Private BitTorrent Trackers Vulnerable To Anonymous Leechers
Written by enigmax on September 07, 2007Since the birth of restrictions, there’s always been someone ready to set-free. BitTorrent set media free and then for a multitude of reasons, private torrent trackers restricted it. It appears that a group of people have published a method to allow non-members to leech private trackers for free. But at what cost?
A private tracker is a site which tracks/indexes torrents in the same way that a public one does but requires the user to become a registered member first. Depending on a site’s popularity and growth strategy, the work involved in becoming a member can range from ‘easy’, right up to ‘almost impossible’ - there are even tools available to automate the task and sites to trade invitations.
Why would anyone bother accessing a private site when you can get great stuff from PirateBay or Mininova? Most users cite better download speeds, great timing and availability of content while others believe they have better security. Most private trackers require that the user maintains a good ‘ratio’ - i.e he uploads back to the community the amount of data that he took. Because this behavior is monitored and enforced by a range of punishments, the user tends to seed more to avoid them. The ultimate punishment for not sharing is banning, which means the member can no longer access the content indexed within, well - that’s usually the case.
Information has been published showing a method for non-members to access and download stuff from private sites, using the (optional) Azureus Peer Injector plug-in and lists of peers (BitTorrent users IP addresses and ports they use) harvested from well known private trackers. Usually it’s the tracker on a site that decides if you can join the swarm or not (while recording your stats/ratio) but by using this method it’s theoretically possible to enter the swarm of a particular torrent without ever connecting to the tracker. The theory says that as long as you can access a .torrent file originating from the site (via a torrent dump site such as mininova, a friend or the site’s unprotected RSS feed for example) plus an accurate and up to date peerlist, you can download without being a member, ratio-free.
However useful this might sound to some, there is a cost. For the method to work, the group needs to harvest user’s IP addresses from each tracker they wish to exploit and make them available for people to download. They appear to have already compromised the privacy of users of TorrentLeech and SceneTorrents by publishing their IP addresses in a peerlist, at the same time claiming the method improves the individual’s privacy.
Its common on P2P forums for people to debate the benefits and drawbacks of public and private sites. Some feel private sites restrict, while others understand that a site’s growth sometimes needs to be artificially limited due to technical, staffing or budget issues. Some feel it’s wrong to ring-fence the available media and that it should really be ’set-free’ while others feel that it’s neat being a member at a fast tracker with great image and they’re quite happy at being part of an ‘exclusive’ club.
In any event, I guess both parties are on roughly the same side in the end and they would likely agree - although of limited use on their own, the user’s IPs on sites like TorrentLeech, SceneTorrents and any other tracker should definitely be kept as private as possible, even if others believe the torrents shouldn’t be.
Previously: The Pirate Bay Won’t Bow Down to “Weak” US Government
Next: Convicted BitTorrent Admin Fights for his Right to Use Linux
65 Responses
Pages: [1] 2 3 » Show All
I’m a member of quite a few private sites, and while they ARE handy to have, if you want something quick…it can be a pain to keep your ratio healthy. And a lot of mods at these sites are power-crazed little Hitlers…I’m sure you’ve all experienced the mod who thinks he’s so 1337, and flames users and if you say a word back you’re booted…! Demonoid is the No.1 site imho…and EASY to get invites to, and the mods are all sensible. They have all you need
Okay, what the fuck is up with these ads? I’m hearing sound in the background, and my browser won’t allow me to go back because the advertisements are loading a whole fucking page in a frame inside this page.
edit Ernesto: Someone abused ad space we offered, issue is resolved now, clean as usual. Sorry for the inconvenience it might have caused, I didn’t notice anything unusual myself. If any of you guys notice something like this in the future contact us asap please.
that’s it. i’m removing this from my bookmarks. if you guys are going to shuve crappy advertising down our throats like this then you’re basically hypocrites.
edit Ernesto: Someone abused ad space we offered, issue is resolved now, clean as usual. Sorry for the inconvenience it might have caused, I didn’t notice anything unusual myself. If any of you guys notice something like this in the future contact us asap please.
Of course, it’s also important to mention that this isn’t just limited to Azureus - µTorrent has ‘add peer’ built in.
No need for hostility… Just get informed….!!!
I guess you never heard of a little program call Ad Blocker plus …. huh ….hehehe on more word… ((SWeeT))
@ad worrier: i don’t hear any sounds or see any strange ads and i use internet explorer 6 :\
lol yah you guys need adblock or something, I don’t see a thing.
This Peer Injector thing ticks me off… I spent all summer uploading to up my ratio in preparation for the school year, and now some loser is going to leech whatever he wants off of me. Screw that.
There is also no adverts for me, and I am a long time opera user.
Dave - Why the special prep for school - mostly they have faster connections, although the policies are getting tougher.
[quote comment="160600"]I’m a member of quite a few private sites, and while they ARE handy to have, if you want something quick…it can be a pain to keep your ratio healthy. And a lot of mods at these sites are power-crazed little Hitlers…I’m sure you’ve all experienced the mod who thinks he’s so 1337, and flames users and if you say a word back you’re booted…! Demonoid is the No.1 site imho…and EASY to get invites to, and the mods are all sensible. They have all you need[/quote]
It’s easy as pie to keep a good ratio. I dunno what you’re tlaking about.
Openly making available lists of active IP’s and ports being used for filesharing is completely fkin retarded. Any idiot knows that private sites are not any “safer” than a public one, but this is doing half of the **AA’s job for them. Congrats to the cheating Romanian fuckwits that dreamed this up. Arsehole of the year award goes to you.
Demonoid.com for life.
[quote comment="160665"]
It’s easy as pie to keep a good ratio. I dunno what you’re tlaking about.[/quote]
No it isn’t! Not if say your upload speed is a 10th of your download speed.
IMHO, your ratio should only be as good as your download:upload speed ratio, but private trackers will never work like that.
no sounds here, long time FF user here.
Well, the IPs itself are nothing too interesting/worrying. Still this is quite bad.
I guess the clients that allow peers “from the wild” will have an option not to accept any connections not negotiated via the tracker itself in no time. Shouldn’t be too hard. Actually this should be default and “opening” for other peers should be only an option.
[quote comment="160611"]Okay, what the fuck is up with these ads?
[/quote]
[quote comment="160613"]if you guys are going to shuve crappy advertising down our throats like this then you’re basically hypocrites.[/quote]
Someone abused ad space we offered, issue is resolved now, clean as usual. Sorry for the inconvenience it might have caused, I didn’t notice anything unusual myself. If any of you guys notice something like this in the future contact us asap please.
What are you doing linking to this site, are you saying this a good thing and thus giving people the links so they can do THIS ?
pretty low…
@newb
The information is out there regardless of weather torrentfreak links to them or not. You can just google for this and there are 10 websites that pop up on the first page that tell you all about it.
If people are going to cheat they are going to cheat regardless of what others say or do.
Man, it takes some people a long time to catch up.
I built a proof of concept over 18 months ago for exactly this type of attack, only there’s no need to allow plain text downloading of IPs or use a peer injector plug in.
It even works with every single client out there.
This is as old as the protocol itself, and az already has code to protect users from being swamped by external connections. It just needs finalizing, if any private tracker admins with more time than myself would like to volunteer to help out.
“Why would anyone bother accessing a private site when you can get great stuff from PirateBay or Mininova?”
Because, there’s a LOT of stuff I can’t find on public trackers for I live in Québec.
This article contains little news.
Yes bittorrent is in theory impossible to close down completely.
However note that some private peers will monitor their leeches once they notice their ratio doesn’t improve, compare them to the tracker’s list, and subsequently ban or snub those ips that dont occur in both places on their clients.
I prefer private sites just cause of the community. Most of them take care of each other and don’t allow crap to be put into the area.
Example: I taught my cousin how to use BT finally and showed him a handful of sites to get stuff from. He tries to get Evan Almighty from MiniNova, and instead it’s a sweedish porn flick.
Now I’ve got nothing against porn :), but on most private sites they would have that file removed from the tracker, or change the label on it.
I guess the point I’m making is I like the upkeep of private over public.
People complaining about commercials:
Do block addservers in a DNS nullzone.
It will save you from being passively probed by for profit organisations
10 - 20 thousand times per host per month.
What ads? Don’t anyone here know Adblock?
What’s the point of having private trackers if IP numbers are being published on public sites?
I don’t care I live in Canada lol.
I can go at the police station and say i’m a pirate they wont arrest me!
Pages: [1] 2 3 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.