BearShare Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > BearShare (Windows) > BearShare Open Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Search Today's Posts Mark Forums Read

BearShare Open Discussion Open topic discussion for BearShare users

Preview this popular software (BearShare Beta v5 "Download")


Welcome To Gnutella Forums

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, fun aspects such as the image caption contest and play in the arcade, and access many other special features after your registration and email confirmation. Registration is fast, simple and absolutely free so please, join our community today! (click here) (Note: we use Yandex mail server so make sure yandex is not on your email filter or blocklist.)

If you have any problems with the Gnutella Forum registration process or your Gnutella Forum account login, please contact us (this is not for program use questions.) Your email address must be legitimate and verified before becoming a full member of the forums. Please be sure to disable any spam filters you may have for our website, so that email messages can reach you.
Note: Any other issue with registration, etc., send a Personal Message (PM) to one of the active Administrators: Lord of the Rings or Birdy.

Once registered but before posting, members MUST READ the FORUM RULES (click here) and members should include System details - help us to help you (click on blue link) in their posts if their problem relates to using the program. Whilst forum helpers are happy to help where they can, without these system details your post might be ignored. And wise to read How to create a New Thread

Thank you

If you are a Spammer click here.
This is not a business advertising forum, all member profiles with business advertising will be banned, all their posts removed. Spamming is illegal in many countries of the world. Guests and search engines cannot view member profiles.



           Deutsch?              Español?                  Français?                   Nederlands?
   Hilfe in Deutsch,   Ayuda en español,   Aide en français et LimeWire en françaisHulp in het Nederlands

Forum Rules

Support Forums

Before you post to one of the specific Client Help and Support Conferences in Gnutella Client Forums please look through other threads and Stickies that may answer your questions. Most problems are not new. The Search function is most useful. Also the red Stickies have answers to the most commonly asked questions. (over 90 percent).
If your problem is not resolved by a search of the forums, please take the next step and post in the appropriate forum. There are many members who will be glad to help.
If you are new to the world of file sharing please do not be shy! Everyone was ‘new’ when they first started.

When posting, please include details for:
Your Operating System ....... Your version of your Gnutella Client (* this is important for helping solve problems) ....... Your Internet connection (56K, Cable, DSL) ....... The exact error message, if one pops up
Any other relevant information that you think may help ....... Try to make your post descriptive, specific, and clear so members can quickly and efficiently help you. To aid helpers in solving download/upload problems, LimeWire and Frostwire users must specify whether they are downloading a torrent file or a file from the Gnutella network.
Members need to supply these details >>> System details - help us to help you (click on blue link)


Moderators

There are senior members on the forums who serve as Moderators. These volunteers keep the board organized and moving.
Moderators are authorized to: (in order of increasing severity)
Move posts to the correct forums. Many times, members post in the wrong forum. These off-topic posts may impede the normal operation of the forum.
Edit posts. Moderators will edit posts that are offensive or break any of the House Rules.
Delete posts. Posts that cannot be edited to comply with the House Rules will be deleted.
Restrict members. This is one of the last punishments before a member is banned. Restrictions may include placing all new posts in a moderation queue or temporarily banning the offender.
Ban members. The most severe punishment. Three or more moderators or administrators must agree to the ban for this action to occur. Banning is reserved for very severe offenses and members who, after many warnings, fail to comply with the House Rules. Banning is permanent. Bans cannot be removed by the moderators and probably won't be removed by the administration.


The Rules

1. Warez, copyright violation, or any other illegal activity may NOT be linked or expressed in any form. Topics discussing techniques for violating these laws and messages containing locations of web sites or other servers hosting illegal content will be silently removed. Multiple offenses will result in consequences. File names are not required to discuss your issues. If filenames are copyright then do not belong on these forums & will be edited out or post removed. Picture sample attachments in posts must not include copyright infringement.

2. Spamming and excessive advertising will not be tolerated. Commercial advertising is not allowed in any form, including using in signatures.

3. There will be no excessive use of profanity in any forum.

4. There will be no racial, ethnic, or gender based insults, or any other personal attacks.

5. Pictures may be attached to posts and signatures if they are not sexually explicit or offensive. Picture sample attachments in posts must not include copyright infringement.

