Theres something very weird going on with WinMx. Read this thread and see what you think is going on. http://vladd44.com/phpBB2/viewtopic.php?t=2594&postdays=0&postorder=asc&start=0

It has been suggested this might be some new virus. Im almost starting to believe it could be another client trying to hack into the WPN. At any rate somethings going on, I just hope its not a hacker trying to take winmx out.

Hmm, I've heard of this happening, although I've never had it happen to me personally. I don't share anything that small. But hopefully the guys at frontcode know about this and can do something about it. About those guys talking about WinMX being vulnerable, any p2p network is vulnerable. You just need to find a weakness and properly exploit it.

That's freaky, to say the least. I haven't used MX for a couple of weeks. Thanks for the heads up. You should post that list of bad IP's in this thread too.

I have had it happen to me just the other day and I couldnt figure out what was going on. thwo users kept hitting me for small files but just timing out always. It didnt last that long though so I jst thought it was something buggt going on and changed hosts. Now I dont know.

I'm glad you brought it here, I have noticed similiar instances, and have even seen "fake_chaser". Let's not reinvent the wheel, they're clearly attempting to test this. I will watch the board to see if they have any new developments, not piddle in their threads unless I would have something of real weight to contribute. *hint*

.

i think your link just killed their forum's bw limit

edit:Warning: mysql_connect(): Can't connect to MySQL server on 'localhost' (10055) in C:\Program Files\Abyss Web Server\htdocs\phpBB2\db\mysql4.php on line 48

Warning: mysql_error(): supplied argument is not a valid MySQL-Link resource in C:\Program Files\Abyss Web Server\htdocs\phpBB2\db\mysql4.php on line 330

Warning: mysql_errno(): supplied argument is not a valid MySQL-Link resource in C:\Program Files\Abyss Web Server\htdocs\phpBB2\db\mysql4.php on line 331
phpBB : Critical Error

Could not connect to the database

Would really like someone to help find the IP's of the uploaders. The ip's listed on vladd's forum are only for the "sharers". Blocking those specific IP's listed or taking it a step further and blocking the whole ranges doesn't prevent them from uploading. But here they are:

209.11.134.19 [[email protected]]
209.11.134.20 [[email protected]]
209.11.134.21 [[email protected]]
220.255.197.222 [[email protected]]
217.207.155.235 [[email protected]]
204.193.136.57 [[email protected]]

Dont think it's a virus since it is doing an extremely crappy job at replicating itself. I lean towards tracking the network or sabotage.

Hmm..very interesting and freaky

Damn, another reason WHY Frontcode should release the new version and participate in the community :(

the only thing i can think why they are doing it through small files, is if they are installing a virus of some sort on it and passing it around. Small files can be a KeyGen as well as serial texst, jpg could be redirecting link to download files.

I haven't noticed this on WIMMIX, but now that it's been mentioned, I have noticed something similar while using KCEasy which connects to Gnutella as one of its networks. Sometimes when you do a search for a certain song or album, you get like a hundred entries all from the same user. If you try to download them, they either don't connect or they are fake. I thought to myself, "why is this guy offering so many copies of the same songs?" Hmmmm.

that could be the case IF they had their files available for download but all attempts to download from them result in a "connection refused" if you try searching for alternates based on the HASH you wont get a match. The ppl trying to upload aren't sharing files so nothing to download from them. In short; half are sharing bogus files (priamrily MP3, OGG and WMA) the other half aren't sharing anything at all and getting into ppl's queues. So how could a virus spread?

maybe its not a virus. Put it like this.. An album pops up on their.. its been ripped and now being shared, its easy being shared cause its the only source and files listed. their idea is to do what kazaa does.. But more advanced. Suppose they put up fake songs to get you to try to download, but once the connections been made, maybe their trying to browse through your files to see if or what your sharing... Tieing queues up so everyone waits longer. I would recommend to stop using it since winmx is so blantly bad on downloading files.

I would recommend to stop using it since winmx is so blantly bad on downloading files.

You're gonna hurt someone's feelings there...

they deserve it

wheres winmx 4

not even a hey were not dead

screenie!!

