# Sanity check: OScam?



## Melita (Jan 29, 2014)

I also post in LET regarding this.

I was wondering why my nodes got a random load spikes. After investigating, turns out it was caused by some process called oscam. Top + vzpid across all nodes reveal that it was coming from quite a number of VPS (42) from around 20 customer. They were all coming from one Southeast Asia country, and using the VPS solely for this oscam purposes.

 

Then I asked uncle Google. Taken from http://openpli.org/wiki/OScam:

 




> "OScam is a softcam, software to be used to decrypt digital television channels on a settopbox (receiver), as an alternative for a conditional access module (CAM)."



After I asked some fairy spy in that country, I heard something like this:




> spy: currently there are a lot of signal receivers out there that can tap into our tv broadcast network and 'steal' their channels for free to watch
> 
> me: em, those satellite receiver needs to connect to internet?
> 
> ...



 

This fairy spy is actually my IM friend from that country.

 

The load problem can be easily solved by limiting their cpu speed (they broke my TOS regarding load limit anyway). Also, maybe it's true that the TV provider will never sue me.

 

But I somehow thinks that they stole the money which should go to the TV provider instead. Maybe it's less stealing if they use it in private for themselves, but they even got more money by selling those free top boxes.

 

I actually doesn't really care about what they do (they didn't harm other people, no one knows, yada yada). I'm phlegmatic anyway, so I prefer to close my eyes and not meddling with this.

 

The problem is, part of those stolen money goes to me (by paying VPS solely for oscam purposes). I wish I never knew about this, so I can continue my happy life ever after.

 

I also wish they were using VPS for something else like web server / developing some apps, but they didn't. And then I realized that I'm actually helping them for stealing, and I even got a stolen money for that.

 

I already talked to half of them about this, and because it's luckily covered in my TOS on "no illegal purpose" part, they just peacefully ask a refund and terminate, in which I did. I was ready to lose around 1/6 of my whole customer base because of this (still a small hosting company).

 

The rest half of them didn't even reply my ticket, so I just blocked the invoice and waiting their VPS services end this month naturally. I plan to donate that money somewhere anyway.

 

I somehow got a little drool over that illegal market possibilities, but the guilty feeling was bugging me all day. And luckily I realized this prematurely before it even get bigger customer base.

 

There is actually even bigger safe and illegal market (I'm talking about $15k/month here), involving ssh tunneling business in my own home country to get a free internet connection. But I think I would just stop my rant here.

 

Anyway, I made this thread because I want to ask your opinion about this. Am I too naive, and will you VPS providers do the same? Should I feel guilty over all of this? Please enlighten me.

 

Also, is there actually any legal use for oscam? I want to know so I can be sure when terminating the rest half of the customer at the end of this month under the same 'illegal purpose' assumption.

 

Sorry for my bad English, it's not my main language. Also, if you're one of my past customer who did this and know who I am, I'm sorry too. I just want to share my thoughts, nothing else. Peace :v


----------



## texteditor (Jan 29, 2014)

Melita said:


> Also, is there actually any legal use for oscam? I want to know so I can be sure when terminating the rest half of the customer at the end of this month under the same 'illegal purpose' assumption.


nope, which is why its against the aup of many providers


----------



## Aldryic C'boas (Jan 29, 2014)

Sounds to me like you're doing the right thing.  Caught a shady process, did your proper research on it, and now you're bringing it up directly with the clients instead of kneejerking and just terminating them on the spot.

You may take a hit on sales for it, but it looks to me like you're going about this the right way.  Illegal use is always a catch 22, since you'll inevitably have someone say "But you're allowing X, why won't you allow Y?".  Just let your clients know it has to stop, and let them decide whether to keep the VM and use it legally, or cancel.


----------



## Damian (Jan 29, 2014)

Aldryic C said:


> You may take a hit on sales for it, but it looks to me like you're going about this the right way.  Illegal use is always a catch 22, since you'll inevitably have someone say "But you're allowing X, why won't you allow Y?".  Just let your clients know it has to stop, and let them decide whether to keep the VM and use it legally, or cancel.


And eventually you'll get someone from the tin-foil-hat crowd going "OMFG PRIVACY" or whatever... this group also tends to think that giving money to another entity implies _ignorantia legis neminem excusat_, or that because they've given you money, that they're then allowed to do whatever they please. I'll be honest: when it comes down between me keeping my business going, or your privacy regarding you doing illegal things, I'm going to choose myself.

My usual response (and yours should be too): my house, my rules, and we let you know the rules before you entered the house.


----------



## Melita (Jan 29, 2014)

Aldryic C said:


> You may take a hit on sales for it, but it looks to me like you're going about this the right way.  Illegal use is always a catch 22, since you'll inevitably have someone say "But you're allowing X, why won't you allow Y?".  Just let your clients know it has to stop, and let them decide whether to keep the VM and use it legally, or cancel.


Interesting words you use there, I had to google a bit to find out the meaning: http://www.merriam-webster.com/dictionary/catch-22 

Yes that's what I told in the tickets. I had to quote a part of my TOS again in which they offend, then giving them 2 options: please use the vps for something else or we will refund you.

Even though they're realizing that they're wrong, they still had to be disappointed for this. And this disappointment somehow making me sad, no idea why 



Damian said:


> And eventually you'll get someone from the tin-foil-hat crowd going "OMFG PRIVACY" or whatever.


Under normal circumstance, I won't look on my nodes at all. But I somehow got load warning email (oscam decrypting needs max cpu), which made me had to do 'top' and 'vzpid' to get which VPS is offending. No need to even vzctl enter their vps. Either do this, or the whole service might be slow.

Can this actually solved by TOS? I already include this on my TOS (which they should agree upon signup):



> IndoVirtue will not share or disclose information regarding its customers except (i) when IndoVirtue receive legal process such as a court order or are required to disclose the information by law; (ii) when reasonably necessary to protect the company’s rights or property; (iii) in emergencies where someone’s safety is at risk; (iv) as required for domain name registration (e.g.whoislookup). Account which is suspended or terminated by IndoVirtue for violating its Terms of Service does not qualify for this Privacy Policy.


Point number (ii) and the last sentence might cover it, although I don't know how strong it is.


----------



## MartinD (Jan 29, 2014)

Oscam and cccam and cardproxyserver - all essentially doing the same thing and all banned on our kit.


----------



## Kakashi (Jan 30, 2014)

Same here, we've had to ask a few clients to stop using it. Think I might explicitly add it to our AUP.


----------

