LinkBack URL
About LinkBacks
I. Introduction
SweDVDR is ranked at level 8 in term of content and only allow members with Nordic IP range, boosting the tracker's rarity to level 8.
This analysis apply to SweDVDR and its variants : DVDRSOURCE, SceneDVDR, Tvsource, etc.
II. Short ReviewSweDVDR's anti cheating script is quite good, they write down Sweden's IP range with low upload speed and will issue ban if those IP try to use high upload speed.
There's lot of similarity between SweDVDR and SoftMP3, including anti-cheating, anti-trading script and staff toolbox.
Please see SoftMP3's tracker analysis to see what I mean.
III. Long Review
If upload speed > 300 KB/s and ISP is tbcn.telia or skanova, consider that user is cheating.PHP Code:$host = dns_timeout($ip);
$kossa = 0;
if($host != 0){
if (strpos($host, 'tbcn.telia')>-1 && $upspeed > 307200)
$kossa = 1;
elseif (strpos($host, 'skanova')>-1 && $upspeed > 307200)
$kossa = 1;
}
If the user use torrent client : uTorrent 1.6.1B or ABC 3.1.0 and upload speed > 102 KB/s, consider that user is cheating.PHP Code:if(($_SERVER['HTTP_USER_AGENT'] == 'uTorrent/161B(483)' || $_SERVER['HTTP_USER_AGENT'] == 'ABC/ABC-3.1.0') && $upspeed > 105200)
$kossa = 1;
Abnormal upload check :PHP Code:$setting['rate_limitation_warn_up'] = 2; // log a warning if exceeding this amount of MB/s
$setting['rate_limitation_err_up'] = 50; // log a error and don't save stats for user if exceeding this amount of MB/s
if($upspeed > (1024000 * $setting['rate_limitation_err_up'])) { // check for excessive speeds
$setting['upload_multiplier'] = 0;
log_cheater($u_id, $t_id, $_GET['downloaded'] - $downloaded, $_GET['uploaded'] - $uploaded, $duration, $_SERVER['HTTP_USER_AGENT'], $ip, 0, $_GET['port'], $upspeed, $ansl);
} elseif($upspeed > (1024000 * $setting['rate_limitation_warn_up']) || $kossa ) {
log_cheater($u_id, $t_id, $_GET['downloaded'] - $downloaded, $_GET['uploaded'] - $uploaded, $duration, $_SERVER['HTTP_USER_AGENT'], $ip, $kossa, $_GET['port'], $upspeed, $ansl);
}
If upload speed > 2,000 KB/s (1.95 MB/s) log it into cheat database
If upload speed > 50,000 KB/s (48.82 MB/s) log it into cheat database and don't update stats.
Once they caught a cheater, this information is logged :PHP Code:CREATE TABLE IF NOT EXISTS `fusk` (
`id` bigint(20) NOT NULL auto_increment,
`torrentid` int(10) NOT NULL default '0',
`torrentname` varchar(255) NOT NULL default '',
`ip` varchar(64) NOT NULL default '',
`port` smallint(5) NOT NULL default '0',
`uploaded` bigint(20) NOT NULL default '0',
`downloaded` bigint(20) NOT NULL default '0',
`rate` bigint(20) NOT NULL default '0',
`seeder` enum('yes','no') NOT NULL default 'yes',
`connectable` enum('yes','no') NOT NULL default 'yes',
`userid` int(10) NOT NULL default '0',
`username` varchar(40) NOT NULL default '',
`agent` varchar(60) NOT NULL default '',
`time` bigint(20) NOT NULL default '0',
`datum` datetime NOT NULL,
`agentdiff` int(1) NOT NULL default '0',
`adsl` tinyint(1) NOT NULL default '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
TorrentID, TorrentName, IP, Port, Uploaded, Downloaded, Rate (Upload Speed),
Seeder (Is Seeding ?), Connectable, UserID, UserName, Agent (Name of Browser),
TimeDiff, Date, AgentDiff, ADSL
Check if user use more than one port to connect to the trackerPHP Code:// Kolla efter dubbla klienter
$agdiff = 0;
if(mysql_num_rows(mysql_query('SELECT COUNT(id) FROM peers WHERE userid = "'. $u_id.'" and ip = "'.$ip.'" GROUP BY port')) > 1){
$agdiff = 1;
}
