Protect Yourself from eDonkey Spy Servers

Connecting to a bad ed2k server can have some nasty consequences. They monitor your activities and report to anti-p2p outfits. They direct you to non-existent files, corrupted fakes and hide files which others genuinely want to share. Learn how to protect yourself.

emule

Millions of file-sharers use the eDonkey (ed2k) network daily with every conceivable file and media type available for download. However, for millions of users on the ed2k network there is a threat hidden below the surface – fake eDonkey servers, estimated to be as many as 60% of all the ed2k servers currently online.

These bad servers can spy on you, track your activities and report your behavior to anti-p2p companies. Others are concerned in engineering a situation to put malware on your machine. For the incomplete downloads in progress, the user’s ed2k client asks all the servers configured in its server list to find additional sources but of course, if you connected to a bad server it now knows everything that has been happening in your client – a major privacy breach.

Fake servers are also there to misdirect, to cheat, to confuse. “Simply put, those servers lie. And they do a lot of it.” explained qm2003 from eMule-Project. “When a client is searching for something, fake servers will return files and sources to files that are actually non-existent, empty or garbage.”

Furthermore, files being offered for share by users connected to a fake server will not show up in search results of queries made by other users, effectively starving the network of millions of files. “Some fake servers deliberately return results with supposedly thousands of sources to prematurely end searches” explains qm2003, “And to make matters worse, those search results contain malware that will infect the system of any client downloading and executing those files.”

The problem of connecting to fake servers is actually something built into the standard eMule installation as the default settings result in the adding of fake servers to the server list. Probably due to legal considerations, this situation is not seriously dealt with by the developers but there are steps which can be taken now to improve the situation;

1. In eMule go to Options/Server
2. Set number of errors allowed before removing the server to 9
3. Click Edit button that appears next to the option Auto update
4. In Notepad, that is opened, add the following lines in the beginning:

http://www.gruk.org/server.met.gz

http://peerates.net/peerates/certifiedservers.met

http://peerates.net/peerates/trueservers.met

5. Save changes in notepad
6. Unmark the two following options Update list of servers
7. Click on Accept
8. Go to servers window
9. Remove all servers from static list
10. Remove all servers from list
11. In Update Server.met from URL, write any of the URL in point 4 above.
12. Click on Update button
13. If you have selected Autoconnect only to servers on the static list, add the servers you want to the static list
14. Double click on any server

We reported on the value of Protocol Obfuscation (BitTorrent users will be more familiar with the term Protocol Encyption.) and it is of some use to this situation. To date, no spy/fake servers support obfuscated connections, so enabling it in the options of eMule 0.47C rules out the current possibility of connecting to a bad server.

eMulePO

However, as we pointed out in the earlier article, this method does carry the side effect of not being able to connect to non-eMule clients, versions of eMule before 0.47b (which do not support PO) and other clients with PO switched off.

Taking the above steps will drastically improve your chances of avoiding a bad server. Tune in next time when we cover the issues surrounding spy/fake/poisoning clients and current counter-measure techniques.

Tagged in:

Share this post

Share on Google+

c There are 23 comments. Add yours?

comment policy