I. Introduction
SoftMP3 is ranked at level 4 in term of anti-cheating script, level 3 in term of rarity, and level 7 in term of content by SB-I.
At May 20, 2009, SoftMP3 decide to shut down, and make the source code available to public.
A few private trackers already use it to create the new SoftMP3 : SceneSound, CareStreet, Hebmusic, etc.
Official statement from SoftMP3 :
Softmp3 is closed and will not be opened up again.
I've decided to share the sourcecode as a contribution to the torrent community, so feel free to do whatever you may feel like with it.
Read first!
* This is the complete sourcecode, databasestructure and tracker.
* The tracker is in uncompiled c, and userdetails/details is suited for the c-tracker.
* Im not allowing anyone to use the name "Softmp3" or similiar.
* Dont contact me for help with how to implement or use the code.
// soft - 2009-05-20
II. Short Review
SoftMP3's anti-cheating script is not really good, only detect abnormal upload.
Anti-trading script is not bad, the script know if your IP is changed to another country.
Staff toolbox is mediocre, the unique features are : Referer, Speed Detector and Country ban.
SoftMP3 also participate in global cheater ban movement, if you get banned from other site, expect yourself to be disabled on SoftMP3.
III. Long Review
PHP Code:
#define ANNOUNCE_INTERVAL 1200 /* 20 min */
#define MAX_SPEED_NORATIO 15*1024*1024 /* 15 MB/s */
#define MAX_SPEED_LOG 4*1024*1024 /* 4 MB/s */
/* Uberspeed? */
if (upspeed > MAX_SPEED_LOG ||
(peer->p_uploaddiff == peer->p_downloaddiff &&
peer->p_uploaddiff > 10240000)) {
mysql_real_escape_string(db_conn,
escaped_user_agent,
peer->p_user_agent,
strlen(peer->p_user_agent));
DB_QUERY("INSERT "
"INTO fusk(torrentid, ip, port, agent, "
"uploaded, downloaded, seeder, "
"connectable, userid, time, datum, rate) "
"VALUES(%u,\"%s\",%hu,\"%s\",%lu,%lu,"
"\"%s\",\"%s\",%u,%u,NOW(),%u)",
peer->p_torrent->t_torrentid,
inet_ntoa(*(struct in_addr*)&peer->p_ipaddr),
peer->p_port,
escaped_user_agent,
peer->p_uploaddiff,
peer->p_downloaddiff,
(peer->p_left == 0 ? "yes" : "no"),
(peer->p_flags & PF_CONNECTABLE ? "yes" : "no"),
peer->p_user->u_userid,
timediff,
upspeed);
}
if (upspeed > MAX_SPEED_NORATIO) {
peer->p_uploaddiff = 0;
}
/* Update user stats if necessary */
if (peer->p_downloaddiff > 0 || peer->p_uploaddiff > 0) {
DB_QUERY("UPDATE users "
"SET uploaded = uploaded + %lu, "
"uploaded_real = uploaded_real + %lu, "
"downloaded = downloaded + %lu, "
"downloaded_real = downloaded_real + %lu "
"WHERE id = %u",
peer->p_uploaddiff, peer->p_uploaddiff,
peer->p_downloaddiff/3, peer->p_downloaddiff,
user->u_userid);
}
- If your upload speed > 4 MB/s or
- If your total upload_diff (upload difference since last announce) is exactly the same
as your total download_diff (download difference since last announce) and you sent more than 10,000 KB (9.7 MB) in that announce (20 minutes),
insert that event in the cheat database, and log these fields : torrentid, ip, port, user agent, uploaded, downloaded, seeder, connectable, userid, time, date, rate.
In other words, if you set your upload & download speed as the same value (50 KB/s both) in Ratio Master, you'll get caught.
The limit is 9.7 MB in 20 minutes or 8.33 KB/s. That means if you set your upload & download as 5 KB/s you'll pass the detection.
Or just take the easier path, don't ever set upload speed exactly the same as download speed.
Set your upload speed as 50 KB/s and download speed as 51 KB/s, you'll be fine.
- If upload speed > 15 MB/s do not update tracker stats.
PHP Code:
//delete inactive user accounts
$secs = 90*86400;
$dt = sqlesc(get_date_time(gmtime() - $secs));
$maxclass = UC_DIVINE_USER;
$r = mysql_query("SELECT * FROM users WHERE class <= $maxclass AND last_access < $dt AND parkerad = 0");
while($a = mysql_fetch_assoc($r))
deleteuser($a["id"]);
Inactive users will be deleted after 90 days.
