Official eMule-Board: Chinese P2Psearcher Thing - Official eMule-Board

Jump to content


  • (2 Pages)
  • +
  • 1
  • 2

Chinese P2Psearcher Thing fake clients pollute ed2k servers and kad

#1 User is offline   kerjersma 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 21-November 11

Posted 21 November 2011 - 07:42 AM

Hi everyone, some chinese developed ed2k/kad search tools, they called them "p2psearcher" or other names, more and more chinese use them now.

for example: Made a eDonkey p2p Resource Finder p2psearcher

I'm worried about it, they could pollute ed2k servers and kad, make ed2k servers or kad full of fake clients.

What do you think about it? How could I block these fake emule or amule?
0

#2 User is offline   Some Support 

  • Last eMule
  • PipPipPipPipPipPipPip
  • Group: Yes
  • Posts: 3667
  • Joined: 27-June 03

Posted 21 November 2011 - 09:03 AM

Given that is is supposed to search, it seems unlikely that it will pollute something. It probably doesn't works as fully functional node, but as long as there are not too many of those Kad can handle that.

#3 User is offline   kerjersma 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 21-November 11

Posted 05 December 2011 - 08:59 AM

Thank you. But what about this one, p2psearcher.
(It seems to be a tool by Thunder(a popular leeching client without search function from china, disguise itself as an emule 0.48a mod), or maybe not.)

Don't they harm ed2k servers? They donot share anything but do searching and wasting ed2k severs' resource. I found more search/bot tools like this, but this one is the most popular I think.

And I think there was an anomaly increasing of ed2k users in china during 2010-2011, I doubt how many real clients(emule, amule, mldonkey or any other) are there, maybe ed2k users increased(most from china) but I found my emule's ed2k searching return less results than past or even no result, that's why I'm not convinced there was no influence by these tools/bots.
0

#4 User is offline   Ejack79 

  • Splendid Member
  • PipPipPipPip
  • Group: Members
  • Posts: 155
  • Joined: 25-August 09

Posted 05 December 2011 - 11:57 PM

View PostSome Support, on 21 November 2011 - 05:03 PM, said:

Given that is is supposed to search, it seems unlikely that it will pollute something. It probably doesn't works as fully functional node, but as long as there are not too many of those Kad can handle that.


'not too many'

In fact such nodes increase rapidly. Although most of such nodes focus on Chinese keywords, they could fill up the nodes table and decrease efficiency of kademlia.
In my opinion, this is a much more problem than leechers...

This post has been edited by Ejack79: 05 December 2011 - 11:58 PM

0

#5 User is offline   Nissenice 

  • clippetty-clopping...
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4231
  • Joined: 05-January 06

Posted 06 December 2011 - 01:25 AM

View PostEjack79, on 06 December 2011 - 12:57 AM, said:

In fact such nodes increase rapidly. Although most of such nodes focus on Chinese keywords, they could fill up the nodes table and decrease efficiency of kademlia.
In my opinion, this is a much more problem than leechers...

Question is if they actually are behaving like real contacts and tries to add themselves to other nodes routing tables? In other words are they sending hello requests and hello responses?

This is not necessary for it to work as this searcher-client only needs to know about nodes that are alive in the Kad network and then those could be asked for nodes closer and closer to the searched ID and finally send the search requests to the nodes found to be close enough.





View Postkerjersma, on 05 December 2011 - 09:59 AM, said:

And I think there was an anomaly increasing of ed2k users in china during 2010-2011, I doubt how many real clients(emule, amule, mldonkey or any other) are there, maybe ed2k users increased(most from china) but I found my emule's ed2k searching return less results than past or even no result, that's why I'm not convinced there was no influence by these tools/bots.

Well, I think most Chinese users in China are using other clients than those based on eMule/aMule. And I suspect that the majority of these clients are behaving unfair in the sense that they are publishing files and sources in a way so that they are unvisible to the ed2k and Kad network. Thus, they are only visible to their own communities. Well, unless they have something to gain from it. :-k

Another reason is that those clients, afaik, are filtered. There are restrictions on what is allowed to be searched for and probably what is allowed to be published and indexed.

