Official eMule-Board: Ipfilter & Fakes - Official eMule-Board

Jump to content


  • (9 Pages)
  • +
  • « First
  • 7
  • 8
  • 9

Ipfilter & Fakes 2010-19-04 : IPFilter v143 | Fakes v241

#161 User is offline   Andrey23 

  • Splendid Member
  • PipPipPipPip
  • Group: Members
  • Posts: 120
  • Joined: 19-January 03

Posted 08 March 2024 - 01:24 PM

View PostBuyukBang, on 03 March 2024 - 12:01 AM, said:

Below ip addresses are already included in ip filter:
050.058.238.131 - 050.058.238.131 , 000 , Detected AP2P on tw telecom holdings inc
050.058.238.159 - 050.058.238.159 , 000 , Detected AP2P on tw telecom holdings inc
050.058.238.199 - 050.058.238.199 , 000 , anti-p2p bot
050.058.238.228 - 050.058.238.228 , 000 , anti-p2p bot
050.058.238.236 - 050.058.238.236 , 000 , Kad activity on TWTC

But I can confirm whole 50.58.238.* range is infected! I'm writing an emule mod and added a feature to remember all client history (auto cleaned after a user defined period / default is 5 months). This is my first long test run with this feature activated and I've just noticed that this ip range is trying to connect continuously. After a quick google seatch I've found a similar report in Gnutella forum and it's posted 10 years ago! These bots are still doing their job.
https gnutellaforums.com/gtk-gnutella-linux-unix-mac-osx-windows/102603-when-will-gtk-gnutella-1-0-1-macosx-released-does-gtk-have-default-port.html

Screenshot from my mod can be found below. This shows bot's username, user hash value, client version, a few ip address sample (list is much longer), port and connection trial times.
https i.ibb.co/drfvWHG/a.png


Added 50.58.238.128-50.58.238.255 range in 1900 version of ipfilter.
eMule Security - Ip-filter, Safe Serverlist, nodes.dat for emule.
2

  • Member Options

  • (9 Pages)
  • +
  • « First
  • 7
  • 8
  • 9

3 User(s) are reading this topic
0 members, 3 guests, 0 anonymous users