I've seen these "names" around. especially when I did a search on T** T****** - B** S**, (name changed to protect the board), there were like five names of that type sharing ALL the files on the wpn, but the legit ones were on opennap, so they're confined to that network, for the time being. you couldn't d/l from them, some had large queues (100+) some had no queues, all were sharing multiple copies and you couldn't message them at all. and this was like in January.

hmmm. I only share 1 text file but I could have sworn "users" of that type were hammering me for certain popular mp3's I was sharing one night....you know, that one night I made that crazy paranoid thread. You couldn't message the users, the connections timed out or connected then disconnected, and they'd try again, over and over and over. They never bugged me liked that after that though, and I didn't change any of my habits. could that be related to this? I know this issue is more on small text files and jpg's, but still....

oh, and supreme:


they deserve it

wheres winmx 4

not even a hey were not dead

screenie!!

if you're going to spam, please spam in english, thank you.

Hmm, just tried a search for that song they said on that board.

Got 700+ results, all from those names (Brittneyspears, Magictouch7, etc...)
Looks like they are trying to kill WinMX.....Not like its already dead...

What follows here are some facts, some reasons and alot of speculation on my part. I was going to wright some of this yesterday but I Had to work twelve hours so I just did a quick link to Vladd.

It is known that a large group of users are attempting to download a mass amount of small Jpeg, Txt ect. files.Most all attempts time out nor can you donwload from these users. Winmx allows small files like txt. files to bypass all que. Usually when you try to downlaod any file under a certain byte amount (I cant remeber what it is) you automatically start but these people are timing out.
Could this be the RIAA?It is well know that its easy to spoof a persons shared file and browsing poeple can be an iffy thing too. The connecting could be away to establish they have the correct list. But this doesnt explain why they hammer some people over and over to get a list. Adding one of the songs they share to your list causes them to seek you out and try to download what they can from you. Which leads me to my next theory.
Could this be some multi network client trying to make a hack for the WPN?The best way to test a program would be to try and download what you knew would start or is supposed to start. But worse they could even be trying to mod the byte size to make any file by pass all que. They also could be targeting and using these fake files not only to find each other but also protect themselves. With a group of at least 35 users there are not many programs with that many programers. You could narrow the list way down to maybe like one.

Is there some hidden meaning to the song tittles they've selected? One songs thats said to be affected is Eyes Wired Shut. Could some hackers be trying to flood the primarys on winmx to shut them down?
Like I said at the begining this is all just my speculations. Some of it is really out there and maybe I've been watching to many old Oliver Stone movies. But somthing is going on. The question is still what.

The globix numbers people listed to block, go to sbcglobal website. I had installed those numbers on peerguardian, and sbc sent out a new email that says their now doing dishnetwork by sbc. I click on it and it was blocked.. said globix.

Using WInMX AND Kazaa Lite, i have found that the problem with hundreds of bogus files for certain songs (Eyes wired shut, Bring me to life, etc.) exists on both networks, yielding results from the usual suspects i found on WinMX, Britney Spears and Tobydelirious, but also some new ones, impandpeasnt, pandoraboxy, and gobabygo (especially gobabygo). The results also yield many of the .ogg and .wma audio types, and also have the + symbols in the file names. On the Fastrack network, the search results don't turn up as many results as I get on the WinMX network for some unknown reason (a search for bring me to life on WinMX produced about 4000+ results after about 15 seconds, and i stopped the search!!). Upon attempting to browse their files on K lite, it didn't turn up any results.

If anyone uses another network, i would like to know if the problem exists outside of WinMX and Fastrack

I tried on iMesh for a lark and got 20 hits. That was it.

The uploaders are gone. yesterday had no attempts to upload from me. Too bad ... was waiting for them ;)

I'm not sure it's a large group. Consider the "sharers" 29 nicknames are being used (with different ending hashes) generating thousands of hits on one title (at one count about 12,000 hits for eyes wired shut) but ONLY 6 IP's are responsible for creating that list (one of which looks to be a small network with 3 computers)

I dont think mx was being tested. Considering winmx is #3 in terms of p2p users and been around a long time i suspect sabotage or the big bag wolf sniffing around for another p2p to go after. Another possiblitly is phatbot - new trojan out there but neither the uploaders nor the downloaders were sharing files which for me at least nullyfies that possibility.

as for a winmx 4? frontcode is too busy drinking margeritas and raking in the cash to care about us...just so long as the $ roles in for them....

Pandoraboxy hit me last night. I got home to see attempts to download a pic I made and only one person left in my que. This could be caused by the primarys traffic being flooded which would cause people to time out. has anyone using kaZaa tried downloading from these users?

