Taperssection.com
Gear / Technical Help => Post-Processing, Computer / Streaming / Internet Devices & Related Activity => Topic started by: capnhook on February 01, 2019, 06:13:37 PM
-
I've been experiencing something I can only describe as "zombie leechers" on certain torrents that I have seeding on bt.etree.
What is happening is this: some one (or some nefarious bot) is leeching a few torrents of mine, staying connected, but NOT DOWNLOADING ANYTHING ??? ??? ???
The shenanigans are coming primarily from this IP address (although I have seen other addresses, this one accounts for 90% of them):
58.213.101.40
I did a lookup, and this server is located in Jiangsu, China. The ISP is CHINANET Nanjing IDC network.
I'm using utorrent.
Is anyone else seeing this kind of activity? I can stop and start the torrent, and the leech goes away.
-
Starting to get to the bottom of this. I'm going to try to block that pesky 58.213.101.40 IP address, in utorrent, and see if that helps..
http://johnbokma.com/mexit/2008/02/05/blocking-ip-addresses-utorrent.html
-
That's working correctly, bye bye 58.213.101.40
Now, to go after the remaining 10% --- I'll compile a list of addresses to block, and report back here in a couple of days.
Here's a couple more that are suspect, sniffing them out now:
108.160.140.216
144.34.200.236
Google was my friend.
:bigsmile:
-
Ahh, this is easy now.
Here are some bad actors. Bye Bye.
58.213.101.0-58.213.101.255
108.160.140.0-108.160.140.255
46.105.96.0-46.105.96.255
58.180.123.0-58.180.123.255
207.148.25.0-207.148.25.255
-
I'm not sure what is accomplished by their efforts like this but will note that if one installs PeerBlock or things like that then seeds torrents you'll likely find that 90-ish% of the world's internet traffic either originates in or passes through China and a lot of the leechers are from thoroughly blacklisted IPs.
I'm not as proactive as I should be but ideally one runs torrents on a dedicated box that only does that with no connection to anything else of yours.
-
Yep, I have a dedicated box just for torrents, bombdiggity. Thank you for the pro tip, I'll install Peerblock right away.
Maybe there's a way to do this myself, too. I'm wondering if I can take up-to-the-minute IP blacklist information (that I can get for free on Myip.ms) and strip out the stuff I don't need?
I would just need to change this (short example):
54.36.148.19 # 2019-01-23, ip19.ip-54-36-148.eu, FRA, 12
178.138.34.228 # 2019-01-23, 178.138.34.228, ROM, 1
109.236.81.197 # 2019-01-23, customer.worldstream.nl, NLD, 1
122.192.29.53 # 2019-01-23, 122.192.29.53, CHN, 1
185.101.32.134 # 2019-01-23, 185.101.32.134, NOR, 11
54.36.148.73 # 2019-01-23, ip73.ip-54-36-148.eu, FRA, 12
43.231.215.137 # 2019-01-23, 43.231.215.137, IND, 1
219.91.202.163 # 2019-01-23, 163-202-91-219.static.youbroadband.in, IND, 1
37.228.184.136 # 2019-01-23, 37.228.184.136, DEU, 11
1.54.34.132 # 2019-01-23, 1.54.34.132, VNM, 1
191.101.184.85 # 2019-01-23, customer.apeironglobal.co, CHL, 1
36.37.199.220 # 2019-01-23, 36.37.199.220, KHM, 1
into this:
54.36.148.19
178.138.34.228
109.236.81.197
122.192.29.53
185.101.32.134
54.36.148.73
43.231.215.137
219.91.202.163
37.228.184.136
1.54.34.132
191.101.184.85
36.37.199.220
Hmmmmmm, this might be easy, maybe with a macro in a word processor?
Would I just be overdoing it, with PeerBlock already installed?
???
