PtokaX forum

PtokaX => Support => Topic started by: sphinx_spb on 13 May, 2009, 04:33:38

Title: Someone is trying to use your client to spam
Post by: sphinx_spb on 13 May, 2009, 04:33:38
A user of our hub complains about this message:

" [2009-05-12 20:07] Someone (NMDC Hub: dc.ozerki.net:411) is trying to use your client to spam 87.247.109.100:2501, please urge hub owner to fix this"

But obviosly our hub is set up properly. Is this a bug of Apex1.2.0, or a new kind of Ddos?

As said here: http://dcpp.wordpress.com/2007/05/22/denying-distributed-attacks/#comments
attack is possible client-side, is that true?
Title: Re: Someone is trying to use your client to spam
Post by: PPK on 13 May, 2009, 12:05:28
DC++ and his mods in default on startup generate for active port from range 1024 - 32000. This stupid detection reporting users who use port 80 or 2501 (thas was in most cases randomly generated on client startup) as attackers. It is "feature" in StrongDC++ and his mods.
That DC++ blog entry is old, they simply don't understand how that attack is done. They think that someone that is OP on hubs use users on that hubs to attack. But attacker don't need to be OP, he can simply connect to many unsecure hubs and sending $ConnectToMe commands to users with ip and port of target. That is why it is client side, because it is not redirect by hub to another hub (target as they thinks on that blog) but requested client->client connection to target.
Title: Re: Someone is trying to use your client to spam
Post by: monster on 19 May, 2009, 18:23:43
Hi
How can you stop this happening stop strongdc++ clients comming into your hub?
Title: Re: Someone is trying to use your client to spam
Post by: CrazyGuy on 20 May, 2009, 13:11:07
You could block StrongDC++ clients from entering your hub, but an easier way would be to inform people that get that message to change client port to something other than port 80.
Title: Re: Someone is trying to use your client to spam
Post by: PPK on 20 May, 2009, 13:55:45
Quote from: CrazyGuy on 20 May, 2009, 13:11:07
but an easier way would be to inform people that get that message to change client port to something other than port 80.
It is not user who get that message who is using port 80 or 2501, it is other user on hub and user who get that message from ip don't know who is that other user who is using port 80 or 2501 ::)
Title: Re: Someone is trying to use your client to spam
Post by: CrazyGuy on 20 May, 2009, 22:12:21
well yes, but this can be discussed with the hubowner.
I have tested this with FlipFlop (I believe it was him  ;)) a while back and I remember it was possible to get enough information through hubsoft to determine who's the cause
Title: Re: Someone is trying to use your client to spam
Post by: PPK on 20 May, 2009, 22:25:36
Yes it is possible to find who it is, that message contains his IP 8)