And a third reason might be that there are attempts from Chinese directions to filter Kad network as well. Posted Image See here: http://forum.emule-p...howtopic=151610

This post has been edited by Nissenice: 06 December 2011 - 02:15 AM

0

#6 User is offline   Nissenice 

  • clippetty-clopping...
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4231
  • Joined: 05-January 06

Posted 07 December 2011 - 07:04 PM

To add:


I haven't seen any dramatic changes in the number of search requests during the last month, but that may depends on what KadID the client has.

What I do have recognized during the last month is an increased number of 'Kad packet too short' messages in the verbose log. I don't think it's because of me, but who knows. The reason for my uncertainty is that I I've made quite a few changes to my own mule, because I'm doing some tracking/research about deviant Kad peer behavior and deviant subnets, and I am, :angelnot: ,especially interested in Chinese peers and subnets. I can't see any reason that any changes I've made would cause this 'Kad packet too short' statement in the verbose log, though.



...
2011-12-06 09:16:12: Client UDP socket: prot=0xe4  opcode=0xa7  sizeaftercrypt=1 realsize=1  Kad packet too short: 123.185.20.xx:23430
2011-12-06 09:16:33: Client UDP socket: prot=0xe4  opcode=0x10  sizeaftercrypt=1 realsize=1  Kad packet too short: 124.230.82.xx:16052
2011-12-06 09:31:18: Client UDP socket: prot=0xe4  opcode=0x21  sizeaftercrypt=1 realsize=1  Kad packet too short: 58.192.53.xx:22347
2011-12-06 09:36:04: Client UDP socket: prot=0xe4  opcode=0xc6  sizeaftercrypt=1 realsize=1  Kad packet too short: 222.33.38.xx:29634
2011-12-06 09:40:06: Client UDP socket: prot=0xe4  opcode=0x73  sizeaftercrypt=1 realsize=1  Kad packet too short: 163.204.110.xx:3688
2011-12-06 09:40:26: Client UDP socket: prot=0xe4  opcode=0xfa  sizeaftercrypt=1 realsize=1  Kad packet too short: 222.35.191.xx:17107
2011-12-06 09:42:10: Client UDP socket: prot=0xe4  opcode=0x5e  sizeaftercrypt=1 realsize=1  Kad packet too short: 112.194.228.xx:21448
2011-12-06 09:42:49: Client UDP socket: prot=0xe4  opcode=0x83  sizeaftercrypt=1 realsize=1  Kad packet too short: 220.166.62.xx:23458
2011-12-06 09:42:55: Client UDP socket: prot=0xe4  opcode=0x82  sizeaftercrypt=1 realsize=1  Kad packet too short: 218.200.128.xx:8125
2011-12-06 09:50:58: Client UDP socket: prot=0xe4  opcode=0xb5  sizeaftercrypt=1 realsize=1  Kad packet too short: 222.33.38.xx:29634
2011-12-06 09:52:23: Client UDP socket: prot=0xe4  opcode=0xb9  sizeaftercrypt=1 realsize=1  Kad packet too short: 120.192.229.xx:11428	
2011-12-06 10:00:56: Client UDP socket: prot=0xe4  opcode=0x0f  sizeaftercrypt=1 realsize=1  Kad packet too short: 93.32.63.xx:22959	Italy!
2011-12-06 10:02:52: Client UDP socket: prot=0xe4  opcode=0xb0  sizeaftercrypt=1 realsize=1  Kad packet too short: 112.194.228.xx:21448
...

One IP from Italy and the rest from China. This doesn't need to be related to this p2p searcher. It can also be related to another client.

This post has been edited by Nissenice: 07 December 2011 - 07:07 PM

0

#7 User is offline   fox88 

  • Golden eMule
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4974
  • Joined: 13-May 07

Posted 08 December 2011 - 06:59 AM

View PostNissenice, on 07 December 2011 - 10:04 PM, said:

The reason for my uncertainty is that I I've made quite a few changes to my own mule

To compare behaviour you could try to run official eMule for a while with exactly the same configuration or as a second instance (with similar configuration, but different IDs, of course).
0

#8 User is offline   Nissenice 

  • clippetty-clopping...
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4231
  • Joined: 05-January 06

Posted 08 December 2011 - 06:35 PM

View Postfox88, on 08 December 2011 - 07:59 AM, said:

To compare behaviour you could try to run official eMule for a while with exactly the same configuration or as a second instance (with similar configuration, but different IDs, of course).

