Become a Site Supporter and Never see Ads again!

Author Topic: Weird "zombie leechers" on my bt.etree torrents  (Read 2565 times)

0 Members and 1 Guest are viewing this topic.

Offline capnhook

  • All your llamas are belong to us....
  • Site Supporter
  • Trade Count: (20)
  • Needs to get out more...
  • *
  • Posts: 4843
  • All your llamas are belong to us....
Weird "zombie leechers" on my bt.etree torrents
« on: February 01, 2019, 06:13:37 PM »
I've been experiencing something I can only describe as "zombie leechers" on certain torrents that I have seeding on bt.etree.

What is happening is this:  some one (or some nefarious bot) is leeching a few torrents of mine, staying connected, but NOT DOWNLOADING ANYTHING  ??? ??? ???

The shenanigans are coming primarily from this IP address (although I have seen other addresses, this one accounts for 90% of them):

58.213.101.40

I did a lookup, and this server is located in Jiangsu, China.  The ISP is CHINANET Nanjing IDC network.

I'm using utorrent.

Is anyone else seeing this kind of activity?  I can stop and start the torrent, and the leech goes away.
Proud member of the reality-based community

BSCS-L->JB-mod [NAK CM-300 (CP-3) and/or (CP-1)]->LSD2->CA CAFS-Omni->Sony ECM-907**Apogee MiniMe Rev. C->CA Ugly II->**Edirol OCM R-44->Tascam DR-22WL->Sony TCD-D8


"Don't ever take an all or nothing attitude when it comes to making a difference
and being beautiful and making the world a beautiful place through your actions.
Every little bit is registered.  Every little bit.  So be as beautiful as you can as often as you can"

"It'll never be over, 'till we learn."
 
"My dream is to get a bus and get the band and just go coast to coast. Just about everything else except music, is anti-musical.  That's it.  Music's the thing." - Jeb Puryear

Offline capnhook

  • All your llamas are belong to us....
  • Site Supporter
  • Trade Count: (20)
  • Needs to get out more...
  • *
  • Posts: 4843
  • All your llamas are belong to us....
Re: Weird "zombie leechers" on my bt.etree torrents
« Reply #1 on: February 01, 2019, 09:42:19 PM »
Starting to get to the bottom of this.  I'm going to try to block that pesky 58.213.101.40 IP address, in utorrent, and see if that helps..

http://johnbokma.com/mexit/2008/02/05/blocking-ip-addresses-utorrent.html

Proud member of the reality-based community

BSCS-L->JB-mod [NAK CM-300 (CP-3) and/or (CP-1)]->LSD2->CA CAFS-Omni->Sony ECM-907**Apogee MiniMe Rev. C->CA Ugly II->**Edirol OCM R-44->Tascam DR-22WL->Sony TCD-D8


"Don't ever take an all or nothing attitude when it comes to making a difference
and being beautiful and making the world a beautiful place through your actions.
Every little bit is registered.  Every little bit.  So be as beautiful as you can as often as you can"

"It'll never be over, 'till we learn."
 
"My dream is to get a bus and get the band and just go coast to coast. Just about everything else except music, is anti-musical.  That's it.  Music's the thing." - Jeb Puryear

Offline capnhook

  • All your llamas are belong to us....
  • Site Supporter
  • Trade Count: (20)
  • Needs to get out more...
  • *
  • Posts: 4843
  • All your llamas are belong to us....
Re: Weird "zombie leechers" on my bt.etree torrents
« Reply #2 on: February 01, 2019, 10:11:59 PM »
That's working correctly, bye bye 58.213.101.40

Now, to go after the remaining 10% --- I'll compile a list of addresses to block, and report back here in a couple of days.

Here's a couple more that are suspect, sniffing them out now:

108.160.140.216
144.34.200.236

Google was my friend.