6. Remember to post in the correct forum. Take your time to look at other threads and see where your post will go. If your post is placed in the wrong forum it will be moved by a moderator. There are specific Gnutella Client sections for LimeWire, Phex, FrostWire, BearShare, Gnucleus, Morpheus, and many more. Please choose the correct section for your problem.

7. If you see a post in the wrong forum or in violation of the House Rules, please contact a moderator via Private Message or the "Report this post to a moderator" link at the bottom of every post. Please do not respond directly to the member - a moderator will do what is required.

8. Any impersonation of a forum member in any mode of communication is strictly prohibited and will result in banning.

9. Multiple copies of the same post will not be tolerated. Post your question, comment, or complaint only once. There is no need to express yourself more than once. Duplicate posts will be deleted with little or no warning. Keep in mind a forum censor may temporarily automatically hold up your post, if you do not see your post, do not post again, it will be dealt with by a moderator within a reasonable time. Authors of multiple copies of same post may be dealt with by moderators within their discrete judgment at the time which may result in warning or infraction points, depending on severity as adjudged by the moderators online.

10. Posts should have descriptive topics. Vague titles such as "Help!", "Why?", and the like may not get enough attention to the contents.

11. Do not divulge anyone's personal information in the forum, not even your own. This includes e-mail addresses, IP addresses, age, house address, and any other distinguishing information. Don´t use eMail addresses in your nick. Reiterating, do not post your email address in posts. This is for your own protection.

12. Signatures may be used as long as they are not offensive or sexually explicit or used for commercial advertising. Commercial weblinks cannot be used under any circumstances and will result in an immediate ban.

13. Dual accounts are not allowed. Cannot explain this more simply. Attempts to set up dual accounts will most likely result in a banning of all forum accounts.

14. Video links may only be posted after you have a tally of two forum posts. Video link posting with less than a 2 post tally are considered as spam. Video link posting with less than a 2 post tally are considered as spam.

15. Failure to show that you have read the forum rules may result in forum rules breach infraction points or warnings awarded against you which may later total up to an automatic temporary or permanent ban. Supplying system details is a prerequisite in most cases, particularly with connection or installation issues.

Violation of any of these rules will bring consequences, determined on a case-by-case basis.


Thank You! Thanks for taking the time to read these forum guidelines. We hope your visit is helpful and mutually beneficial to the entire community.


Like Tree94Likes

Reply
 
LinkBack Thread Tools Display Modes
  #71 (permalink)  
Old September 26th, 2012
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

I've provided alternative Full-Hostiles versions. 1. Hostiles with full Japanese Block: BearShare - Hostiles Blocklist 2012 . . 2. Hostiles with just standard Japanese fien spam client Block: BearShare - Hostiles Blocklist 2012-NoJapBlocks

Sorry if it sounds confusing. No longer separate installer for the Beta and regular BearShare (finally figured out how lol), just separate installer for either of the (1) or (2) options above. Or alternatively the Hostiles.txt file as a zip if you prefer to place the file yourself: 1. Hostiles_2012 or 2. Hostiles_2012_NoJapBlocks (which means just standard Japanese fien client blocks.) Sorry for the silly name but needed something to distinguish them.

The Full-Japanese Block is not a true 100% Japanese block, it blocks about 85-90% of their ip ranges. The non-Japanese blocklist is a much larger file as you might imagine because it includes many of their individual and small range blocks.

Fresh hosts added. I will not be updating these files as often as I have been over past couple of months which was every 1-2 weeks. I've been working on LimeWire blocklists and now there's simply too many lists to maintain.

The reason for the Japanese block: Several people contacted me in regards to (a) reducing the options for connecting mostly only to Japanese hosts, (b) Finding material through hosts that are more regionally or more culturally-similar to share with. (c) reducing Japanese spam.

The reason for the non-Japanese block: I feel there should be a choice for users.
Over the years I have personally downloaded a lot of Japanese music and video and shared material back. It's only been the past 18 + months that the Japanese anti-file-sharing companies have become somewhat over-bearing and very high in numbers.
There is a large 'genuine' file-sharing community in Japan. It is not their fault both the Japanese government and business is sponsoring anti-file-sharing companies to cause problems on the Gnutella network. The Japanese file-sharing community should not be left out in the cold for that reason alone.

Edit: as of two days ago: Edit February 2013: a single installer is now inclusive of both options and for either standard BearShare or the BearShare 5.1 Beta Test version.

Edit 13 March 2013: added a small Japanese range that was in the LW equivalent list but missing in BSHostiles list. Will now work the files on XP instead of Win 7 after finding processing errors, which did not affect using the file however. The blank lines only showed on XP. On 2000 simply a marker. And Win 7 did not show any issue.
If there is an error in the hostiles, BearShare will do either of the following as soon as it opens: 1. Delete almost all (over 99%) of the contents of the file. 2. Remove all contents after a point somewhere near the error. 3. Will ignore the host listings which have errors.
runt66 likes this.

Last edited by Lord of the Rings; March 12th, 2013 at 08:38 AM. Reason: updating details again
Reply With Quote
  #72 (permalink)  
Old October 26th, 2012
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

If anybody is interested ...

I think I might have discovered a new network set-up to spam and DDoS based in France. All the host addresses are within two small adjoining sub-ranges of each other. I have not seen any of these host addresses on any other blocklist. Something to keep in mind is some hosts do not attack the client program directly, but once they know your address they will periodically DDoS you. The affect of this a is drop in search results, possible loss of upload and download connections or loss in speed or consistency in either activity, and possible loss of connections with hosts, and at worst loss of internet connection. Those are their purposes. That is why I do strongly recommend blocking the worst of them via your firewall at least. And also to take the weight off your program taking all the hits when they are directed at it but not actually attempting to download or anything (ie: DDoS'ing your program client.) If anybody wants a list of the worst DDoS hosts then just ask.

Anyway update to the blocklist will be coming soon.

For LimeWire users, I have figured a way for both LW 4 and LW 5 versions to read a blocklist file in similar fashion to BearShare and FrostWire. Except these blocklists for LW use CIDR format which I was told start of year is more memory friendly than the older format BearShare uses. Also, the size of the Heavy/Strong Blocklist is 25% smaller than the original BearShare Blocklist and 10% smaller than the FrostWire blocklist. But is no less powerful. I will post a release on this in a few days time. Still doing last updates to the blocklist which is a very slow process when I have several lists to update. The LW blocklist version has been tested with 4.14 to 5.6.2. I have not yet tested earlier versions. Results have been seconded by a second person.
If you want me to test earlier versions of LW then bump the 'like' this post/thread and give your reason for testing earlier LW versions and it will be done.
runt66 likes this.
Reply With Quote
  #73 (permalink)  
Old October 27th, 2012
Valued Member
 
Join Date: May 30th, 2004
Location: United Kingdom
Posts: 2,866
ukbobboy01 will become famous soon enough
Default DDos Attacks and Other Dodgy Stuff

Hi LOTR

You, like I, probably suspect that these attacks are sponsored by the RIAA and with tacit approval of of the US Government, even though what is being done to your computer is illegal in most western countries.

Plus, while you as an Australian citizen are likely to enjoy the protection of your government, and the sanctity of your laws, in the UK I would have no such protection if I continued to use P2P software.

Therefore, while you can continue to use P2P software, because you have broken no Australian law, while I, if accused by the US of doing something against one of their laws, the UK government would virtually say "come and get him, he is all yours".

Now, you could call me paranoid because there is nothing tangible I can point to in order to support my position. However, there is enough experiential observations to show that unless a poor unfortunate UK citizen has public support the maxim seems to be "What the US wants the US gets".

While you could go to the authorities and complain that your computer is under attack, if I was in your position I would be laughed out of the police station, i.e. if you are hacked or electronically attacked in the UK you can only report it to the police.

The way I see things going is that sooner or later the last bastion of individual freedom (Australia) will be sold out to the US, just like the UK has, and there will be concerted pressure to discourage the use of P2P apps, just as it now is in the UK.

So, because of the various things happening to discouraged P2P usage, e.g your ISP, various UK government backed campaigns, possible US sanctioned attacks, etc. I no longer use P2P software and the reason why I would not advise anyone else to use it either.



UK (Paranoid) Bob
runt66 likes this.
Reply With Quote
  #74 (permalink)  
Old November 3rd, 2012
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Quote:
Originally Posted by Lord of the Rings View Post
For LimeWire users, I have figured a way for both LW 4 and LW 5 versions to read a blocklist file in similar fashion to BearShare and FrostWire. Except these blocklists for LW use CIDR format which I was told start of year is more memory friendly than the older format BearShare uses. Also, the size of the Heavy/Strong Blocklist is 25% smaller than the original BearShare Blocklist and 10% smaller than the FrostWire blocklist. But is no less powerful. ...
Finally finished a LimeWire version: Security packages for LimeWire (help block out the spam and evil hosts). Intended for use with both LimeWire 4 and 5 versions. It works fine without memory issues for LW 5. I could have called the actual security file anything, including just security file.
runt66 likes this.
Reply With Quote
  #75 (permalink)  
Old March 12th, 2013
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

In the March 13 update over half of the new listings are the port 27016 spam clients. So that will take 128 away from the chance to spam you. Others added were spam hosts, DDoS and BOT browsers (ie: 2 kinds; (a) browse you as soon as and every time you log onto the network, (b) browse you robotically every 10-15 minutes. One of these browsed me 5 times over 20 minutes. I was only sharing 500 files which is a fraction of my usual shares.)

Don't forget there is also an installer which caters for both BearShare 5.1 beta and other BearShares and choice of which hostiles to install.

If anybody wishes to volunteer their services for taking on the updating of the Hostiles, I would love to hear from you.
I do not know if there is another equivalent hosted elsewhere that is being updated. AW's old one had not been updated since June 2011 or earlier.

As it is, since the LW users do not seem that interested in their updates, I will probably be slowing down my updates for that package or stopping altogether since their 4 lists take considerable time to update. Not many download the updates. But their situation is different. They can ban hosts manually. Whereas BearShare has no other protection choice other than the Hostiles being loaded as it opens. So I do feel as though there is a demand for the BS Hostiles.

Received UDP OOB Hits Announcement for GUID: PSXHDKDY(edit) to proxy to Leaf in 7*.1**.*.*** ("BearShare Lite 5.2.0.1" WinXP 2904 msgs) from 188.142.66.5:27016, but the query is stopped. - I wonder what that means? Too much spam being transmitted by Mr. 188.142.66.5:27016 ?
runt66 likes this.
Reply With Quote
  #76 (permalink)  
Old March 26th, 2013
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

I have not heard from the Phex dev for a very long time So I am making my own call here.

If you see any Phex version Phex 3.2.0.102 then boot it off your connection list. I have seen far too many of these over very recent past. Absolutely no reason for anybody to be using such an old Phex version below 3.4, so to see so many of them with identical version reminds me of these: Spam sample 1, . . Spam sample 2, . . Spam sample 3, . . Spam sample 4

Example of these Phex BOTs are listed in post #78 below, scroll down to 195.50.2.185. Another range they use is 192.155.80.0 - 192.155.95.255. When I blocked this in Phex, the block count increases by about 31 per minute.
runt66 likes this.
Reply With Quote
  #77 (permalink)  
Old April 24th, 2014
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default Browse-BOT obvservation

Past two days (after I deciding to use the less stringent on Japanese hosts hostiles), found a handful of Japanese Browse-BOTs that browsed me as soon as I connected to the network (all within 5-10 seconds.) These ones browse repeatedly over a period of time. Here's an example of one today over a 70 minute period:
ID: 59.147.135.13:50652-Tokyo So-net Entertainment Corporation. <- (List, name & shame!)
Code:
8:20:11 AM
8:20:14 AM
8:20:24 AM

8:21:12 AM
8:21:52 AM

8:22:01 AM
8:22:56 AM

8:23:14 AM
8:23:39 AM

8:24:13 AM

8:25:47 AM

8:26:05 AM
8:26:22 AM
8:26:25 AM

8:27:11 AM
8:27:13 AM
8:27:13 AM

8:29:14 AM
8:29:30 AM
8:29:31 AM
8:29:33 AM

8:30:12 AM

8:31:58 AM

8:32:17 AM
8:32:19 AM
8:32:20 AM

8:33:21 AM
8:33:37 AM

8:34:23 AM

8:35:32 AM

8:36:01 AM
8:36:42 AM

8:37:43 AM
8:37:49 AM

8:38:08 AM
8:38:18 AM
8:38:32 AM
8:38:41 AM
8:38:45 AM

8:39:39 AM
8:39:50 AM
8:39:57 AM

8:40:32 AM
8:40:49 AM

8:43:22 AM
8:43:31 AM
8:43:35 AM
8:43:35 AM
8:43:41 AM
8:43:49 AM
8:43:55 AM
8:43:58 AM

8:44:33 AM

8:45:03 AM

8:46:05 AM
8:46:22 AM
8:46:49 AM
8:46:57 AM

8:47:11 AM
8:47:12 AM
8:47:27 AM
8:47:56 AM

8:49:45 AM

8:50:57 AM

8:52:40 AM
8:52:45 AM
8:52:45 AM

8:53:50 AM
8:55:46 AM

8:56:01 AM
8:56:26 AM
8:56:55 AM

8:57:16 AM
8:57:27 AM
8:57:44 AM

8:58:40 AM

8:59:10 AM
8:59:56 AM

9:00:12 AM
9:00:16 AM
9:00:22 AM

9:01:54 AM
9:01:57 AM

9:02:47 AM

9:04:02 AM
9:04:25 AM

9:05:03 AM
9:05:08 AM
9:05:31 AM

9:06:14 AM
9:06:40 AM
9:06:40 AM

9:08:15 AM

9:09:10 AM
9:09:44 AM
9:09:54 AM

9:10:01 AM
9:10:24 AM

9:12:08 AM
9:12:14 AM
9:12:19 AM
9:12:37 AM
9:12:44 AM
9:12:49 AM
9:12:51 AM

9:13:00 AM
9:13:12 AM
9:13:50 AM

9:14:19 AM
9:14:20 AM
9:14:32 AM

9:15:40 AM
9:15:42 AM
9:15:51 AM
9:15:55 AM

9:16:33 AM
9:16:53 AM

9:17:08 AM
9:17:17 AM

9:18:09 AM
9:18:46 AM
9:18:54 AM

9:19:42 AM
9:19:59 AM

9:20:25 AM
9:20:46 AM

9:21:09 AM
9:21:12 AM
9:21:32 AM
9:21:51 AM
You'll notice where I was attempted to be browsed up to 7 and 8 times over a minute. Even after banning the host. I am obviously not the only host this BOT is attempting to constantly browse. Also this is not the only browse-BOT. So if you can imagine several hundred of these browse-BOTs, it starts to become a semi-DDoS.

LW 4 usually shows each occasion a person is browsed. LW 5 / LPE do not. If the Browse listing is still up in the upload window, it will not repeat itself even if you have been browsed several times over a period of time. Only if you clear it from the Upload window will it re-list itself.

The example above was of a new BOT I found today. I checked my firewall log via console & realised the others I found yesterday had also been attempting to browse at a similar rate. Again, up to 8 times a particular minute. Over a period of time the others with slightly greater occurrences than the new BOT today.

Japan BOTs are notorious for deliberately causing heavy traffic. But from my experience, Taiwan BOT's seem to be designed purely for DDoS purposes. ie: not attempting to connect, browse, or download. Simply pinging the program (the firewall console verifies this, example: Allow LimeWire connecting from 1.*.*.*:51768 to port *****)

My answer for helping to prevent the actual program from being pinged into lagginess & eventual crashing is to block various known ip pingers in the firewall. Particularly the Taiwan DDoS BOTs. MS Windows 7 & higher, and some 3rd party firewalls have the ability to block ip's. MacOSX can only achieve it via using 3rd party apps. Personally I use WaterRoof which adds abilities to the OSX built-in firewall, but this app is slow & tedious to add ip's one by one, especially if there's a large list already there. This app should have ability to add a block of ip's at once like Windows firewall does. (1-2 mins between each addition when a large list already exists. Not a well thought out design.)

So you wonder, why is it these Japanese BOTs are browsing everyone & why once is not enough? And why certain BOTs from other parts of the world browse everyone as soon as they can after you first connect to the network?

Edit: The TechNutopia Fullsize Hostiles List for BearShare and LimeWire-spam-2014-05-11.png connected to my Phex on 11 May 2014. I added this Washington address to the hostiles 16 March 2013, stated reason was DDoS @ LW & BearShare. I noted it again 19 April for same reason.
runt66 likes this.
Reply With Quote
  #78 (permalink)  
Old May 13th, 2014
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default Some BOT samples

Just thought I'd give a few simple examples of BOTs on the network from a couple days ago:

Code:
50.22.64.163:2870
50.22.64.180:2821
50.22.64.181:2992
50.22.64.186:4716
50.22.64.188:4310

50.22.78.249:2220
50.22.78.250:3919
50.22.78.252:2085

50.22.158.131:4236
50.22.158.146:1517
50.22.158.148:3132

50.22.186.2:3050
50.22.186.3:2926
50.22.186.4:4939
50.22.186.7:2670
50.22.186.9:2684
50.22.186.10:4720
50.22.186.11:2417
50.22.186.19:2960
50.22.186.20:3321

50.22.214.66:3259
50.22.214.71:3200
50.22.214.74:3715
50.22.214.75:4567
50.22.214.85:1657
50.22.214.89:3422

50.23.91.87:4602
50.23.91.88:1227

50.23.112.4:2487
50.23.112.15:4777
50.23.112.19:4827
50.23.112.28:1177
50.23.112.29:2420
50.23.112.35:1059
50.23.112.36:4082
50.23.112.43:1792
50.23.112.44:4268

50.97.156.201:2770
50.97.156.202:2710
50.97.156.203:3498
50.97.156.207:1244
50.97.156.208:4052
50.97.156.209:1282
50.97.156.215:3268
50.97.156.218:1518
50.97.156.220:3442
50.97.156.221:3408
50.97.156.222:4252

66.212.143.98
66.212.143.106:65229
66.212.143.107:62997
66.212.143.110:56262
66.212.143.116:57379

75.126.109.2
75.126.109.8:3581
75.126.109.9:4572
75.126.109.13:4370
75.126.109.14
75.126.109.18:4827
75.126.109.19:2269
75.126.109.20:3956
75.126.109.27:1971
75.126.109.28:4166
75.126.109.29:1899
75.126.109.33:4911
75.126.109.34
75.126.109.35:2969

154.45.216.140:59405
154.45.216.147:40807
154.45.216.148:46792
154.45.216.154:60824
154.45.216.155:43358
154.45.216.158:51433
154.45.216.159:36646
154.45.216.161:50887
154.45.216.162:40197
154.45.216.163:40206
154.45.216.163:40862
154.45.216.165:37093
154.45.216.166:34054
154.45.216.167:38168
154.45.216.169:47042
154.45.216.172:53731
154.45.216.176:58789
154.45.216.178:38092
154.45.216.179:47561
154.45.216.181:38580
154.45.216.182:42042
154.45.216.184:60297
154.45.216.186:55441
154.45.216.189:34107
154.45.216.190:43937
154.45.216.199:50241

159.253.131.136:4502
159.253.131.144:2232
159.253.131.149:4243
159.253.131.155:3025
159.253.131.163:1492
159.253.131.181:3654
159.253.131.187:2720
159.253.131.190:4414
159.253.131.192:3714
159.253.131.201:4914
159.253.131.205:1662
159.253.131.213:1963
159.253.131.217:2718
159.253.131.219:3561
159.253.131.225:4799
159.253.131.230:2304
159.253.131.231:3740

159.253.143.250:1328
159.253.143.251:2920

184.173.143.8:1211
184.173.143.9:4048
184.173.143.10:4477
184.173.143.13:1532
184.173.143.15:2324
184.173.143.23:2182
184.173.143.24:2764

184.173.220.179:2191
184.173.220.182:4297

195.50.2.185:46028  Phex 3.2.0.102 (3/2.0 GB) first
195.50.2.185:46028  Phex 3.2.0.102 (1/4.0 MB) 10-15 mins later

195.50.2.185:14799  Phex 3.2.0.102 (5411/2.0 GB) first
195.50.2.185:14799  Phex 3.2.0.102 (21/128 MB) 40 mins later
195.50.2.185:14799  Phex 3.2.0.102 (40931/16 GB) an hour later *

195.50.2.185:29936  Phex 3.2.0.102 (78/512 MB) first
195.50.2.185:29936  Phex 3.2.0.102 (40/1.0 GB) an hour later
195.50.2.185:38940  Phex 3.2.0.102 (245/2.0 GB) first
195.50.2.185:38940  Phex 3.2.0.102 (40/1.0 GB) an hour later
195.50.2.185:50145  Phex 3.2.0.102 (4/512 MB) _ (All Belarus)

204.51.224.224:51099
204.51.224.225:50987
204.51.224.226:55918
204.51.224.227:52179
204.51.224.228:56571
204.51.224.229:64402
204.51.224.233:49724
204.51.224.236:64302
Even for these examples, I'm not pretending this is all of them within those ranges, just the ones detected over a period of about 30 mins (which is how fast the console log pages were refreshing at the time.) But it does give an idea about how they spread themselves. Either using same address with different ports or even the same address & port. Or buying up lots of addresses for their mass purposes. I believe several of these listed above had multiple ports in use but for simplicity I removed the multiples of same ip address.
This example is simply a recent capture of them via the firewall console (with a few exceptions such as the 2007 version Phex ones from March - blood suckers.)
runt66 likes this.
Reply With Quote
  #79 (permalink)  
Old October 11th, 2016
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

This snapshot is from 29 June 2016. It shows a mass of LW 4.14 Download-BOTs in the upload window of Phex. LW 4.14 was my favorite LW 4 version (and then 4.16). But there is some doubt these really are LW 4.14 or modified 4.14 versions. It's been known for about a decade that some BOTs can change program ID on the fly.

Some of the BOTs have same ip address but different port and some are downloading the exact same file. Amazon ip range; generally a professional proxy service to hide and protect the original business's source.
54.187.25.79
54.187.186.48
54.187.240.221
54.187.246.227
54.191.73.20
54.200.31.26
54.200.95.239
54.201.11.100

All Amazon.com ip ranges. Hostname .us-west-2.compute.amazonaws.com

Interestingly just 7 days earlier via a GWC I came across 54.201.11.100:4396 Gnucleus 2.0.9.0 (GnucDNA 1.1.1.4) which is most likely what all of these so-called LW 4.14's are actually using.
Same probably applies to the LW 4.12 Download-BOTs discussed elsewhere.
Attached Thumbnails
The TechNutopia Fullsize Hostiles List for BearShare and LimeWire-lw4.14-download-bots-29-june.png  
runt66 likes this.
Reply With Quote
  #80 (permalink)  
Old August 9th, 2017
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default Download BOTs

I'm one of those rare people that keeps an eye on their uploads (& network as a whole.) Last night whilst using WireShare I was surprised to see my upload window full before noticing the pseudo-name SmilingPig beside many of them and with different identifying addresses.

One alarm bell was that the host was identifying itself as LimeZilla/1.8 (if it really was LimeZilla), but this version is ancient. LimeZilla is up to using version 4 nowadays. Two of the uploads SmilingPig was downloading/queued to download were the same two files; thus 4 upload/queue slots for two files. Surprised it was not sapping the entire upload bandwidth made available to WireShare however.

ISP: NFOrce Entertainment B.V. Netherlands; Netname: Amsterdam_Residential_Television_and_Internet_Netw ork. Services: Network sharing device or proxy server.

IP addresses blocked:
212.92.108.24
212.92.108.34
212.92.108.44
212.92.108.84
212.92.108.224
212.92.111.192
212.92.112.81
212.92.112.101
212.92.112.181
212.92.114.178
212.92.115.67
212.92.117.65
212.92.117.155
212.92.119.143
212.92.121.97
212.92.123.116
212.92.124.91
212.92.124.211
212.92.124.221

Upload window: (WireShare's display of total upload bandwidth had not yet caught up at the moment of this snapshot)
The TechNutopia Fullsize Hostiles List for BearShare and LimeWire-download-bots-2017-08-10.png
After blocking several, more showed up:
The TechNutopia Fullsize Hostiles List for BearShare and LimeWire-download-bots-2017-08-10-b.png

Then another attack a day later with 16 fresh addresses within the same sub-ranges. It also browsed me.
212.92.104.85
212.92.105.147
212.92.108.54
212.92.109.34
212.92.115.77
212.92.115.107
212.92.116.246
212.92.117.75
212.92.118.94
212.92.120.208
212.92.120.218
212.92.121.167
212.92.122.136
212.92.122.206
212.92.123.65
212.92.123.75

If you look carefully among the two lists you will notice the same sub-ranges using the same last number. Example: all those in the 212.92.115.* range use 7 as the last number, all those in the .108.* range using 4 as the last number, etc. Although the .123.* range shows a variance.

Edit 2018-04-29: Discovered this from a GWebCache:
212.92.122.146:50903 (u:23:18:29) 2018-01-04.
212.92.123.162:50903 (u:23:18:05) 2018-01-04.
Host using WireShare or identifies itself as WireShare. Not sure this WireShare host could be trusted.
runt66 likes this.

Last edited by Lord of the Rings; April 28th, 2018 at 07:38 PM. Reason: Added new finding at bottom of post.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


LinkBacks (?)
LinkBack to this Thread: https://www.gnutellaforums.com/bearshare-open-discussion/53973-technutopia-fullsize-hostiles-list-bearshare-limewire.html
Posted By For Type Date
BearShare Pro-5.3.0 (download torrent) - TPB This thread Refback February 22nd, 2016 08:01 PM
BearShare PRO 5.2.6.0 {Full Cracked Installer} (download torrent) - TPB This thread Refback August 11th, 2014 09:48 AM
Site Gnutella Forums | www.gnutellaforums.com | BoardReader This thread Refback May 7th, 2014 03:33 PM
BearShare Pro-5.3.0 (download torrent) - TPB This thread Refback December 18th, 2013 02:15 AM
BearShare PRO 5.2.6.0 {Full Cracked Installer} (download torrent) - TPB This thread Refback November 5th, 2013 01:07 AM
Bearshare pro 5 (download torrent) - TPB This thread Refback August 16th, 2013 02:15 PM
Bearshare pro 5 (download torrent) - TPB This thread Refback August 16th, 2013 02:39 AM
BearShare Pro-5.3.0 (download torrent) - TPB This thread Refback July 14th, 2013 03:01 AM
BearShare Pro-5.3.0 (download torrent) - TPB This thread Refback May 21st, 2013 11:24 AM
BearShare PRO 5.2.6.0 {Full Cracked Installer} (download torrent) - TPB This thread Refback May 4th, 2013 04:05 AM
BearShare PRO 5.2.6.0 {Full Cracked Installer} (download torrent) - TPB This thread Refback March 15th, 2013 10:11 AM
BearShare Pro-5.3.0 (download torrent) - TPB This thread Refback February 24th, 2013 04:36 PM
BearShare Pro-5.3.0 (download torrent) - TPB This thread Refback November 4th, 2012 11:37 PM
BearShare Pro-5.3.0 (download torrent) - TPB This thread Refback October 8th, 2012 08:59 PM
BearShare PRO 5.2.6.0 {Full Cracked Installer} (download torrent) - TPB This thread Refback August 7th, 2012 03:05 AM

Similar Threads
Thread Thread Starter Forum Replies Last Post
The TechNutopia Fullsize Hostiles List for BearShare and LimeWire AaronWalkhouse Tips & Tricks 18 March 20th, 2009 08:45 PM
Hostiles File - I'm Lost ADKR General Windows Support 7 December 25th, 2007 07:03 PM
Is anybody having trouble connecting to www.technutopia.com? AaronWalkhouse Chat - Open Topics - The Lounge 19 August 6th, 2006 05:34 PM
The LimeWire Fullsize Hostiles List. AaronWalkhouse New Feature Requests 1 July 16th, 2005 05:03 PM
hostiles.txt in CVS tree number_man Gtk-Gnutella (Linux/Unix/Mac OSX/Windows) 0 May 22nd, 2004 06:58 AM


All times are GMT -7. The time now is 07:10 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.