The link provided in the first post has forums that state that the IP addresses that pandoraboxy, britneyspears and company use are registered with a company called Globix. With a search on DSLreports.com, i found that this is a relatively small company that specializes in providing expensive SDSL service to small businesses only, which is interesting considering that it is well known that various trade groups hire small companies to flood networks with bogus files to disrupt them.
Also, they seem to be creating more names and using more files, which isn't too big of a problem for now, but has the potential to grow to be a very big annoyance.

Finally, Kazaa Lite has their bandwith listed at 15272!?!?

small files my ass. britney and rolf hit me up for mp3's within 5 minutes of logging in. Interestingly, rolfie tried to d/l a song by an INDIE band.

the other guy, pekmu, wasn't part of it, he's just some non-bot leech.

Not just globix but also easynet and signet (and that's the "sharers" only) no one has provided ip's of the uploaders.

Nabbing mp3's from me as well. The list of user names they use has changed (some of the original culprits are still there like superman and britney spears) They are now sharing 500 files and a list of what they are sharing has shrunk to 5 different file names.

the idea of tieing up lines by queing everyone at any given time, so no one can be uploading or downloading would be a thought.. Maybe new winmx should block the globix ip range =0)

I am not sharing any Mp3's but every once in awhile theyll hit me for a few pics and then move on. this is bugging the crap out of me

Yes, I tried to download a song that said over 50 people had it, but I waited like 10 min and it never did start downloading...I can not get it to download any songs, but I can find the users that have the songs! It is just sooo messed up!

Most of them have 135 slots open of 135 and none of them start. All of the users ive browsed were sharing 3000 files.

My latest search for Bring me to Life yielded about 8000 results, easily the most i've ever obtained for a search. This time there are more users than ever (and with more unusual names, circusjojo?????), and all are sharing either 3000, 800, or 500 files. At this rate, the whole entire network will be filled with nothing but these non-existent mp3 files from the same network of users. At times like this i wish i was a programming major of sorts to put an end to this nonsense.

what it will boil down to is rooms and channels where you would have to be invited and gain access.. Or even leave such a popular network to go to a software program that cant handle the user base. RIAA said it was unveiling a new method to stop downloading and uploading.

How is it able to tell what files are legal to download and which are not. In other words they are going to nuke all open p2p sites just stop the share of files they belive to be illegal and those that are as well?

I was just looking at my uploads and I noticed that like 10 different users would try to get a song from me, but it would say connection timed out. In a few min, that same user would try to get the same song from me and it would connection timed out again...has anyone elsed noticed that? Their names are Whack485_54754, NSkylineGTR32772_50179, oldschool760_33326, Floatyourboat375_43712, ?¿?¿?¿?¿229_61266, and there are a few more.

might be usual mx traffic. If your not sure, right click and browse, if they are all 0 file sharers with queues set to 138 of 138 available (or some other ridiculous number) then maybe. Initial list was 29 nicknames, it's expanded to about 60+ now. Other option is to search for "eyes wired shut" that'll give you a list of names currently being used.

Im a little worried about this now. Its has become obvious its some group trying to make it hard to find real sources for some songs, and it working very well so far. The users doing this are growing, although very slowly, they seem to be picking up speed. Soon it might be out of control. Its a real pain looking through 5000 results for a source. Is this affecting KaZaa this bad?

Yes, it is affecting the Fastrack network just as bad. A search for the files that are known to contain fake results on Kazaa Lite have about a 99% fake file rate. They would have to be hired by someone though, not even someone with a lot of time on their hands would be a big enough LOSER to rename the same files hundreds of times just to curb downloading of certain songs. I remain confident that some very computer savvy P2P types will eventually divert these users from disrupting the networks.

The only thing i can do to REMEDY this situation, is too actually stop Swarming downloads.. make a new hashing system if we need swarm downloads.. Otherwise download individually, and a program that wont try to get a song from anyone else then the person you click on.

So far my downloadings havent stoped since i dont use kazaa or winmx.. I did go to winmx to check out what was going on, no one downloaded from me.. But peerguardian did block one Ip i put in called GLOBIX.

I haven't used WinMX in a looooong time, so I'm not quite sure how the upload queue + smalls files works.

Is it...
1) The downloads starts immediately, but the people already in the queue don't lose their position, or...

2) The person requesting the small file gets bumped to the front of the queue, so that the download starts immediately...

?

If it works like #2, then it's pretty obvious this is being done intentionally to deny others from grabbing files from the people these bots are hammering. Keep the front of the queue filled with nonsense requests and no one else will ever get what they're looking for.