 :bigsmile:
Proud member of the reality-based community

BSCS-L->JB-mod [NAK CM-300 (CP-3) and/or (CP-1)]->LSD2->CA CAFS-Omni->Sony ECM-907**Apogee MiniMe Rev. C->CA Ugly II->**Edirol OCM R-44->Tascam DR-22WL->Sony TCD-D8


"Don't ever take an all or nothing attitude when it comes to making a difference
and being beautiful and making the world a beautiful place through your actions.
Every little bit is registered.  Every little bit.  So be as beautiful as you can as often as you can"

"It'll never be over, 'till we learn."
 
"My dream is to get a bus and get the band and just go coast to coast. Just about everything else except music, is anti-musical.  That's it.  Music's the thing." - Jeb Puryear

Offline capnhook

  • All your llamas are belong to us....
  • Site Supporter
  • Trade Count: (20)
  • Needs to get out more...
  • *
  • Posts: 4843
  • All your llamas are belong to us....
Re: Weird "zombie leechers" on my bt.etree torrents
« Reply #3 on: February 01, 2019, 11:12:44 PM »
Ahh, this is easy now.

Here are some bad actors.  Bye Bye.


58.213.101.0-58.213.101.255
108.160.140.0-108.160.140.255
46.105.96.0-46.105.96.255
58.180.123.0-58.180.123.255
207.148.25.0-207.148.25.255
Proud member of the reality-based community

BSCS-L->JB-mod [NAK CM-300 (CP-3) and/or (CP-1)]->LSD2->CA CAFS-Omni->Sony ECM-907**Apogee MiniMe Rev. C->CA Ugly II->**Edirol OCM R-44->Tascam DR-22WL->Sony TCD-D8


"Don't ever take an all or nothing attitude when it comes to making a difference
and being beautiful and making the world a beautiful place through your actions.
Every little bit is registered.  Every little bit.  So be as beautiful as you can as often as you can"

"It'll never be over, 'till we learn."
 
"My dream is to get a bus and get the band and just go coast to coast. Just about everything else except music, is anti-musical.  That's it.  Music's the thing." - Jeb Puryear

Offline bombdiggity

  • Trade Count: (11)
  • Needs to get out more...
  • *****
  • Posts: 2277
Re: Weird "zombie leechers" on my bt.etree torrents
« Reply #4 on: February 01, 2019, 11:40:19 PM »
I'm not sure what is accomplished by their efforts like this but will note that if one installs PeerBlock or things like that then seeds torrents you'll likely find that 90-ish% of the world's internet  traffic either originates in or passes through China and a lot of the leechers are from thoroughly blacklisted IPs. 

I'm not as proactive as I should be but ideally one runs torrents on a dedicated box that only does that with no connection to anything else of yours. 
Gear:
Audio:
Schoeps MK4V
Nak CM-100/CM-300 w/ CP-1's or CP-4's
SP-CMC-25
>
Oade C mod R-44  OR
Tinybox > Sony PCM-M10 (formerly Roland R-05) 
Video: Varied, with various outboard mics depending on the situation

Offline capnhook

  • All your llamas are belong to us....
  • Site Supporter
  • Trade Count: (20)
  • Needs to get out more...
  • *
  • Posts: 4843
  • All your llamas are belong to us....
Re: Weird "zombie leechers" on my bt.etree torrents
« Reply #5 on: February 02, 2019, 07:06:56 AM »
Yep, I have a dedicated box just for torrents, bombdiggity.  Thank you for the pro tip, I'll install Peerblock right away.

Maybe there's a way to do this myself, too.  I'm wondering if I can take up-to-the-minute IP blacklist information (that I can get for free on Myip.ms) and strip out the stuff I don't need?