Check if user run more than one torrent client (ex : uTorrent and Azureus)PHP Code:if(mysql_num_rows(mysql_query("select count(*) from peers where userid = $userid group by agent")) > 1)
$agdiff = 1;
Just like SoftMP3 SweDVDR will give the reason why your account is disabled.PHP Code:if ($row["enabled"] == "no")
bark($username, $row[id], $password,"Detta konto har blivit avaktiverat.<br><br>Anledning: <b>".$row[secret]."</b><br><br>Om detta stämmer är det INGEN idé att du kontaktar oss och drar en rövarhistoria. Annars gäller:<br><br>IRC: <b>#swedvdr.support</b> @ irc.freequest.net</a><br>Webchat: <b><a href=http://webchat.freequest.net/irc.cgi?chan=%23swedvdr.support>http://webchat.freequest.net/irc.cgi?chan=#swedvdr.support</b></a>",1);
Users from these countries / hostname will have their invite privilege automatically revoked :PHP Code:$mu = mysql_query("Select * from iplog where host LIKE '%.pl%' OR host LIKE '%.il' OR host LIKE '%bezeqint.net' OR host LIKE '%.tr' OR host LIKE '%.nl' OR host LIKE '%.de' OR host LIKE '%.pt' OR host LIKE '%.bg' OR host LIKE '%.eg' group by userid")or sqlerr(__FILE__, __LINE__);
while($a = mysql_fetch_array($mu))
{
$sql = "UPDATE users set inviteban = 1 where id = $a[userid]";
mysql_query($sql);
echo $sql."<br>";
}
.pl (Poland)
.il (Israel)
bezeqint.net (Israel)
.tr (Turkey)
.nl (Netherlands)
.de (Federal Republic of Germany)
.pt (Portugal)
.bg (Bulgaria)
.eg (Egypt)
This is one of the experimental anti cheating script.PHP Code:function dslcheck($ip)
{
$a = explode(".",$ip);
// FYLL PÅ MED IP-RANGES HÄR
$range[] = "85.227.136.0 - 85.227.143.255";
$range[] = "83.227.36.0 - 83.227.39.255";
$range[] = "83.226.35.0 - 83.226.37.255";
$range[] = "212.214.118.0 - 212.214.119.255";
$range[] = "85.224.8.0 - 85.224.11.255";
$range[] = "85.224.12.0 - 85.224.15.255";
$range[] = "85.224.16.0 - 85.224.19.255";
$range[] = "85.224.20.0 - 85.224.23.255";
$range[] = "85.224.24.0 - 85.224.27.255";
$range[] = "85.224.28.0 - 85.224.31.255";
$range[] = "85.224.32.0 - 85.224.35.255";
$range[] = "85.224.36.0 - 85.224.39.255";
$range[] = "85.224.40.0 - 85.224.43.255";
$range[] = "85.224.44.0 - 85.224.47.255";
$range[] = "85.224.48.0 - 85.224.51.255";
$range[] = "85.224.52.0 - 85.224.55.255";
$range[] = "85.224.56.0 - 85.224.59.255";
$range[] = "85.224.60.0 - 85.224.63.255";
$range[] = "85.224.64.0 - 85.224.67.255";
$range[] = "85.224.68.0 - 85.224.71.255";
$range[] = "85.224.72.0 - 85.224.75.255";
$range[] = "85.224.76.0 - 85.224.79.255";
$range[] = "85.224.80.0 - 85.224.83.255";
$range[] = "85.224.84.0 - 85.224.87.255";
$range[] = "85.224.88.0 - 85.224.91.255";
$range[] = "85.224.92.0 - 85.224.95.255";
$range[] = "85.224.96.0 - 85.224.99.255";
$range[] = "85.224.100.0 - 85.224.103.255";
$range[] = "85.224.224.0 - 85.224.227.255";
$range[] = "85.224.252.0 - 85.224.255.255";
$range[] = "85.224.4.0 - 85.224.123.255";
$range[] = "85.224.128.0 - 85.224.128.255";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
//$range[] = "";
// FYLL PÅ MED IP-RANGES HÄR
foreach($range as $rang)
{
$k = explode(" - ",$rang);
$st = explode(".",$k[0]);
$sl = explode(".",$k[1]);
if($a[0] >= $st[0] && $a[0] <= $sl[0])
{
if($a[1] >= $st[1] && $a[1] <= $sl[1])
{
if($a[2] >= $st[2] && $a[2] <= $sl[2])
{
if($a[3] >= $st[3] && $a[3] <= $sl[3])
{
return 1;
}
}
}
}
}
return 0;
}
if(dslcheck($ip) == 1 && $upspeed > 307200)
$kossa = 1;
What you see above is Sweden's IP range, this function check if the user use ISP with low upload speed and upload speed > 300 KB, consider that user is cheating.