Pretty disturbing...

Its number 1 and 2. The files are so small they usually downlaod it 3 seconds. These people timing out though are taking up more time. I have mine set to time out at 300 seconds of not starting. Guess i should change that huh

Where are they now???
Only a fraction of the results i usually get for Bring me to life, and only a few results for Eyes Wired Shut and Mercy Me on WinMX, ALL LEGIT, while on the Fastrack network I got many results (shows how much more people are sharing on the Fastrack network then WinMX) for both songs but were also all Legit. Seems like they have calmed down a bit for now.

At first glance it looks like its calmed down on Winmx but when you look closer youll notice the different users are now sharing the same files. Unlike before when all the hashes were different and made them stand out as fake. I did notice though there only seems to be two names doing this to Eyes Wired Shut now, rosyposycozy and okeydoke.

Ok...i Was Looking At Eyes Wired Shut And It Was Over 1000 Of The Song With The Same Users. I Thought I Would Browse Some Of Their Files To See What Songs They Had. It Turns Out That They Are Sharing Probably 100s Of The Same Song. I Tried Downloading It To See If It Was Fake And It Said Connection Refused. Then, I Hit Find Sources. There Were Over 100 Users That Had It, But All Of Them Said Connection Refused. It Was Finding So Many Names And Their Connection Refused So Quickly That My Whole Winmx Crashed. I Finally Got It Back Working Right.

fyi: Just checked and these usernames appear on numerous kazaa fakes as well:
britneyspears
francismaude
helo89701
rolfharris
Superman
thomastankengine
tobydelireous

These idiots just don't stop...

Now this is the time when concerned hackers have to step up and take action by taking these people down. Hijack the website or something like that to stop these people.

The only way to get around these people filling your q is to make a hacked version of WinMX, or WPNP client.
There is no other way to be quite safe. It's obvius that the wpnp is out dated, and if front code won't do anything about it, someone else will. Another option is to just simply move to other networks. Obviusly front code does not care, or they would release some fix for it. Sure, maybe it'll only be a temp fix, but it will hold the users over.
Flame if you must,

Checkout the globix site seems they provide fat pipes and fast media servers.
www.globix.com

and for some reason this name really stands out:
NSkylineGTR32772_50179

seems like this is a variation of the netsky virus (just this name not anyothers)

N(et)Sky

i wonder if maybe the makers of Netsky decided to only infect globix corp.?
since they have FAT pipes and the makers of netsky claim they are a "anti-virus and anti-piracy" group.

And there was a message in sime ither virus telling the makers of netsky "the sky net p2p network will never become a reality" whatever that means. So maybe the makers though y not use winmx as there Sky Net Network and are testing it out or just wreasking havoc on ppl.

Man that was the craziest theory ive ever came up with!

They havent hit me for any files in about a week now but I can still find them on the network. They seem to have stopped growing though. Im just glad they have not gone after movie files, yet.

Did a search today (On WinMX and Kazaa Lite) and didn't find any of them sharing the songs they usually share. Either they achieved what they wanted to do and are gone, or are sharing different files.

try searching the keyword "Hidalgo" on fasttrack I get about 3000 hits at least 90% are from the users I posted

NSkylineGTR isnt the NetSky virus. Thats the name of a sweet car made by Nissan.

But anyway, i did a search for Cypress hills new song on WinMX, and no one has flooded the network with fakes of that song yet.

Here is a pic of that car.

Yes the amount of fake users has dramatically decreased. I think they are looking for the next big thing to go after.

they're probably just testing different methods of disruption and gauging their effectiveness

Just got hit by username "thezoo826" for every little gif/jpeg I had in my share folder....knocked my queue list from 101 to 43....I manually cancelled him before he could start dl from me though....good thing I was sitting here when it happened, else I never would've known...

this thing seems to be spreading, almost any file I searched for today, even some obscure country songs, turned up thousands of results, many from the same user, even some with 40+ users sharing the same hash. Almost all users had 3000 shared, and when I tried to download, It just timed out. For example try to download "you ain't much fun" by Toby Keith. Really wondering what is going on here. I believe that this is a way of slowing or blocking file sharing, by taking up que's downloading small files, and by posting thousands of fake files, this does make filesharing much more difficult. Also intresting, while searching for Blackhawk, I turned up many files that did not have blackhawk in their name at all, but had all the syptoms of the fake files, eg. many versions from the same user, sharing 3000 files.

I can still find my Trance tunes :)