Replies: 48 comments 144 replies
-
Here are some IPs I encountered, all from northern China, especially in Jilin and Inner Mongolia province. For Ipv6 addresses, the bits at position 65-112 are always 0, different from personal address. Thus, I use this rules: Moreover, I found some other clients, not anacrolix/torrent, have similar behavior. I am still observing. |
Beta Was this translation helpful? Give feedback.
-
There could be many possible reason for such massive batch of clients in China:
The issue doesn't looks like normal bugs. If so, IP address of these clients should be distributed, without recognizable features. The living environment of BT in China is not well. Ignorant people tends to profit instead of share. There're many users using clients that do not upload (or only upload to their private network), for download speed or just stingy with their network bandwidth. ISPs provide you internet with cascading NATs, and sometimes it's hard to make connections. |
Beta Was this translation helpful? Give feedback.
-
I tried the following things in my filter dat:
And qbt could recognize 4 rules. I'm not sure whether this works. |
Beta Was this translation helpful? Give feedback.
-
Discussion of PCDN is off-topic In the previous issue, the repository owner mentioned a way to block client strings, blocking I only know how to block IP segments using dat files, but how to block client version string? The software used is 讨论PCDN脱离了主题 在之前的issue中,仓库主有提到禁止客户端字符串的方式,也就是屏蔽 目前只知道如何使用 dat 文件屏蔽 IP 段,如何屏蔽客户端标识呢 做种软件使用的是 |
Beta Was this translation helpful? Give feedback.
-
It might be a rogue operation, considering a client under same IP has two different "percent downloaded", downloads at high speeds yet both don't increase. (I have "Accept multiple connections from the same IP" option enabled in qBittorrent) |
Beta Was this translation helpful? Give feedback.
-
New malicious ip:123.184.152.242 123.184.152.81 123.184.152.90 There is another suspected new malicious client called "taipei-torrent dev". It did not report any download progress, and when I wanted to continue observing, It suddenly disappeared. |
Beta Was this translation helpful? Give feedback.
-
同样的问题,这些客户端偷走了我超过300倍于实际大小的上传量,不过我没有看到它突然断开连接。 |
Beta Was this translation helpful? Give feedback.
-
或许可以配置一个策略,如果客户端请求流量在1天的窗口期超过文件实际大小的 25% 则直接拉黑? Maybe configure a policy to simply pull the plug if client request traffic exceeds 25% of the actual size of the file in a 1-day window? |
Beta Was this translation helpful? Give feedback.
-
Does anyone know how Deluge blocks clients, I only know that QEE can block clients at the moment. |
Beta Was this translation helpful? Give feedback.
-
I started using qBitTorrent API to track who's downloading more than 125% of torrent max size without ever updating the completed %. |
Beta Was this translation helpful? Give feedback.
-
@JockeyWang |
Beta Was this translation helpful? Give feedback.
-
发现了一个可疑目标,具体见图 |
Beta Was this translation helpful? Give feedback.
-
真是无聊的玩意,不过bt网络就没有好的防御机制吗 |
Beta Was this translation helpful? Give feedback.
-
I have seen |
Beta Was this translation helpful? Give feedback.
-
I recently discovered that qBittorrent Enhanced Edition now has these two clients (dt/torrent, taipei-torrent) in the default block list, so users can choose it as the easiest solution. Also pointed out: this phenomenon (rather than the problem) has apparently nothing to do with anacrolix/torrent (although I'm guessing it's just a name change) |
Beta Was this translation helpful? Give feedback.
-
Now the cat and mouse game starts, today they update and rename client as hp/torrent/2.01 |
Beta Was this translation helpful? Give feedback.
-
最近发现一个很可疑的情况,本人做种的 目前发现的这类 peer 的 IP 段如下:
Recently, I've noticed a suspicious situation. When seeding The IP ranges of these peers that I've identified so far are:
|
Beta Was this translation helpful? Give feedback.
-
发现新的IP,表现为peer伪造成为BC2.04的客户端(因为BC屏蔽这个peer失败),通过更改V6最后一两位的地址,对同一个资源反复下载,下载一定时间后,就会退出,换一个新IP继续从头下载,我以观察了半个多小时,确认! |
Beta Was this translation helpful? Give feedback.
-
已经观察两个多小时,BC无法屏蔽IP段,只能屏蔽这个端口了 |
Beta Was this translation helpful? Give feedback.
-
最近又发现了两个新的吸血客户端: |
Beta Was this translation helpful? Give feedback.
-
这篇帖子里提到的有关 123 云盘离线下载的似乎有点道理的。我自己去试了一下 123 云盘的离线下载:用 QB 随机选一个文件夹,制作一个独一无二的新鲜种子,然后添加 123 云盘的离线任务。 123.186.146.159:54016 17778 端口开放,并且 gotty 有活动,具体情况记录在这里了: |
Beta Was this translation helpful? Give feedback.
-
我知道不应在 Issues 说这个,但我还是想说 123 NMSL |
Beta Was this translation helpful? Give feedback.
-
现在都是这样一下子突然出现一大批,真的跟DDOS似的 我已经手动拉黑一批IP了,清单如下
|
Beta Was this translation helpful? Give feedback.
-
最近我发现一批新的疑似吸血客户端,他们的特征是 IP 都在一个 /24 下面,下载同一个种子,端口相同(都是 38391),并且 UA 是 此外,我还用了一个脚本去自动 ban 一些重下任务的 IP,因为我也不确定这个脚本的这个功能是否可靠,所以我也没法给这些 IP 下定论。但根据短时间大量相近 IP 下载同一个种子这个特征,因此个人感觉很可能就是同一人干的。下面是我使用的脚本输出的有关的日志:
|
Beta Was this translation helpful? Give feedback.
-
This is a discussion around #889 which I believe has been fixed with regard to anacrolix/torrent. I expect new IP subnets and possible resolution for the offending peers will be discussed.
Beta Was this translation helpful? Give feedback.
All reactions