How To Quickly Investigate A Fake BitTorrent Tracker

enigmax
February 20, 2010
79
Fake Torrents,
torrentq
Print

Seeding fake files on BitTorrent is nothing new and the practice has been carried out by anti-piracy groups and malware spreaders for a long time. While many of them choose to use various open and public BitTorrent trackers, others are setting up their own trackers. We take a look at an easy way to find out more about them.

Back in 2007 we published a series of articles on various dodgy practices targeted at BitTorrent users. Many people were downloading torrents only to be told that they needed to install software like DomPlayer and 3WPlayer to get them to work. Of course, the torrents were fake.

We also reported on BitTorrent clients such as Torrent101, BitRoll and GetTorrent, which also caused caused a whole load of trouble for those who installed them – even uTorrent and WinZip users were in the sights of malware offloaders.

In an email yesterday to TorrentFreak, a reader pointed us to a problem torrent located here (removed). The file is clearly labeled as ‘The Wolfman DVDrip 2010 aXXo’ but it is a fake, a fact which can be quickly learned by reading the comments underneath the torrent. Nevertheless, we thought it might be interesting to demonstrate how it’s possible to look a little deeper.

The file is tracked by a whole range of trackers but one sticks out immediately.

http://tracker.torrentq.com/announce.php currently lists 48,416 seeds and 37,496 seeders for the supposed ‘The Wolfman’ movie, a highly attractive proposition for those inexperienced in dealing with fake torrents.

Of course the stats are faked, and are run from a tracker set up especially to deliver fake torrents. Indeed, it’s run on a subdomain of TorrentQ, a bad client we featured in an earlier article. Here’s a quick step-by-step of the method we used to investigate the tracker. There are other ways, but this is pretty simple so anyone can try this out.

It’s possible to find information about the files indexed on many trackers by using ‘scrape’. In the case of the TorrentQ tracker, the scrape URL is located at http://tracker.torrentq.com/scrape.php. So first off, go to this URL and you’ll get the option to download a file, in this case ‘scrape.php’ – download it.

In this file will be information about the files being seeded on this tracker.

Next use DeHackEd’s nice little online tool called DumpTorrentCGI. Browse to the ‘scrape’ file on your hard drive, change output type to ‘/scrape’ and click the ‘decode’ button. You should get this report;

TorrentQ Scrape

Immediately you can see that all the files are apparently hugely popular, but of course, all of these stats are faked. To prove that, one can use a site like Torrentz.com, which creates its torrent URLs by using a torrent’s hash value. Simply test each torrent by using http://www.torrentz.com/ followed by the hash value, as shown below, and check the comments.

http://www.torrentz.com/0366eb6bdbab88f2ccd9397a0b421b3947c82e06

The torrents TorrentQ tracks are for Wolfman, Legion, My Name is Khan, The Book of Eli, From Paris With Love, Ninja Assassin, Edge of Darkness, Shutter Island and Dear John.

Every single one is flagged as a fake by commenters on Torrentz.com.

Previous Post | Next Post

Follow @torrentfreak

Anon1st

“We also reported on BitTorrent clients such as Torrent101, BitRoll and GetTorrent, which also **caused caused** a whole load of trouble for those who installed them”

:) cheers for helping the n00bs.
blackjesus@1337x.org

Very nice thanks for the TuT
Jeff

A co-worker of mine encountered a password protected torrent of Edge of Darkness from torrentz.com the other day, which was in the form of a WinRAR archive. Inside it was a passworded RAR file, and a text file that instructed the downloader to go to w w w dot justcooldeals dot com (don’t go there!) to obtain a password for the RAR file. I Googled the site, and one comment I read said that they tried to infect a visitor with a trojan dropper. There is nothing cool whatsoever about that.

So I would avoid passworded files if at all possible, and if a given torrent has no comments yet, wait for a few days and let others download it first.
Nef

“inexperienced in dealing with fake torrents”. Read: total N00bs.

Well I guess common sense is the Noobs best friend, w/o it you´ll bleed.

