BitTorrent Users DDoS Websites Without Knowing

Ernesto
September 19, 2012
62
ddos,
Opentracker
Print

Millions of BitTorrent users are unknowingly DDoSing websites because ‘publishers’ of popular torrents mistakenly add website URLs as trackers. The DDoSes drag websites down and their operators have very few options to mitigate these ‘attacks’. But, thanks to a new BitTorrent protocol enhancement this is about to change. This week Vuze becomes the first client to add support for DDoS protection alongside calls from one of the “victims” for other developers to follow suit.

It’s a little known fact but The Pirate Bay and other popular BitTorrent sites have the power to take down pretty much any website on the Internet.

All they have to do is add the target website URL as a “tracker” for the torrents and magnet links they serve. People who download these files will then try to connect to the site in question, bringing it to its knees within minutes due to the sheer volume of requests.

Luckily most torrent sites don’t have such evil intentions, but this week the potential for abuse and the vulnerability of the system is apparent.

On a smaller scale the DDoS issue can also cause problems when torrent uploaders mistakenly add website URLs as trackers. Instead of using real and working trackers, they add bittorrent.com or thepiratebay.org.

One of the site owners who currently suffers from a major BitTorrent DDoS is software developer Dirk Engling, better known as Erdgeist. He is the creator of the OpenTracker software which is used to run popular trackers such as OpenBitTorrent and PublicBitTorrent.

While the OpenTracker project page only hosts the software and does not run a tracker itself, some novice BitTorrent uploaders think it does. As a result his website is being hit with millions of requests per hour.

“Some simple-minded but good willing BitTorrent users started to use the website as tracker URIs. Of course, no tracker runs at this location, this is just the OpenTracker software project page served by some poor Apache httpd,” Erdgeist told TorrentFreak.

“This was a mere annoyance scrolling through my web server logs, but recently people started using the ‘tracker’ URL in popular torrents, leading to around 1000 hits per second and rising,” he adds.

While it’s unclear what exactly caused the spike in traffic, it doesn’t appear come from individual uploaders. There are currently more than a million torrents that point to the erdgeist.org “tracker,” suggesting that it was added automatically by a fairly large BitTorrent site.

Erdgeist has thus far managed to keep his domain online with the help of Nginx, but the site’s traffic and load are still extremely high.

The good news for Erdgeist and other victims (including The Pirate Bay) is that a solution has been worked out. As reported earlier, BitTorrent’s developers and Pirate Bay founder Fredrik Neij drafted a protocol enhancement that allows website operators to prevent clients from connecting by adding a DNS entry.

The bad news is that the implementation of this enhancement in BitTorrent clients is progressing very slowly. But, progress is being made. Yesterday, Vuze became the first BitTorrent client to roll out the feature in a stable release.

Erdgeist, on whose work millions of BitTorrent users rely every day, hopes that other BitTorrent client developers will soon follow suit.

“For years the BitTorrent community has relied on trackers paid for by individuals from their own pockets, written in their spare time. Now it’s time for the community to show some consideration,” Erdgeist told TorrentFreak.

A real difference can be made when Transmission and BitTorrent Inc’s uTorrent and BitTorrent clients join Vuze. BitTorrent Inc, who helped to come up with the solution, have implemented the DNS preferences in the latest Alpha release of uTorrent and promised that the stable release will follow in the future.

In the meantime, BitTorrent uploaders (and site owners) may want to educate themselves on which URLs actually point to a BitTorrent tracker, and which ones do not.

Previous Post | Next Post

Follow @torrentfreak

Deadly

Pwnd
- Lulz
  
  So how come we aren’t adding MPAA/RIAA stuff to them?!?! That would be epic.
  - http://profiles.google.com/orfetheo Orfeas Theofanis
    
    Fuck yeah, let the piratebay and every other huge tracker add those MAFIAA sites as trackers, fast before the new protocol is implemented !
    - Guest321
      
      Once again….you can DDOS the MAFIAA sites all month long. It ain’t gonna hurt them one bit because their business doesn’t depend on those sites.
  - JordanKratz
    
    Yes I like that thought.I hate the RIAA & MPAA Scums.
ROMaster2

Wannabe Lulzsec, I guess
Pingback: BitTorrent Users DDoS Websites Without Knowing | SKP News
Pingback: Torrent News » BitTorrent Users DDoS Websites Without Knowing
Spgw85

is there a manual way of applying this change for those of us who prefer the older versions of utorrent?
- Grammar Police
  
  Well, you could just use a brain and edit the trackers on any torrent you download.
  - E manual
    
    Is there a manual way of applying this change without actually doing anything manually (for those of us who prefer the older versions of utorrent)?
    - Danny
      
      Use a firewall?
      
