Shareaza

[sdjsdjdfhs]

G'day

I've looked in the FAQ for this. For the last couple of weeks instead of getting a mixture of real results and SPAM, I'm now getting only SPAM. I'm only getting a handful of results all of similar size. It seems like someone is able to stop me from getting any results apart from their own garbage.

Thank you to anyone who can help.

[cyko_01]

if you are connected to only edonkey then try using another server

[dark146]

Don't try to use P2P clients like Shareaza or Limewire to search and download software of ANY kind since 99.99999% of the results are spam and viruses and second of all its illegal.

[ailurophobe]

I think that would be caused by having your host cache full of bad hubs. (Or UPs or servers.) I think the FAQs/Wiki should have instructions on cleaning the host cache since it is a relatively common cause of problems.

[swampmonster]

Hi, everyone!

I would like to weigh in on this subject, if I may. I realize that I am a new member, but this is a subject I know a little about.

First of all, dark146, file sharing is not, in an of itself, illegal. This is especially true of fake files and spam, which are files that are themselves illicit. Peer-to-peer file sharing does have legitimate uses: I host nearly 1,500 files for sharing that are either in the public domain or identified by their copyright-holders as shareable. Yes, it is illegal to share copyrighted files that the copyright holder would not want to be shared -- but your post seems to suggest that this illicit activity is file-sharing's only purpose, and I am living proof that this is not so.

Cyko makes an excellent point about eMule/eDonkey servers: many of them are fake, and only (1) serve up fake, likely infected files, or (2) serve up no useful search results at all. There are very few legitimate eMule servers on the network -- less than ten, I think. You need to block the fake servers: then your eDonkey search results will be better.

There are also plenty of Gnutella-1 and Gnutella-2 hosts whose only reason for being is to host or index fake files.

One would think that the best way to stop fake files from showing up in your search window would be to block the IP numbers of the miscreants hosting those bad files, and this is an important tool, but those IP numbers keep changing, so it's impossible for IP-based filters to totally fix the problem. Since blocking IP numbers is a vital tool, however, I recommend PeerBlock, which is effective and compatible with Vista. You can find it at http://www.peerblock.com/. The blocklists that will make this security tool work can be found at Bluetack, http://www.bluetack.co.uk/forums/index.php. PeerBlock also has ready-made links to blocklist downloads to make it work effectively.

In addition, I have embarked upon a new project to try to help Shareaza users reduce the appearance of fake files in their search results, by blocking the file hashes associated with those files. Now, I have been told that this effort is futile because all the fake-file creators have to do is change one byte in their fake files, causing the files to have a whole new file hash, to circumvent my filter -- but that has yet to be demonstrated. The fake-file purveyors are using this one-byte method already, so what do we have to lose by trying? If you're interested, you can find the experimental Shareaza fake-files filter here: http://www.bluetack.co.uk/forums/index.php?showtopic=20428.

I naturally am terribly interested in any comments anyone might have about what I've posted here, good or bad!

Sincerely,
Richard

[cyko_01]

[grey-hame]

If the main source of bad search results is bad hubs specifically created by black hats to index and promote bad results, then is not the most effective blocking method to identify and block the bad hubs? There will generally be fewer of these, with stabler IPs, than bad sources, and bad hubs could even completely fake a nearly infinite number of bad push sources and get innocent IPs banned by source-banners in the process.

[cyko_01]

[ailurophobe]

That's Gnutella, in G2 the client does know the hubs IP, since the network is searched iteratively in clusters. Similarly blocking known bad ED2K servers is doable.

It might be possible to set hard limits on QHT fill ratios. A leaf would then only add files to its QHT until it reaches some limit close to the hubs hard limit. Also hubs would only accept new leafs until they reach the hub-to-hub QHT limit. This would probably be better than limiting leaf count to control hub load. Leafs should first add unique hash data and only then keywords, to avoid reducing file availability. And it should be possible to create a filter for QHT entries corresponding to word searches and block leafs/hubs with unreasonably high filtered fill ratio. (-> answers to more word searches than hash searches by some ratio) Instead of a filter it would be possible to just count actual keyword and hash hits and auto-ban the IP, if the ratio becomes too high.

[brov]

This is not necessarily a bad hub. Bad leaf can send hits too.

As for QHT thing - in fact spammers want queries, more queries means better for them. To respond to every query it must send somewhat filled QHT (in fact, what I observed, they're sending 100% full QHT). I written down a proposal to solve this. It is somewhere on this forum, search for it

[punkmaister]

Spam is increasingly appearing now on just about all searches I've been able to handle it by filtering the most common names that gsrbag comes under such xxx.com gey.sado to name a few. Whoever is behind the spam likes to place their own signatures behind,

[old_death]

There's no problem banning URL spam by word matching in the security filter. Also, as it is unlikely that people will register a new domain to spam each day, so this should be relatively effective...