Anyways, 37.000 seeds, lmao :D
133t

apparently if you do it right you can make some 100 usd per day, it ‘s called p2I, or pay to install, there many companies offering this, and paying rather well too.

sucks for regular users like us though :P it’ss amazing the vast majority of guys don’t even know this :P and n00bs who know nothing about torrents do this !!
Karl Rosenqvist

#4 – In the beginning we were all noobs or lamers or whatever the frase was at the time so quit making out like you’re all that.
Comeoncomcast (aka Andrew)

Hey easy we were all noobs when we started out
Comeoncomcast (aka Andrew)

and Torrentz.com RULES <3
Ram Agarwal

Thanks a lot Torrentfreak for such a nice article..

many bittorrent users like me are now aware about fake trackers.

Great job.Keep It Up.

Warm Regards,

Ram Agarwal.
Aman

Great Job TF
lilars

Always watch out for that infamous uploader,Anonymous.
Always read the comments.Others know who the fakes are.Do not download if there are no comments unless you trust the uploader.At Pirats Bay stick to the torrents put out by skulls.No skull,no comments,definitely avoid.Get to know the uploaders(some have higher standards than others).
Happy file sharing.
lord hoff

and if your asked for a password immediatly run the file through a file shredder.
duane

37000 seeds — so this is where the content companies get their statistics from!
The Terminator

All the links in the article are worth visiting for torrent n00bs *OK I too was a n00b once ;-D*

Thank you Enigmax and TF
Its Emil

48,416 seeds and 37,496 seeders

peers?
Its Emil

“48,416 seeds and 37,496 seeders ”

peers?
question the answers

uhhh. couldn’t this whole article been summed up in the sentance ” read the comments before you download a torrent”
LOPPSI2

@3 ” A co-worker downloaded2 but you googled it?

yeah riiiiight
LOPPSI2

even some skulls on PirateBay are scams=that Key-Gen you got with software???-congrats you now have a TROJAN
bluff

If you come across a passworded torrent visit jimbeeer.com to see if the password has been submitted. Also, if you find a password, submit it yourself so others don’t have the grief you did.

Oh and if you find it useful, sling the dude some beer money.:)
LOPPSI2

and in other News
The link for DumpTorrentCGI is infected with 267 threats according to Norton, So I wouldn’t go there.

Way to go TF

You’re worse than the fake torrents

and the hacker key-gens
LOPPSI2

http://safeweb.norton.com/report/show?url=http:%2F%2Fusuarios.multimania.es%2Faniweb%2FDumpTorrentCGI.php
poo

Die piraters, die.
DanielRemains

Thanks TF for this!

TorrentFreak is like the Google of the internet, the Cheez Weez of the bread, the OS of my PC, the coffee of my cup, the uTorrent of my downloads! Couldn’t live without TF that’s a sure thing

@ 23 – poo

Hey Reasoned Mind what did you illegaly download lately? (:
Rboy

Fake torrents are easy to spot. Early release of anything is suspect. Most claimed DVD rips when the movie has not been released are most likely fakes. Almost definately fake if released by some no name.

Second look at the stats faked torrents have ridiculously inflated stats.

As stated any torrent directing you to a site for a PW is most certainly fake. No none and I mean no one who bothers to upload a torrent that wants to share will make you jump through hoops to get a password.

If the rar file has a pass you can do two things use the open in winrar and sometimes the PW will be there in a message usually URL where it was originally uploaded. Second Google the name of file followed password if it is a legitimate file you will find the pass.

If one of these methods don’t work delete the file and find it somewhere else. There is rarely something so rare it can’t be found on several sites.

The best way to use google to find something is go to your drive where the rar file is right click on rename copy the whole rar file name and put it in google.

Google is one of my best tools for finding stuff and that site will never be shut down!!!!!
SEEDplease

NOD32 anti-virus has saved me more than once from trojans/viruses which I downloaded from bittorrent sites. Sometimes there is no way to know if a .rar or .iso file is infected until you download it. Make sure to warn/flag the .torrent file if that is the case.
And speaking of fake torrent sites, is the following site legit?
http://www.piratebay.com/
Shish

Or you can just use private trackers…
stick to the point

The topic is “How To Quickly Investigate A Fake BitTorrent Tracker” and not “How to recognize a fake torrent” and it even says: “a fact which [that torrent is fake] can be quickly learned by reading the comments underneath the torrent”.
So, to all the guys who had to comment that it’s easy to spot a fake: It is really nice that you can read basic English (that would be the word FAKE, in the torrent’s comments), but please stick to the topic?
Because, this article (by further developing the idea) might lead to some feature of downrating (and ultimately ignoring/blacklisting) some malicious trackers by websites such as Torrentz and similar major BT websites (which then makes it a kind of a trend for all BT websites) and we might have new and better (highly automated) way to fight fake torrents.
esé

dun’t dl anything that looks suspicious (single rar, high number of seeds in a short period of time, anonymous uploader, no release nametag)

its good enough just bookmark some uploader you trust and check on their new uls once in a while.
Anonymous

All this trouble from crap public sites where anyone can upload can be avoided by using private trackers of course.

