How To Filter Fakes and Protect The Network

What You Need To Know About Fakes
This is some information that many people may or may not already know about the fakes that the RIAA and cronies are flooding our network with.  I hope it will help you to understand what they look like, what the harm is, and what we can do to eliminate them.

Recently everyone has a heightened awareness of the situation with the RIAA flooding our network. For those who don't completely understand what the big deal is let me explain a bit.

The RIAA employs companies such as Macrovision and NetSentry, to deploy disruptive software such as that made by Macrovision, capable of many things in the name of copyright protection.  There is more information on these particular companies practices in the WinMX World News forum, where you can find the link to the actual patent application made this summer by Macrovision.  For my purposes here I will touch only on the flooding of fake file results.

First let me start off by informing you that the files I am speaking of here are not files at all, the software is capable of uploading fake data that appears to be lists of shared files.  This is the reason most fakes from these companies wont download, there is no actual file, only a list of files.  When this information is requested from your WInMX search, its sent through all the primaries that you are attached to.   This has two effects:
1) being that its annoying that you cant download any of the songs that are showing up on your search results.  
2) being that as that flood of lists comes from across the network through the primaries it causes such a flood of data, in such a fast time that the primaries loose the connections, this in turn is basically a DOS (Denial of Service) Attack.  Those primaries that get drooped also loose all the secondaries they held, and this has a huge effect on the networks stability.

When you do a search on WinMX for a file, WinMX is designed to answer that query with the best results in the fastest manner, the companies behind this software count on this to increase the ability of their software to do the most damage.  For the last year we have been recommending that you could filter these by using word exclusions such as -user, this is no longer possible due to Macrovision taking this same advantage and turning it around to their own.  
Right now if you do a search for one artist/title name you may see results coming in from all sorts of ones that have nothing to do with the original search.
This is due to them taking that Full Path information we were able to use to filter them and using it to make resluts get called upon by your search.  For example they may show a full file path of:
E:\My Documents and Settings\GodSmack\Movies\Mp3s\Emule\WinMX\Downloads\freeware program file

The above example is going to return a result for this if you do a search for any of those words used.  I think you can see how they have found this will maximize not only the irritation of finding real files, but spread their fakes to as many searches as possible maximizing with it the damage that these cause to the network.

This is why if you do a search right now for say.. something like 3 Doors Down, you may get results labeld Barry Manilow, Bo Bice, Jamie Foxx, Willie Nelson and the like.. making it seem that the WinMX search is broken.

How to eliminate the fakes from your results:
Next for those of you that dont really want to know the exact details of what I use to spot them, let me tell you the ways you can keep this from happening.

WinMX Community Patch uses a method of filtering results by IP address of known file flooders, works two ways. By using the same list we recommend and maintain of flooders it blocks them from connecting to your primary connection as a secondary.  This keeps them from uploading the lists and there for keeps them from using your connection and bandwidth to attack other users.
It also has the ability to use this same list to fitler the results from these IPs from your search screen, leaving you with only real files to sift through. (at this time this is the only way to keep them from appearin in your search results)
All you need to do to begin using this patch is to visit this link:
WinMX Community Patch

Some of the things you will see with the fakes:
File names:
These companies have the idea that we are idiots.  They post ridiculous names in many variations in order to hit large groups of people with frustrations.  This includes adding comments such as torrent sites, words like: Remix, New Release, Real, Free, and have even stooped to using WinMX room tags on some of the fake movie files in order to sell themselves to you.

As mentioned above, the idea is to cover as many search results as possible, ie: have their results match your query in such a way that they are returned before any real ones.  
On that same note:
Trying to ensure that their results are returned as often as possible they will also use things like:

Reported by WinMX Peer Network remote host
Time/date of report: Fri Oct 07 20:57:19 2005
User Name: Screech_Lelia127_48747
Connection Type: DSL
Files shared: 3000
Elapsed time online: 1:41:45
Transfer Status:  50 of 75 available

The use of the high speed connection, and the amount of files shared, and the transfer status are all just illusions to make them seem, not only desirable but, to appear as real to the WinMX program.  Until recently the majority of Whois that you might see on these results would show them sharing 3000 files, keep in mind that alone will NOT identify a flooder.  Right now we are seeing them sharing mostly between 2000 - 3000 files however, very recently we noticed that they are listing odd numbers such as 370, 568 shared files in order to appear more real.  Remember they read forums also.

On that note let me just say this, as I have said many times, these types of flooders have not ever to my knowledge uploaded from regular users.  Not to say this cant or doesnt happen, but again let me state the nature of the WinMX network makes it virtually impossible to prove in a court that Your IP can be picked out of the network of secondaries and primaries, let alone prove any activity that took place between that IP and theirs, or that you where completely in charge of the computer at the time and day they claim.  Fortunately we are finally seeing many innocent victims of the RIAAs Mafia style threats fight back, showing that they can say what they like but proving it is another matter.

All flooding originates from a secondary connection to a real primary, you can not get an accurate IP via Whois.  They do not access the peer caches in the same way as you or I, and they havent lost half of the amount of them as we have with users that still dont realize we are up and running.  We did out number them greatly and we dont now.  If EVERYONE is not using the WinMX Community Patch it will allow them to do what they set out to do on Sept. 20th, shut us down.

For a more indepth view of the damange they cause you can read this:
Damage Caused By Fakes

©2005-2023 All rights reserved. Page last updated Mon Oct 13 2008