Slyck.com
 
Slyck Chatbox - And More

WinMX getting more and more spammed with fake users...

Discussion about the WinMX program/network
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

WinMX getting more and more spammed with fake users...

Postby Deathstryker » Wed Feb 09, 2005 10:30 pm

Has anyone noticed lately that the amount of phony users seems to be increasing. I took like a 4 month break from WinMX for awhile to use Shareaza and then I decided to go back to WinMX for some metal songs because WinMX is great for metal and higher bitrate songs. Well when I connected and searched, the fake user problem was WAY worse than I remember it! There were so many of them that it was practically taking over any legit results. And that made me sad so I just used OpenNap. But have you guys noticed the same?
Deathstryker
 
Posts: 23
Joined: Mon Apr 05, 2004 3:29 am

Postby JaKo30 » Wed Feb 09, 2005 10:35 pm

w OUT a doubt! Just w.in the past few months, some real sketchy sh*t goin on there.
JaKo30
 
Posts: 75
Joined: Tue Jul 20, 2004 10:14 pm

Postby Psycho Ced » Wed Feb 09, 2005 11:38 pm

Who knows? The RIAA? KaZaA refugees? April Fools? Where will they pop up next? :?: Image :?:
User avatar
Psycho Ced
Psycho+
 
Posts: 5892
Joined: Sun Oct 26, 2003 2:52 pm
Location: Relative to where?

Postby Deathstryker » Sat Feb 12, 2005 3:45 am

My money goes on RIAA... Well, not literally, you know what I mean. :lol:

I hope the WinMX guy can find a way to combat this. It would be nice to have some sort of voting system to ban certain IP's and of course not allow them to vote back. I'm sure there's a negative side to that somewhere but I'm too tired to think of one.
Deathstryker
 
Posts: 23
Joined: Mon Apr 05, 2004 3:29 am

Postby nms04 » Sat Feb 12, 2005 4:26 am

there were always many fake users on winmx ... can u block them out with mxmoni or leachhammer?
.
User avatar
nms04
 
Posts: 354
Joined: Thu May 27, 2004 10:37 am
Location: Nowhere

I,m not going to pay twice .

Postby Dazzle » Sat Feb 12, 2005 4:30 am

It has been noticed that the industry stepped up its campaign since early december and has been steadily increasing its flooding activities.
A few folks are working on ideas for counter measures but its not easy at the current time and is going to be made even worse if frontcode go ahead with a truly "network wide" search facility.
Winmx is one of a few decentralised networks where there is no organisation to threaten or use the "we got more money than you" litigation technique and there have never been any sucessful lawsuits directed against its users, so flooding is in fact as bad as its going to get.
I know of at least 3 good ideas in the pipeline but obviously the industry reads here too so keep your ears open folks.
Anyone compiling lists of theses fake sharers I.P addresses should send them to the peer guardian folks who will know exactly what to do with them. Denial of service is an offence in many countries so its your right to filter these criminals.
http://methlabs.org/forums/forumdisplay.php?f=24
Dazzle
 
Posts: 524
Joined: Mon Jul 19, 2004 7:50 pm

Postby sumfuka » Sun Feb 13, 2005 1:17 am

The problem is the WinMX 'secondary' protocol which the fakers can easily use to their advantage. Lose the secondary protocol and this explotation, in its current form, wouldn't exist.

All power to change the situation lies in the hands of the developers.

IP block list software is as good as useless as a means of preventing it (fakes showing in search results) unless you think you can get every primary user in the world to run a block list and keep it constantly updated with the latest IPs.

Deathstryker, my money goes on *any media company* with an interest in reducing the availability of their product on file-sharing networks. 'RIAA', 'MPAA' probably have nothing to do with it. It'll more than likely be the media companies themselves that pay, or even own, other companies tasked to run the fakes systems. Just look at what content is being faked, then at who owns it, then you'll know.
sumfuka
 
Posts: 57
Joined: Tue Jun 15, 2004 12:42 am

Postby _eAgLe_ » Sun Feb 13, 2005 1:22 am

It would be nice to have some sort of voting system to ban certain IP's and of course not allow them to vote back


I dont think that would be a very good idea, the RIIA/MPAA could very eaisly use that system to their advantage.....

Just as a side note which doesnt have much to do with whats going on here, but..... Why doesnt WinMX update there GUI, its to plai for something thats been around for so long :)
User avatar
_eAgLe_
 
Posts: 1190
Joined: Wed Dec 22, 2004 2:06 am

Postby sumfuka » Sun Feb 13, 2005 1:43 am

I don't think a voting system would work at all. When you're looking at fakes in search results, you're looking at legitimate primary users, not the fakers themselves. The fakers just attach themselves to primary users and use them to advertise the fakes.

