Thread: Playing with the rules
View Single Post
  #2 (permalink)  
Old August 9th, 2006
Hyper-kun Hyper-kun is offline
flame-retardant
  
Join Date: November 22nd, 2005
Posts: 196
Hyper-kun is a great assister to others; your light through the dark tunnel
Default
"Another one hides all files smaller than 0byte, because I got spam with files having sizes below 0."

That must be a bug in Phex. Search results use a fixed 32-bit field to indicate a file's size. This should be considered an unsigned integer, not signed. Simply because the latter makes little sense. If it's exactly -1 (0xffffffff) there's probably a GGEP LF block which is used for files as larger or larger than 4 GiB. This is recommend for files as large or larger than 2 GiB because as Phex shows the interpretation of values beyond that (0x7fffffff) might differ. Anyway, I doubt that was spam but it could be of course. At least I've never seen such spam thus far.

"I sometimes activate a filter, which just bans hosts that serve known spam"

Sorry but this is definitely stupid. It's not only ineffective you also perform a DoS attack and a Joe job against yourself. I see quite a lot of requests for files I never had. When I check the SHA-1 checksums that's almost always efreeclub spam. This means you would have banned me for nothing. Trust me this far, I'm no spammer nor did I ever download or upload those files. In fact, from the host in question there was never downloaded anything and no the IP address is not dynamic. And no the configured port is not a standard port. These spammers do really pass addresses of random victims in search results, they are not really random though, the addresses point to running peers at least most of the time. The only other explanation would be a download mesh bug in some client, most-likely LimeWire considering the frequency but I doubt that. You should only ban hosts that really upload the file and even then you shouldn't really ban all of those. You know how partial file-sharing works, don't you? However, if you do check the IP addresses with whois and/or just keep looking at the uploaders you'll see - at least in some cases - who are really spammers.

You might want to check Gtk-Gnutella's list of hostiles:
https://svn.sourceforge.net/viewvc/*...s/hostiles.txt

Even if you don't plan to copy it, you should give it a try. For example, you can use it in Ultrapeer mode, look at the passive search results and mark those listed as hostile. I don't know whether Phex can do that out of the box but you should see that's pretty effective and causes few to no false-positives. This is certainly far from being perfect but much better than banning random hosts without knowing what you're doing.

Gtk-Gnutella has also a file blacklist (spam.txt). I'm not giving the URL here since the file is already huge (over 5 MB, listing 42464 items). This file should be obtained and updated through Subversion to keep the traffic to a minimum.
Reply With Quote