Anything bad known about host 66.212.143.109

Yeah, go back to page 2 of this thread & check your snapshots connection lists and my response in posts #14 and #19 about who they are. They are hostile BOTs.

The Hostiles file has the entire 66.212.0.0/16 blocked.


Re: Hostiles file: I admit the original BearShare hostiles file was somewhat over-heavy but it was easier to adopt that list than start from scratch. I added blocks from my personal prior & later experience, and from File_Girl's Gnucleus blacklist and from GTK & Phex. File_Girl's list included media & software companies, police and investigatory groups from worldwide.
A big part of the problem with the original BearShare hostiles is that a % of it is out of date. Also, Aaron Walkhouse had a habit of adding hosts whom were accidentally sharing spam. He never removed hosts after adding it seems.

My error , ; when i tried to update my winmx to the latest version ;, by mistake i clicked on the restore defaults option and my blocked ip list went back to blank or empty ,; all fixed now thank you .

Any idea how OrangeWire is able to access system files on my C: drive via Shareaza? I noticed this IP address downloaded files like imagehlp.dll and msisip.dll which are only available on the C: drive. There were more but unfortunately, before I decided to post my question here I cleared them from my download log.

No idea at all. It's obviously a specially designed and built app. BOT.

My first advice would be to record that ip address and put it into your firewall as an ip block or as an advanced ip rule to block for all protocols.

You are using ShareAza? I believe there is a hostiles block file for ShareAza specially put together for the G1 network or/and overall networks. Either check Shareaza • View topic - All-In-One AntiSpam Filter [Aug-14-2011] or another more up to date one by the member called Neo2001.

Only once have I ever witnessed a file-sharing program having hosts access areas outside of the shared files/folders but that was several years ago (late last decade I think.) Dare I say it was coincidentally ShareAza. Might have been a bug with that particular version or perhaps due to specially designed BOTs. Somehow hosts were accessing files across my LAN.

Thank you. Shareaza has a right-click "block user" feature which I used immediately. But I will take your advice and add 66.212.*.* to my router firewall. Will need some time to read about the All-in-One Spam Filter for Shareaza.

Again, thank you for your help and advice.

Good, yes the 66.212.0.0/16 range has been a long-term (many, many years) problematic range. As you might see from runt66's prior snapshot attachment, the culprit was also an OrangeWire within that range.

The router block option is an excellent choice.
(although you need to be careful about large range blocks in the router, that range should be fine.)