Zorvak
26.08.09, 20:51
http://www.sb-innovation.de/attachment.php?attachmentid=4845
I. Introduction
SweDVDR is ranked at level 8 (http://www.sb-innovation.de/f56/sb-innovation-tracker-levels-9764/) in term of content and only allow members with Nordic IP range, boosting the tracker's rarity to level 8 (http://www.sb-innovation.de/f56/sb-innovation-tracker-levels-9764/).
This analysis apply to SweDVDR and its variants : DVDRSOURCE, SceneDVDR, Tvsource, etc.
II. Short Review
SweDVDR's anti cheating script is quite good, they write down Sweden's IP range with low upload speed and will issue ban if those IP try to use high upload speed.
There's lot of similarity between SweDVDR and SoftMP3, including anti-cheating, anti-trading script and staff toolbox.
Please see SoftMP3's tracker analysis to see what I mean.
III. Long Review
$host = dns_timeout($ip);
$kossa = 0;
if($host != 0){
if (strpos($host, 'tbcn.telia')>-1 && $upspeed > 307200)
$kossa = 1;
elseif (strpos($host, 'skanova')>-1 && $upspeed > 307200)
$kossa = 1;
}
If upload speed > 300 KB/s and ISP is tbcn.telia or skanova, consider that user is cheating.
if(($_SERVER['HTTP_USER_AGENT'] == 'uTorrent/161B(483)' || $_SERVER['HTTP_USER_AGENT'] == 'ABC/ABC-3.1.0') && $upspeed > 105200)
$kossa = 1;
If the user use torrent client : uTorrent 1.6.1B or ABC 3.1.0 and upload speed > 102 KB/s, consider that user is cheating.
$setting['rate_limitation_warn_up'] = 2; // log a warning if exceeding this amount of MB/s
$setting['rate_limitation_err_up'] = 50; // log a error and don't save stats for user if exceeding this amount of MB/s
if($upspeed > (1024000 * $setting['rate_limitation_err_up'])) { // check for excessive speeds
$setting['upload_multiplier'] = 0;
log_cheater($u_id, $t_id, $_GET['downloaded'] - $downloaded, $_GET['uploaded'] - $uploaded, $duration, $_SERVER['HTTP_USER_AGENT'], $ip, 0, $_GET['port'], $upspeed, $ansl);
} elseif($upspeed > (1024000 * $setting['rate_limitation_warn_up']) || $kossa ) {
log_cheater($u_id, $t_id, $_GET['downloaded'] - $downloaded, $_GET['uploaded'] - $uploaded, $duration, $_SERVER['HTTP_USER_AGENT'], $ip, $kossa, $_GET['port'], $upspeed, $ansl);
}
Abnormal upload check :
If upload speed > 2,000 KB/s (1.95 MB/s) log it into cheat database
If upload speed > 50,000 KB/s (48.82 MB/s) log it into cheat database and don't update stats.
CREATE TABLE IF NOT EXISTS `fusk` (
`id` bigint(20) NOT NULL auto_increment,
`torrentid` int(10) NOT NULL default '0',
`torrentname` varchar(255) NOT NULL default '',
`ip` varchar(64) NOT NULL default '',
`port` smallint(5) NOT NULL default '0',
`uploaded` bigint(20) NOT NULL default '0',
`downloaded` bigint(20) NOT NULL default '0',
`rate` bigint(20) NOT NULL default '0',
`seeder` enum('yes','no') NOT NULL default 'yes',
`connectable` enum('yes','no') NOT NULL default 'yes',
`userid` int(10) NOT NULL default '0',
`username` varchar(40) NOT NULL default '',
`agent` varchar(60) NOT NULL default '',
`time` bigint(20) NOT NULL default '0',
`datum` datetime NOT NULL,
`agentdiff` int(1) NOT NULL default '0',
`adsl` tinyint(1) NOT NULL default '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
Once they caught a cheater, this information is logged :
TorrentID, TorrentName, IP, Port, Uploaded, Downloaded, Rate (Upload Speed),
Seeder (Is Seeding ?), Connectable, UserID, UserName, Agent (Name of Browser),
TimeDiff, Date, AgentDiff, ADSL
// Kolla efter dubbla klienter
$agdiff = 0;
if(mysql_num_rows(mysql_query('SELECT COUNT(id) FROM peers WHERE userid = "'. $u_id.'" and ip = "'.$ip.'" GROUP BY port')) > 1){
$agdiff = 1;
}
Check if user use more than one port to connect to the tracker
if(mysql_num_rows(mysql_query("select count(*) from peers where userid = $userid group by agent")) > 1)
$agdiff = 1;
Check if user run more than one torrent client (ex : uTorrent and Azureus)
if ($row["enabled"] == "no")
bark($username, $row[id], $password,"Detta konto har blivit avaktiverat.<br><br>Anledning: <b>".$row[secret]."</b><br><br>Om detta stämmer är det INGEN idé att du kontaktar oss och drar en rövarhistoria. Annars gäller:<br><br>IRC: <b>#swedvdr.support</b> @ irc.freequest.net</a><br>Webchat: <b><a href=http://webchat.freequest.net/irc.cgi?chan=%23swedvdr.support>http://webchat.freequest.net/irc.cgi?chan=#swedvdr.support</b></a>",1);
Just like SoftMP3 SweDVDR will give the reason why your account is disabled.