I would just need to change this (short example):

54.36.148.19          # 2019-01-23, ip19.ip-54-36-148.eu, FRA, 12
178.138.34.228          # 2019-01-23, 178.138.34.228, ROM, 1
109.236.81.197          # 2019-01-23, customer.worldstream.nl, NLD, 1
122.192.29.53          # 2019-01-23, 122.192.29.53, CHN, 1
185.101.32.134          # 2019-01-23, 185.101.32.134, NOR, 11
54.36.148.73          # 2019-01-23, ip73.ip-54-36-148.eu, FRA, 12
43.231.215.137          # 2019-01-23, 43.231.215.137, IND, 1
219.91.202.163          # 2019-01-23, 163-202-91-219.static.youbroadband.in, IND, 1
37.228.184.136          # 2019-01-23, 37.228.184.136, DEU, 11
1.54.34.132          # 2019-01-23, 1.54.34.132, VNM, 1
191.101.184.85          # 2019-01-23, customer.apeironglobal.co, CHL, 1
36.37.199.220          # 2019-01-23, 36.37.199.220, KHM, 1


into this:

54.36.148.19
178.138.34.228
109.236.81.197
122.192.29.53
185.101.32.134
54.36.148.73
43.231.215.137
219.91.202.163
37.228.184.136
1.54.34.132
191.101.184.85
36.37.199.220

Hmmmmmm, this might be easy, maybe with a macro in a word processor?

Would I just be overdoing it, with PeerBlock already installed?

 ???

Proud member of the reality-based community

BSCS-L->JB-mod [NAK CM-300 (CP-3) and/or (CP-1)]->LSD2->CA CAFS-Omni->Sony ECM-907**Apogee MiniMe Rev. C->CA Ugly II->**Edirol OCM R-44->Tascam DR-22WL->Sony TCD-D8


"Don't ever take an all or nothing attitude when it comes to making a difference
and being beautiful and making the world a beautiful place through your actions.
Every little bit is registered.  Every little bit.  So be as beautiful as you can as often as you can"

"It'll never be over, 'till we learn."
 
"My dream is to get a bus and get the band and just go coast to coast. Just about everything else except music, is anti-musical.  That's it.  Music's the thing." - Jeb Puryear

Offline nassau73

  • Trade Count: (3)
  • Taperssection Regular
  • **
  • Posts: 152
Re: Weird "zombie leechers" on my bt.etree torrents
« Reply #6 on: February 03, 2019, 12:52:05 PM »
One way to strip out that extra info is with The Bulk Rename Utility

https://www.bulkrenameutility.co.uk/Main_Intro.php
===================================

Maybe there's a way to do this myself, too.  I'm wondering if I can take up-to-the-minute IP blacklist information (that I can get for free on Myip.ms) and strip out the stuff I don't need?

I would just need to change this (short example):

54.36.148.19          # 2019-01-23, ip19.ip-54-36-148.eu, FRA, 12
178.138.34.228          # 2019-01-23, 178.138.34.228, ROM, 1
109.236.81.197          # 2019-01-23, customer.worldstream.nl, NLD, 1
122.192.29.53          # 2019-01-23, 122.192.29.53, CHN, 1
185.101.32.134          # 2019-01-23, 185.101.32.134, NOR, 11
54.36.148.73          # 2019-01-23, ip73.ip-54-36-148.eu, FRA, 12
43.231.215.137          # 2019-01-23, 43.231.215.137, IND, 1
219.91.202.163          # 2019-01-23, 163-202-91-219.static.youbroadband.in, IND, 1
37.228.184.136          # 2019-01-23, 37.228.184.136, DEU, 11
1.54.34.132          # 2019-01-23, 1.54.34.132, VNM, 1
191.101.184.85          # 2019-01-23, customer.apeironglobal.co, CHL, 1
36.37.199.220          # 2019-01-23, 36.37.199.220, KHM, 1


into this:

54.36.148.19
178.138.34.228
109.236.81.197
122.192.29.53
185.101.32.134
54.36.148.73
43.231.215.137
219.91.202.163
37.228.184.136
1.54.34.132
191.101.184.85
36.37.199.220

Hmmmmmm, this might be easy, maybe with a macro in a word processor?

Would I just be overdoing it, with PeerBlock already installed?

 ???