-
One way to strip out that extra info is with The Bulk Rename Utility
https://www.bulkrenameutility.co.uk/Main_Intro.php
===================================
Maybe there's a way to do this myself, too. I'm wondering if I can take up-to-the-minute IP blacklist information (that I can get for free on Myip.ms) and strip out the stuff I don't need?
I would just need to change this (short example):
54.36.148.19 # 2019-01-23, ip19.ip-54-36-148.eu, FRA, 12
178.138.34.228 # 2019-01-23, 178.138.34.228, ROM, 1
109.236.81.197 # 2019-01-23, customer.worldstream.nl, NLD, 1
122.192.29.53 # 2019-01-23, 122.192.29.53, CHN, 1
185.101.32.134 # 2019-01-23, 185.101.32.134, NOR, 11
54.36.148.73 # 2019-01-23, ip73.ip-54-36-148.eu, FRA, 12
43.231.215.137 # 2019-01-23, 43.231.215.137, IND, 1
219.91.202.163 # 2019-01-23, 163-202-91-219.static.youbroadband.in, IND, 1
37.228.184.136 # 2019-01-23, 37.228.184.136, DEU, 11
1.54.34.132 # 2019-01-23, 1.54.34.132, VNM, 1
191.101.184.85 # 2019-01-23, customer.apeironglobal.co, CHL, 1
36.37.199.220 # 2019-01-23, 36.37.199.220, KHM, 1
into this:
54.36.148.19
178.138.34.228
109.236.81.197
122.192.29.53
185.101.32.134
54.36.148.73
43.231.215.137
219.91.202.163
37.228.184.136
1.54.34.132
191.101.184.85
36.37.199.220
Hmmmmmm, this might be easy, maybe with a macro in a word processor?
Would I just be overdoing it, with PeerBlock already installed?
???
[/quote]
-
Great idea nassau73. I will look into that. Looks like it will do what I need it to do pretty easily. :coolguy:
So far, I have been collecting a list of bad actors that pop in to zombie leech. I make a note of them once in a while, and then go in and update my "ipfilter.dat" file.
So far, this is what I have collected. I will edit this list here from time to time with any more that I catch.
209.58.213.101.0-58.213.101.255
108.160.140.0-108.160.140.255
46.105.96.0-46.105.96.255
58.180.123.0-58.180.123.255
207.148.25.0-207.148.25.255
31.132.36.0-31.132.36.255
37.182.105.0-37.182.105.255
104.215.8.0-104.215.8.255
91.121.155.0-91.121.155.255
159.122.133.0-159.122.133.255
35.202.152.0-35.202.152.255
119.28.118.0-119.28.118.255
199.188.105.0-199.188.105.255
198.13.62.0-198.13.62.255
37.59.60.0-37.59.60.255
103.214.144.0-103.214.144.0.255
134.175.67.0-134.175.67.255
54.180.123.0-54.180.123.255
104.24.189.0-104.24.189.255
23.236.122.0-23.236.122.255
104.211.189.0-104.211.189.255
88.119.133.0-88.119.133.255
172.104.229.0-172.104.229.255
178.62.180.0-178.62.180.255
35.220.239.0-35.220.239.255
178.33.9.0-178.33.9.255
104.42.152.0-104.42.152.255
35.228.92.0-35.228.92.255
49.51.85.0-49.51.85.255
46.161.10.0-46.161.10.255
108.61.161.0-108.61.161.255
198.13.38.0-198.13.38.255
103.214.144.0-103.214.144.255
13.58.187.0-13.58.187.255
112.16.170.0-112.16.170.255
69.163.37.0-69.163.37.255
150.109.180.0-150.109.180.255
195.154.102.0-195.154.102.255
209.58.180.0-209.58.180.255