$mu = mysql_query("Select * from iplog where host LIKE '%.pl%' OR host LIKE '%.il' OR host LIKE '%bezeqint.net' OR host LIKE '%.tr' OR host LIKE '%.nl' OR host LIKE '%.de' OR host LIKE '%.pt' OR host LIKE '%.bg' OR host LIKE '%.eg' group by userid")or sqlerr(__FILE__, __LINE__);
while($a = mysql_fetch_array($mu))
{
$sql = "UPDATE users set inviteban = 1 where id = $a[userid]";
mysql_query($sql);
echo $sql."<br>";
}
Users from these countries / hostname will have their invite privilege automatically revoked :
.pl (Poland)
.il (Israel)
bezeqint.net (Israel)
.tr (Turkey)
.nl (Netherlands)
.de (Federal Republic of Germany)
.pt (Portugal)
.bg (Bulgaria)
.eg (Egypt)
function dslcheck($ip)
{
$a = explode(".",$ip);
// FYLL PÅ MED IP-RANGES HÄR
$range[] = "85.227.136.0 - 85.227.143.255";
$range[] = "83.227.36.0 - 83.227.39.255";
$range[] = "83.226.35.0 - 83.226.37.255";
$range[] = "212.214.118.0 - 212.214.119.255";
$range[] = "85.224.8.0 - 85.224.11.255";
$range[] = "85.224.12.0 - 85.224.15.255";
$range[] = "85.224.16.0 - 85.224.19.255";
$range[] = "85.224.20.0 - 85.224.23.255";
$range[] = "85.224.24.0 - 85.224.27.255";
$range[] = "85.224.28.0 - 85.224.31.255";
$range[] = "85.224.32.0 - 85.224.35.255";
$range[] = "85.224.36.0 - 85.224.39.255";
$range[] = "85.224.40.0 - 85.224.43.255";
$range[] = "85.224.44.0 - 85.224.47.255";
$range[] = "85.224.48.0 - 85.224.51.255";
$range[] = "85.224.52.0 - 85.224.55.255";
$range[] = "85.224.56.0 - 85.224.59.255";
$range[] = "85.224.60.0 - 85.224.63.255";
$range[] = "85.224.64.0 - 85.224.67.255";
$range[] = "85.224.68.0 - 85.224.71.255";
$range[] = "85.224.72.0 - 85.224.75.255";
$range[] = "85.224.76.0 - 85.224.79.255";
$range[] = "85.224.80.0 - 85.224.83.255";
$range[] = "85.224.84.0 - 85.224.87.255";
$range[] = "85.224.88.0 - 85.224.91.255";
$range[] = "85.224.92.0 - 85.224.95.255";
$range[] = "85.224.96.0 - 85.224.99.255";
$range[] = "85.224.100.0 - 85.224.103.255";
$range[] = "85.224.224.0 - 85.224.227.255";
$range[] = "85.224.252.0 - 85.224.255.255";
$range[] = "85.224.4.0 - 85.224.123.255";
$range[] = "85.224.128.0 - 85.224.128.255";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
// FYLL PÅ MED IP-RANGES HÄR
foreach($range as $rang)
{
$k = explode(" - ",$rang);
$st = explode(".",$k[0]);
$sl = explode(".",$k[1]);
if($a[0] >= $st[0] && $a[0] <= $sl[0])
{
if($a[1] >= $st[1] && $a[1] <= $sl[1])
{
if($a[2] >= $st[2] && $a[2] <= $sl[2])
{
if($a[3] >= $st[3] && $a[3] <= $sl[3])
{
return 1;
}
}
}
}
}
return 0;
}
if(dslcheck($ip) == 1 && $upspeed > 307200)
$kossa = 1;
This is one of the experimental anti cheating script.