Hehe, I know, I was hoping I could avoid just that. Anyway, now it has been done. Tested with regular mule, and to my relief it doesn't seem to have anything to do with my programming skills. It's about the same number of 'Kad packet too short' messages.
I also checked backwards in logs from clients with at least 4 different KadID's and I can see traces of these messages as far back as in July. At the end of october (27th, 28th) there was an escalation and since then, without digging too deep in it, there has been an increasing number of such statements. I assume this mean there was an update of something near the end of october and now an increasing number of people is using it.
One way to try to find out what 'something' is, is to start tracking the IP's sending these packets and log all the requests they are sending. And then by looking at e.g. the search requests there is a possibility to make a judgement if this is related to a searching tool or, erm, a downloading tool. If it is interesting.

This post has been edited by Nissenice: 08 December 2011 - 06:47 PM

0

#9 User is offline   Enig123 

  • Golden eMule
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 553
  • Joined: 22-November 04

Posted 09 December 2011 - 04:20 AM

I just noticed that there's some in my logs too. All ips are from China. Looks like a bad mod.
0

#10 User is offline   Nissenice 

  • clippetty-clopping...
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4231
  • Joined: 05-January 06

Posted 09 December 2011 - 09:20 PM

View PostEnig123, on 09 December 2011 - 05:20 AM, said:

I just noticed that there's some in my logs too. All ips are from China. Looks like a bad mod.

Yes, I think so too.
I found that a few of these had been logged when I was logging all Kad activity in 123.xx.xx.xx/8. One of these searched sources for the same file, once every 15 minutes. Same IP and port was also sending hello requests.

This post has been edited by Nissenice: 09 December 2011 - 09:34 PM

0

#11 User is offline   Ejack79 

  • Splendid Member
  • PipPipPipPip
  • Group: Members
  • Posts: 155
  • Joined: 25-August 09

Posted 16 December 2011 - 12:17 AM

P2PSearcher, official website:
http://www.p2psearcher.info/

No English pages presently...

There is a bulletin about condemnation:
'This software could SEARCH ONLY. You can download from resulting links with DianLv or Xunlei. We will not comment on this, but we hope you download with eMule(other than Xunlei), so that resources could gather and downloading speed could boost.'
http://www.p2psearch...dongtai/60.html
0

#12 User is offline   Nissenice 

  • clippetty-clopping...
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4231
  • Joined: 05-January 06

Posted 16 December 2011 - 09:42 AM

View PostEjack79, on 16 December 2011 - 01:17 AM, said:

There is a bulletin about condemnation:
'This software could SEARCH ONLY. You can download from resulting links with DianLv or Xunlei. We will not comment on this, but we hope you download with eMule(other than Xunlei), so that resources could gather and downloading speed could boost.'
http://www.p2psearch...dongtai/60.html

Well, that's better than nothing, if I got it right. Maybe this suggests a little that people behind the tool is independent of the castrated clients that can't search Kad?

Question is why anyone using eMule should need to use it. What does the tool do which eMule do not?




By the way, I said above that

View PostNissenice, on 07 December 2011 - 08:04 PM, said:

I haven't seen any dramatic changes in the number of search requests during the last month, but that may depends on what KadID the client has.

Well, that wasn't so strange, because when I tried to search for information about these tools I found information on that one was released in ~ mars 2010 and another tool in ~ july 2010. So they are not as new as I thought.

This post has been edited by Nissenice: 16 December 2011 - 09:59 AM

0

#13 User is offline   inmemory 

  • Member
  • PipPip
  • Group: Members
  • Posts: 25
  • Joined: 30-July 09

Posted 17 December 2011 - 02:33 AM

View PostEjack79, on 16 December 2011 - 08:17 AM, said:

P2PSearcher, official website:
http://www.p2psearcher.info/

No English pages presently...