      Just block utorrent from contacting the few major sites your know of.
    - FrostyC
      
      I can’t believe there isn’t a way for them to block all requests coming from bittorrent clients. If something is connecting to an http or udp server, the client should give a user agent string or something similar.
    - Guest
      
      @FrostyC:disqus doesnt matter if they block the connections, the clients will still try to connect to those servers in there tracker list so the websites bandwidth is still being used.
    - http://twitter.com/Life1sPeachy DarkSideOfLife
      
      umm.. right so its so hard to click on the tracker tab and de-select any tracker Or web site that has no peers…? come on guys/girls… use ur brain..
  - Baba
    
    Ain’t nobody got time for that.
    - ted
      
      @ frostyc: they do filter them of course, but it still chews cpu time and internet bandwidth. Not much per request, but the point is that the traffic is getting so large, its still significant.
Lord of the Files

Except a lot of people don’t want to upgrade from uTorrent 2.2.1 so I’m not sure how helpful this change is going to be. It’s better than nothing though, I suppose. I generally wipe out the tracker list and rely on DHT so at least I’m not part of the problem. Could be annoying if a lot of torrent sites start banning older clients though, in which case I’ll probably switch to the latest Tixati or qBittorrent because there is no way you can get me to use the latest not so greatest uTorrent.
- Any
  
  torrent sites can’t ban clients, only trackers can
  and since less and less sites rely on trackers that is not an issue
  
  sticking with an outdated utorrent version instead of upgrading or migrating to a better client however remains an issue
  - Qjo
    
    Not true. I’m registered at one UK site which maintains an “approved client” list. You are not permitted to use others under penalty of having your account disabled.
    - ItIsTrue
      
      Of course it’s true. You’re talking about a private torrent site which runs a tracker. Your torrent client is only interacting with the tracker part, your web broswer interacts with the indexer part. So while the site maintains an approved client list, it’s can only be enforced by the tracker.
      
      It is absolutely impossible for an indexer to ban clients because they don’t know anything at all about the clients being used. The site (tracker + indexer) only learns this information when the client attempts to connect to the tracker.
      
      Public sites only need the indexer, the tracker is optional. For public torrents, client’s can’t be banned. The public trackers can ban any client they want but then the client will just rely on DHT and PEX and won’t notice any difference.
    - Noway
      
      True, and I know what site it is .
      Sorry, but the admins there are idiots who get a hard-on by
      playing the torrent-police nazis ..
      
      You can have your torrent-client send whatever user-agent you tell it to ..
- Jack Feldon
  
  I’m not really a heavy uTorrent user, but I use the latest one just fine. How come you don’t like it?
  - ProperBuggy
    
    The latest versions are proper buggy. Just yesterday, I downgraded by bother to 2.2.1 because all his torrents got stuck at “checking 0.0%”. That’s just one of the many common problems with 3.x. You should check out the bug reports on the uTorrent forum.
    - http://profiles.google.com/zerianis10 Christopher Kidwell
      
      Bullshit. I’ve never had torrents get stuck on checking 0.0% ever nor have I ever heard anyone who downloading the actual legitimate versions from the Uttorrent site getting that.
      
      If you are getting that, totally uninstall utorrent (blank the directory you installed it in) and re-install.
    - Mabsark_ProperBuggy
      
      @google-6bb179a6b07a293b0dbe2e8887cdb03f:disqus It’s not bullshit at all and if you bothered to do a search before spouting that nonsense you’d realise that. Because you’re too lazy, try looking here https://www.google.com/search?q=utorrent+%22checked+0.0%25%22
      
      I’m not PC illiterate, far from it. I’ve been on the internet since the mid ’90s, been programming for about 25 years and building and fixing PCs for about 20 years. I personally installed uTorrent 2.2.1 on my brothers machine ages ago and it self updated. I’m actually the person who got the uTorrent devs to update the way magnet links are handled, so do you really think that I’d install an illegitimate version? I know what I’m doing and I know what I’m talking about.
      
      Just because you haven’t had any problems yet, doesn’t mean they don’t exist and to claim otherwise is completely moronic. Especially when there’s stacks of evidence to proving otherwise.
      
      I did totally uninstall it, and then I installed 2.2.1. Why would I reinstall the latest version when I know for a fact it’s buggy as fuck?
  - Guest321
    
    Mainly because of bloatware. The old versions were lightweight.
- Lord of the Files
  
  When I say “torrent sites” I’m talking about both private indexers and public trackers, and to a lesser extent public indexers too since they do have some influence, particularly the big ones. Even commenters have a bit of influence. I just didn’t see the need to split hairs on a blog named TorrentFreak. I simply assumed most of the torrenting folks here would understand what I was getting at.
  
  That’s a good point, Noway, about faking the user agent, which certainly is one possibility for getting around client bans. A bit risky though because it’s not 100% foolproof, the potential being you’re IP and account (should you have one) getting perma-banned. Not a big deal for some, especially those running anonymously and/or using proxies, but a big deal for a lot of others I’m sure.
  
  There shouldn’t really be a need for private sites to ban older clients for the particular reason this blog post discusses. However a lot of them have shown logic isn’t really their strong suit, with torrent clients being banned due to one false belief or another, or simply because other sites may be doing it. Research is hard, banning is easy lol.
  
  My biggest concern was the public trackers though, provided they care enough about those getting DDoS’ed out there, which in a few cases does include themselves I’m sure. Between all of the private and public trackers, admins have it in their power to force everyone to change their torrent client if enough of them so chose. While not the end of the world, it is still an unpleasant thought for a lot of users.
Anon

funny to add riaa.com
- http://twitter.com/krozareq krozareq
  
  LOL. Although DDOSing a PR site is kind of pointless, won’t affect their operations at all. Their email server OTOH… :D
  - Hogspace
    
    I really like the idea of the entire P2P system being used, like every single torrent, being used to bring down copyright fascists web/email servers in some way. And their surveillance and troll friends.
Rekrul

I always delete non-functional tracker URLs from any torrent that I download.
- ScrewEwe2
  
  Same here. First thing I do is check listed trackers and remove all the http trackers:
  http://tracker.openbittorrent.com:80
  http://tracker.publicbt.com:80
  http://tracker.ccc.de:80
  http://tracker.istole.it:80
  
  and replace with udp if not already listed.
  
  udp://tracker.openbittorrent.com:80
  udp://tracker.publicbt.com:80udp://tracker.ccc.de:80udp://tracker.istole.it:80
  
  http://openbittorrent.com/
  - e8hffff call
    
    Stupid move. The exploit which isn’t really documented here doesn’t matter if it’s TCP or UDP.
    
    Many torrent sites don’t support UDP announcements, so you could also be reducing your ability to get peers.
Eerik

Yeah should be mandatory for torrent sites to add trackers to its torrents
like http://riia.com and http://mpaa.org
- http://twitter.com/WaynerOscar WaynerOscar
  
  like Richard replied I am surprised that a student can make $4407 in 1 month on the network. have you seen this(Click on menu Home)
- http://twitter.com/WaynerOscar WaynerOscar
  
  …
  goo.gl/aKcD4
Overdose

Bulshits i’m with utorrent 2.0.1 from 2010 and no problems so far fuck the new bloody and slow utorrent versions
- Guest
  
  Enjoy your botnet
  - Overdose
    
    From Experience you talk m8? :Lol
- ANo
  
  You should update….like yesterday. Probably too late.
  All they would have to do is…..
  Join swarm,
  sort peers by client,
  copy IP addresses of utorrent <2.03,
  run exploit.
  once in, they can migrate the payload to any running process, like explorer.exe.
  They could do it to every machine in the list, in under 5 min.
  You probably need a clean, full install of your OS
  btw…Your Anti-Virus cant help you. Not when full system access is already granted to some cunt.
  
