Author Topic: Someone is trying to use your client to spam  (Read 5391 times)

0 Members and 1 Guest are viewing this topic.

Offline sphinx_spb

  • Member
  • ***
  • Posts: 47
  • Karma: +10/-3
Someone is trying to use your client to spam
« on: 13 May, 2009, 04:33:38 »
A user of our hub complains about this message:

" [2009-05-12 20:07] Someone (NMDC Hub: dc.ozerki.net:411) is trying to use your client to spam 87.247.109.100:2501, please urge hub owner to fix this"

But obviosly our hub is set up properly. Is this a bug of Apex1.2.0, or a new kind of Ddos?

As said here: http://dcpp.wordpress.com/2007/05/22/denying-distributed-attacks/#comments
attack is possible client-side, is that true?

PtokaX forum

Someone is trying to use your client to spam
« on: 13 May, 2009, 04:33:38 »

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Re: Someone is trying to use your client to spam
« Reply #1 on: 13 May, 2009, 12:05:28 »
DC++ and his mods in default on startup generate for active port from range 1024 - 32000. This stupid detection reporting users who use port 80 or 2501 (thas was in most cases randomly generated on client startup) as attackers. It is "feature" in StrongDC++ and his mods.
That DC++ blog entry is old, they simply don't understand how that attack is done. They think that someone that is OP on hubs use users on that hubs to attack. But attacker don't need to be OP, he can simply connect to many unsecure hubs and sending $ConnectToMe commands to users with ip and port of target. That is why it is client side, because it is not redirect by hub to another hub (target as they thinks on that blog) but requested client->client connection to target.
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Offline monster

  • Junior Member
  • **
  • Posts: 13
  • Karma: +0/-2
Re: Someone is trying to use your client to spam
« Reply #2 on: 19 May, 2009, 18:23:43 »
Hi
How can you stop this happening stop strongdc++ clients comming into your hub?

Offline CrazyGuy

  • Viking
  • ****
  • Posts: 506
  • Karma: +83/-20
    • ?????=-_The NightHawk_-=?????
Re: Someone is trying to use your client to spam
« Reply #3 on: 20 May, 2009, 13:11:07 »
You could block StrongDC++ clients from entering your hub, but an easier way would be to inform people that get that message to change client port to something other than port 80.

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Re: Someone is trying to use your client to spam
« Reply #4 on: 20 May, 2009, 13:55:45 »
but an easier way would be to inform people that get that message to change client port to something other than port 80.
It is not user who get that message who is using port 80 or 2501, it is other user on hub and user who get that message from ip don't know who is that other user who is using port 80 or 2501 ::)
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Offline CrazyGuy

  • Viking
  • ****
  • Posts: 506
  • Karma: +83/-20
    • ?????=-_The NightHawk_-=?????
Re: Someone is trying to use your client to spam
« Reply #5 on: 20 May, 2009, 22:12:21 »
well yes, but this can be discussed with the hubowner.
I have tested this with FlipFlop (I believe it was him  ;)) a while back and I remember it was possible to get enough information through hubsoft to determine who's the cause

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Re: Someone is trying to use your client to spam
« Reply #6 on: 20 May, 2009, 22:25:36 »
Yes it is possible to find who it is, that message contains his IP 8)
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

PtokaX forum

Re: Someone is trying to use your client to spam
« Reply #6 on: 20 May, 2009, 22:25:36 »