Official eMule-Board: Ipfilter & Fakes - Official eMule-Board

Jump to content


  • (9 Pages)
  • +
  • « First
  • 7
  • 8
  • 9

Ipfilter & Fakes 2010-19-04 : IPFilter v143 | Fakes v241

#161 User is offline   Andrey23 

  • Splendid Member
  • PipPipPipPip
  • Group: Members
  • Posts: 122
  • Joined: 19-January 03

Posted 08 March 2024 - 01:24 PM

View PostBuyukBang, on 03 March 2024 - 12:01 AM, said:

Below ip addresses are already included in ip filter:
050.058.238.131 - 050.058.238.131 , 000 , Detected AP2P on tw telecom holdings inc
050.058.238.159 - 050.058.238.159 , 000 , Detected AP2P on tw telecom holdings inc
050.058.238.199 - 050.058.238.199 , 000 , anti-p2p bot
050.058.238.228 - 050.058.238.228 , 000 , anti-p2p bot
050.058.238.236 - 050.058.238.236 , 000 , Kad activity on TWTC

But I can confirm whole 50.58.238.* range is infected! I'm writing an emule mod and added a feature to remember all client history (auto cleaned after a user defined period / default is 5 months). This is my first long test run with this feature activated and I've just noticed that this ip range is trying to connect continuously. After a quick google seatch I've found a similar report in Gnutella forum and it's posted 10 years ago! These bots are still doing their job.
https gnutellaforums.com/gtk-gnutella-linux-unix-mac-osx-windows/102603-when-will-gtk-gnutella-1-0-1-macosx-released-does-gtk-have-default-port.html

Screenshot from my mod can be found below. This shows bot's username, user hash value, client version, a few ip address sample (list is much longer), port and connection trial times.
https i.ibb.co/drfvWHG/a.png


Added 50.58.238.128-50.58.238.255 range in 1900 version of ipfilter.
eMule Security - Ip-filter, Safe Serverlist, nodes.dat for emule.
2

#162 User is offline   BuyukBang 

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 80
  • Joined: 04-May 23

Posted 10 June 2024 - 07:50 AM

View PostAndrey23, on 08 March 2024 - 04:24 PM, said:

Added 50.58.238.128-50.58.238.255 range in 1900 version of ipfilter.


Hey Andrey,

I noticed there are some active entries marked as "blocked by mistake" in the IP Filter. Are these really mistakes? :)

164.071.000.000 - 164.071.255.255 , 000 , Fujitsu Ltd, blocked by mistake
192.248.128.000 - 192.248.191.255 , 000 , City of Riverside, blocked by mistake
194.104.224.000 - 194.104.230.255 , 000 , Swets & Zeitlinger bv, blocked by mistake
210.101.138.192 - 210.101.152.255 , 000 , , GIM CHEON CITY HALL, blocked by mistake
...
and some more

This post has been edited by BuyukBang: 10 June 2024 - 07:51 AM

I’m working on a new project based on eMule v0.70b Community Release, planning to release it by the end of 2024. # SCREENSHOTS # List of completed features:
IPv6 Support & UTP NAT Traversal: Enables IPv6 and LowID to LowID transfers between mod users. (Improved version of David Xanatos’s reference implementation)
Client History: Stores and reloads all clients. Enables long-term banning/punishment intervals, tracking suspicious activities, editable client notes, shared files statistics.
Protection Panel: Detects 28 types of bad clients, bans/punishes with 12 levels. Uses customizable text-based definitions within Shield.conf instead of binary DLP.dll.
Blacklist Panel: Keyword & regex based file blacklisting for search results. Very fast (Processes 1000+ definitions on search results under 1 sec).
Download Checker: Skips known/downloaded/canceled downloads by checking file name similarities and file hashes.
Files List: Lists and categorizes all known files and duplicate files. Fast loading (Loads 200k items under 1 sec).
GeoLite2: Replaced legacy IP2Country, supports IPv6, lists both cities and countries.
Several Connection Tweaks: A fast and reliable connection checker; retry failed TCP connection attempts; reask sources & inform queued clients after IP change.
Empty Fake File & DRM Detection: Automatically removes trash files from the download list.
Fast Kad: Provides much faster KAD searches comparable to eServer search speed.
Auto Query Shared Files: A new way of finding files!
Highly Responsive GUI, Dark Mode, Automatic File Extension Correction, Auto\Manual Saving All App Data, Auto\Manual Backup, Added Column Filters To All Lists, Intelligent Chunk Selection, Client Emulation, Selectable Credit Systems, Save & Load File Sources, And many more additional features, bug fixes and optimizations…
To do: IPv6 support for KAD, NAT-T support for eServer, more...
0