  2.0.3 DLL Hijacking Exploit (plugin_dll.dll)
  check your system (utorrent dir ) for…….
  -userenv.dll
  -shfolder.dll
  -dnsapi.dll
  -dwmapi.dll
  -iphlpapi.dll
  -dhcpcsvc.dll
  -dhcpcsvc6.dll
  -rpcrtremote.dll
NotEvenNeeded

They really don’t need to add any URLs to the torrent. For those creating new torrents, remove the trackers. If your uploading to TPB, they’ll automatically add trackers anyway, and other sites probably do the same.
- Anonymous
  
  I agree completely. It’s obnoxious to go through a list of trackers on a torrent before starting it and see OBT/PBT/ISI duplicated two or three times each (in various combinations of HTTP and UDP addresses) because the torrent creator added them.the original site added them, and some site in between added them etc.
- downunder
  
  tpb etc add only UDP trackers and some trackers im now seeing them being blocked in various countries as well.
  
  if client has udp disabled for extra security then no one will see the torrent without a working http one (as per checkmytorrentip.org site recommendations)
  - http://twitter.com/krozareq krozareq
    
    Most trackers have switched to UDP. Plus, the µTp is superior to BT. Blocking UDP for torrenting is idiotic. Much lower overhead. Since torrent pieces are checked by the program, using a resource-heavy protocol like TCP is pointless.
  - NotEvenNeeded
    
    Disabling UDP doesn’t provide extra security, it just means you cant use uTP, UDP trackers or the DHT. In other words, it’s a completely idiotic thing to do if you’re using public torrents.
    - downunder
      
      read the site dudes FAQS.. and do some testing like I did
      udp with a proxy will at some point leak your real ip
      espc if theres a bug in the client your using
      you can never be sure.. better to be safe then sorry
Anon

location = /tracker {
return 444;
}

That should help to lower the load via nginx for anybody who’s suffering from this. :)
- krozar
  
  If you can’t beat them, join them they say. Even if just long enoug to send a 444 lol
BitDDoS

Dam.. always someone has to ruin it hihi
downunder

why dont they scan uploaded torrents and remove the offending
URLs before it goes live and post a comment to the
uploaders torrent stating the error

then its fast fixed some sites already appendt other trackers when uploading so I assume its can be done
- http://twitter.com/dartigen Dartigen
  
  Or scan torrents on upload and remove from the list of trackers any URLs that are not trackers or are known dead trackers.
PirateSoldier

I already have power to take these fucks down. Called an update. Arseholes :)
Pingback: BitTorrent Users DDoS Websites Without Knowing - WHangOut Webmaster Forum
Pingback: DDoS-????? ?? ???-???? ????? ???????-?????? | RIS
e8hffff call

Thanks(Not) for telling everyone! You should have kept this knowledge secret.
Pingback: Usuarios de Bit Torrent DDoS visitan sitios web dañinos sin saber | IntelDig
Pingback: Sem querer querendo, usuários de torrent fazem ataques DDoS | Gato Folgado | Notícias e entretenimento
Pingback: Sem querer querendo, usuários de torrent fazem ataques DDoS | Por um internet melhor!
Pingback: BitTorrent Users DDoS Websites Without Knowing | Zombie Torrents - Ultimate Torrents Downloads
dionrook

http://al.ly/ELM
Anonymous

I never understood torrent clients pig-headed insistence on hammering tracker urls that don’t work. If you got an error that says the file or the domain name in the url doesn’t exist, or receive a web page instead of a tracker, it’s not going to pop into existence by repeating the request every 60 seconds. Treating all errors as “tracker busy” is just stupid, the client should disable invalid urls.

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

BitTorrent Users DDoS Websites Without Knowing

Related Posts

Previous Post | Next Post

NewsBits

404 Fail: Six Strikes’ Piracy Alternatives Go Missing

Google Doesn’t Believe Kim Dotcom is Real

Nintendo’s Miyamoto: Piracy More Concerning Than Used Games Market

Monitoring BitTorrent Activity on a Network Using WireShark

The Pirate Bay Suffers Downtime

MostDiscussed

Movie2K Disappears Without Warning

UK Police Launch Campaign to Shut Down Torrent Sites

Three Strikes For File-Sharing Fails to Halt Music Sales Decline

87 Months in Prison for Copyright Infringement: Fair Sentence or Utter Madness?

ARM Launches Hollywood Approved Anti-Piracy Processor

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed