Jump to content


From Wikipedia, the free encyclopedia
(Redirected from Topsite (warez))

Topsite is a term used by the warez scene to refer to underground, highly secretive, high-speed FTP servers used by release groups and couriers for distribution, storage and archiving of warez releases.[1] Topsites have very high-bandwidth Internet connections, commonly supporting transfer speeds of hundreds to thousands of megabits per second; enough to transfer a full Blu-ray in seconds.[2] Topsites also have very high storage capacity; a total of many terabytes is typical.[3][4][5] Early on these warez sites were mainly distributing software such as games and applications after the release groups removed any protections. Now they are also a source of other copyright protected works such as movies and music. It is strictly prohibited for sites to charge for access to the content, due to decreased security, and sites found doing so are shunned by the topsite community.[6][7]



Unlike their predecessors in the Bulletin board system (BBS) scene, topsites aren't advertised broadly. With the increased threat of police raids, topsites have been forced to employ elaborate security precautions in order to stay hidden from authorities.[8]

A typical topsite configuration will only allow users to log in from a certain ident and host (or IP range for users with dynamic IPs), with SSL encapsulation on all FTP sessions.[9] FTP bouncers are commonly used to hide the topsite's real IP address, and to share network load.

Along with an "official name", most topsites are also known in the warez scene by an abbreviation that is two or three letters long. Knowledge of the abbreviation as well as the official name is not shared, even between different scene members. For example, a topsite with the hypothetical name "Blackbox" could be abbreviated as "BBX" and subsequently referred to as "B**" during an IRC conversation between those with knowledge of the site.

Site channels[edit]

Activity on the FTP server is announced by a Sitebot in a private IRC channel which is usually invite-only. To receive an invite, users need to issue a command to the FTP server after logging in the site. This ensures that only those with accounts on the FTP have access to the channel. Sitebots typically run Eggdrop IRC bot software.

Dupe (duplicate) check[edit]

Release databases record release names and their release date & time, although fields vary from database to database. Examples of other common fields include ID3 musical genre names (for MP3 releases), sections, and nuke (release rejection) details.

Release databases are maintained to provide release groups with a service for checking existing release titles (i.e., to avoid duping another group). Some databases contain historical release records dating back to the BBS era.[10] Note that such databases are uncommon, due to a completely different release naming method (based on the ZIP file descriptor FILE_ID.DIZ, as opposed to a directory name), and lack of information from this period.

Release databases are usually updated by automatic processes that either recurse selected topsites searching for new releases (spidering), or catch pre-release announcements from site channels.

Release databases used by topsites are private, but a number of public websites exist with similar information.

Credit system[edit]

Credit system controls the amount of data that users can download. Most sites operate by using an automated credit system. When a user uploads a file, their account is credited for an amount based on the uploaded file size, commonly multiplied three times. For example, when a user uploads a 15MB file, they may receive 45MB credits in return. Credits can be later used to download files from the site. Credits can be lost by uploading a bad release that gets nuked. Nuke multiplier affects the amount of lost credits. Nukes can be either site nukes (local) or scene nukes (global). Site nukes are issued when a release that is uploaded to the topsite violates site rules, such as 'No VLS' for the MP3 section. Another common site nuke is for backfilling, which is uploading something after a specific amount of time has elapsed from the time of release, usually 5 to 15 minutes.[clarification needed] Typically the nuke multiplier for a site nuke is at least 3x, where all couriers responsible for racing the bad release will lose 3x the credits they gained uploading. These nukes will not be echoed out to pre channels, as they only affect the local site. Scene nukes are nukes which are echoed out to pre channels. Scene nukes usually occur when a release violates scene rules, such as wrong encoder, or when the release is outright bad, such as out of sync. The nuke multiplier for scene nuke on topsites is usually 1x; all the couriers lose all credits gained uploading the release and break even.[11][12]


A warez group may gain access to a topsite as an affiliate (or "affil"), thus making the site among the group's primary distribution points. Affiliation benefits the warez group as the site will grant a certain number of leech accounts to the group (the number usually depending on the reputation of the group), and the site benefits by becoming one of a collection of sites that has first access to the releases of the group, thus improving its own reputation. Typically, groups will affiliate with several topsites, in order to maximize efficient distribution by couriers to other (non-affiliated) topsites. A group will choose topsites based on geographical location, mostly by country but sometimes by region, such as Northern Europe or Western US. Barring extraordinary circumstances, a group selects just one site for each location.

Topsites may have any number of affiliates, and commonly advertise them in the welcome message to indicate to its users the quality of the site. The most exclusive topsites will avoid affiliating with an excessive number of groups for security purposes and also to maintain adequate network resources. Topsites may also remove (or "drop") affiliates for a variety of reasons, including the lack of productivity of the release group, conflict between the site operator and the group, and the group's decision to affiliate with another topsite in the same geographical region.

Each affiliate has access to a private, hidden directory on the topsite. This directory is used for uploading new releases before they are made available to other users. When a new release has finished uploading on each of the group's sites, a command is executed to simultaneously copy it into a directory accessible by other users, and trigger an announcement in the topsite IRC channel. This event is known as a pre-release (or "pre"), and must occur at the same time on every affiliated site.

The warez scene relies on strict release standards, or rules, which are written and signed by various warez groups.


Couriers are a specific class of topsite users who earn their access by uploading new releases and filling requests. When a courier gains access to a topsite, they are often required to pass a trial test such as uploading a certain amount in a short period of time.

Couriers compete (race) against each other for respect, credits, access to other topsites, and fun. Private couriers often operate as independent (iND) couriers. Some couriers band together to form courier groups which provide support and friendship through camaraderie.

Staff roles[edit]

Site operator[edit]

A site or system operator (siteop/sysop) is in charge of the day-to-day operation of a topsite. They have full (root) access to the server and are able to manage users, groups, and topsite scripts and daemons installed on server. They decide on site rules, and site sections (e.g. TV Rips, XviD movies, MP3 music, etc.). Site operators are also in charge of managing the site channel, and sitebot.

Group administrator[edit]

A group administrator ('gadmin') is a member of an affiliated group or courier group with user management rights over the group. Each group has a pre-negotiated number of leech and ratio users, or slots.


While these sites are protected with technologically advanced schemes, law enforcement operations such as Operation Buccaneer (December 2001) and Operation Fastlink (April 2004) have been able to gain access and shut down sites by infiltrating the copyright infringement groups that operate on them. The group DrinkOrDie was busted during Operation Buccaneer. Tens of thousands of copies of software, games, movies and music were on leech sites reserved for their members only, having the names Lake of Fire, Packet Storm, Fatal Error and High Octane. One eventually grew to 1 terabyte in size.[13] As of June 2005, Operation Site Down was the latest significant law-enforcement attack on the warez scene. There were also busts in June 2006, with one US.biz site being busted, and several co-located servers being seized.

In November 2006, the Dutch anti-piracy organization BREIN claimed their first shutdown of a topsite, MadBiker (MB), after infiltrating the closed user community.[14] The site allegedly had 5.6 terabytes of content and used the super fast Onsnet fiber network in Nuenen.[15] In name of the international interest organizations MPAA, IFPI, RIAA, ESA and BSA, Brein explained the situation to the network administrator Edutel, who closed the site down at their request. Brein estimates there are dozens of similar sites in the Netherlands.[16][17]

Two years later, on November 26, 2008, Brein got the ftp servers of the 'topsite' TV Land (TVL) seized.[18] The 3 gigabit drFTPd site without affils offered 45TB of content, making it one of the largest topsites ever. Brein director Tim Kuik claims it was one of the sites at the top of the piracy pyramid. The files would leak to the torrent site Scenetorrents.org and other large torrent portals. The servers were hosted at different providers of which some were located at Leaseweb. The owner, 'Smokin1', is located outside the Netherlands and no raids or arrests were made. Brein suggests there are hundreds of topsites worldwide, of which two thirds are located in the Netherlands. The administrator of the site would also sell download accounts with a limit of 400GB for 40 euro a month. This made Tweakers question whether Brein really infiltrated the site or they got the information for free.[14] A week earlier a scene notice attacked the collaboration between TV Land and SceneTorrents. The NFO file showed smokin1 (admin of TV Land), I recommend you to close your insecure p2l/p2p site within 24 hours, or I will provide all Dutch anti-piracy organizations all information about the site, including complete releases list and sufficient proof to get the site busted, you have been warned!.[19] Tim Kuik, the managing director of Brein, told Slyck.com that TV Land was penetrated before the release of the notice.[20]