There is a bulletin about condemnation:
'This software could SEARCH ONLY. You can download from resulting links with DianLv or Xunlei. We will not comment on this, but we hope you download with eMule(other than Xunlei), so that resources could gather and downloading speed could boost.'
http://www.p2psearch...dongtai/60.html


But you forgot this recently link that suggest chinese people use Xunlei to leeching: http://www.p2psearch...o/wenti/62.html



View PostNissenice, on 16 December 2011 - 05:42 PM, said:

Question is why anyone using eMule should need to use it. What does the tool do which eMule do not?

This tool fools chinese people who had been already fooled by verycd and Xunlei, they didn't know anything about emule, but just thought what they used is "emule"(verycd made a phishing site emule.org.cn and cheat all chinese they are "official emule") which do not have any search function, if chinese want to find a search way, that's their chance to know real official emule, so the second swindler appears, made this tool provide search function and prevent chinese to know real emule. The most important thing what I found is: this tool has censorship function. Now you know why they did this, they thought eMule as an enemy that can be break the "information-greatwall" what prevent chinese people exchange files and get infomations freedly. You can call this misinformation warfare.

This post has been edited by inmemory: 17 December 2011 - 02:40 AM

0

#14 User is offline   Nissenice 

  • clippetty-clopping...
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4231
  • Joined: 05-January 06

Posted 18 December 2011 - 12:55 AM

View Postinmemory, on 17 December 2011 - 03:33 AM, said:

View PostNissenice, on 16 December 2011 - 05:42 PM, said:

Question is why anyone using eMule should need to use it. What does the tool do which eMule do not?

This tool fools chinese people who had been already fooled by verycd and Xunlei, they didn't know anything about emule, but just thought what they used is "emule"(verycd made a phishing site emule.org.cn and cheat all chinese they are "official emule") which do not have any search function, if chinese want to find a search way, that's their chance to know real official emule, so the second swindler appears, made this tool provide search function and prevent chinese to know real emule. The most important thing what I found is: this tool has censorship function. Now you know why they did this, they thought eMule as an enemy that can be break the "information-greatwall" what prevent chinese people exchange files and get infomations freedly. You can call this misinformation warfare.

What I had in mind with my question was why should anyone using eMule use this searching tool? What can it offer to an eMule user that eMule cannot? No doubt it can offer something to a user who uses a client which can't search Kad for instance. So, in my opinion this so called condemnation sounds a bit hollow to me. Even if it's slightly better than if the person(s) behind the tool hadn't mentioned eMule at all.
0

#15 User is offline   inmemory 

  • Member
  • PipPip
  • Group: Members
  • Posts: 25
  • Joined: 30-July 09

Posted 18 December 2011 - 04:01 AM

View PostNissenice, on 18 December 2011 - 08:55 AM, said:

What I had in mind with my question was why should anyone using eMule use this searching tool? What can it offer to an eMule user that eMule cannot?

It cannot offer to an eMule users anything that eMule cannot in search (except censorship), but the chinese users do not know or understand this (reason on above), they are easy to believe its publicity blindly just like: "eMule has search filter, but my tool(s) can search everything".
0

#16 User is offline   Nissenice 

  • clippetty-clopping...
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4231
  • Joined: 05-January 06

Posted 10 January 2012 - 06:19 PM

editor :+1: , I believe one of the members at eMulefans.com, has tested p2psearcher and found evidence that the code used is taken from aMule.

Google translation:

Quote

Reveal the so-called veil of seed search artifact p2psearcher
January 9, 2012 Monday, 19:19 | Posted by: editor

p2psearcher is a modified use of foreign open source software aMule, the interface "castrate" the most original aMule features, retaining only the aMule's search function (or a small part) and a small increase in advertising "tool."

Evidence
Not a professional developer for the ordinary user, it is very easy to find this:

The following test under Windows XP, use p2psearcher 1.5.0 (in fact, aMule 2.3.0.1 ).