Another experimental anti cheating script.PHP Code:if($seeder == "yes" && $event != 'completed') {
$minleech = 0;
} else {
$minleech = 1;
}/* Supposed to detect people who are uploading on torrents with no leechers, but not working properly for some reason, client bugs?
if($leechers <= $minleech && ($_GET['uploaded'] - $uploaded) > 0 && (($_GET['uploaded']-$uploaded)/$duration) > 10*1024) {
$leechq = mysql_query('SELECT COUNT(*) FROM peers WHERE torrent = ' . $torrentid . ' AND seeder = "no" AND userid != ' . $userid) or trigger_error(mysql_error());
if(mysql_result($leechq, 0) == 0) {
log_cheater($userid, $torrentid, $_GET['downloaded'] - $downloaded, $_GET['uploaded'] - $uploaded, $duration, $_SERVER['HTTP_USER_AGENT'], $ip, 'warn', 'No leechers');
}
}*/
It's supposed to detect people who are uploading on torrents with no leechers.
Experimental anti-review script ?PHP Code:function write_pix($n)
{
$bin = decbin($n);
header("Content-type: image/png");
$im = imagecreate(strlen($bin), 1);
$background_color = imagecolorallocate($im, 255, 255, 255);
$white = imagecolorallocate($im, 0, 0, 0);
for($i = 0;$i<strlen($bin);$i++)
{
if($bin[$i])
imagesetpixel ($im, $i, 0, $white);
}
imagepng($im);
imagedestroy($im);
}
$id = (int)$_COOKIE[uid];
write_pix($id);
It's supposed to catch people that review their site in public place.
If your user id is 21 (10101 in binary). In image, that will be
[dot] [blank] [dot] [blank] [dot]. You can clearly see the web bug, that represent user id 21 in the image below :
Now, if the opacity of the web bug is changed, you can't "see" it anymore, unless you zoom it :
III. Staff Account Screenshots
Note:
SoftMP3 and SweDVDR have many similarity in staff toolbox.
Please see SoftMP3 tracker analysis thread for NyRegg, Skojjare, Invitelink, User Search and MultiIPs images.
1. Staff Toolbox
2. Fusk1/Fusk3 (Cheating)
user1 is marked in red color because his upload speed > 15 MB/s
user2 is marked in blue color because his uploaded and downloaded stat are exactly the same
user3 is marked in pink color because his ip is in low upload speed list and upload speed > 300 KB/s
user4's client is marked in yellow color because he uses more than 1 client / port to connect to the tracker.
3. IP Ban
4. Multi Users
Konton med multipla användare = Accounts with multiple users
Användare på samma konto = Users on the same account
Ip-nummer som finnes på flera konton = IP numbers that is on several accounts
Bedömning = Assessment
Grön - Röd = Green - Red
Antal = Number
st = pc
5. Email Recover Log
6. Profile View
+ Reply to Thread
Results 1 to 15 of 17
-
26.08.09 20:51 #1
BitTorrent Tracker Analysis : SweDVDR
-
26.08.09 20:57 #2
Approved, Thx for the work.
------------------------------>>>>>>>>>> <<<<<<<<<<------------------------------
-
27.08.09 03:02 #3Advanced User
- Join Date
- 18.03.09
- Location
- locked in Alchemilla Hospital
- P2P Client
- none, just the toolz
- Posts
- 1,346
Thank you for another tracker source analysis. I had no idea some were paranoid enough to check for same port and if more than 1 client running.
omae wa yowai
-
27.08.09 03:20 #4
thanks for the review
their scripts are very well written
-
27.08.09 03:22 #5they could detect a real seeder with that, if there is someone with stalth modeAnother experimental anti cheating script.
It's supposed to detect people who are uploading on torrents with no leechers.
btw. great job
Last edited by ghostfucker; 27.08.09 at 03:25.
-
27.08.09 03:36 #6Yes, that's the never ending question.
Originally Posted by ghostfucker
they could detect a real seeder with that, if there is someone with stalth mode
If there is a torrent with 1 seeder and 1 leecher, and the seeder is reporting upload and the leecher isn't reporting download, who get's the ban?
The "fake uploader" or the "noreport leecher"?
------------------------------>>>>>>>>>> <<<<<<<<<<------------------------------
-
27.08.09 03:57 #7
yes thats also interesting^^...but completly different.
if there is a 'stalth leecher', the tracker just wont see him. e.g. there is a torrent with 1 seeder and 0 leecher...the seeder is uploading and is NOT a cheater ;-)Last edited by ghostfucker; 27.08.09 at 04:01.
-
27.08.09 04:55 #8As expected from high level trackers, they have a few tricks up their sleeve.Thank you for another tracker source analysis. I had no idea some were paranoid enough to check for same port and if more than 1 client running.
I think that's one of the reason why the function is still experimental, it's disabled in the final script.they could detect a real seeder with that, if there is someone with stalth mode
Too many false positive from the real seeder.
The "fake uploader" (real seeder) will get caught since the tracker won't see the "noreport leecher" with stealth modIf there is a torrent with 1 seeder and 1 leecher, and the seeder is reporting upload and the leecher isn't reporting download, who get's the ban?
The "fake uploader" or the "noreport leecher"?
-
27.08.09 14:32 #9I don't mean a ghostleecher, I mean a noreport leecher. Originally Posted by Zorvak
The "fake uploader" (real seeder) will get caught since the tracker won't see the "noreport leecher" with stealth mod
He will be shown on the tracker but always as X% done and won't send a complete flag.
------------------------------>>>>>>>>>> <<<<<<<<<<------------------------------
-
27.08.09 17:48 #10
Lol, for some reason I think you're referring to ghostleecher.
Yep, I'm talking about ghostleeching / stealth mod, not "noreport leecher" mod in my post above.
About "noreport leecher" :
SweDVDR's script check if the number of leecher is zero and if there's any upload activity, log that event into database.
If there's any leecher, the script won't work.
In "noreport leecher" case, SweDVDR's script won't even run since there's a leecher (partial seeder / user with "noreport leecher" mod) in the peerlist.
-
27.08.09 18:45 #11
Than it should be possible to fake on torrents without real leechers if you keep reasonable speeds.
------------------------------>>>>>>>>>> <<<<<<<<<<------------------------------
-
27.08.09 20:31 #12
Yeah, any tracker that use script to detect fake upload on torrents without leecher will have to deal with false positive from ghostleecher.
But from the cheating experience thread it seems there's a few user that get banned when they're faking on pack.
Just use common sense, on a tracker with a peerlist, don't exceed upload amount from seedbox user.
It would be weird if the average user on that peerlist only upload 1 GB / day on a pack
because most of the leechers are partial seeder and they also compete with another seedbox user
but a new registered user upload 4 GB / day on that pack.
-
27.08.09 20:39 #13That got a lot of people banned Originally Posted by Zorvak
Because of reporting upload while no one else reports download, I suppose.
[ P2PFire - very lightweight IP range blocker ]
[ RSD English Version - Latest Download ]
[ IP Scripts: Switch | Reclaim ]
[ Categorized Tutorial List ]
No support over PM! Your message will be IGNORED!
Last edited by anon; 24.09.06 at 14:49.
-
27.08.09 21:04 #14
Well, I don't recommend you to fake upload on torrent without leecher.
All what I said is just a theory. It's true that detecting fake upload on torrent without leecher will cause false positive if there's any ghostleecher.
But I don't know exactly which trick they use to detect fake upload on zero leecher.
Unless we have a chance to look at the source code of private tracker with good anti cheating script, we can't be 100% sure.
-
27.08.09 21:28 #15 Originally Posted by Zorvak
:pCode:
if (leecher == 0) kickban(); or if (torrent.totalDownSpeed == 0) kickban();
looks stupid, but there isn't a other method afaik...but iam not a script writer
Last edited by ghostfucker; 27.08.09 at 21:28.
Who Said Thanks:
Vation
(07.02.10) , grebetu
(13.01.10) , ciccio
(02.01.10) , abookhalil
(22.12.09) , Instab
(22.12.09) , saebrtooth
(13.11.09) , Tarantino
(28.08.09) , RUBBER
(27.08.09) , Mihai
(27.08.09) , anonftw
(27.08.09) , cheatos
(27.08.09) , Grambo
(27.08.09) , alpacino
(27.08.09) , Renk
(27.08.09) , SBfreak
(26.08.09) , vDD+wR
(26.08.09) , anon
(26.08.09) , shoulder
(26.08.09)
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
Bookmarks