Sign in to follow this  
Followers 0
xander86

Fake Shares

7 posts in this topic

Hi i have been seeing alot of ApexDC++ tags around dc , share around 49gb , discription says share , but all the files are the same size and .exe .... does anyone know what this is or how to deal with it without banning that apex client version 1.4.3 i think is what i have seen them all have .. please help thanks

Share this post


Link to post
Share on other sites

Ok so i found another one , here is the info i was able to collect ...

Nick : BestDownloads

Shared : 6.17 GiB

Description : We provide you the best downloads.

Tag : <ApexDC++ V:1.4.3,M:A,H:112/0/0,S:3>

Connection : 1000</div>

Ip : 174.127.92.201

Email :

Slots : 3

with files like

Apex folder\The Big Bang Theory - S04E11.exe 393.02 KiB

The Colbert Report (2011.01.03).exe 393.02 KiB

Suck (2009).exe 393.04 KiB

they do seem to have unique tth ,,,

how do we fight this without blocking apexDC 1.4.3 ? i have other legit users that prefer that client for some reason ..

Edited by Crise
removed html

Share this post


Link to post
Share on other sites

well , no i get that , but its lots of users , in all number of hubs , this one in particular has been changing ip as well

Share this post


Link to post
Share on other sites

I have seen some such users in the past - but not with ApexDC++ tag. Well, malware authors are learning fast :)

I guess it's not a legitimate client, just some malware visiting hubs and spreading by sharing itself. You could see if the description is not always the same and ban upon that. Or maybe it changes only to a few distinct values...

Share this post


Link to post
Share on other sites

Unfortunately there is no way to say whether a client that states certain tag is actually that client... it is info that is extremely easy to spoof and in no way reliable identification. What mek said above is most likely the best advice that can be given, look for constants in the users in question.

Also like BM stated 112 hubs is quite a few for example... I would guess that any regular user client in that many hubs is quite heavy on resources by comparison. I would advise for any hub owner regardless of having a problem like this or not to impose a max hub count that is reasonable. We have things like DHT these days anyways (although it is not ideal for LAN environments. DC network doesn't lend itself well to trying to be connected to large quantities of hubs anyways, users should learn to look for the hubs with content or people they like and stick with those and shuffle the hubs from time to time.

Share this post


Link to post
Share on other sites

I have found that the files these users share are virus'. I always nick ban them, then IP ban them. I try hard to keep them out of our hubs.

Almost all of them are .exe files that cant exist using the name that is on the file like this. The Big Bang Theory - S04E11.exe 393.02 KiB

Many files use the same name but come in many different sizes.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0