Gnutella Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > LimeWire+WireShare (Cross-platform) > New Feature Requests
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

New Feature Requests Your idea for a cool new feature. Or, a LimeWire annoyance that has to get changed.


Like Tree23Likes

Reply
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old March 1st, 2014
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 664
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

No it doesn't. I know the type of bot you mean, the browse bots. All the ones I found are on the security hostiles blocklist. Countries they mostly come from are USA & Japan. Some will browse every 15 mins. Some will browse only but very soon after you start a new session. Birdy's also noted these kind of bots.
Unlike LW 4 which shows each time they browse you, LW 5 simply only lists them once. I used MacOSX's network console to discover how often they'd been browsing & how long apart.

Such bots have been around for a while. I recall hosts doing that last decade. I initially thought they crashed (due to my large shares) & returned & re-browsed. I eventually woke up to who/what they are.
runt66 likes this.
Reply With Quote
  #12 (permalink)  
Old March 2nd, 2014
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 664
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Quote:
Originally Posted by Lord of the Rings View Post
... the security hostiles blocklist. ...
A little off-topic but just thought I'd note this:

When I took over the BearShare hostiles list because it seemed it was not being updated any more, I then considered a similar list for LW. Once I found a way for LW to read it, I changed the format it uses so it uses less memory than the BearShare version.

It did cross my mind to start a list from scratch for LW because it had been suggested in years past the BS one was a little heavy handed. But seemed like a lot of work to do so stuck to a ready made list instead.

I also looked at other blocklists. Both Phex & GTK use the same list which is minimal. But noticed some small differences. For example a small ip sub-range was blocked on BS Hostiles but the Phex version had the opposite end of that range blocked instead. I chuckled. I saw that a few times. I combined that list with the LW one. I also compared to the LW built-in blacklist. I also looked at the Gnucleus blacklist which I think File_Girl put together. That one blocked many world police departments & also music & film production companies & related companies. That sounded appealing to me so I combined it also.
I also looked at the FrostWire hostiles, same format as the BS one. I noticed some differences & incorporated some of those.

As far as police departments go, I discovered one using Phex from USA (twice 9 days apart), a special criminal investigations unit which had a small portion of an ip sub-range allocated to it. Other police dept's I've found were from Melbourne, Sydney, Auckland & somewhere in Portugal. All these added to the LW blacklist. I find it difficult to believe someone working for a police dept. would be using the official connection for casual hobby use-age of the Gnutella network. I think it's best to play it safe when it comes to gnutella users & if they want some protection then this list will at least help.

There's been other suspicious sub-ranges I've blocked due to the multiple users on similar ip's (11-12) connecting to me on multiple occasions. Over 2 years ago, I was uncertain whether they were bots or an organised group of people from Australia & I think Malaysia. (I had snapshots of a couple of these occasions but posted privately.) Example with first number removed: x.98.133.1, x.98.133.2, x.98.133.5, x.98.133.7, x.98.133.16, x.98.133.17, x.98.133.18, x.98.133.21, x.98.133.31, x.98.133.49, x.98.133.50 using FW 4.21.5, MS Windows version. 72 browses or download attempts over 10 min period before I crashed. The LPE pseudo name for the first one listed was AggressiveQual-133.1
Each browsed & several of them downloaded from me (same material.) In retrospect, sounds like bots. ie: Brisbane two occasions, Sydney once, Malaysia once. I mention these ones because they were more local to you. Of course I've mentioned & given examples of other similar bot ranges from USA in the BearShare Hostiles thread & Europe elsewhere. Bots are run from many countries (not referring to proxies.)
[/waffle completed]
runt66 likes this.
Reply With Quote
  #13 (permalink)  
Old March 5th, 2014
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 664
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Again, a little off-topic. But seems I identified another bot from Europe. Same ip from Belgium. Problem is it's a dynamic address so probably won't add it to the hostiles. Host peers connecting to me with same ip, using LW Music 4.2.0 (multiples) & LimeZilla 2.3.0. No co-relation between ports used. So it could be a difficult one to stop. In general I find Belgium ip's are highly dynamic even when they're supposed to be static. This one via Belgacom Skynet & around late afternoon their time. My LPE was not connected that long, perhaps 2 hrs at most as UP.
runt66 and sleepybear91 like this.
Reply With Quote
  #14 (permalink)  
Old November 10th, 2014
sleepybear91's Avatar
Gnutella Veteran
 
Join Date: October 30th, 2010
Location: Peak Top
Posts: 143
sleepybear91 is flying high
Default

Still suffering with the Japanese hostiles here. Hoping when I load WS they will be less of a problem
runt66 likes this.
Reply With Quote
  #15 (permalink)  
Old January 13th, 2015
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 664
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Quote:
Originally Posted by runt66 View Post
Lemonwire is a clone of limewire ; but members using it should ban and block both ,

65.199.18.150 and 65.199.18.142 ;

they are robots downloading hundreds of songs every hour ; genuine members dont get a fair go ;
The above quoted from another thread in the LW Clone section of the forum.

I realise this has become an old topic but thought I'd give you a heads-up on some blocking in regards to port 7001 hosts. There's a particularly bad group that use the following ip's: 208.103.122.163, 208.103.122.164, 208.103.122.165, 208.103.122.167
If you're using LW 5.3.6, LPE or WireShare then the pseudo-names would be:
NiceReindeer-122-63 and NiceReindeer-122-65, etc.
You can block them individually or use 208.103.122.160/29
That range is in the Hostiles-security block updater for January for LimeWire and will be in the next WireShare version release.
The hosts I've seen were ShareAza but I suspect they probably use multiple different gnutella client programs such as like this.

As it is at present, still trying to prevent that port from being active with WireShare's uploads. At least that port will not be able to connect as a leaf or ultrapeer to WireShare.
runt66 likes this.
Reply With Quote
  #16 (permalink)  
Old January 15th, 2015
runt66's Avatar
WEST AUSSIE
 
Join Date: March 4th, 2007
Location: EAST PERTH , WESTERN AUSTRALIA
Posts: 200
runt66 is flying high
Default

Reply With Quote
  #17 (permalink)  
Old January 15th, 2015
runt66's Avatar
WEST AUSSIE
 
Join Date: March 4th, 2007
Location: EAST PERTH , WESTERN AUSTRALIA
Posts: 200
runt66 is flying high
Default

Reply With Quote
  #18 (permalink)  
Old January 15th, 2015
runt66's Avatar
WEST AUSSIE
 
Join Date: March 4th, 2007
Location: EAST PERTH , WESTERN AUSTRALIA
Posts: 200
runt66 is flying high
Default

This just confirms your last post ;
Reply With Quote
  #19 (permalink)  
Old January 15th, 2015
runt66's Avatar
WEST AUSSIE
 
Join Date: March 4th, 2007
Location: EAST PERTH , WESTERN AUSTRALIA
Posts: 200
runt66 is flying high
Default

This is one ip address i will be blocking .
Reply With Quote
  #20 (permalink)  
Old January 16th, 2015
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 664
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Oops yes. Thanks for the confirmation pictures and posts. Block all those hosts I listed. The others won't be far away I can assure you. Put 208.103.122.160/29 into your filter blocklist/blacklist will achieve the same thing (it will block a range of 8 sequential addresses starting from 160. Or put in both 208.103.122.163 and 208.103.122.164/30 which will block the next 4 addresses up to 167.)
I had 1.2 million hits from that range over a few days according to my ip blocker. This session it's been 398,479 hits over 16 hours and 48 minutes. I first noticed them whilst using BearShare on the 23rd of last month.
Perhaps this bunch is only using ShareAza.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 04:49 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.