Evidence 1:
First, the authors have forgotten to cover up in the program properties of "aMule" information, such as the version number 2.3.0.1, the internal name of the aMule, etc.:

picture 1

Evidence 2:
First run p2psearcher, it will automatically download a list of servers, this prompt is displayed when you are willing to let aMule download server list:

picture 2

Evidence 3:
Open p2psearcher later, will generate all the aMule configuration file in your user directory, Go back to find it, such as "c: \ Documents and Settings \ xxxx \ Application Data \ aMule \" (Windows XP in).
For example configuration file amule.conf, etc., and open the file logfile, we can clearly see aMule log:

Quote

2012-01-09 16:46:32: Initialising P2PSearcher 2.3.0 compiled with wxMSW VC v2.8.12
2012-01-09 16:46:32: Checking if there is an instance already running...
2012-01-09 16:46:32: No other instances are running.
2012-01-09 16:46:32: Creditfile loaded, 0 clients are known
2012-01-09 16:46:32: External connections disabled in config file
2012-01-09 16:46:32: Created Server UDP-Socket at port 4665
2012-01-09 16:46:32: ListenSocket: Ok.
2012-01-09 16:46:32: Created Client UDP-Socket at port 4672

2012-01-09 16:46:33: - This is aMule 2.3.0 compiled with wxMSW VC v2.8.12 based on eMule.
2012-01-09 16:46:33: Running on Windows XP (build 2600, Service Pack 3)
2012-01-09 16:46:33: - Visit http://www.amule.org to Check if a new Version is available.


Other documents are also the standard aMule configuration file. In addition, if this time you try to open aMule, aMule will mistakenly believe that their "own" has been running in the system, and can not be opened. Similarly vice versa.

For professionals, they decompile tool to analyze and compare the code, you can tear off all disguise, the official eMule or want to contact the help of mod developers, but unfortunately there has been no trouble they run for the.

.
.
.

Read more here: http://translate.goo...cher%2F&act=url
Original post in Chinese: http://emulefans.com...ts-p2psearcher/
1

#17 User is offline   ron0577 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 12-January 12

Posted 12 January 2012 - 08:23 PM

Hi everybody
I'm a eMule user from china
About a month ago,I heard about this software"P2P Searcher"
My computer knowledge is not very good and English is not so good
But I probably can understand this software have potential hazards
I hope all of you show sympathy for that Chinese users
Because Chinese network have a shield system
It can shield all government do not want user searched things
So most Chinese user can not searched them wants in anyone Search Site
This shield also be applied to Chinese "eMule"
This is the people who use "P2P Searcher" reason
If only it harm ed2k servers but also I'll never use it(I Mean:I'll never use it)- p.s: There may be grammar mistakes

About "Xunlei"- p.s : a download software in China
Xunlei is not only is demand also have return
Look this picture
Posted Image
red mark translate :eMule task will be to upload(automatic) , such as don't need to upload(automatic) , please delete this task ~

This post has been edited by ron0577: 12 January 2012 - 08:46 PM

0

#18 User is offline   Ejack79 

  • Splendid Member
  • PipPipPipPip
  • Group: Members
  • Posts: 155
  • Joined: 25-August 09

Posted 13 January 2012 - 12:30 AM

View Postron0577, on 13 January 2012 - 04:23 AM, said:

Hi everybody
I'm a eMule user from china
About a month ago,I heard about this software"P2P Searcher"
My computer knowledge is not very good and English is not so good
But I probably can understand this software have potential hazards
I hope all of you show sympathy for that Chinese users
Because Chinese network have a shield system
It can shield all government do not want user searched things
So most Chinese user can not searched them wants in anyone Search Site
This shield also be applied to Chinese "eMule"
This is the people who use "P2P Searcher" reason
If only it harm ed2k servers but also I'll never use it(I Mean:I'll never use it)- p.s: There may be grammar mistakes

About "Xunlei"- p.s : a download software in China
Xunlei is not only is demand also have return
Look this picture
Posted Image
red mark translate :eMule task will be to upload(automatic) , such as don't need to upload(automatic) , please delete this task ~