Apart from faster speed, better organisation, faster pre times, higher quality etc.

LOL, noobs.
afrowolf

Although the intention here is good, it seems to me the people who could really use this information will never see this article, or be able or willing to follow those simple steps. Perhaps I seem cynical, but after 10 years of trying to baby-step people through the simplest P2P precautions, I think I have a good reason to be. Some people would just rather throw money at a problem than have to think something through. To the rest, let’s try to pass this along! Cheers :)
Pingback: Detect Fake Torrents « Nick's Blog
stick to the point

#30 (afrowolf) is completely right.
This needs some spreading in order to be really useful.
xxx

re: “The Wolfman DVDrip 2010 XviD – The Wolfman [Full Movie].wmv”

No release group, proclaims “full movie” and a .wmv file are other warning flags. (not that fakers don’t ever use realistic-looking filenames.)
DanielRemains

[…]
Your response is awaiting moderation.

Oh cool stuff!
LOL

Stupid noobs using public trackers and insisting they’re no different to private trackers where no fakes are uploaded de to uploaders being vetted.

Just one more reason why private trackers pwn public trackers lol.
Positron

Nice article there, TF! Surely pretty helpful to the less experienced or perhaps the usually less cautious BT users out there.

Keep’m comin’. :-)

In the meantime over on Demonoid:

Registrations are open

So, if you’re interested, Get Your Butt Over There!
Lothor The Evil

For those who think private trackers are so much better, ya gotta think:
#1: Private trackers usually require and invite code of some sort and it’s not that easy to get.
#2: I actually have downloaded videos in the past from Demonoid that contained the “you need to download domplayer” or one of the others like it. So even private trackers can have a fake file once in a while.

In the past I have come across a few video torrents that said I needed to download some sort of player after playing a few seconds and opened a page in Firefox. I noticed that every time that happened, the video was in the .mpg file format. So I only download .avi format unless it’s something hard to get and all I can find is the .flv format which plays fine in VLC media player (usually anime or an old t.v. series.)

@3 Jeff
["A co-worker of mine encountered a password protected torrent of Edge of Darkness from torrentz.com the other day, which was in the form of a WinRAR archive."]

I have come across that too, and sometimes the rar archive contains some sort of weird executable file that most likely contains a virus. That is why I NEVER download videos or music in winrared files. Only thing I download in the .rar format are pictures. I won’t even download t.v. shows in a .rar file because I prefer to download just the first episode to make sure the quality is good and what the description says it is, then I download the rest.
I also prefer to download only torrents that have a lot of positive comments. I find if most comments are positive the few that aren’t are just some dumb trolls. If I download a torrent without comments on the site, it’s usually porn, or something I’m having trouble finding, usually some sort of animated series.
These are my own guidelines I use for myself and I almost never get a fake file, except rarely for porn as a lot don’t have comments.
Bisby

“#2: I actually have downloaded videos in the past from Demonoid that contained the “you need to download domplayer” or one of the others like it. So even private trackers can have a fake file once in a while.”

You are a noob of the worst kind – the kind that thinks he’s not a noob which leads to all sorts of screwups (many of which you dont notice like your OC now being part of a botnet) as you throw caution to the winds confident in your knowledge that you are a “puter expert”.

Demonoid is NOT A PRIVATE tracker, it indexes a large number public torrents. EXCEPT you will find out about fakes later than if you downloaded it from TPB. Meaning you might as well just download them from The Pirate Bay.