What you see above is Sweden's IP range, this function check if the user use ISP with low upload speed and upload speed > 300 KB, consider that user is cheating.
if($seeder == "yes" && $event != 'completed') {
$minleech = 0;
} else {
$minleech = 1;
}/* Supposed to detect people who are uploading on torrents with no leechers, but not working properly for some reason, client bugs?
if($leechers <= $minleech && ($_GET['uploaded'] - $uploaded) > 0 && (($_GET['uploaded']-$uploaded)/$duration) > 10*1024) {
$leechq = mysql_query('SELECT COUNT(*) FROM peers WHERE torrent = ' . $torrentid . ' AND seeder = "no" AND userid != ' . $userid) or trigger_error(mysql_error());
if(mysql_result($leechq, 0) == 0) {
log_cheater($userid, $torrentid, $_GET['downloaded'] - $downloaded, $_GET['uploaded'] - $uploaded, $duration, $_SERVER['HTTP_USER_AGENT'], $ip, 'warn', 'No leechers');
}
}*/
Another experimental anti cheating script.
It's supposed to detect people who are uploading on torrents with no leechers.
function write_pix($n)
{
$bin = decbin($n);
header("Content-type: image/png");
$im = imagecreate(strlen($bin), 1);
$background_color = imagecolorallocate($im, 255, 255, 255);
$white = imagecolorallocate($im, 0, 0, 0);
for($i = 0;$i<strlen($bin);$i++)
{
if($bin[$i])
imagesetpixel ($im, $i, 0, $white);
}
imagepng($im);
imagedestroy($im);
}
$id = (int)$_COOKIE[uid];
write_pix($id);
Experimental anti-review script ?
It's supposed to catch people that review their site in public place.
If your user id is 21 (10101 in binary). In image, that will be
[dot] [dot] [blank] [dot]. You can clearly see the web bug, that represent user id 21 in the image below :
http://www.sb-innovation.de/attachment.php?attachmentid=4846
Now, if the opacity of the web bug is changed, you can't "see" it anymore, unless you zoom it :
http://www.sb-innovation.de/attachment.php?attachmentid=4847
III. Staff Account Screenshots
Note:
SoftMP3 and SweDVDR have many similarity in staff toolbox.
Please see SoftMP3 tracker analysis thread for NyRegg, Skojjare, Invitelink, User Search and MultiIPs images.
[b]1. Staff Toolbox
http://www.sb-innovation.de/attachment.php?attachmentid=4848
2. Fusk1/Fusk3 (Cheating)
user1 is marked in red color because his upload speed > 15 MB/s
user2 is marked in blue color because his uploaded and downloaded stat are exactly the same
user3 is marked in pink color because his ip is in low upload speed list and upload speed > 300 KB/s
user4's client is marked in yellow color because he uses more than 1 client / port to connect to the tracker.
http://www.sb-innovation.de/attachment.php?attachmentid=4849
3. IP Ban
http://www.sb-innovation.de/attachment.php?attachmentid=4850
4. Multi Users
Konton med multipla användare = Accounts with multiple users
Användare på samma konto = Users on the same account
Ip-nummer som finnes på flera konton = IP numbers that is on several accounts
Bedömning = Assessment
Grön - Röd = Green - Red
Antal = Number
st = pc
http://www.sb-innovation.de/attachment.php?attachmentid=4851
5. Email Recover Log
http://www.sb-innovation.de/attachment.php?attachmentid=4852
6. Profile View
http://www.sb-innovation.de/attachment.php?attachmentid=4853
http://www.sb-innovation.de/attachment.php?attachmentid=4854
I. Introduction
SweDVDR is ranked at level 8 (http://www.sb-innovation.de/f56/sb-innovation-tracker-levels-9764/) in term of content and only allow members with Nordic IP range, boosting the tracker's rarity to level 8 (http://www.sb-innovation.de/f56/sb-innovation-tracker-levels-9764/).
