Monday, December 7, 2009

A word of caution - a scam site, possibly a phishing site

Some of you may have run into a website known as the "Wally files" aka Wallywashis.name.

The site claims to offer downloads of songs/albums for free and it requires users to register. It sounds like an Albumbase clone, except that there's no real music.

Disclaimer: I have no connection to this site, but I'm here to report on it since there appears to be little information elsewhere on the web.

http://wallywashis.name/oe/index.html

"Wally was his name and MP3 was his file"

Okay.

So I stumbled on this site while searching for rare releases online. After an inspection, I concluded that it could not be real. No sour grapes intended.

The website advertises a wide range of music genres, ranging from mainstream, to extremely obscure acts. While on the outside looks like a great source to get some hard to find releases (hell, I wonder how this guy even thought of putting obscure neofolk/martial/ethereal groups on there), it is really a scheme to reap advertising revenue, and possibly lift passwords off unsuspecting users.

Here's why it's not legit.

1. The account/password creation system does not have proper verification procedures
2. User access is not encrypted
3. There is no brute force protection
4. For a site that has a wide library, it lacks a search feature. Do users really have to resort to googling "site:wallywashis.name " ?
5. Doesn't use adsense or other services, only surveys that require unsuspecting individuals to compromise their address, mobile phone numbers, and install suspicious software. This is asking people to take a huge privacy and security risk, while causing some to experience billing charges for spam text messages from the surveys.
6. There are very few published comments on the site's blog. Notice how the navigator says that some posts have 60-170 comments. Many of them are moderated and not published. Somehow the guy running the show either forgot, or realized he was getting beat at his own game.

Further investigation yielded an IRC conversation on musicbrainz, which establishes further doubt of the site's true intent.

Available here: http://chatlogs.musicbrainz.org/musicbrainz/2009/2009-01/2009-01-06.html

"
looks almost as if someone has copied the mb db as fake mp3 open dir listing http://wallywashis.name/mp3/

and is using the data to get people to subscribe to some dubious site for "access"

the thing is, by manually entering band information, you can "find" even the most little-known bands :)

Cunning.

It's a bit odd to find "mp3s" for a demo tape I made 15 years ago over there

Considering I have the only copy of the tape and have never encoded it into mp3 in the first place :D
"
In summary - someone just copied musicbrainz's database of artists and albums and listed them as downloadable files. Even someone's old demo that was never encoded, let alone released.


Having a site like that is truly dishonest. Odds are the "library" it has is not real either - just spam files that have had their filesizes adjusted to simulate bitrate and track length. Some speculate that the files were merely indexed from popular sites such as last.fm and such.

Therefore, avoid it at any cost. And get the word out.

Debut

This blog will be a resource for previewing music in mostly obscure genres, though I will on occasion make recommendations for more well known groups.

Disclaimer: no files of any significance are hosted on this site. All files are hosted on other sites.

Anyhow, having been in the music-blog community a while, I'll state my observations and pet peeves.

1. One should not be expected to be thanked for what they're providing. If you started a music blog for the recognition, do yourself a favor, close it and move on.

2. Blogs that are crawling with all sorts of embeds and audio that plays automatically. Nuff said. I don't like hearing some stupid song blasting the moment the page loads, and I don't like it when the page takes a minute to load because someone thought it was cool to give it myspace-syndrome. That's not going to happen here.

3. Link protectors. Those bombard users with ads and wait times. They are not cool, period.

4. Bloggers who simply copy links from other blogs and sites. What happens when the link goes down? It's like observing genetics, diversity versus cloning. A crop consisting of plants identical to the cloned host will be wiped out by a single pest. A genetically diverse crop will last much longer. Likewise in the blog world, when that Rapidshare or Megaupload link turns up nothing on one blog, it'll yield nothing on every blog that copy pasted it.

Now of course it's an exception if other links are pasted as alternatives to the original posting.

5. Fake sites. Spambots regularly copy search terms and form spam blogs that redirect to paid-mp3 sites (which aren't legit to begin with). Those are annoying.

More to come.