[/quote]

Offline capnhook

  • All your llamas are belong to us....
  • Site Supporter
  • Trade Count: (20)
  • Needs to get out more...
  • *
  • Posts: 4843
  • All your llamas are belong to us....
Re: Weird "zombie leechers" on my bt.etree torrents
« Reply #7 on: February 05, 2019, 11:04:29 AM »
Great idea nassau73.  I will look into that.  Looks like it will do what I need it to do pretty easily.  :coolguy:


So far, I have been collecting a list of bad actors that pop in to zombie leech.  I make a note of them once in a while, and then go in and update my "ipfilter.dat" file.

So far, this is what I have collected.  I will edit this list here from time to time with any more that I catch.


209.58.213.101.0-58.213.101.255
108.160.140.0-108.160.140.255
46.105.96.0-46.105.96.255
58.180.123.0-58.180.123.255
207.148.25.0-207.148.25.255
31.132.36.0-31.132.36.255
37.182.105.0-37.182.105.255
104.215.8.0-104.215.8.255
91.121.155.0-91.121.155.255
159.122.133.0-159.122.133.255
35.202.152.0-35.202.152.255
119.28.118.0-119.28.118.255
199.188.105.0-199.188.105.255
198.13.62.0-198.13.62.255
37.59.60.0-37.59.60.255
103.214.144.0-103.214.144.0.255
134.175.67.0-134.175.67.255
54.180.123.0-54.180.123.255
104.24.189.0-104.24.189.255
23.236.122.0-23.236.122.255
104.211.189.0-104.211.189.255
88.119.133.0-88.119.133.255
172.104.229.0-172.104.229.255
178.62.180.0-178.62.180.255
35.220.239.0-35.220.239.255
178.33.9.0-178.33.9.255
104.42.152.0-104.42.152.255
35.228.92.0-35.228.92.255
49.51.85.0-49.51.85.255
46.161.10.0-46.161.10.255
108.61.161.0-108.61.161.255
198.13.38.0-198.13.38.255
103.214.144.0-103.214.144.255
13.58.187.0-13.58.187.255
112.16.170.0-112.16.170.255
69.163.37.0-69.163.37.255
150.109.180.0-150.109.180.255
195.154.102.0-195.154.102.255
209.58.180.0-209.58.180.255
106.187.103.0-106.187.103.255
58.213.101.0-58.213.101.255
104.223.49.0-104.223.49.255
58.213.101.0-58.213.101.255
89.248.171.0-89.248.171.255
35.188.254.0-35.188.254.255
104.236.35.0-104.236.35.255
67.91.227.0-67.91.227.255
146.185.173.0-146.185.173.255
35.204.162.0-35.204.162.255
62.210.204.0-62.210.204.255
35.200.111.0-35.200.111.255
45.125.0.0-45.125.0.255
104.211.89.0-104.211.89.255
172.247.36.0-172.247.36.255
188.166.120.0-188.166.120.255
37.187.105.0-37.187.105.255
198.11.252.0-198.11.252.255
119.28.156.0-119.28.156.255
103.16.127.0-103.16.127.255
119.28.250.0-119.28.250.255
13.70.106.0-13.70.106.255
139.180.200.0-139.180.200.255
108.61.229.0-108.61.229.255
47.89.180.0-47.89.180.255
162.62.19.0-162.62.19.255
35.185.62.0-35.185.62.255
36.163.242.0-36.163.242.255
62.52.4.0.-62.52.4.255
198.11.175.0-198.11.175.255
47.75.245.0-47.75.245.255
104.211.246.0-104.211.246.255
49.51.168.0-49.51.168.255
141.255.162.0-141.255.162.255
185.31.159.0-185.31.159.255
406.101.183.0-406.101.183.255
35.198.225.0-35.198.225.255
136.243.53.0-136.243.53.255
31.7.184.0-31.7.184.255
146.243.53.0-146.243.53.255
42.228.235.0-42.228.235.255
91.229.77.0-91.229.77.255
106.187.54.0-106.187.54.255
206.190.134.0-206.190.134.255
123.206.57.0-123.206.57.255
47.91.18.0-47.91.18.255
185.175.208.0-185.175.208.255
65.52.4.0-65.52.4.255
35.180.122.0-35.180.122.255
198.27.82.0-198.27.82.255
159.203.1.0-159.203.1.255
193.234.224.0-193.234.224.255
139.59.0.-139.59.0.255
116.251.223.0-116.251.223.255
113.113.120.0-113.113.120.255
173.230.145.0-173.230.145.255
176.126.85.0-176.126.85.255
45.113.71.0-45.113.71.255
35.203.8.0-35.203.8.255
47.91.227.0-47.91.227.255
« Last Edit: February 23, 2019, 10:11:38 AM by capnhook »
Proud member of the reality-based community

