Emule (and BitTorrent) Users! Protect yourself from Fake Sabotage or Spy ED2K / Donkey Servers (Lugdunum eserver, Metamachine dserver), NetSentry, Cyberverse, MediaSentry, BayTSP, RIAA, MPAA, or your Government (China, Iran…)!
Fake Servers
2 new fakes with UK (United Kingdom) IP Addresses just popped up about a week and a half ago. They should be in bluetack by now. The Morph list (better than BlueTack, has a lot of bluetack in it) should have it in its bi-monthly to monthly update. Here is a fake server list in ascending chronological order (oldest first):
IP Start, IP End, Security Level (typically 0), Description
212.150.248.0 - 212.150.248.31, 0, Isreal Fake Servers
72.34.98.1 - 72.34.98.23, 0 , USA Fake Servers
209.204.61.0-209.204.61.191, 0, New USA Fake Servers
72.51.35.78-72.51.35.78, 0, New USA Fake Servers
72.51.37.104-72.51.37.111, 0, New USA Fake Servers
72.51.37.237-72.51.37.237, 0, New USA Fake Servers
72.51.38.136-72.51.38.143, 0, New USA Fake Servers
72.51.39.144-72.51.39.159, 0, New USA Fake Servers August 2006
81.3.87.170 - 81.3.87.171, 0, United Kingdom / UK Fake Servers Late Sept 2006 - Nederlands Geslacht and SexyBitch.nl
Oh yeah, on a tangent, their is a donkey server in Iran (Iranian IP Address) that is fairly consistant! It is called PersianMule (I don’t know if it is legit or fake). It appears to be on an old windows box running eserver 17.10. The user count and user limit are in the hundreds and the # of shared files is 1500-2000.
ed2k://|server|82.99.247.19|4230|/
IP Blockers
The easiest broad defense against fake servers is to use an IP blockers! Use Protowall or just populate Emule’s built-in IP blocker with data. It will also keep centralized, automated evidence collectors from connecting to you. If they get a file chunk from you go into a lotto drawing for an RIAA lawsuit. Publishing your share list to a fake server (share publish is automatic upon connect) has the same effect. The odds of an actual lawsuit once in the pot is still only about he same as 4 figures or better on a scrather lotto though. The cumulative lifetime probability of death by external causes (fire, flood, car crash…) is higher. If you live in China or the like though, then you have more than just the RIAA to worry about. Less than 30% of emule users are blocking IPs from hostiles like NetSentry and Cyberverse and fake servers. If your emule is showing more than 6 million users on the network, then you have shit load of fake servers in your list.
Here is a list of download / page links:
Oh yeah, to effectively use Emule’s built-in IP blocker to block fake servers, the ‘Filter Servers Too’ checkbox must be checked in the IP filter sub-section of the Security section of the Options (Options button -> Security Section -> IP Filter sub-section on top -> Checkbox is on top of the IP Filter section). This has a negative side effect of blocking all DynDNS servers as well, but people wanting secure/private servers with just friends on them should to switch to a darknet anyway.
If you want to further reduce fake servers (new ones that aren’t on the blocklists yet), disable ‘Update ServerList when connecting to a server’ and ‘Update ServerList when a client connects’. These are in Options->Server->2nd & 3rd checkbox. Doing this will substantially reduce the number of small servers on the list and can hamper rare file hunting a little bit. If you hunt rare files and keep your IP blocker up to date, then leave these on, otherwise turn them off. Another option that is good to turn on is ‘Autoconnect to servers in static list only’ and make the big trusted servers like ‘DonkeyServer No #’ static (select servers in the servers screen and use the right-click menu). There a several fakes with the same name, so use the IP blocker and even better, get a mod like MorphXT or Xtreme that supports country flags.
Updated 10/4/2006 — Added two paragraphs at the bottom.