PHP Code:
if ($row["enabled"] == "no")
{
if($row["doomed"] == true)
{
bark($username, $row[id], $password,"This account has been disabled.<br><br><b>Sorry.</b><br>You are unfortunately among the users affected by recent Softmp3 changes and account deactivating. It is probably not probable to get the account back. We can be reached in our support channel:<br>IRC: <b><a href=irc://irc.freequest.net:6667/softmp3.support>#softmp3.support</b></a><br>Webchat: <b><a href=http://webchat.freequest.net/irc.cgi?chan=%23softmp3.support>http://webchat.freequest.net/</b></a>", 1);
}
else if($row["language"] == "swe")
{
bark($username, $row[id], $password,"Detta konto har blivit avaktiverat.<br><br>Anledning: <b>".$row[secret]."</b><br><br>Om detta stämmer är det INGEN idee att du kontaktar oss. Annars gäller:<br>IRC: <b><a href=irc://irc.freequest.net:6667/softmp3.support>#softmp3.support</b></a><br>Webchat: <b><a href=http://webchat.freequest.net/irc.cgi?chan=%23softmp3.support>http://webchat.freequest.net/</b></a>", 1);
}
else
{
bark($username, $row[id], $password,"This account has been disabled.<br><br>Reason: <b>".$row[secret]."</b><br><br>If this is correct, DO NOT bother to contact us. Otherwise:<br>IRC: <b><a href=irc://irc.freequest.net:6667/softmp3.support>#softmp3.support</b></a><br>Webchat: <b><a href=http://webchat.freequest.net/irc.cgi?chan=%23softmp3.support>http://webchat.freequest.net/</b></a>", 1);
}
}
Well, unlike Gazelle tracker, SoftMP3 clearly state the reason why the user was banned.
Currently, if you're unable to login, there's only 2 reason :
1. [Disabled because of country ban] : This account has been disabled. Sorry. You are unfortunately among the users affected by recent Softmp3 changes and account deactivating. It is probably not probable to get the account back. We can be reached in our support channel:IRC: irc://irc.freequest.net:6667/softmp3.support
2. [Disabled manually by moderator] : This account has been disabled. Reason : [reason_here]. If this is correct, DO NOT bother to contact us. Otherwise: IRC: irc://irc.freequest.net:6667/softmp3.support
PHP Code:
<tr><td align="right" class="heading"></td><td align=left><input type=checkbox name=rulesverify value=yes> I will read the FAQ the first thing i do.<br>
<input type=checkbox name=faqverify value=yes> I know what a ratio-system is.<br>
<input type=checkbox name=ageverify value=yes> I am atleast 15 years old.</td></tr>
<tr><td colspan="2" align="center"><input type=submit value="Sign me up!" style='height: 25px'></td></tr>
</table>
<form type=hidden value="<?=$_COOKIE[refer]?>" name=hehe>
</form>
When you press signup button, SoftMP3 log your referer.
Make sure you don't click SoftMP3 registration link from "questionable" site, like invite forum.
PHP Code:
// Patched function to detect REAL IP address if it's valid
function getip()
{
global $HTTP_SERVER_VARS;
if (validip($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) return $HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
elseif ($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']!="")
{
$forwarded=str_replace(",","",$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
$forwarded_array=split(" ",$forwarded);
foreach($forwarded_array as $value) if (validip($value)) return $value;
}
return $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
This function will make Transparent & Anonymous Proxy useless, since your real IP will be sent.
Use Elite Proxy instead.
PHP Code:
function myskohost($host) {
$lan = "za au ch fr ie ar mx hu tr it pl il jp ro nz sk fo sg cn ru uk rs de gr es";
$arr = explode(" ", $lan);
foreach($arr as $a) {
if($host == $a)
return true;
}
This function is used to check if you're in these "special" countries :
.za South Africa
.au Australia
.ch Switzerland
.fr France
.ie Ireland
.ar Argentina
.mx Mexico
.hu Hungary
.tr Turkey
.it Italy
.pl Poland
.il Israel
.jp Japan
.ro Romania
.nz New Zealand
.sk Slovakia
.fo Faroe Island
.sg Singapore
.cn People's Republic of China
.ru Russian Federation
.uk United Kingdom
.rs Serbia
.de Federal Republic of Germany
.gr Greece
.es Spain
you'll be marked in red color.
There's another similar routine that is used to ban the user.
PHP Code:
/*
function isproxy()
{
$ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
for ($i = 0; $i < count($ports); ++$i)
if (isportopen($ports[$i])) return true;
return false;
}
*/
It's supposed to detect open http port in your computer (open http port=proxy), but for some reason they disable this function.
PHP Code:
CREATE TABLE `cheat_in` (
`id` int(11) NOT NULL auto_increment,
`username` varchar(40) NOT NULL,
`ip` varchar(15) NOT NULL,
`handled` tinyint(1) NOT NULL default '0',
`foundid` varchar(40) NOT NULL,
`email` varchar(60) NOT NULL,
`date` datetime NOT NULL,
`fromsite` varchar(15) NOT NULL,
`reason` varchar(20) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
SoftMP3 participate in global cheater ban movement.