A year later, SceneTorrents (ScT) announced they were shutting down for good on November 29, 2009. The 20,000 members had to find a new site after 4.5 years on the respected and well-connected private BitTorrent tracker. An invite was hard to find. Rumours said the shutdown was related to the raid on topsite LOOP two days earlier, which was (supposedly) one of SceneTorrent's main content providers according to insiders. Other rumors said it could be a planned operation unrelated to the topsite. Later a staff message on the site said it was due to pending legal issues. Members of their staff were arrested and they declined to comment any further on the situation because of the criminal proceedings.[21] On November 27, Brein got the ranked topsite LOOP taken down. Two servers with a total storage capacity of 40TB spread over 28 hard disks were raided at their hoster in Amsterdam. The site was hard to access because you had to be invited by a staff member. Kuik says there are only a couple of hundred similar sites worldwide.[22][23][24]

On December 16, 2008, less than a month after TV Land, Brein took down yet another topsite. Sparta had 65TB of content, so Brein could claim again to have taken down the largest topsite ever.[25][26]

Hong Kong Customs uncovered a case when "copyright industry representatives" tipped them off in June 2009, resulting in the first case in Asia. Apparently, an international syndicate for unauthorized distribution used a topsite to download and then distribute copyright-infringing items such as movies, music, computer programs and video game software.[27]

In September 2010, after being in the planning for two years, the police executed a file sharing raid in up to 14 countries across Europe.[28] Started by the Belgian authorities, it is suspected that a scene group in Belgium had been infiltrated.[29] Some of the ranked sites affected by the busts are BAR, LOST, DLR and SC.[30]

In December 2010, a site known as Devil was raided by the Swedish police after receiving information from an anti-piracy group. At least a dozen computers and servers were seized, containing more than 200 terabytes of media.[31][32]

In January 2011, the Dutch anti-piracy organization BREIN claimed to have taken down their largest topsite ever: Swan (previously known as ATS).[33] According to BREIN it contained 220 TB of data spread over 12 servers, but the operator of Swan, MrTB in Costa Rica, said it were only 8 servers with 175 TB of data.[34][35][36] The site was taken down by hosting provider WorldStream and without judicial process BREIN seized its servers. The owners of the servers retaliated by seizing them back and may sue BREIN for breach of privacy and property rights as BREIN is a private organization and has no special legal or investigative authority.[37]

Not all takedowns are successful. Operation Bahnhof (March 2005) failed when the officials entered an area that their warrant didn't include. Although they found several dedicated servers with terabytes of illegal material, they ended up being sued for illegal trespassing and harassment, and were accused of planting evidence, since one of the Antipiratbyrån (Swedish anti-piracy group) employees was trying to infiltrate the scene to gather evidence, and in doing so violated Swedish laws against entrapment.


Some software that is used to run topsites.

FTP daemons[edit]

See also[edit]


  1. ^ Howe, Jeff (January 2005). "The Shadow Internet". Archived from the original on 2014-03-15. Retrieved 2017-03-12.
  2. ^ Bounie, David; Waelbroeck, Patrick; Bourreau, Marc (2006). "Piracy and the Demand for Films: Analysis of Piracy Behavior in French Universities" (PDF). Review of Economic Research on Copyright Issues. 3 (2): 15–27. Archived (PDF) from the original on 2013-10-04. Retrieved 2013-07-28.
  3. ^ "BREIN Takes 'Loop' Top Site Offline". Archived from the original on 2015-09-24. Retrieved 2009-12-04. Topsite with 40 terabytes of storage. [1] Archived 2009-12-01 at the Wayback Machine[2] Archived 2011-07-18 at the Wayback Machine
  4. ^ a b "Report.of.US.Busts.20060608.READ.NFO-SDE". 2006-06-08. Archived from the original on 2016-03-04. Retrieved 2010-02-13. [3] Archived 2011-07-16 at the Wayback Machine
  5. ^ enigmax (2007-11-19). "Top Pirate Reveals Warez Scene Secrets, Attracts MPAA Lawyer's Attention". TorrentFreak. Archived from the original on 2010-01-02. Retrieved 2009-11-29.
  6. ^ Denton, Adam (2011). "Intellectual property rights in today's digital economy" (PDF). ITU. p. 14. Archived (PDF) from the original on 2017-03-09. Retrieved 2017-05-14. Although much of the content is delivered free, it isn't uncommon for Warez sites to charge for some content.
  7. ^ CLEANTHIS (2010-01-19). "Info.about.KIA.aka.MPD.and.P2L-CLEANTHIS". Scenenotice.org. Archived from the original on 2017-09-14. Retrieved 2017-05-14. These paysites are insecure
  8. ^ enigmax (2012-09-18). "Movie and TV Show Pirates Hid Topsite Server Inside ISP Network". TorrentFreak. Archived from the original on 2024-06-08. Retrieved 2012-09-20.
  9. ^ enigmax (2007-11-19). "Top Pirate Reveals Warez Scene Secrets, Attracts MPAA Lawyer's Attention". TorrentFreak. Archived from the original on 2010-01-02. Retrieved 2009-11-29.
  10. ^ enigmax (2007-08-11). "27 Years of Warez Scene Release Info Leaked in Giant Database". TorrentFreak. Archived from the original on 2010-02-03. Retrieved 2009-11-29.
  11. ^ "The scene / topsite system". AboutTheScene. Archived from the original on 2008-08-01. Retrieved 2009-03-08.
  12. ^ Craig, P.; Honick, R.; Burnett, M. (2005). "Sites". Software Piracy Exposed. pp. 109. doi:10.1016/B978-193226698-6/50031-3. ISBN 978-1-93-226698-6.
  13. ^ Maher, William (2003-11-01). "Warez the justice, ask prison pirates". Australian Personal Computer. 23 (21): 22–23. ISSN 0725-4415.
  14. ^ a b van Miltenburg, Olaf (2008-11-27). "Brein laat topsite TV Land offline halen" [Brain gets topsite TV land seized]. Tweakers (in Dutch). Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  15. ^ Schop, Ester (2006-11-29). "Brein laat bron internetpiraterij afsluiten" [Service provider shuts down source internet piracy] (in Dutch). Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  16. ^ de Neeve, Mick (2006-11-28). "Brein claimt sluiten 'topsite' internetpiraterij" [Brein claims to close 'topsite' internet piracy]. Tweakers (in Dutch). Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  17. ^ DirectX (2006-11-29). "Brein claimt 'topsite' te pakken te hebben" [Brein claims to have tackled 'topsite']. Techzine (in Dutch). Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  18. ^ Pruijn, Rowald (2008-11-27). "Brein claimt platleggen schatkamer torrentwereld" [Brein claims shut down of treasure room torrent world]. ZDNet (in Dutch). Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  19. ^ "INSECURE_SITE_CALLED_TVLAND_READNFO-CDS-2008-TMI". SceneNotice.org. 2008-11-19. Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  20. ^ Mennecke, Thomas (2008-11-26). "BREIN Claims Success Against 'TV Land' Top Site". Slyck.com.
  21. ^ Ernesto (2009-11-28). "SceneTorrents BitTorrent Tracker Shuts Down". TorrentFreak. Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  22. ^ "BREIN neemt servers bronsite in beslag bij hosting provider" [BREIN confiscates servers of source site at hosting provider] (in Dutch). 2009-11-27. Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  23. ^ TEAM FILEnetworks (2009-11-28). "BREIN Takes Down 'Loop' Topsite". Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  24. ^ "Zwaar weer voor downloadsites" [Heavy weather for download sites]. CHIP (in Dutch). January / February 2010: 15. Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  25. ^ van Miltenburg, Olaf (2008-12-17). "Brein laat opnieuw topsite offline halen". Tweakers. Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  26. ^ Scheepers, Janneke (2008-12-17). "Mega-opslagsite voor piraten offline gehaald". ZDNet. Archived from the original on 2024-06-08. Retrieved 2017-08-06.
  27. ^ "Customs and Excise Department Departmental Review 2009 - Customs uncovers first "top-site" case in Asia" (PDF) (Press release). Hong Kong Customs and Excise Department. 2009-06-15. Archived (PDF) from the original on 2024-06-08. Retrieved 2010-09-29. Effected the first "top-site" case in Asia that an international piracy syndicate using high-speed Internet servers (generally called "top-site") to distribute copyright-infringing items, including movies, music, computer programmes and video game software was uncovered. The syndicate's setup in Hong Kong for distributing pirated items was smashed.
  28. ^ Enigmax (2010-09-07). "Police in File-Sharing Raids Across Europe, WikiLeaks Host Targeted". TorrentFreak. Archived from the original on 2016-11-01. Retrieved 2016-10-31.
  29. ^ Enigmax (2010-09-08). "Inside Yesterday's European Warez Piracy Raids". TorrentFreak. Archived from the original on 2024-06-08. Retrieved 2016-10-31.
  30. ^ Enigmax (2010-09-17). "The Significance of the Huge European Warez Scene Raids". TorrentFreak. Archived from the original on 2024-06-08. Retrieved 2015-11-22.
  31. ^ Enigmax (2010-12-17). "Police Raid 'Devil' Warez Piracy Topsite". TorrentFreak. Archived from the original on 2016-11-01. Retrieved 2016-10-31.
  32. ^ "Devil.Busted.250TB.Swedish.Scenesite.And.Others-SCENENOTiCE". Archived from the original on 2016-11-01. Retrieved 2016-10-31.
  33. ^ Mennecke, Thomas (2011-01-13). "BREIN Claims to have taken down Swan - the Largest Top Site 'Ever'". Slyck. Archived from the original on 2016-11-01. Retrieved 2016-10-31.
  34. ^ de Vries, Wilbert (2011-01-13). "Brein haalt megatopsite Swan offline" [Brain gets mega topsite Swan offline]. Tweakers (in Dutch). Archived from the original on 2024-06-08. Retrieved 2016-10-31.
  35. ^ "SWAN_AKA_ATS_BUSTED_SCENEWARNING-FUCKSAKE". SceneNotice.org. Archived from the original on 2016-11-01. Retrieved 2016-10-31.
  36. ^ "Response.From.MrTB-2011-PEACEOUT". SceneNotice.org. Archived from the original on 2016-11-01. Retrieved 2016-10-31.
  37. ^ Enigmax (2011-02-22). "BREIN Seizes Warez Servers, Owners Seize Them Back, May Sue". TorrentFreak. Archived from the original on 2011-02-25. Retrieved 2016-10-31. BREIN took the property of my client without any court order or warrant.
  38. ^ Andrew Smith (b-bstf), A Guide To Internet Piracy, 2600: The Hacker Quarterly, Summer 2004 [4] Archived 2012-02-26 at the Wayback Machine
  39. ^ a b (in Czech) Václav Jirovský, Kybernetická kriminalita, Grada Publishing a.s., 2007, ISBN 80-247-1561-9, p. 72
  40. ^ "OMEGA.THERAPY.N-Record.PAYBOX.DETECTED.2009.GERMAN.DVDRip.XviD.READNFO-CLEANER". Archived from the original on 2016-03-03. Retrieved 2009-12-04. Archive Archived 2011-07-28 at the Wayback Machine of the scene notice has a users folder with xml files that contain the "org.drftpd.usermanager.HostMask" string. Pre date: 2009-11-22. [5] Archived 2011-08-23 at the Wayback Machine
  41. ^ "The.Scene.Today.Dec.2004.WAKE.UP-iND". Archived from the original on 2016-03-03. Retrieved 2009-12-30. Pre date: 2004-12-02. [6] Archived 2011-08-23 at the Wayback Machine
  42. ^ "All.SiteOps.OF.DRFTPD.SITES.READ.THIS.VERY.IMPORTANT.SECURITY.ISSUE.WITH.PATCH-FriendlyScener". Archived from the original on 2016-03-03. Retrieved 2009-12-30. Pre date: 2004-11-18.
  43. ^ a b "FUTURE.OF.THE.SCENE.EXTRA-SCENE". Archived from the original on 2012-02-26. Retrieved 2009-12-30. Archive Archived 2011-07-28 at the Wayback Machine of the scene notice contains a .raidenftpd.acl file. ioFTPD mentioned in the notice. Pre date: 2004-04-24. This notice appeared a couple of days after the Operation Fastlink US DoJ press release.
  44. ^ "The.IP.HALL.of.SHAME.v1.06-LaF". Archived from the original on 2016-03-04. Retrieved 2009-12-30. Pre date: 2008-06-14. [7] Archived 2011-08-23 at the Wayback Machine

External links[edit]