WARNING ( Porn bombs )
 

These file are everywere, the same size, but differant names.

This is getting bad....Is there anything in the works to combat this?

In searches of all kinds of names, these files types come-up almost everytime.

I don't think so; but, "could be a adware ploy by xolox."

What do you think?

BTW really like XoloX despite flaws, all programs have weaknesses, if one looks hard enought and exploites them.


IMHO DeReK

Ironman, your name has been porno bombed too.
Mine too. how about yours ?

Check out these files, in almost every search.
find a name and search.

*.zip 170,900 bytes
*.rar 167,449
*.asf 19,883
*.asf 309,122
*.asf 525,263


Can something be done ? other than making a mental note, and avoiding these type of files.

I'm sure these files a going to show up soon, in other sizes :(

With those file names it is either an attempt to abuse people's trust in Kaya's name or is some sort of twisted joke. What ever the case it would have to be done by someone who is familiar with these forums.

I think the ATTACK is being machine generated
 

antihedron,

I think the ATTACK is being machine generated from requests.

It took your name about 15min to be "Porno Bombed"

I beleave this is going to get real bad.....

What do you think ?


DeReK ---- It is tomarrow :)

I'll try to use a different servant to try and get some IPs

great like I don't have enough crap to worry about. Now I am a porn bomb. LOL

Seriously however this is something that is being done by some unscrupled businesses that want to force you to their cheesy sites so they can spam you to death with porn. The biggest two culprits are bangbus.com and firsttimegay.com they are ran by complete a'holes with nothing to do but have a machine generate these bogus files and dump them onto people who are looking for legit files. I got one of these thinking it was a music file for Barney the Dinosaur for my daughter and it was pure garbage. Yes Barney is a porn bomb too. These are on every file share system I have ever used not just the Gnutella Network. I have found them on Kazaa, Morpheous, and others. The companies who do this operate in a manner where if you try to contact them to stop it they just send even more spam from other mailers. Best thing to do is avaoid them like they were a virus.

I tried to find the IPs that are sharing these files.

194.213.194.37
194.228.211.204
194.237.72.231
66.250.52.45
(could be more)

I got results from these IPs when using searches for stuff like reigmnperj, erignoirgwe, and rtjsrtj.

Antihedron,

Now that we know of some IP address, what can be done ?


DeReK

Test
 

Test for registry :D :D

I would suggest blocking those IPs. If everyone does that it will be vwry hard for those computers to get on the network. Unfortunantly Xolox does not have the ability to block specific hoasts currently.

PS. IP 66.250.52.45 is responsable for creating several variants of the !!! files that people have been complaining about recently.

XoloX connects to other clients on the Gnutella network, which has over 70 different clients.
People run those spam servers that grab search results that seem to not respond to anything popular and send you back what you search for as a ! file with crap in it.
Yes the next version should have methods to help deter this... at least it better.

Blocking Pron Bombs
 

These porn bombs are definitely computer generated. Someone has written a program to take just about any gnutella search and create a porn bomb from it. Fortunately, they always seem to point to the same site. I have just added these sites to PC-cillin's web trap filter. It is also pretty easy to recognize the files as they always match you search exactly and there are always three files that are always the same three different sizes. However, it ****** me off that this crap is clogging up the gnutella network. Do these losers really think we will visit their crap sites after they highjack our browsers?

Very bad news
 

Ok after some further research, I find that none of the 4 IPs listed above in this post are officially registered. However, tracert reveals that 66.250.52.45 is apprently hosted by cogentco.com, 194.237.72.231 is hosted by telia.net and 194.213.194.37 by concert.net. A quick look at my history file shows that opening the bomb redirects you to several sites: adult-erotic-guide.com (64.159.91.200) is apprently hosted by level3.net, jambalala.com by cogentco.com and venusseek.com by level3.net again. Now the bad news. I've noticed two pop up windows that open after opening the xolox main page: usapromotravel.com and rated-**************s.com. The second one sounded an awful lot like adult-erotic-guide.com in it's naming convention. Sure enough, both of these sites are also hosted by level3.net. So now my question is, is someone highjacking Xolox's searches with or without Xolox's active participation? A tracert to www.xolox.nl has confirmed my suspicion as the last hop before getting to xolox.nl (213.133.42.240) is at level3.net. So, I wouldn't expect any resolution to these porn bombs any time soon. I still think Xolox is the best gnuella client, but I am greatly sadened this tur of events. I guess I'll just keep adding these sites to my webtrap.

There's also the ~28k file that pretends to be a .mov or .mpg but as soon as it runs takes you to a web page.

The use of level3.net caould be a form of tracking where you are going online. You might want to check for some sort of program that is interfaced with your internet browser or other internet acces software.

A more likely possability...

I went to level3.net. Level 3 Communications is a company runs a large high bandwidth communications network. It could be as simple as that Xolox happens to be hosted through the same system as those other sites. (possably indirectly through a web hoasting company thet uses level 3)

I'm willing to accept the possibility that this is just a coincidence, but it seems less and less likely to me.

The faxt that these bombs show up with other clients means that whoever is doing this is infecting the entire Gnutella network. If it does turn out to be somehow tied to Xolox, I think there will be a huge backlash.

I have a feeling that it is not directly related to Xolox. I think that it ia a buch of high bandwidth servers spaming every computer on the Gnutella network they can.

Or you guys could stop d/ling porn and being infected... or is that not how it works?

:confused: :)

uh huh
 

k your off the hook I guess...lol

Hello!

This is called Spoofing the network!

It is not the Porn industry that is to be blaimed for this but the RIAA and MPAA.

I think that they are using a specialized client developed by the Rangers based on the old Macintosh Gnutella client Furi.

This is how they do it:

Whenever you do a search a Query message is broadcasted trough your segment of the network(Horizon).Whenever that Query is intercepted by one of the Evil Eve nodes set out by the RIAA and MPAA it takes the Query and pharses the name and generates Query Hit messages(usually 3 or 4 with different extensions added to them) that matched your Query exactly but with for instance !!! added to the file name.These files are nothing but crap files that will take you to Porn sites but these Porn sites are innocent(bealieve it or not).It is just a smart approach by the RIAA and MPAA industry to make us think that they (The Porn industry)are to be blaimed for this since they are already known to have bad moral so that we will all blaim them for this crap.

The reason for them to do this is to clog up the network with crap(Spoof) files.But they cannot do it alone so they need help from unknowledgable users that do download these files and then just keep them in their Shared Directory without deleting them so that their files gets replicated to a great numbers and eventually will become dominating on Gnutella.But fortunatelly it seems that they are failing to attack Gnutella because the Client developers are working to solve these problems and also they will not fool the more Knowledgable users that do care what they share and delete bad files from their Shared Directory.But it seems that they might become successfull with Fast Track and Kazaa.

While some may be the result of the RIAA and MPAA (have no particular evidence but sounds like some of their other schemes), I know that some of them are defidantly related to porn sites. These files are usually larger and are not computer generated (as far as I know; they dont come up under any search and are hard to recognize by type and size) the files are just given the wrong name on purpose.

Filter the host, "66.250.52.45" (in Limewire, select "Tools", "Options", "Filters", "Hosts" and add the IP address to the list) and you will not receive any "hits" from this site.

Mike

Xolox doesnt support that though.

I got hit by this too... does it read your email address and send it somewhere (like from Outlook express) or is just a re-direct bomb.

I think it ust bombs your computer with ads. However it is certianly possable that the sites it sends you to ask for such information from your computer.

change the order of your key words.
avoid any results named in the order of your search.
genuine results are named in the correct order.

also, be as specific as possible in the "type:" field.

Thanks...
 

Maybe a new thread should be started to make all users aware of the specific IP's to filter.

Something like 'Gnutella Users: Please Read to avoid Spam ads'

I'm sure not everyone will open a thread called 'porn bomb'. Furthermore, maybe it would be a good idea to stay on top of this with updates of any new IP's that share these bombs.

-d