(Well OK it does have it’s own tracker however many of the torrents are indexed from public sources and apparently you’re too much of a newb to see the extremely obvious tag at Demonoid to indicate that they are publically indexed)
Anonymous

#2 … “Very nice thanks for the TuT”

???
Mr Universe

….or you could just check a reputable predb.
Gargamel

Like 95% of readers here will know what a PreDB is. lol.

Users that know what a PreDB is are smart enough to not use public torrent sites.

They can’t even work out that a virus scanner doesn’t make them safe … as they look for “signs” of fake torrents (because spammers always put “signs” in there to alert users that they are spreading malware.
Hop234e

1 ) go to source http://www.rlslog.com
2) go to google …
3) google file name
4) DOWNLOAD
Bisby

1 ) go to source http://www.rlslog.com
2) go to google …
3) google file name
4) DOWNLOAD

… or heres an idea – YOU COULD JUST DOWNLOAD IT FROM RLSLOG and have the benefits of faster speeds and the fact that it is 100% not malware unlike your solution.

And just so you know, rlslog files are put up from scene servers like almost all the rest of the content on torrent sites.
jon

21- theres your problem you use norton lol
Pingback: Come capire che un torrent su un tracker è un fake
-sic-cal

Gargamel, i don’t like where this is heading…

More recently i’ve been seeing Scene sites and databases all over the place. It reminds me of a typical computer game, where at the beginning you need to fight the boss’ minions, then once they are all destroyed, the boss sticks his head out to attack but also leaves himself vulnerable.

In other words – if Scene groups are struggling to get their shit out because torrent servers are dropping like flies – the solution isn’t to try distributing it yourself.

Keep the Scene hidden – it’s our underground nature that keeps us safe whilst sharing sites/technologies come and go.
LOPPSI2

@ 44
I dont think so
Googling DumpTorrentCGI
the multimania.es site is the first one to appear, and this site is badly infected, most other sites holding this file show as clean.
The problem is not Norton
The problem is lazy linking, i.e. linking to the first site without checking,
a site that tries to install the very stuff you are trying not to get with FAKE torrents, the point of the article.
Trying to prevent such attacks then directly linking to a site that does exactly that …well……
LOPPSI2

@42
Do you mean www(dot)rsllog(dot)com
????

Are you illiterate or just unable to type/copy URLs
Case

for twittr users- @eztv_it.
And movie leaks info -@MovieLeak.
ipee on your ip

you can also:

1. check the 100% seeder in your utorrent when first loading. If the torrent is a fake, copy this to your scumbag list. Check any newtorrents against this list and just bail when you see anyone on your list. They use the same ip’s quite a bit.

2. during a download if the torrent is suspicious:
try playing the file from utorrent, often you can get vlc to play an avi at about 20% completed, this can often give you a clue as to whether it is any good.
If the files are compressed, pick the smallest R file and set utorrent to high priority for just that file. When the file completes open it and check the file for a password or multiple nesting either of which would indicate a probable fake. If so, bail and put the jerk in your asshole list.
LOPPSI2

Damn impostors posting irrelenat nfo
Think you’ll find it’s
http://www.rlslog.net/
Sean

First off, fuck private sites, your safe if your read the damn comments and use common sense. Faster speed isn’t an issue for me, since it’s always fast enough..I’m just thankful to get the file(s), it isn’t your god given right to get good speeds on DLs.

Secondly, Good article TF! Everybody was a noob once, so it’s good your helping them out.

Pz
cando22

Great Report guys.. Torrent Freak Rocks… Thx for the INFO on this and all the Torrent News.. You Guys are the heartbeat of the Torrent world … Peace
Where is Reasoned Mind?

I grow very weary of those who spend time trying to justify music theft (not saying that you are one of those people). The bottom line is this: If you care about some music in particular, then it’s worth paying for. People need to quit pretending that they DESERVE something for free. The ABILITY to steal music does not translate to the RIGHT to do so.
my 2 cent car crash.

Those that like stacked trackers (I never did) Can look out for the likes of this. And delete the nasties out of the string first.
7SeVeN7

hey here`s a better idea…

STREAM THE FUCKING MOVIE,T.V. SHOW OR THE MUSIC!!!

ITS A HELL OF A LOT SAFER AN UR NOT FILLING UP GB`s OF HD SPACE….

STREAMING IS THE NEW HERE AND NOW!!!!
Sama

which also caused caused a whole load of trouble for those…

Spelling error
DeltaPan

The media defender emails which were exposed delayed their tactics.