This analysis apply to SweDVDR and its variants : DVDRSOURCE, SceneDVDR, Tvsource, etc.
II. Short Review
SweDVDR's anti cheating script is quite good, they write down Sweden's IP range with low upload speed and will issue ban if those IP try to use high upload speed.
There's lot of similarity between SweDVDR and SoftMP3, including anti-cheating, anti-trading script and staff toolbox.
Please see SoftMP3's tracker analysis to see what I mean.
III. Long Review
$host = dns_timeout($ip);
$kossa = 0;
if($host != 0){
if (strpos($host, 'tbcn.telia')>-1 && $upspeed > 307200)
$kossa = 1;
elseif (strpos($host, 'skanova')>-1 && $upspeed > 307200)
$kossa = 1;
}
If upload speed > 300 KB/s and ISP is tbcn.telia or skanova, consider that user is cheating.
if(($_SERVER['HTTP_USER_AGENT'] == 'uTorrent/161B(483)' || $_SERVER['HTTP_USER_AGENT'] == 'ABC/ABC-3.1.0') && $upspeed > 105200)
$kossa = 1;
If the user use torrent client : uTorrent 1.6.1B or ABC 3.1.0 and upload speed > 102 KB/s, consider that user is cheating.
$setting['rate_limitation_warn_up'] = 2; // log a warning if exceeding this amount of MB/s
$setting['rate_limitation_err_up'] = 50; // log a error and don't save stats for user if exceeding this amount of MB/s
if($upspeed > (1024000 * $setting['rate_limitation_err_up'])) { // check for excessive speeds
$setting['upload_multiplier'] = 0;
log_cheater($u_id, $t_id, $_GET['downloaded'] - $downloaded, $_GET['uploaded'] - $uploaded, $duration, $_SERVER['HTTP_USER_AGENT'], $ip, 0, $_GET['port'], $upspeed, $ansl);
} elseif($upspeed > (1024000 * $setting['rate_limitation_warn_up']) || $kossa ) {
log_cheater($u_id, $t_id, $_GET['downloaded'] - $downloaded, $_GET['uploaded'] - $uploaded, $duration, $_SERVER['HTTP_USER_AGENT'], $ip, $kossa, $_GET['port'], $upspeed, $ansl);
}
Abnormal upload check :
If upload speed > 2,000 KB/s (1.95 MB/s) log it into cheat database
If upload speed > 50,000 KB/s (48.82 MB/s) log it into cheat database and don't update stats.
CREATE TABLE IF NOT EXISTS `fusk` (
`id` bigint(20) NOT NULL auto_increment,
`torrentid` int(10) NOT NULL default '0',
`torrentname` varchar(255) NOT NULL default '',
`ip` varchar(64) NOT NULL default '',
`port` smallint(5) NOT NULL default '0',
`uploaded` bigint(20) NOT NULL default '0',
`downloaded` bigint(20) NOT NULL default '0',
`rate` bigint(20) NOT NULL default '0',
`seeder` enum('yes','no') NOT NULL default 'yes',
`connectable` enum('yes','no') NOT NULL default 'yes',
`userid` int(10) NOT NULL default '0',
`username` varchar(40) NOT NULL default '',
`agent` varchar(60) NOT NULL default '',
`time` bigint(20) NOT NULL default '0',
`datum` datetime NOT NULL,
`agentdiff` int(1) NOT NULL default '0',
`adsl` tinyint(1) NOT NULL default '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
Once they caught a cheater, this information is logged :
TorrentID, TorrentName, IP, Port, Uploaded, Downloaded, Rate (Upload Speed),
Seeder (Is Seeding ?), Connectable, UserID, UserName, Agent (Name of Browser),
TimeDiff, Date, AgentDiff, ADSL
// Kolla efter dubbla klienter
$agdiff = 0;
if(mysql_num_rows(mysql_query('SELECT COUNT(id) FROM peers WHERE userid = "'. $u_id.'" and ip = "'.$ip.'" GROUP BY port')) > 1){
$agdiff = 1;
}
Check if user use more than one port to connect to the tracker
if(mysql_num_rows(mysql_query("select count(*) from peers where userid = $userid group by agent")) > 1)
$agdiff = 1;
Check if user run more than one torrent client (ex : uTorrent and Azureus)
if ($row["enabled"] == "no")
bark($username, $row[id], $password,"Detta konto har blivit avaktiverat.<br><br>Anledning: <b>".$row[secret]."</b><br><br>Om detta stämmer är det INGEN idé att du kontaktar oss och drar en rövarhistoria. Annars gäller:<br><br>IRC: <b>#swedvdr.support</b> @ irc.freequest.net</a><br>Webchat: <b><a href=http://webchat.freequest.net/irc.cgi?chan=%23swedvdr.support>http://webchat.freequest.net/irc.cgi?chan=#swedvdr.support</b></a>",1);
Just like SoftMP3 SweDVDR will give the reason why your account is disabled.
$mu = mysql_query("Select * from iplog where host LIKE '%.pl%' OR host LIKE '%.il' OR host LIKE '%bezeqint.net' OR host LIKE '%.tr' OR host LIKE '%.nl' OR host LIKE '%.de' OR host LIKE '%.pt' OR host LIKE '%.bg' OR host LIKE '%.eg' group by userid")or sqlerr(__FILE__, __LINE__);
while($a = mysql_fetch_array($mu))
{
$sql = "UPDATE users set inviteban = 1 where id = $a[userid]";
mysql_query($sql);
echo $sql."<br>";
}
Users from these countries / hostname will have their invite privilege automatically revoked :
.pl (Poland)
.il (Israel)
bezeqint.net (Israel)
.tr (Turkey)
.nl (Netherlands)
.de (Federal Republic of Germany)
.pt (Portugal)
.bg (Bulgaria)
.eg (Egypt)
function dslcheck($ip)
{
$a = explode(".",$ip);
// FYLL PÅ MED IP-RANGES HÄR
$range[] = "85.227.136.0 - 85.227.143.255";
$range[] = "83.227.36.0 - 83.227.39.255";
$range[] = "83.226.35.0 - 83.226.37.255";
$range[] = "212.214.118.0 - 212.214.119.255";
$range[] = "85.224.8.0 - 85.224.11.255";
$range[] = "85.224.12.0 - 85.224.15.255";
$range[] = "85.224.16.0 - 85.224.19.255";
$range[] = "85.224.20.0 - 85.224.23.255";
$range[] = "85.224.24.0 - 85.224.27.255";
$range[] = "85.224.28.0 - 85.224.31.255";
$range[] = "85.224.32.0 - 85.224.35.255";
$range[] = "85.224.36.0 - 85.224.39.255";
$range[] = "85.224.40.0 - 85.224.43.255";
$range[] = "85.224.44.0 - 85.224.47.255";
$range[] = "85.224.48.0 - 85.224.51.255";
$range[] = "85.224.52.0 - 85.224.55.255";
$range[] = "85.224.56.0 - 85.224.59.255";
$range[] = "85.224.60.0 - 85.224.63.255";
$range[] = "85.224.64.0 - 85.224.67.255";
$range[] = "85.224.68.0 - 85.224.71.255";
$range[] = "85.224.72.0 - 85.224.75.255";
$range[] = "85.224.76.0 - 85.224.79.255";
$range[] = "85.224.80.0 - 85.224.83.255";
$range[] = "85.224.84.0 - 85.224.87.255";
$range[] = "85.224.88.0 - 85.224.91.255";
$range[] = "85.224.92.0 - 85.224.95.255";
$range[] = "85.224.96.0 - 85.224.99.255";
$range[] = "85.224.100.0 - 85.224.103.255";
$range[] = "85.224.224.0 - 85.224.227.255";
$range[] = "85.224.252.0 - 85.224.255.255";
$range[] = "85.224.4.0 - 85.224.123.255";
$range[] = "85.224.128.0 - 85.224.128.255";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
// FYLL PÅ MED IP-RANGES HÄR
foreach($range as $rang)
{
$k = explode(" - ",$rang);
$st = explode(".",$k[0]);
$sl = explode(".",$k[1]);
if($a[0] >= $st[0] && $a[0] <= $sl[0])
{
if($a[1] >= $st[1] && $a[1] <= $sl[1])
{
if($a[2] >= $st[2] && $a[2] <= $sl[2])
{
if($a[3] >= $st[3] && $a[3] <= $sl[3])
{
return 1;
}
}
}
}
}
return 0;
}
if(dslcheck($ip) == 1 && $upspeed > 307200)
$kossa = 1;
This is one of the experimental anti cheating script.
What you see above is Sweden's IP range, this function check if the user use ISP with low upload speed and upload speed > 300 KB, consider that user is cheating.
if($seeder == "yes" && $event != 'completed') {
$minleech = 0;
} else {
$minleech = 1;
}/* Supposed to detect people who are uploading on torrents with no leechers, but not working properly for some reason, client bugs?
if($leechers <= $minleech && ($_GET['uploaded'] - $uploaded) > 0 && (($_GET['uploaded']-$uploaded)/$duration) > 10*1024) {
$leechq = mysql_query('SELECT COUNT(*) FROM peers WHERE torrent = ' . $torrentid . ' AND seeder = "no" AND userid != ' . $userid) or trigger_error(mysql_error());
if(mysql_result($leechq, 0) == 0) {
log_cheater($userid, $torrentid, $_GET['downloaded'] - $downloaded, $_GET['uploaded'] - $uploaded, $duration, $_SERVER['HTTP_USER_AGENT'], $ip, 'warn', 'No leechers');
}
}*/
Another experimental anti cheating script.
It's supposed to detect people who are uploading on torrents with no leechers.
function write_pix($n)
{
$bin = decbin($n);
header("Content-type: image/png");
$im = imagecreate(strlen($bin), 1);
$background_color = imagecolorallocate($im, 255, 255, 255);
$white = imagecolorallocate($im, 0, 0, 0);
for($i = 0;$i<strlen($bin);$i++)
{
if($bin[$i])
imagesetpixel ($im, $i, 0, $white);
}
imagepng($im);
imagedestroy($im);
}
$id = (int)$_COOKIE[uid];
write_pix($id);
Experimental anti-review script ?
It's supposed to catch people that review their site in public place.
If your user id is 21 (10101 in binary). In image, that will be
[dot] [dot] [blank] [dot]. You can clearly see the web bug, that represent user id 21 in the image below :
http://www.sb-innovation.de/attachment.php?attachmentid=4846
Now, if the opacity of the web bug is changed, you can't "see" it anymore, unless you zoom it :
http://www.sb-innovation.de/attachment.php?attachmentid=4847
III. Staff Account Screenshots
Note:
SoftMP3 and SweDVDR have many similarity in staff toolbox.
Please see SoftMP3 tracker analysis thread for NyRegg, Skojjare, Invitelink, User Search and MultiIPs images.
[b]1. Staff Toolbox
http://www.sb-innovation.de/attachment.php?attachmentid=4848
2. Fusk1/Fusk3 (Cheating)
user1 is marked in red color because his upload speed > 15 MB/s
user2 is marked in blue color because his uploaded and downloaded stat are exactly the same
user3 is marked in pink color because his ip is in low upload speed list and upload speed > 300 KB/s
user4's client is marked in yellow color because he uses more than 1 client / port to connect to the tracker.
http://www.sb-innovation.de/attachment.php?attachmentid=4849
3. IP Ban
http://www.sb-innovation.de/attachment.php?attachmentid=4850
4. Multi Users
Konton med multipla användare = Accounts with multiple users
Användare på samma konto = Users on the same account
Ip-nummer som finnes på flera konton = IP numbers that is on several accounts
Bedömning = Assessment
Grön - Röd = Green - Red
Antal = Number
st = pc
http://www.sb-innovation.de/attachment.php?attachmentid=4851
5. Email Recover Log
http://www.sb-innovation.de/attachment.php?attachmentid=4852
6. Profile View
http://www.sb-innovation.de/attachment.php?attachmentid=4853
http://www.sb-innovation.de/attachment.php?attachmentid=4854