View Single Post
  #12 (permalink)  
Old March 2nd, 2014
Lord of the Rings's Avatar
Lord of the Rings Lord of the Rings is offline
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 663
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Quote:
Originally Posted by Lord of the Rings View Post
... the security hostiles blocklist. ...
A little off-topic but just thought I'd note this:

When I took over the BearShare hostiles list because it seemed it was not being updated any more, I then considered a similar list for LW. Once I found a way for LW to read it, I changed the format it uses so it uses less memory than the BearShare version.

It did cross my mind to start a list from scratch for LW because it had been suggested in years past the BS one was a little heavy handed. But seemed like a lot of work to do so stuck to a ready made list instead.

I also looked at other blocklists. Both Phex & GTK use the same list which is minimal. But noticed some small differences. For example a small ip sub-range was blocked on BS Hostiles but the Phex version had the opposite end of that range blocked instead. I chuckled. I saw that a few times. I combined that list with the LW one. I also compared to the LW built-in blacklist. I also looked at the Gnucleus blacklist which I think File_Girl put together. That one blocked many world police departments & also music & film production companies & related companies. That sounded appealing to me so I combined it also.
I also looked at the FrostWire hostiles, same format as the BS one. I noticed some differences & incorporated some of those.

As far as police departments go, I discovered one using Phex from USA (twice 9 days apart), a special criminal investigations unit which had a small portion of an ip sub-range allocated to it. Other police dept's I've found were from Melbourne, Sydney, Auckland & somewhere in Portugal. All these added to the LW blacklist. I find it difficult to believe someone working for a police dept. would be using the official connection for casual hobby use-age of the Gnutella network. I think it's best to play it safe when it comes to gnutella users & if they want some protection then this list will at least help.

There's been other suspicious sub-ranges I've blocked due to the multiple users on similar ip's (11-12) connecting to me on multiple occasions. Over 2 years ago, I was uncertain whether they were bots or an organised group of people from Australia & I think Malaysia. (I had snapshots of a couple of these occasions but posted privately.) Example with first number removed: x.98.133.1, x.98.133.2, x.98.133.5, x.98.133.7, x.98.133.16, x.98.133.17, x.98.133.18, x.98.133.21, x.98.133.31, x.98.133.49, x.98.133.50 using FW 4.21.5, MS Windows version. 72 browses or download attempts over 10 min period before I crashed. The LPE pseudo name for the first one listed was AggressiveQual-133.1
Each browsed & several of them downloaded from me (same material.) In retrospect, sounds like bots. ie: Brisbane two occasions, Sydney once, Malaysia once. I mention these ones because they were more local to you. Of course I've mentioned & given examples of other similar bot ranges from USA in the BearShare Hostiles thread & Europe elsewhere. Bots are run from many countries (not referring to proxies.)
[/waffle completed]
Reply With Quote