussion forums.

In theory, once tagged, this file storage territory belongs to one group or board only, but it was quite common that the URL would leak to other boards and outside of the group during private list of pubs exchanges, or simply because it was made public to start with. Such a knowledge would provide other groups the benefit to skip the laborious scanning part of 'pubbing' and just delete the original content and add their own. Next to that while some groups were very careful to not disturb the server's official users and administrators by avoiding long continuous file transfers and by checking regularly the free space left, Others would delete any original files whenever possible and trash the server with all kind of pointless directories and random data.

To prevent this 'pubstealing' and in-group vandalism, and as a side effect make it harder for anyone to get rid of the original squatters, a technique called 'dirlocking' was used. The idea behind this process is to make your tag impossible to remove, pretty much like the idea of using permanent paint markers to leave a signature as long as possible on a graffiti wall. Transposed to our path signatures, it means that the tagger will use different techniques to prevent the FTP user, its FTP client, the FTP server, the operating system running the FTP server or all of them combined, to delete or even see through the real tag you have written. Depending on the operating system or the tagger's knowledge on the subject, many tricks can be used. These tricks taking place in the tag itself became then part of the art of preparing these ASCII art signatures.

A few examples:

  • "Illegal" Windows NT names:
/COM1 /++upped++/by/ThAmAStEr/COM1 /--just--/for/all/you/bitches/out/there/COM1 /NjOy/IFXP&OSIRIS/
/prn.hsp.laserjet/Com1 /Aux/Lpt1/T4G by Draaz /Nul3/Sc@N by Draaz&dbleroi /f0R PuBsMan-BoarD/
  • Confusing FTP clients with poor support for character encoding and white space support:
/   /%% ;; /   /Tagged By ;; /   /Caribax
/Uploads/;;;;; tagged ;;;;;   /  by mathg666    /  4 Team enigm@  /  leech here/
  • Confusing FTP servers into thinking you are requesting a directory located elsewhere:
/righteous/~/. Tagged for Sanity/
/incoming/ tmp /../../ .---===tagged by===---- / guidossj4/sampei76/ita/


Depending on the techniques used, not knowing the full tag would prevent deleting it, or prevent the FTP client to browse through the path, or even prevent both. To make things more tricky, it was common practice to upload thousands of variation of the same tag at once creating on top of the lock a complete filesystem maze. Eventually, pubstealing moved from stealing storage space to purely deleting any uploaded content just for the sake of it or for the excitement provided in solving a tag maze, or break a locked tag with the ultimate pleasure to re-approriate this territory and ultimately mark it with one very own tag.

Towards the end of the FXP scene golden age, inexperienced taggers started to mix several techniques in a cargo cult attempt to blend in the FTP tag aesthetics and obviously not understanding the purpose of these special character sequences, hence missing the point on how and when to create locks.

/~tmp./take/gg/.com/com/goldarsch for freakwarez/


The FXP scene died of a slow death as hosting and server maintenance got incorporated in more professional services, making it increasingly difficult to find a non monitored FTP with writable directories. For a while the FXP scene survived on more advanced automated trojan injectors that would exploit some Microsoft server security holes to infect a machine with a hidden FTP server. Next to FTP, more services were added in these tools, and soon merged into the young botnet scene. Today FXP as a transfer technique is still used to remotely and massively move data from one FTP to another and it is still the technique of choice to propagate pirate material from one private server to another. As for the tags, they are left for us to contemplate in forgotten file listings or forum and IRC logs archives. There are still some forgotten pubs around, in the same state as they were in the early 00s, and a well crafted google query will reveal them, but to not know the name of the tag, will let you stuck in the limbo of these locked directories.