Posted August 8, 2011 Hi i have been seeing alot of ApexDC++ tags around dc , share around 49gb , discription says share , but all the files are the same size and .exe .... does anyone know what this is or how to deal with it without banning that apex client version 1.4.3 i think is what i have seen them all have .. please help thanks Share this post Link to post Share on other sites
Posted August 9, 2011 (edited) Ok so i found another one , here is the info i was able to collect ... Nick : BestDownloads Shared : 6.17 GiB Description : We provide you the best downloads. Tag : <ApexDC++ V:1.4.3,M:A,H:112/0/0,S:3> Connection : 1000</div> Ip : 174.127.92.201 Email : Slots : 3 with files like Apex folder\The Big Bang Theory - S04E11.exe 393.02 KiB The Colbert Report (2011.01.03).exe 393.02 KiB Suck (2009).exe 393.04 KiB they do seem to have unique tth ,,, how do we fight this without blocking apexDC 1.4.3 ? i have other legit users that prefer that client for some reason .. Edited August 17, 2011 by Crise removed html Share this post Link to post Share on other sites
Posted August 10, 2011 User being in 112 hubs? This could be a guide for you... Share this post Link to post Share on other sites
Posted August 10, 2011 well , no i get that , but its lots of users , in all number of hubs , this one in particular has been changing ip as well Share this post Link to post Share on other sites
Posted August 10, 2011 I have seen some such users in the past - but not with ApexDC++ tag. Well, malware authors are learning fast I guess it's not a legitimate client, just some malware visiting hubs and spreading by sharing itself. You could see if the description is not always the same and ban upon that. Or maybe it changes only to a few distinct values... Share this post Link to post Share on other sites
Posted August 17, 2011 Unfortunately there is no way to say whether a client that states certain tag is actually that client... it is info that is extremely easy to spoof and in no way reliable identification. What mek said above is most likely the best advice that can be given, look for constants in the users in question. Also like BM stated 112 hubs is quite a few for example... I would guess that any regular user client in that many hubs is quite heavy on resources by comparison. I would advise for any hub owner regardless of having a problem like this or not to impose a max hub count that is reasonable. We have things like DHT these days anyways (although it is not ideal for LAN environments. DC network doesn't lend itself well to trying to be connected to large quantities of hubs anyways, users should learn to look for the hubs with content or people they like and stick with those and shuffle the hubs from time to time. Share this post Link to post Share on other sites
Posted December 20, 2011 I have found that the files these users share are virus'. I always nick ban them, then IP ban them. I try hard to keep them out of our hubs. Almost all of them are .exe files that cant exist using the name that is on the file like this. The Big Bang Theory - S04E11.exe 393.02 KiB Many files use the same name but come in many different sizes. Share this post Link to post Share on other sites