Posted May 11, 2014 Why is it that typing in the chat of a hub causes some clients in there to attempt a connection to me. This is immediate and automatic, and the other clients are always the same ones, suggesting a setting activated in them. They are listed in the transfers pane for a while as "Connecting..." and then disappear. Not all of them are operators, but often they are, suggesting that a special client is used. Which one that might be? Share this post Link to post Share on other sites
Posted May 11, 2014 Why is it that typing in the chat of a hub causes some clients in there to attempt a connection to me. This is immediate and automatic, and the other clients are always the same ones, suggesting a setting activated in them. They are listed in the transfers pane for a while as "Connecting..." and then disappear. Not all of them are operators, but often they are, suggesting that a special client is used. Which one that might be? Are they real users or a some type of bot. Either way, can't say I have heard of this kind of behavior exactly. Also what kind of file name they request from you (namely, if it is an actual file in your share a filelist or something else entirely) ? If you want to look into it more, open the CDM debug window and look at the protocol traffic for those connections. Share this post Link to post Share on other sites
Posted May 11, 2014 Most of these users (passive and active) can be connected and downloaded from. When they make this connection, they are visible in the transfers list for three minutes as "Connecting..." and don't request any file. Repeated chatting in the same hub does not cause them to connect again.This is only an annoyance when I try to manage the uploads disconnecting duplicate users and observing speeds. The list becomes longer than it really is.I observed this in Apex and also in an old DC++ which I used until last year.In CDM I see the following lines. These are the strange clients. 212.142.84.209 is me. I don't know how to interpret the log. Hub: [Incoming][192.241.88.226:2020] <[JOKER]j7n> test Hub: [Incoming][192.241.88.226:2020] $ConnectToMe [JOKER]j7n 188.168.46.193:3785 Client: [Outgoing][188.168.46.193] $MyNick [JOKER]j7n| Client: [Outgoing][188.168.46.193] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785Ref=reloaded.jollyjokerhub.eu:2020| Client: [Incoming][188.168.46.193] $MyNick [JOKER]LUXOR Client: [Incoming][188.168.46.193] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.707ABCABC Client: [Outgoing][188.168.46.193] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG | Client: [Outgoing][188.168.46.193] $Direction Upload 3624| Client: [Outgoing][188.168.46.193] $Key A ѱ00 0 0 0 0 0| Client: [Incoming][188.168.46.193] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG Client: [Incoming][188.168.46.193] $Direction Download 3157 Client: [Incoming][188.168.46.193] $Key A ѱ00 0 0 0 0 0 Hub: [Incoming][192.241.88.226:2020] $ConnectToMe [JOKER]j7n 178.48.118.228:54355 Client: [Outgoing][178.48.118.228] $MyNick [JOKER]j7n| Client: [Outgoing][178.48.118.228] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785Ref=reloaded.jollyjokerhub.eu:2020| Client: [Incoming][178.48.118.228] $MyNick goodmans Client: [Incoming][178.48.118.228] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.707ABCABC Client: [Outgoing][178.48.118.228] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG | Client: [Outgoing][178.48.118.228] $Direction Upload 3742| Client: [Outgoing][178.48.118.228] $Key A ѱ00 0 0 0 0 0| Client: [Incoming][178.48.118.228] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG Client: [Incoming][178.48.118.228] $Direction Download 16309 Client: [Incoming][178.48.118.228] $Key A ѱ00 0 0 0 0 0 Hub: [Incoming][92.222.0.123:411] <!![VIP]j7n> test Hub: [Incoming][92.222.0.123:411] $RevConnectToMe ZloyVadim !![VIP]j7n Hub: [Outgoing][92.222.0.123:411] $ConnectToMe ZloyVadim 212.142.84.209:6541| Client: [Incoming][109.86.172.18] $MyNick ZloyVadim Client: [Outgoing][109.86.172.18] $MyNick !![VIP]j7n| Client: [Outgoing][109.86.172.18] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785| Client: [Incoming][109.86.172.18] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.709ABCABC Client: [Outgoing][109.86.172.18] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG | Client: [Outgoing][109.86.172.18] $Direction Upload 3624| Client: [Outgoing][109.86.172.18] $Key A ѱ00 0 0 0 0 0| Client: [Incoming][109.86.172.18] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF BanMsg ZLIG Client: [Incoming][109.86.172.18] $Direction Download 20692 Client: [Incoming][109.86.172.18] $Key A ѱ00 0 0 0 0 0 Hub: [Incoming][92.222.0.123:411] $RevConnectToMe !![VIP]j7n Hub: [Outgoing][92.222.0.123:411] $ConnectToMe 212.142.84.209:6541| Client: [Incoming][46.172.1.52] $MyNick Client: [Outgoing][46.172.1.52] $MyNick !![VIP]j7n| Client: [Outgoing][46.172.1.52] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785| Client: [Incoming][46.172.1.52] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.709ABCABC Client: [Outgoing][46.172.1.52] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG | Client: [Outgoing][46.172.1.52] $Direction Upload 3742| Client: [Outgoing][46.172.1.52] $Key A ѱ00 0 0 0 0 0| Client: [Incoming][46.172.1.52] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF BanMsg ZLIG Client: [Incoming][46.172.1.52] $Direction Download 4252 Client: [Incoming][46.172.1.52] $Key A ѱ00 0 0 0 0 0 Hub: [Incoming][92.222.0.123:411] $RevConnectToMe ++++ !![VIP]j7n Hub: [Outgoing][92.222.0.123:411] $ConnectToMe ++++ 212.142.84.209:6541| Client: [Incoming][91.202.0.204] $MyNick ++++ Client: [Outgoing][91.202.0.204] $MyNick !![VIP]j7n| Client: [Outgoing][91.202.0.204] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785| Client: [Incoming][91.202.0.204] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.709ABCABC Client: [Outgoing][91.202.0.204] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG | Client: [Outgoing][91.202.0.204] $Direction Upload 1832| Client: [Outgoing][91.202.0.204] $Key A ѱ00 0 0 0 0 0| Client: [Incoming][91.202.0.204] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF BanMsg ZLIG Client: [Incoming][91.202.0.204] $Direction Download 28367 Client: [Incoming][91.202.0.204] $Key A ѱ00 0 0 0 0 0 Hub: [Incoming][109.73.110.190:411] <j7n> test Client: [Outgoing][85.254.12.221] $MyNick j7n| Client: [Outgoing][85.254.12.221] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785Ref=bin.rec.lv| Client: [Incoming][85.254.12.221] $MyNick [LV]Leonkrevs Client: [Incoming][85.254.12.221] $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.674ABCABC Client: [Outgoing][85.254.12.221] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG | Client: [Outgoing][85.254.12.221] $Direction Upload 21148| Client: [Outgoing][85.254.12.221] $Key A ѱ00 0 0 0 0 0| Client: [Incoming][85.254.12.221] $Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG Client: [Incoming][85.254.12.221] $Direction Download 29459 Client: [Incoming][85.254.12.221] $Key A ѱ00 0 0 0 0 0 Share this post Link to post Share on other sites
Posted May 11, 2014 I've seen this behavior as well. Those users are using some OP clients that have the ability to automatically "check" users (to get the IP and other info) when they write in chat so that is basically what they do. Another thing is, this is not really needed for ordinary users and so their clients are misconfigured... j7n likes this Share this post Link to post Share on other sites
Posted May 11, 2014 Some of that traffic looks extremely interesting... without looking into it, they seem to be either OP clients of some description, as Mek said, looking for particular defects, or malicious clients trying to run an exploit (although I did not check the existing public exploits against these patterns). j7n likes this Share this post Link to post Share on other sites