106.187.103.0-106.187.103.255
58.213.101.0-58.213.101.255
104.223.49.0-104.223.49.255
58.213.101.0-58.213.101.255
89.248.171.0-89.248.171.255
35.188.254.0-35.188.254.255
104.236.35.0-104.236.35.255
67.91.227.0-67.91.227.255
146.185.173.0-146.185.173.255
35.204.162.0-35.204.162.255
62.210.204.0-62.210.204.255
35.200.111.0-35.200.111.255
45.125.0.0-45.125.0.255
104.211.89.0-104.211.89.255
172.247.36.0-172.247.36.255
188.166.120.0-188.166.120.255
37.187.105.0-37.187.105.255
198.11.252.0-198.11.252.255
119.28.156.0-119.28.156.255
103.16.127.0-103.16.127.255
119.28.250.0-119.28.250.255
13.70.106.0-13.70.106.255
139.180.200.0-139.180.200.255
108.61.229.0-108.61.229.255
47.89.180.0-47.89.180.255
162.62.19.0-162.62.19.255
35.185.62.0-35.185.62.255
36.163.242.0-36.163.242.255
62.52.4.0.-62.52.4.255
198.11.175.0-198.11.175.255
47.75.245.0-47.75.245.255
104.211.246.0-104.211.246.255
49.51.168.0-49.51.168.255
141.255.162.0-141.255.162.255
185.31.159.0-185.31.159.255
406.101.183.0-406.101.183.255
35.198.225.0-35.198.225.255
136.243.53.0-136.243.53.255
31.7.184.0-31.7.184.255
146.243.53.0-146.243.53.255
42.228.235.0-42.228.235.255
91.229.77.0-91.229.77.255
106.187.54.0-106.187.54.255
206.190.134.0-206.190.134.255
123.206.57.0-123.206.57.255
47.91.18.0-47.91.18.255
185.175.208.0-185.175.208.255
65.52.4.0-65.52.4.255
35.180.122.0-35.180.122.255
198.27.82.0-198.27.82.255
159.203.1.0-159.203.1.255
193.234.224.0-193.234.224.255
139.59.0.-139.59.0.255
116.251.223.0-116.251.223.255
113.113.120.0-113.113.120.255
173.230.145.0-173.230.145.255
176.126.85.0-176.126.85.255
45.113.71.0-45.113.71.255
35.203.8.0-35.203.8.255
47.91.227.0-47.91.227.255
-
Hmmmmmm, this might be easy, maybe with a macro in a word processor?
Would I just be overdoing it, with PeerBlock already installed?
???
[/quote]
Use a command-line tool like `sed` or an editor (like Notepad++ or Sublime Text) that can handle regular expressions.
~ $ cat ip-addresses.txt
54.36.148.19 # 2019-01-23, ip19.ip-54-36-148.eu, FRA, 12
178.138.34.228 # 2019-01-23, 178.138.34.228, ROM, 1
109.236.81.197 # 2019-01-23, customer.worldstream.nl, NLD, 1
122.192.29.53 # 2019-01-23, 122.192.29.53, CHN, 1
185.101.32.134 # 2019-01-23, 185.101.32.134, NOR, 11
54.36.148.73 # 2019-01-23, ip73.ip-54-36-148.eu, FRA, 12
43.231.215.137 # 2019-01-23, 43.231.215.137, IND, 1
219.91.202.163 # 2019-01-23, 163-202-91-219.static.youbroadband.in, IND, 1
37.228.184.136 # 2019-01-23, 37.228.184.136, DEU, 11
1.54.34.132 # 2019-01-23, 1.54.34.132, VNM, 1
191.101.184.85 # 2019-01-23, customer.apeironglobal.co, CHL, 1
36.37.199.220 # 2019-01-23, 36.37.199.220, KHM, 1
~ $ sed -i "s/\#.*//g" ip-addresses.txt
~ $ cat ip-addresses.txt
54.36.148.19
178.138.34.228
109.236.81.197
122.192.29.53
185.101.32.134
54.36.148.73
43.231.215.137
219.91.202.163
37.228.184.136
1.54.34.132
191.101.184.85
36.37.199.220
-
A perfect job for sed!