I'm a Chinese, too. It seems that you were badly cheated. In fact, Keywords 'filtered by GFW' COULD BE SEARCHED BY EMULE OR ANY OTHER NORMAL MOD. Only some mods made in China (easyMule or VC mod, etc.) added wordfilter to satisfy the Gov.
我也是中国人。看样子你一直被骗得不轻。eMule及其任何一款mod都能搜索被功夫网墙掉的关键字,只有国产的某些“驴”才会挥刀自宫取悦主子。

So it's definitely just a excuse for P2P Searcher to 'search keywords filtered by GFW'. IMHO it is made for other downloader (Xunlei, etc.) which cannot search in eMule but covets eMule resources.
因此以搜索被屏蔽的关键字为理由为P2P Searcher辩护是根本站不住脚的。这货就是为一些不具备eMule搜索功能又觊觎eMule资源的玩意儿打造的。

P.S.
Yes, Xunlei does upload. But how much of its upload will transfer to eMule users fairly? According to tests by net guys, most of upload by Xunlei streams to other Xunlei users. This may be nature of any bizsoft, seeking for best profit.
另外……迅雷的确是有上传,但是有多少会公平地上传给eMule用户呢?网友的实验已经证明,迅雷上传的大部分都是流向迅雷用户。这是商业软件的天性——追逐最大利益。
2

#19 User is offline   inmemory 

  • Member
  • PipPip
  • Group: Members
  • Posts: 25
  • Joined: 30-July 09

Posted 13 January 2012 - 06:53 AM

View Postron0577, on 13 January 2012 - 04:23 AM, said:

This shield also be applied to Chinese "eMule"
This is the people who use "P2P Searcher" reason

No, you are fooled by your "Chinese "eMule"" (maybe you mean verycd mod/easymule who call themself "the official Chinese eMule" to cheat chinese people), but the real official eMule has Chinese language - both traditional and simplified Chinese support.

Otherwise, look at this "p2psearcher" actually is an aMule absolutely(link:http://emulefans.com...ts-p2psearcher/), the only improvement of it is: with an advertisement of venereal disease. Are you kidding? Why don't you use truly aMule instead of an adware or scareware?

So your excuse not a reason, the only thing you should understand or you should do is: use official eMule or aMule, then you can search files freely no matter where you live in China.


View Postron0577, on 13 January 2012 - 04:23 AM, said:

Xunlei is not only is demand also have return

Where is your meaning return way? Show me a shared files window just like eMule has where you can add your "return" or an explicit uploading to clients list window which could show your "return" whether fairly, that maybe more persuasive arguments for me.

If your purpose is searching files with no limit, no censorship , use eMule or aMule you can get it.

This post has been edited by inmemory: 13 January 2012 - 07:31 AM

0

#20 User is offline   ron0577 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 12-January 12

Posted 13 January 2012 - 06:15 PM

View Postinmemory, on 13 January 2012 - 02:53 PM, said:

View Postron0577, on 13 January 2012 - 04:23 AM, said:

This shield also be applied to Chinese "eMule"
This is the people who use "P2P Searcher" reason

No, you are fooled by your "Chinese "eMule"" (maybe you mean verycd mod/easymule who call themself "the official Chinese eMule" to cheat chinese people), but the real official eMule has Chinese language - both traditional and simplified Chinese support.

Otherwise, look at this "p2psearcher" actually is an aMule absolutely(link:http://emulefans.com...ts-p2psearcher/), the only improvement of it is: with an advertisement of venereal disease. Are you kidding? Why don't you use truly aMule instead of an adware or scareware?

So your excuse not a reason, the only thing you should understand or you should do is: use official eMule or aMule, then you can search files freely no matter where you live in China.


View Postron0577, on 13 January 2012 - 04:23 AM, said:

Xunlei is not only is demand also have return

Where is your meaning return way? Show me a shared files window just like eMule has where you can add your "return" or an explicit uploading to clients list window which could show your "return" whether fairly, that maybe more persuasive arguments for me.

If your purpose is searching files with no limit, no censorship , use eMule or aMule you can get it.




I'll never use it !reiterate
0

  • Member Options

  • (2 Pages)
  • +
  • 1
  • 2

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users