Cachechu 1.6 released

Discussion unrelated to Shareaza goes here.
Forum rules
Home | Wiki | Rules

Cachechu 1.6 released

Postby kevogod » 10 Jan 2016 01:17

kevogod
 
Posts: 278
Joined: 13 Jun 2009 16:13

Re: Cachechu 1.6 released

Postby raspopov » 10 Jan 2016 06:30

User avatar
raspopov
Project Admin
 
Posts: 945
Joined: 13 Jun 2009 12:30

Re: Cachechu 1.6 released

Postby ale5000 » 09 Feb 2016 06:39

The client with User-Agent "LimeWire/4.21.1" and GWC query "?get=1&net=gnutella&client=LIME&version=1.1.1.6" is a virus.

I have just found it: https://totalhash.cymru.com/analysis/?9 ... bb5db61130
ale5000
 
Posts: 66
Joined: 18 Nov 2012 22:56

Re: Cachechu 1.6 released

Postby ale5000 » 11 Feb 2016 01:33

Last edited by ale5000 on 30 Mar 2016 12:14, edited 1 time in total.
ale5000
 
Posts: 66
Joined: 18 Nov 2012 22:56

Re: Cachechu 1.6 released

Postby ale5000 » 30 Mar 2016 12:08

Serious security problem, this apparent GWC url "http://udp-host-cache.com/gwc/" with IP "52.49.1.53" that appears sometimes as "Skulls 0.3.2c" and sometimes as "Cachechu 1.6" get inserted inside Cachechu urls list.

The domain udp-host-cache.com is reported by Firefox as malicious.
The IP belond to Amazon Technologies Inc.
The Amazon Cloud can be rented and it is often used by malicious people.

Edit: the site redirect to another url, that when scanned give this: https://www.virustotal.com/it/url/da3c4 ... 459336622/

Edit2: Loading the url now doesn't appears a valid GWebCache, so I wonder how it get inserted; it appears only on Cachechu caches and not in other caches so it possibly use a Cachechu vulnerability or just targetting Cachechu.

Edit3: The domain now point to the IP "195.22.26.248" that belong "ESOTERICA (VIA NET.WORKS Portugal - Tecnologias de Informa,cao, SA)" that resolve to https://www.anubisnetworks.com/
It is really ironic.


See:
1.png

2.png
ale5000
 
Posts: 66
Joined: 18 Nov 2012 22:56

Re: Cachechu 1.6 released

Postby raspopov » 30 Mar 2016 17:58

IMHO Need to implement an url checking by WOT or by something similar service.
User avatar
raspopov
Project Admin
 
Posts: 945
Joined: 13 Jun 2009 12:30

Re: Cachechu 1.6 released

Postby ale5000 » 30 Mar 2016 18:55

In Skulls for GWC urls I have blocking by domain and by url (that I update often enough).
For hosts I have IP blocking (with a blocklist bundled), probably in the future version I will also use the blocklist to check IP address of urls submitted to be more sure and I will include the range 52.48.0.0/14.

But the problem is that it doesn't seems a normal submission.
I haven't seen the problem when it is happened but only later so I don't know the details.
It could also be a sort of DNS exploit or other vulnerabilities.
ale5000
 
Posts: 66
Joined: 18 Nov 2012 22:56


Return to The Lounge

Who is online

Users browsing this forum: No registered users and 1 guest

cron