BSCS-L->JB-mod [NAK CM-300 (CP-3) and/or (CP-1)]->LSD2->CA CAFS-Omni->Sony ECM-907**Apogee MiniMe Rev. C->CA Ugly II->**Edirol OCM R-44->Tascam DR-22WL->Sony TCD-D8


"Don't ever take an all or nothing attitude when it comes to making a difference
and being beautiful and making the world a beautiful place through your actions.
Every little bit is registered.  Every little bit.  So be as beautiful as you can as often as you can"

"It'll never be over, 'till we learn."
 
"My dream is to get a bus and get the band and just go coast to coast. Just about everything else except music, is anti-musical.  That's it.  Music's the thing." - Jeb Puryear

Offline if_then_else

  • Trade Count: (0)
  • Taperssection Member
  • ***
  • Posts: 428
Re: Weird "zombie leechers" on my bt.etree torrents
« Reply #8 on: February 05, 2019, 11:46:27 AM »

Hmmmmmm, this might be easy, maybe with a macro in a word processor?

Would I just be overdoing it, with PeerBlock already installed?

 ???


[/quote]

Use a command-line tool like `sed` or an editor (like Notepad++ or Sublime Text) that can handle regular expressions.

~ $ cat ip-addresses.txt
54.36.148.19          # 2019-01-23, ip19.ip-54-36-148.eu, FRA, 12
178.138.34.228          # 2019-01-23, 178.138.34.228, ROM, 1
109.236.81.197          # 2019-01-23, customer.worldstream.nl, NLD, 1
122.192.29.53          # 2019-01-23, 122.192.29.53, CHN, 1
185.101.32.134          # 2019-01-23, 185.101.32.134, NOR, 11
54.36.148.73          # 2019-01-23, ip73.ip-54-36-148.eu, FRA, 12
43.231.215.137          # 2019-01-23, 43.231.215.137, IND, 1
219.91.202.163          # 2019-01-23, 163-202-91-219.static.youbroadband.in, IND, 1
37.228.184.136          # 2019-01-23, 37.228.184.136, DEU, 11
1.54.34.132          # 2019-01-23, 1.54.34.132, VNM, 1
191.101.184.85          # 2019-01-23, customer.apeironglobal.co, CHL, 1
36.37.199.220          # 2019-01-23, 36.37.199.220, KHM, 1
~ $ sed -i "s/\#.*//g" ip-addresses.txt
~ $ cat ip-addresses.txt
54.36.148.19         
178.138.34.228         
109.236.81.197         
122.192.29.53         
185.101.32.134         
54.36.148.73         
43.231.215.137         
219.91.202.163         
37.228.184.136         
1.54.34.132         
191.101.184.85         
36.37.199.220         

Offline Limit35

  • Trade Count: (4)
  • Taperssection Member
  • ***
  • Posts: 337
Re: Weird "zombie leechers" on my bt.etree torrents
« Reply #9 on: February 10, 2019, 12:19:46 PM »
 A perfect job for sed!

 

RSS | Mobile
Page created in 0.068 seconds with 38 queries.
© 2002-2024 Taperssection.com
Powered by SMF