As i’ve said, a few years later it’s safe to assume the contents of these emails in regards to tactics will be happening again, too much time and money was spent on what they were doing to simply abandon it all, i suggest they have waited a couple of years for the dust to settle, now doing it again.

Sounds like it, deffo, obviously they’ve had time to add and think of other tactics and some things have evolved, but some anti piracy nonsense is the same, their being wholly and perniciously criminal as though a law unto themselves where criminal law does not apply to them somehow in their grandiose delusions, to our simple civil and minor infractions, they behave criminally towards us, doing it before, since and still are.

Perhaps before authorities address us civil infractors of copyright, they should address the overt Criminality of these anti piracy oiks FIRST.

They behave criminal, we infract in a civil law context. Big difference.

http://en.wikipedia.org/wiki/MediaDefender

Looked to see if they are still hosted online, but not so it seems, perhaps somebody could re-pin them as a lot of people had a problem getting the content of the mbox file open in an email client, however much it’s explained in comments.

Still relevant intel’ in the present.

Here’s the torrent for the leaked emails on TPB.

http://thepiratebay.org/torrent/3806944/MediaDefender.Mail.200612.200709-MDD

TF ran a lot on this but won’t link, all there if ye search though.

Peace. :)
DeltaPan

“They don’t like it up em, Captain Mainwaring sir, they don’t like it up em!!!!”

Peace. :)
Ninja

Nice and informative article. Thanks TF!

I have yet to come across one of those fakes =/
haczorTractor

Simple rules to file sharing:
1. If you dont want to pay or seed = Public tracker
2. If you have extra cash = Freenet or similar
3. You can/want to seed alot = Private tracker
4. You are a noob = Buy media from local supermarket/Dont be a noob
Peter

@#6&7 :
You seem to be confusing “newbie”
and “noob” : http://www.urbandictionary.com/define.php?term=Noob&defid=2568674
Anonymous

I found a tracker which hides as a royal spa for elder people.
Look at this:
http://i46.tinypic.com/2r3gop0.png
Pingback: How to Investigate a Fake BitTorrent Tracker [File Sharing] | Son Of Byte
Pingback: How to | How to Investigate a Fake BitTorrent Tracker [File Sharing]
Pingback: How to Investigate a Fake BitTorrent Tracker [File Sharing] | nothing to see here
Pingback: How to Investigate a Fake BitTorrent Tracker [File Sharing] | bibeh.com
Pingback: How to Investigate a Fake BitTorrent Tracker [File Sharing] · TechBlogger
Pingback: How To Investigate A Fake BitTorrent Tracker | Lifehacker Australia
Pingback: How to Investigate a Fake BitTorrent Tracker [File Sharing] | Hooked On 'Tronics
Pingback: How to Investigate a Fake BitTorrent Tracker [File Sharing] | Computer Tips and Tricks
typical TPB user

Limewire is the safest – everyone knows that.
Pingback: How to Investigate a Fake BitTorrent Tracker [File Sharing] | Reviews Manual
Pingback: Pirate Home Page » How To Quickly Investigate A Fake BitTorrent Tracker
hadopirate

TorrentQ.com is hosted on the same server hosting Domlayer, x3player and another crapwares.

Look at Robtex:
http://www.robtex.com/dns/torrentq.com.html

It’s 100% clear that’s a fake BT tracker.
Anonymous

All of those torrents had the most seeders on mininova the other day, and I thought it was retarded that thousands of people would believe that axxo actually uploaded 6 or more ‘dvdrips’ of movies that were still in theatres. Then I noticed that there were a few thousand leechers along with all of those seeders, and figured that something must just be screwed up. Either way, it was quite obvious that whatever was downloaded would not wind up being the movie advertised.
Pingback: Blogs » Blog Archive » How to Investigate a Fake BitTorrent Tracker [File Sharing]
Pingback: How to Investigate a Fake BitTorrent Tracker [File Sharing] » Blogs

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

How To Quickly Investigate A Fake BitTorrent Tracker

Related Posts

Previous Post | Next Post

NewsBits

The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

McAfee Patents Technology to Detect and Block Pirated Content

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

Game Pirates Whine About Piracy in Game Dev Simulator

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed