Remotely crashing all DC++ clients on the hub

it seems you're using a 2-years old version of DC++, please try with the latest one.

I used the older version of StrongDC++ to get the logs, but its crashing even the other 0.707 clients on the hub. i'll try and get logs with a newer version of StrongDC++. I uderstand standard DC++ can not do debugging?

Thanks

interesting, DC++ 0.707 fixes one specific possible remote crash which i thought was occuring here.

no, DC++ doesn't show network commands like StrongDC++ does, but people usually use an external app to get such traffic; i like Wireshark <www.wireshark.org>.

if you can't get useful command logs, could you post the link to a hub where this is happening?

Hi, the strange client comes on randomly from time to time, presumably by ip address rather than domain name.

The address is 87.117.203.9:4144

Hope that helps.

Thanks

Hi, here is part of the log from a newer client.

Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 72.9.231.170:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:80
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 86.104.34.175:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 72.9.231.170:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:80
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 86.104.34.175:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 72.9.231.170:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:80
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 86.104.34.175:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 72.9.231.170:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:80
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 86.104.34.175:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 72.9.231.170:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:80
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 86.104.34.175:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 72.9.231.170:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:80
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 88.208.78.97:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 86.104.34.175:411
Hub: [Incoming][87.117.203.9:4144] $ConnectToMe astro 72.9.231.170:411

It also came up with a message as follows.

[2008-07-28 12:48] Someone is trying to use your client to spam 88.208.78.97, please urge hub owner to fix this
[2008-07-28 12:48] Someone is trying to use your client to spam 88.208.78.97, please urge hub owner to fix this

Will have a look at this on the hub's side if it is indeed an issue in the hub code.

Thanks

that client is trying to make you connect to some websites, probably to DoS them; StrongDC++ blocks connections to port 80 and displays that message.
most hub softwares now block this kind of fake-$ConnectToMe commands, so it might be worth updating yours.

however, DC++ (and StrongDC++) shouldn't crash when receiving these commands, but they should silently discard them; there's probably a bug to solve there...

Thanks for the help Poy. Will check the hub software and wait and see if it crashes the hub the next time that user is around.

I trust you'll have a look at fixing the exploit in DC++

Thanks again

The user has been coming on and offline all afternoon now if you want another go at testing. It is still crashing a 0.707 client as soon as they come on here.

it crashed me too, created <https://bugs.launchpad.net/bugs/253702>.

Does new StrongDC++ crash too in the same time? I remember old problem that Win32 default thread stack size is 1 MB which causes to limit maximum amount of threads to about 2000 (because 32-bit addressing limit is about 2 GB and 1 MB x 2000 = 2 GB), then it crashes. StrongDC++ has thread stack size decreased to 128 kB so it should manage up to about 16 000 threads.

Also StrongDC++ has flood protection to block more than 5 incoming connections from same IP, but I think this doesn't help to the problem because it sends $ConnectToMe with different IPs (it's weird that hubsoft allowed it).

What hubsoft are you using ?
It's probably possible to fix this for your hub easily :)
I take it the spammer is on a dynamic ip ?

bigMuscle - Might be an exploit on the hub software too, will try fix that.

MikeJJ - Yes it comes on with a different IP everytime we most times and usually eastern European ones (so guess using proxy servers of some sort).

The hub software we are using is opendchub 0.7.15

Any suggestions for hubfixes will be appreciated :)

Thanks

Big Muscle - Yes the new version of StrongDC++ chashes too. Thats the client that gave the warning messages that someone was using your client to spam.

It may be that I just closed StrongDC, after getting bored of the spamming messages, rather than it specifically crashing....can't remember now.

OpenDCHub is not right software to use, it was released 2006-03-19 13:43. As BM said, this is normally not permitted with modern secure software.