Page 1 of 2

What is it ?

PostPosted: 05 Jan 2010 21:02
by diztrancer
What purpose of "Match Any" and "Match All" options in Security Rule Dialog ?

Re: What is it ?

PostPosted: 05 Jan 2010 23:23
by ivan386
Any/All word(s) in file name.

Re: What is it ?

PostPosted: 06 Jan 2010 08:22
by diztrancer
So "Match all" for "Crack for -" will block "for crack xxx.zip", "crack for xxx.exe" and so on
"Match any" for "Crack for -" will block "crack or die", "advices for developer" and so on

i think - no

and how block exact phrases ?

Re: What is it ?

PostPosted: 06 Jan 2010 14:16
by cyko_01

Re: What is it ?

PostPosted: 06 Jan 2010 22:25
by diztrancer
I can't block GT spam like "...hot track.au"
regex rule "\.au$" can't block
content rule ".au" can't block
:(

Re: What is it ?

PostPosted: 06 Jan 2010 22:31
by diztrancer
Cyko, that is reason why i asked:

Re: What is it ?

PostPosted: 07 Jan 2010 00:22
by diztrancer
As we can see "Match all" is not what u talk about, Cyko :(

Re: What is it ?

PostPosted: 07 Jan 2010 00:26
by cyko_01
well that is how it is supposed to work. I think some of the security filters code is broken

Re: What is it ?

PostPosted: 07 Jan 2010 00:38
by diztrancer
In old version of Shareaza "Match all" was about to block something when both IP and content rules are true, but in modern incarnation of Shareaza this functionality doesn't have GUI representation :(

Re: What is it ?

PostPosted: 07 Jan 2010 01:16
by cyko_01

Re: What is it ?

PostPosted: 07 Jan 2010 18:41
by raspopov
Match All - all words in any order must present; Match Any - any word must present.

Re: What is it ?

PostPosted: 07 Jan 2010 19:26
by diztrancer
It suppose to work, but not for Gnutella hits :(

Re: What is it ?

PostPosted: 07 Jan 2010 19:28
by raspopov
May be you uses Russian "C" in "CORE" instead of English "C"?

Re: What is it ?

PostPosted: 07 Jan 2010 20:03
by diztrancer
Gnutella filtering is totally broken, it even not applicable in real time like it does for G2.

Re: What is it ?

PostPosted: 07 Jan 2010 20:49
by raspopov
Diztrancer totally broken. Please replace user.

Re: What is it ?

PostPosted: 07 Jan 2010 21:09
by diztrancer
Why LimeWire 5.4.6 is not effected by spam -? where Shareaza(G2 and ed2k off) have 148 spam hits, LW gets only 2

Re: What is it ?

PostPosted: 08 Jan 2010 10:32
by diztrancer
IP and regex rules are applied to Gnutella hits immediately , string rules - not

Re: What is it ?

PostPosted: 08 Jan 2010 11:01
by raspopov
Cannot confirm. Report closed. Thank you for your panic.

Re: What is it ?

PostPosted: 08 Jan 2010 12:10
by diztrancer
Why ".au" or regex "\.au$" can't block Gnutella .au spam ? Same for ".mov"
Why there is no problem with G2 spam ?

Re: What is it ?

PostPosted: 08 Jan 2010 12:22
by raspopov
Cannot confirm.

Re: What is it ?

PostPosted: 08 Jan 2010 12:40
by diztrancer
I can (AFAIK Cyko_01 also can) :
search3.jpg
WHY ???

Re: What is it ?

PostPosted: 08 Jan 2010 13:18
by raspopov
Cannot confirm. In my case "\.mp3$" regexp rule successfully filtered all .mp3-files regardless network type.

Re: What is it ?

PostPosted: 08 Jan 2010 13:52
by ocexyz

Re: What is it ?

PostPosted: 08 Jan 2010 14:04
by raspopov
... Or its DizTrancer's personal problem only. So it isn't a bug, just unexperienced user.

Re: What is it ?

PostPosted: 08 Jan 2010 16:36
by diztrancer
Yes, i have so much spare time to paint fake Shareaza screenshots and make some noise on forums.

P.S. For me "\.mp3$" also works perfect, but "\.au$" and ".\mov$" and many other - no.

P.P.S. And once again - this is GNUTELLA only problem.

Re: What is it ?

PostPosted: 08 Jan 2010 16:39
by raspopov
Cannot reproduce or confirm.

Re: What is it ?

PostPosted: 08 Jan 2010 20:44
by diztrancer
search4.jpg
And again


All u need to remove all security rules, connect only to Gnutella, search for "aaa bbb fdsfsdfs" (and get doze of spam hits in 10 sec), wait when some .au appear.
Then add regex rule "\.au$" and u will that not all .au spam disappear :(

Re: What is it ?

PostPosted: 08 Jan 2010 20:45
by mojo85
Hey guys calm down. You both seem to be correct on the matter. I checked this with my Security Block that I've had from previous versions of Shareaza. In this old Security Block I have .mov, .zip, and .wma all blocked. I did a search and the above were blocked properly. Now I added .au files as a new addition to the Security window and yet .au files still get through. So maybe something is wrong with how new security additions are saved to the block list and how they are read?

Also I noticed some strange things today. This is the first time I've seen this:

Image

The file is zip, but posed as an mp3 due to the icon ... maybe a new way of getting through the security? Also something I noticed for majority of spam is the filesize returned in the hit, is not the file size of the file. In the above example you will see the search result says 111KB, but the file detail below says like 19MB. Can we not use this as a spam check as well ... was this not part of the filtering out bogus results mechanism?

Re: What is it ?

PostPosted: 08 Jan 2010 21:00
by diztrancer
There is also strange files with popular extension like mp3, avi, mov but with "?" icon (like for files without extension).

P.S. Why LW block most of Gnutella spam even with empty blocklist ? They discovered new way ? Where Shareaza got 200 spam results, LW gets only 4 .mov (with size like .au and .mov that Shareaza can't block)

Re: What is it ?

PostPosted: 09 Jan 2010 00:29
by ocexyz

Re: What is it ?

PostPosted: 24 Jan 2010 16:53
by xymor
Find fakes and spam bots is pretty easy. Just search for a hash, something unlikely to be in a file name, 99.8% of the results will be spammers. Search for some other hash and several client which are close(ip wise) to those fakes also respond. It pretty easy spotting bad clients.

The bad thing is having to do this manually.

Re: What is it ?

PostPosted: 24 Jan 2010 17:14
by cyko_01
I think this bug may have to do with flooding since most spam is blocked but there are a few that get past. It is like shareaza gets backed up with files to filter and starts letting them through to save system resources

Re: What is it ?

PostPosted: 24 Jan 2010 17:18
by cyko_01

Re: What is it ?

PostPosted: 28 Jan 2010 14:20
by roestvrijstaal
Distrancer, What kinds of results must Shareaza hide for you?
You can find it on right-mouse-click-menu>Filter Results in the Search Tab.

shareazafilter.jpg


As far as I tested, the reg. exp. filters work for me. "All match"-Filter too, on every search, even if one of the keywords is an extension.

Surprisingly enough, "Fake Results" (Nepresultaten) and "Suspicious Files" (Verdachte Bestanden) do the same thing. Filter the results with the Security filter.

[offtopic]Could png please be allowed to post? I had to rewrite the text after the error message. I Don't like the quality handling of the jpg-format-compression :([/offtopic]

Re: What is it ?

PostPosted: 10 Mar 2010 13:24
by roestvrijstaal
Do I need to post a English version of the screenshot or did you find all the options unchecked and you are to afraid of answer it? :)

Re: What is it ?

PostPosted: 10 Mar 2010 23:30
by diztrancer

Re: What is it ?

PostPosted: 11 Mar 2010 08:05
by ocexyz
OffTopic: What a nice arrow.... professional... :twisted:

Re: What is it ?

PostPosted: 11 Mar 2010 20:07
by roestvrijstaal
Sorry, but... Why you don't make for each word / spam string a security rule? :shock:

The other option can be that the spamming extension is not lowercase, but shareaza interprents them as lowercase extensions...

Did you try other options to cover every random character? for example (.*)* or (.*){0,} instead of .* ?

BTW thanks for the reply :)

@ocexyz: better one arrow than nothing ;) :D

Re: What is it ?

PostPosted: 11 Mar 2010 21:02
by diztrancer

Re: What is it ?

PostPosted: 11 Mar 2010 21:43
by roestvrijstaal
Could it be unicode?