Something else to note is that the fakers also use domestic ISPs, and have IP addresses that can change dynamically, so you'd risk banning legitimate users in the process.
sumfuka
 
Posts: 57
Joined: Tue Jun 15, 2004 12:42 am

Postby gman » Mon Feb 14, 2005 12:41 am

There is a very low-tech approach to figuring out what's real and what's crap...

Sort your results by user name. If the same user shows up with 3+ versions of the same file, don't waste your time clicking on it; it's as phony as Ashlee Simpson's SNL performance.
gman
 
Posts: 4
Joined: Tue Jul 06, 2004 12:48 am

Postby DepecheNode » Mon Feb 14, 2005 2:32 am

sumfuka wrote:The problem is the WinMX 'secondary' protocol which the fakers can easily use to their advantage. Lose the secondary protocol and this explotation, in its current form, wouldn't exist.


... and in the process, boot everybody who might happen to reside behind a proxy, hardware firewall, router (out of their control), or DHCP.

I guess loosing 75% (my own estimate, yes) of a network is really helpful... :roll:

BTW, my sharing habits are the same as they've been for a long time. Develop the proper habits, and fakes will never be an issue...
User avatar
DepecheNode
 
Posts: 1497
Joined: Tue Jul 22, 2003 5:38 am
Location: On Your Ignore List

Postby sumfuka » Mon Feb 14, 2005 6:42 am

DepecheNode wrote:... and in the process, boot everybody who might happen to reside behind a proxy, hardware firewall, router (out of their control), or DHCP.

I guess loosing 75% (my own estimate, yes) of a network is really helpful... :roll:


That's a very short-sighted way to look at it. Do you suppose it's impossible to create a network based on a different topology that doesn't have 'secondary' users as such uploading their shared files lists to 'primaries'?

DepecheNode wrote:BTW, my sharing habits are the same as they've been for a long time. Develop the proper habits, and fakes will never be an issue...


Err, did you miss the boat or something? The issue relates to media companies purposefully introducing fake search results into the network by using legitimate primary user's connections, not how well users maintain their shared files, ...
sumfuka
 
Posts: 57
Joined: Tue Jun 15, 2004 12:42 am

Postby soma » Mon Feb 14, 2005 6:50 am

Deathstryker:
I hope the WinMX guy can find a way to combat this. It would be nice to have some sort of voting system to ban certain IP's and of course not allow them to vote back. I'm sure there's a negative side to that somewhere but I'm too tired to think of one.


And what would stop the RIAA from registering a number of 'users' themselves, and simply using bots to vote against any IP not in a database (ie any non-riaa ip)?
soma
 

Postby DepecheNode » Mon Feb 14, 2005 2:05 pm

sumfuka wrote:Do you suppose it's impossible to create a network based on a different topology that doesn't have 'secondary' users as such uploading their shared files lists to 'primaries'?

No, I don't think it's impossible. But this should be done from the start, with a new network. Doing this to the existing WinMX peer network at this point would damage the userbase beyond mend. Many times I have shared a rare file from a secondary user with a high ping as the only source.

If a way can be devised for 'secondary-type' users to access the network without disruptions, I'm all for it.

sumfuka wrote:Err, did you miss the boat or something? The issue relates to media companies purposefully introducing fake search results into the network by using legitimate primary user's connections, not how well users maintain their shared files...

Nah... I get the point. But the line's being blurred between qualitative and quantitative factors of the client.

For quantitative factors, yes, you would probably have better results for primary users if you removed the secondary protocol altogether, but doing so would decrease the quality of the network as a whole.

Whether or not you have 10 or 1000 bogus users sharing 'x' amout of files, the same holds true. Use the network in a smart, attentive fashion, and it's irrelevant how many fake files there are. I find that the user most upset with fake files are users who download egregiously, and then at some point in the future when they get around to actually accessing the file, find that it's fake.

Hey, nothing's free... there's always a price, even if the price is wasted time and bandwidth. And, I find it ironic that users who are infringing copyright illegally are complaining about somebody 'stealing' their bandwidth in an effort to countermine the infringment. A little like the "pot calling the kettle black", isn't it?

I think if a person is a 'legitimate' user of the WinMX peer network and DOESN'T expect bandwidth waste is deluding themselves.
User avatar
DepecheNode
 
Posts: 1497
Joined: Tue Jul 22, 2003 5:38 am
Location: On Your Ignore List

Postby sumfuka » Wed Feb 16, 2005 12:56 am

DepecheNode wrote:No, I don't think it's impossible. But this should be done from the start, with a new network. Doing this to the existing WinMX peer network at this point would damage the userbase beyond mend. Many times I have shared a rare file from a secondary user with a high ping as the only source.

If a way can be devised for 'secondary-type' users to access the network without disruptions, I'm all for it.


I agree with you there. I don't think it'd be a wise move to eliminate the secondary protocol as it is now with the current network, for the reasons you specify, but, I believe that this need not be the case necessarily with future clients if they've been appropriately designed to create an alternative network topology that doesn't have the same 'primary-secondary' relationship as at present.

DepecheNode wrote:Whether or not you have 10 or 1000 bogus users sharing 'x' amout of files, the same holds true. Use the network in a smart, attentive fashion, and it's irrelevant how many fake files there are. I find that the user most upset with fake files are users who download egregiously, and then at some point in the future when they get around to actually accessing the file, find that it's fake.

Hey, nothing's free... there's always a price, even if the price is wasted time and bandwidth. And, I find it ironic that users who are infringing copyright illegally are complaining about somebody 'stealing' their bandwidth in an effort to countermine the infringment. A little like the "pot calling the kettle black", isn't it?

I think if a person is a 'legitimate' user of the WinMX peer network and DOESN'T expect bandwidth waste is deluding themselves.


Well, I agree with you about the users complaining part, but, my opinion on the matter regarding the sheer mass of fakes the network is seeing revolves largely around the negative effects those fakers are having on the workings of the network itself, not, as such, anything to do with whether user X can obtain file Y for free.

I won't go into details here.

I think the difference here is that we're both looking at the issue from different angles. I think you look at the problem of one being whether a user can download the latest hot media, or not, and whether that has any effect on other users of the network who might not necessarily be into doing the same.

My angle, on the otherhand, is based upon the negative effects the fakers are having on the general underlying operation of the network itself; the effect it's having on both primary & secondary users. I believe the problem is a fairly fundamental one due to the design of the current protocol, in that, to cure it, as things stand now, may require significant re-design in order to effectively eliminate the problems.

Are there significant underlying problems? To me, there are, but I'm not about to go into the details here so will leave it up to y'all to form your own conclusions. ;)
sumfuka
 
Posts: 57
Joined: Tue Jun 15, 2004 12:42 am

Postby notbob » Wed Feb 16, 2005 1:20 am

lets say you are a media conglomerate trying to poison winmx--easiest way? set up primaries on very fast servers, preferably spread out all over

since most winmx users refuse to be primaries, with a modified client you could kill searches, give false results, and make it so that people only got your poisoned files

people worried about secondaries are barking up the wrong tree. primaries are the backbone of the system, break/compromise them, you have no network
notbob
 
Posts: 1174
Joined: Mon Nov 10, 2003 8:27 pm

Postby Mel_Smiley_VIP » Wed Feb 16, 2005 1:55 am

He may be blunt but hes got a point.
You see us as you want to see us...
In the simplest terms, in the most
convenient definitions.
User avatar
Mel_Smiley_VIP
 
Posts: 1141
Joined: Sun Mar 14, 2004 12:36 am
Location: Dream Country

Postby sumfuka » Wed Feb 16, 2005 8:23 pm

notbob wrote:lets say you are a media conglomerate trying to poison winmx--easiest way? set up primaries on very fast servers, preferably spread out all over

since most winmx users refuse to be primaries, with a modified client you could kill searches, give false results, and make it so that people only got your poisoned files


That sounds like an unnecessarily costly way of doing things. For the media companies to have any great deal of success they would need to operate a vast number of primaries. Do you really think doing this would be practical? Just how many primaries would they need to operate in order to hamper network data enough to actually have a beneficial effect?

They have, in my opinion, a much better system running now. You're free to refute any of the following, but, this is as I believe them to operate at present: They have custom 'secondary' type clients operating that do not connect out into only a single primary user, as the legitimate WinMX client would, but instead connect out into hundreds, even thousands, of primary users everywhere as soon as they become available (have slots free for hosting secondary clients). Once they have negotiated connection to a new primary user their client simply uploads a list of the 'files' they're sharing to that primary, fakes in this instance, which the primaries happily store on-board to provide as search results whenever a user of the WPN searches for specific, highly faked, keywords/strings.

This is a nice, effective, little system they have going. They only require very limited resources in order to do this as the secondary protocol is very efficient in comparisson to operating primary type connections. This allows them to easily connect out into many thousands of primary users on the network, if not as good as ALL primary users. The primaries simply act as slaves to the secondaries and there's nothing a user can do other than to become aware of the IP addresses of the media company clients involved in order to block them locally. All that does, though, is prevent that particular primary from accepting media companies incoming connection attempts to host them.

At this point the media companies have a huge stranglehold on the network. Great coverage, lot's of power to disseminate their fake search results/files, and all at minimal cost.

They have no need, or want, I imagine, to 'poison' the network; to 'kill searches'. They're already set up nicely to do the very thing they want to do.

All of this is fair enough. I understand their position to want to do this, but, none of this touches on any negative consequences to having ten's of thousands of primaries with media company funded secondary clients attached, each sharing thousands of fakes. Run a primary connection and I suspect there'll be a high chance that within a short period of time you'll be a host to, at a minimum, at least one of these clients. Chances are, though, in reality, you'll end up with multiples of them attached to you - using up primary secondary user slots - and you'll be completely unaware of your participation in their operation.

notbob wrote:people worried about secondaries are barking up the wrong tree. primaries are the backbone of the system, break/compromise them, you have no network


I'm not 'worried' about secondaries at all, but, they are the cause of the problem. They are the reason the media companies can do what they're doing. As for primaries, sure, they're the 'backbone of the system', but what effect do you suppose the media companies secondaries, along with their massive weight of fake results and secondary slot usage, are having on the network? It's most certainly having a significant detrimental effect for at least some users, myself for one, at a superficial level, as operating a stable primary just isn't possible due to 'denial of service' type effects ocurring when attached secondary users initiate searches containing strings that are extremely popular throughout the network (that is, an inability to cope with the mass of results returned back from the WPN (primaries) due to levels of incoming UDP traffic large enough to bring some (at least) hardware/software/connection to its knees).

The effect this has on attached secondary users, and on the primary connection itself, is damaging. During these 'denial of service' moments that happen all-too frequently as users search for highly-faked files, 'P=' (primary links) are dropped by the client; communications between primary-secondaries are lost; secondary queue polling status fails to update causing timeouts; secondary search attempts fail; some active file transfers fail; some secondaries will lose primary link for minutes before their client realises - due to failed polling - before attempting to source a new primary link, ...and the list goes on.

It's probable that this doesn't effect every primary user on the network, so long as their hardware/software/connection is able to cope with this load, but, it certainly affects, at a minimum, some users. This is having a bad effect on the 'backbone of the system' as you put it. How big of a problem this might be is hard to say unless more primary users, who recognise the symptoms, speak up.

So, if you do recognise the above as being a problem (and not by any means the only problems), and still believe that anyone stating secondaries as being fundamental to the problem are 'barking up the wrong tree', then please, let us hear what you believe the issues are, and what needs to be done to cure them.

Feel free to refute anything I've said, but, this is as I believe the situation to be at present with regards the current WinMX peer network.
sumfuka
 
Posts: 57
Joined: Tue Jun 15, 2004 12:42 am

Postby Dazzle » Wed Feb 16, 2005 11:14 pm

We can beat our keyboards all day like this but the simple matter is this, actions speak louder than words. Like so...
http://www.vladd44.com/phpbb2/viewtopic.php?t=4092

http://www.vladd44.com/phpbb2/viewtopic.php?t=4140

I trust you can see that the ideas dept is making headway and will soon be arriving at a viable technical response.
The second is a great peice of "in your face" for theses people.
At the moment for those getting badly flooded on WinMx instructions are being posted for linking to Open Nap to ride out the storm.
With this and the Peer Guardian campaign, I think we are well on our way to causing them some sort of disruption, as well as bolstering moral.
Expect more news on any developements, and if you have any of the skills or talents required, make your way over to Vladds forum where you will be warmly welcomed (This is not an advertisement as I help at another forum myself too, this is just a cry for help from someone who wants to see WinMx survive this flooding episode,thank you all in advance, and spread the word. :)
Dazzle
 
Posts: 524
Joined: Mon Jul 19, 2004 7:50 pm

Postby sumfuka » Wed Feb 16, 2005 11:42 pm

Dazzle, thanks for the links.

I can assure you my typing up a few words here is little more than the tip of an iceberg, as such, regarding this issue, in order to try an address some of the points that people are bringing up in the hope of informing people as to what is really going on.

I could give you, probably, close to all IP addresses involved in the fake files operations, but, I really don't believe that attempting to pursuade end-users to block these will be fruitful at all, in the long run. PeerGuardian/Protowall, are 'something', but are unlikely to have much of an impact at all against the fakers due to their probable usage being 'rare', and function being limited to only really having the potential to block the media companies from utilising the primary connection of the single, primary, user that operates these applications.

They're also reliant on an accurate blocklist which must be kept upto date in order to be effective. Sure, there are quite a number of 'bigtime' static IP ranges that can be blocked easily, which will lessen the propogation of their fakes, but, there are also a fair number of dynamic addresses being used that are not so easy to block. These dynamic addresses can, and do, change at will. To keep on top of these you'd be required to have people setup to monitor what IPs the fakes are coming from (not difficult), but, also be required to ensure that as good as all primary operators on the entire WPN frequently update their blocklists in order to keep current.

If PeerGuardian/Protowall ever became so popular as to actually have a significant effect on the fakers, of which many operate on easily-blocked static IP addresses, then the companies involved in these operations need only shift over those areas to broad, dynamic, addressing as the non-static types currently are. These, current, dynamic IP fakers appear to use, in most instances, your average mainstream domestic ISP connections, like PacBell, Covad, Singnet, DSL.net, Blueyonder, etc, so are probably going to be difficult, even as it stands now, to block effectively without potentially causing significant collateral damage by doing so.

It's just not a practical solution by any means as far as I'm concerned. There are much more effective possibilities, though, I believe these lie only in the hands of the developers themselves.

It's not nice to hear the 'truth' sometimes, but that, and all I've wrote above, is as honest an opinion of the reality of the situation as I believe it to be.
sumfuka
 
Posts: 57
Joined: Tue Jun 15, 2004 12:42 am

Postby Dazzle » Thu Feb 17, 2005 7:11 am

Sum,on it own I agree it has limited effect but combined with the hash plugin with auto database lookup that is currently being worked on it will remove the threat of fakes for many people.
We are all responsible for doing our bit and informing the people of any measures at our disposal, and I really believe that if we dont use the multi pronged defenses that we have available then we might as well give up. Its very important to get popular support for any action taken as this magnifies the efficiency of the response.
I know its a long thread but please re read it as I,m sure that the 4 ideas put forward are ones that maybe you can add to, or provide some helpful feedback on.
We either operate en mass or we lose, to this end once the plugin is ready,its going to be heavily publicised on many international forums as well as the english speaking nations, also all the rooms will be asked to promote all the simple ideas set out in those threads , lets not lose by apathy folks.

Update
Ok for those who can, could you please spread the word or link to these instructions. Feel free to steal them and post on your forum site or anwhere where they will be noticed. Also if you wish to add something, we are waiting to hear from you, to add to our practical tips.
http://www.vladd44.com/phpbb2/viewtopic.php?t=4153

Thanking you all in advance 8)
Dazzle
 
Posts: 524
Joined: Mon Jul 19, 2004 7:50 pm

Postby -KM- » Sat Feb 19, 2005 8:18 am

in response to the people saying to just drop secondary connections:

1. a lot of the users are 56k
2. not many people can spare the bandwidth
3. you'd end up with a network that would have very poor search results (even compared to the current level)
4. you'd end up with very low limits on the number of users the network could handle before it started to suffer

http://www.grouter.net/gnutella/search.htm has a well written technical document on the issues of the 2 types of network (although its not the easiest document to follow)

basically, a small network is fine without a primary/secondary type network (or "superpeer architecture") however a large one needs to use a superpeer architecture to be effective

although that document does also support another of my points i've made a few times about the network having too many primary users and not enough secondary users - something that with any luck will be improved when(/if) the promised new network appears

all we can really do is wait and see what frontcode do
-KM-
 
Posts: 61
Joined: Tue Mar 30, 2004 5:15 am

fake files

Postby silversurfer » Sun Mar 20, 2005 12:11 am

try here for a patch to stop fake files
http://winmx-help.no-ip.org
User avatar
silversurfer
 
Posts: 50
Joined: Tue Nov 23, 2004 11:40 am

fake files

Postby silversurfer » Sun Mar 20, 2005 12:12 am

try here for a patch to stop fake files
http://winmx-help.no-ip.org
User avatar
silversurfer
 
Posts: 50
Joined: Tue Nov 23, 2004 11:40 am

Postby raar » Fri Apr 08, 2005 5:04 am

Thanks for that, Silversurfer!
User avatar
raar
 
Posts: 442
Joined: Wed Feb 26, 2003 3:24 am


Return to WinMX

Who is online

Users browsing this forum: No registered users and 2 guests

© 2001-2008 Slyck.com