I'll cut to the chase, give up... we're not going anywhere.
As a few people may have noticed there has been a little activity with the block list the last couple of days, well that's an understatement but anyway...
Macrovision are playing sneaky with us, It looks like they finally figured out how we are detecting them, and now have changed tactics - it's not working (I'll refer you to the block list again...) we have more than 1 way to detect you...
OK, and now everyone is confused, well here's the story:
As you know flooders have been connecting to the network, a single *nix system runs a custom made application that can make secondary connections to thousands of primary users, each one it connects to it it uploads a list of 3000 non-existant files to be shared, then the primary will flood those files out as search results.
We were simply doing a search for various flooded files, by looking at the IP Address of the secondary user that the files originated from we could clearly see many users with fake files from the same IP Address - IP Address gets added to the block list, that flooder is now unable to use winmxgroup patch users to flood the network (it can not only flood using primaries connected using hosts files - note even those running peer guardian are still being used to flood to a certain extent due to peer guardian only updating the list once a day)
That method worked well, they got to flood files, the primaries using the winmxgroup patch would keep the flooders off (thereby allowing enough free slots for legitimate secondary users to connect) everyone was happy (except a slight annoyance at having the fake search results) - we have been in that state of balance now for a while.
So, what has changed? They have started running flooders that are not flooding.
hu? how does that work? I hear you cry, well they figured out we were using the search results to locate them, so now they are still connecting to thousands of primaries, but not uploading the fake file lists (there are still plenty using the old system though so they still flood fake results)
They probably thought if they do that then they can fill up all of the secondary slots on every primary (as they won't be spotted, so won't be blocked) and then it would mean that as all primaries are full, legitimate users would be unable to connect.
A cunning plan, personally I would have done that a long time ago if i was them but I guess they are a little slow (well, nobody ever called them smart) however they did catch up in the end. One small flaw in their plan... we did spot you, and you can't avoid the blocklist... oh well, better luck next time? I think not
OK Macrovision, you may be slow but you do get there in the end, just one thing you seem to be missing - I would be able to do a great job of it if I were in your position, however lucky for the users, I'm not... I know exactly how I would do it, and therefore I know exactly how you will do it - and I am always one step ahead of you... want to call it quits yet? or do you really want to turn this in to a full fledged battle?
* KM gets down off of his soap box and gets back to watching more and more of macrovisions attackers getting added to the block list