"I just remembered something that happened a long time ago."
I have recently observed that the following trackers used on public torrents all point to Cloudflare addresses.
opentracker.xyz
open.trackerlist.xyz
torrent.nwps.ws
tracker.fastdownload.xyz
tracker.gbitt.info
tracker.nanoha.org
tracker.publictorrent.net
tracker.vectahosting.eu
t.quic.ws
opentracker.co
tracker.bt4g.com
1337.abcvg.info
The first one in particular resolves to 1.0.0.1 exclusively, the same IP used by their DNS service(not anymore, see https://viewdns.info/iphistory/?domain=opentracker.xyz). I have been unable to locate any information about Cloudflare running an open tracker, let alone a privacy policy. BT4G is a legitimate DHT-based search engine. For the others, all I could find is that they exist.
"I just remembered something that happened a long time ago."
Here's what I believe to be a worthy addition to your ipfilter.dat. These are all the IPv4 addresses owned by Cloudflare as of today, not the smaller list they publish on their Web site. Notably, this should take care of the suspicious trackers I mentioned above, even if they change domains or new ones show up.
Code:*removed, see post #6*
"I just remembered something that happened a long time ago."
I only added the above rules as a precautionary measure, but I have already noticed lots of hits on public torrents, and they're not from trackers as I carefully clean up all announce URL lists. It would be nice to set up Wireshark and check exactly what they're up to, but I don't have time for that.
This script takes a hostname, rule name and mark number, and generates iptables rules for all IPv4 address blocks belonging to the AS number of the first IP the domain resolves to. Some additional work would be required to transform this into ipfilter.dat format...
"I just remembered something that happened a long time ago."
Just dropping by to say that if you visit /cdn-cgi/trace on any Cloudflare domain, you can see some interesting details.
"I just remembered something that happened a long time ago."
Just a quick reminder to add Cloudflare to your P2P blacklist, especially if you use public torrents. Some of their trackers use the UDP protocol or are/were hosted on the 1.1.1.0/24 and 1.0.0.0/24 subnets, which does not match the behavior of a regular customer using them as a reverse proxy and is very suspicious.
These commands will output all their current IP ranges to a file in CIDR format. You can then use https://www.sb-innovation.de/showthread.php?t=33978 to convert them.
If you don't use local peer discovery or UPnP, blocking private networks is also a good idea.Code:# Windows (requires wget) copy /y nul cfips.txt for /f "usebackq tokens=3" %a in (`wget "https://stat.ripe.net/data/announced-prefixes/data.yaml?min_peers_seeing=0&resource=AS13335&soft_limit=ignore" -O - -q ^| find "prefix:" ^| find /v "::"`) do echo %a>>cfips.txt # Linux wget "https://stat.ripe.net/data/announced-prefixes/data.yaml?min_peers_seeing=0&resource=AS13335&soft_limit=ignore" -O - -q | grep prefix\: | grep -v \:\: | awk '{print $3}' > cfips.txt
"I just remembered something that happened a long time ago."
Using Tor Browser, the hCaptcha in Cloudflare's "attention required" message seems impossible to get through as of around two weeks ago. It just refreshes the error page after you do the captcha correctly. Can anyone else confirm?
"I just remembered something that happened a long time ago."
I experience this a lot since a long time ago even if I don't use TOR Browser, or am forced to do it 6 or 7 times over to get the page open normally, even though I do captcha correctly every time. hCaptcha is like a brain dead compared to reCAPTCHA.
I just found this: https://github.com/privacypass/chall...pass-extension seems useful.
Using Accessibility Access to bypass seems another option:https://dashboard.hcaptcha.com/signu...=accessibility
Last edited by JohnareyouOK; 12.09.20 at 13:33.
Shame, when Cloudflare had just switched to them it was really refreshing to pass most captchas on the first attempt. Now Google seem like the good guys in comparison... you'll always fail their challenge at least once and may get blocked off completely at times, but at least there's a non-zero chance of actually solving it
Unfortunately both of these seem like they would undermine Tor Browser's security features (by changing the browser fingerprint or allowing hCaptcha to track you across domains).I just found this: https://github.com/privacypass/chall...pass-extension seems useful.
Using Accessibility Access to bypass seems another option:https://dashboard.hcaptcha.com/signu...=accessibility
Did a quick search, only found these two things which describe the situation I'm facing with complete accuracy. I'll try the Ctrl+F5 refresh next time.
https://github.com/lutris/website/issues/515
https://codeberg.org/themusicgod1/cl...fixthedamn.jpg
"I just remembered something that happened a long time ago."
Woke up today to see a ton of these in my logs.
And this is on a separate client that only runs private torrents. Could it be someone downloading through their Warp VPN?Code:[*torrent name*] 8.40.111.91 was in range Cloudflare (AS13335) : 8.40.111.0 - 8.40.111.255
"I just remembered something that happened a long time ago."
I once posted a Cloudflare list too, but since ranges change over time, a better solution was required. The method in post #6 works fine to generate an updated one. At the beginning of every month, I follow those steps, throw in the iana-private and iana-multicast lists from iblocklist.com, then merge everything with the latest emule-security.org IP filter.
2022 update: I'm also adding the cinsarmy_badguys list from https://cinsarmy.com/list-download/, AS36352 (ColoCrossing), AS35916 (MULTACOM CORPORATION), and the ranges below. Still get hits from different Cloudflare addresses on torrents every day.
Code:195.035.245.030 - 195.035.245.030 , 000 , Packet mirror on Ziggo (NL) 212.178.135.062 - 212.178.135.062 , 000 , Packet mirror on Ziggo (NL) 212.178.154.174 - 212.178.154.174 , 000 , Packet mirror on Ziggo (NL) 213.034.163.254 - 213.034.163.254 , 000 , Packet mirror on Ziggo (NL) 213.034.171.254 - 213.034.171.254 , 000 , Packet mirror on Ziggo (NL) 001.221.138.218 - 001.221.138.218 , 000 , Corrupt piece sender
"I just remembered something that happened a long time ago."
Yes, but I think it's sub-optimal that each reader of this thread has to generate on his/her side the same .dat list. All the more so as it must first be understood that wget is not something having to be installed, but to be downloaded and put in windows/system32, and then to remember how exactly using BlockListManager (of which you gave welcomed link in post #6) for the purpose.
So maybe it would be a good thing that say every month or couple of months, a member give here a CF_IP.dat file with and/or without LAN (preferably with, I think).
I have updated my list yesterday, and I would have inserted it in this post, but something weird attracted my attention: The .dat file wihout LAN addresses is bigger than the one with LAN addresses added, maybe indicating I made something wrong, so that this list cannot be published for the moment.
On the other side, and in terms of principles, you are probably right: It is better to learn people how to catch fishes than to give them fishes.
Last edited by Renk; 20.12.20 at 18:36.
Primo Avulso Non Deficit Alter
Blocklist Manager automatically sorts and optimizes lists. If for some reason there are overlapping entries between your LAN and Cloudflare ranges, they'll get merged. But doing a diff between both lists should help you find out what's exactly going on.
The LAN blocking is something that should be evaluated on an individual basis. Some people want local peer discovery for their torrents. And a few months ago I found out that apparently, eMule sees some use as a way to share files in a local network: don't add any servers, bootstrap Kad manually from another computer, don't filter LAN IPs in the advanced settings and search using Kad only. Obviously neither will work if private IP ranges are filtered.
True, I try to be educationalOn the other side, and in terms of principles, you are probably right: It is better to learn people how to catch fishes than to give them fishes.
"I just remembered something that happened a long time ago."
Bookmarks