If you get banned at other tracker and someone forward your info to SoftMP3, they will disable your account.
This is the forwarded info : Username, IP, Email, Date, FromSite, Reason.
PHP Code:
$var = (time() - sql_timestamp_to_unix_timestamp($row["last_access"]));
if($var > 300)
{
if($row["class"] > 6)
mysql_query("UPDATE users SET last_access='" . get_date_time() . "', ip='123.123.123.123', uptime=uptime+300 WHERE id=" . $row["id"]);
else
{
$res = mysql_query("SELECT * FROM iplog WHERE ip = '$ip' AND userid = $row[id]");
if (mysql_num_rows($res) == 0 ) {
$host = gethostbyaddr($ip);
mysql_query("INSERT INTO iplog(userid, ip, lastseen,host, uptime) VALUES ($row[id], '$ip', '" . get_date_time() . "', '$host', 300)");
$curhost = mysql_query("select host from iplog where userid = $row[id] order by lastseen DESC limit 1");
if(mysql_num_rows($curhost) == 1)
$curhost = mysql_fetch_array($curhost);
else
$curhost = "cp";
// Mysko-koll
$thost = substr($host, -2);
$curhost = substr($curhost[0], -2);
if($thost == $curhost)
$mysko = 0;
else
$mysko = myskohost($thost);
//$ip = $_SERVER["REMOTE_ADDR"];
$iplog = mysql_query("SELECT COUNT(*) FROM iplog WHERE ip = '$ip'") or sqlerr(__FILE__, __LINE__);
$iplog = mysql_fetch_array($iplog);
//$host = dns_timeout($ip);
$regg = mysql_query("SELECT COUNT(*) FROM inlogg WHERE ip = '$ip'");
$regg = mysql_fetch_array($regg);
$ilog = $iplog[0] + $regg[0];
$level1 = mysql_num_rows(mysql_query("SELECT enabled FROM `inlogg` JOIN users on inlogg.uid = users.id WHERE inlogg.ip = '$ip' AND enabled = 'no'"));
$level2 = mysql_num_rows(mysql_query("SELECT enabled FROM `iplog` JOIN users on iplog.userid = users.id WHERE iplog.ip = '$ip' AND enabled = 'no'"));
if( ($level1+$level2) > 0 )
$level = 1;
else
$level = 0;
if($level == 1 ||$mysko == 1)
{
mysql_query("INSERT INTO skojjare(userid, datum, ip, hostname, email, log_mail, log_ip, level) VALUES(".$row["id"].", '".get_date_time()."', '$ip', '$host', '$email', $mysko, $ilog, $level)") or sqlerr(__FILE__, __LINE__);
}
// Regg-koll-slut
}
else
{
mysql_query("UPDATE iplog SET lastseen = '" . get_date_time() . "', uptime=uptime+300 WHERE ip = '$ip' AND userid = $row[id]");
}
mysql_query("UPDATE users SET last_access='" . get_date_time() . "', ip='$ip', uptime=uptime+300 WHERE id=" . $row["id"]);
}
}
Standard Anti-Trading & Anti-Rejoin check.
Every 5 minutes, the script check :
If your IP's country is changed and the new IP's country is in the "special" country (see above) or
If your IP match one of the disabled account, insert that event to cheat database.
III. Staff Account Screenshots
1. Staff Toolbox
2. MultiIPs
Note: Flera användarkonton på samma IPs = Several user accounts on the same IPs
3. Staff Användarsök [User Search]
4. IPMask [IP Lock]
Note: IP-Lås på Staff-kontonkonton = IP Locks of Staff Accounts
4. Referers
5. Invitelink
6. NyRegg [New Registered User]
Note: Nya användare = New users
Users from "special" country will be marked in red color, and if dupe IP is found on another account, mark it with brown color.
7. Fusk [Cheating]
Note: Hastighetsdetektorn = Speed detector
user1 is marked in red color because his upload speed > 15 MB/s
user2 is marked in blue color because his uploaded and downloaded stat are exactly the same
user3 is marked in blue color because his upload speed > 4 MB/s and his uploaded data is exactly three times as downloaded.
user4 is marked in blue color because his upload speed > 4 MB/s and his uploaded data is exactly ten times as downloaded.
user5 is marked in white color because his upload speed > 4 MB/s
8. Skojjare
Almost has the same function as NyRegg, with a few country watch exception, like france.
NyRegg is for new user, Skojjare is for existing user.
9. Synkade Bans [Sync Bans, Global Tracker Ban]
10. Profile View
BitTorrent Tracker Analysis : SoftMP3
Reply With Quote
Bookmarks