#163 User is offline   emule_user_downunder 

  • Splendid Member
  • PipPipPipPip
  • Group: Members
  • Posts: 179
  • Joined: 20-March 04

Posted 03 August 2024 - 05:35 PM

IP-FILTER V1914 showing error on manual update.
Error message box appears with following message: Failed to extract IP Filter file from downloaded IP Filter ZIP file "C:\Users\...\AppData\Local\Emule\Config\ipfilter.dat.tmp". Fails repeatedly when attempted again. ZIP file is intact with one file inside called "guarding.php"


What has changed? Why is it broken?

This post has been edited by emule_user_downunder: 03 August 2024 - 05:38 PM

0

#164 User is offline   Andrey23 

  • Splendid Member
  • PipPipPipPip
  • Group: Members
  • Posts: 122
  • Joined: 19-January 03

Posted 04 August 2024 - 10:10 AM

I reupload file again. The previous archive was corrupted.
eMule Security - Ip-filter, Safe Serverlist, nodes.dat for emule.
1

#165 User is offline   QICKV8 

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 86
  • Joined: 13-October 20

Posted 04 August 2024 - 08:45 PM

View PostAndrey23, on 04 August 2024 - 11:10 PM, said:

I reupload file again. The previous archive was corrupted.

thank you for your hard work
1

#166 User is offline   emule_user_downunder 

  • Splendid Member
  • PipPipPipPip
  • Group: Members
  • Posts: 179
  • Joined: 20-March 04

Posted 05 August 2024 - 08:31 AM

View PostAndrey23, on 04 August 2024 - 09:10 PM, said:

I reupload file again. The previous archive was corrupted.
Can confirm update now working. Many thanks for this ongoing protection from the nasties out there.
0

#167 User is offline   Enig123 

  • Golden eMule
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 575
  • Joined: 22-November 04

Posted 14 September 2024 - 08:24 PM

101.071.037.000 - 101.071.039.255 , 126 , Data Center at Unicom Zhejiang Province Network

124.203.128.000 - 124.205.255.255 , 126 , Data Center

218.241.096.000 - 218.241.127.255 , 126 , Organization

218.241.128.000 - 218.241.255.255 , 126 , Data Center

These are worth considering adding them to the ipfilter list.
0

#168 User is offline   Andrey23 

  • Splendid Member
  • PipPipPipPip
  • Group: Members
  • Posts: 122
  • Joined: 19-January 03

Posted 16 September 2024 - 06:31 PM

View PostEnig123, on 14 September 2024 - 11:24 PM, said:

101.071.037.000 - 101.071.039.255 , 126 , Data Center at Unicom Zhejiang Province Network

124.203.128.000 - 124.205.255.255 , 126 , Data Center

218.241.096.000 - 218.241.127.255 , 126 , Organization

218.241.128.000 - 218.241.255.255 , 126 , Data Center

These are worth considering adding them to the ipfilter list.


Added these ranges in version 1923 of the IP-filter.
eMule Security - Ip-filter, Safe Serverlist, nodes.dat for emule.
0

#169 User is offline   Enig123 

  • Golden eMule
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 575
  • Joined: 22-November 04

Posted 01 October 2024 - 07:13 PM

220.142.197.060 - 220.142.197.060 , 126 , Botnet on Chunghwa


This one is very bad, it seems to be probing the files that the clients are downloading via pretending to have the specific files yet send back FNF per request, resulting in quite a number of dead sources per file.

This post has been edited by Enig123: 01 October 2024 - 07:31 PM

0

  • Member Options

  • (9 Pages)
  • +
  • « First
  • 7
  • 8
  • 9

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users