I'm a sysop at torrent site, and our script banned few user because this client was sending wrong request when torrent is stopped
I'm not gonna go over too many details .. but
if event = stopped
there is no reason for numwant to be 200 .. should be 0
basically, if you want to trick private tracker and invisibly download torrents... all you have to do is send request like one above
event="stopped"&numwant=200"
it will stop the torrent and ask for peers .. thus making the client invisible
so our code is
if ($_GET['event'] == 'stopped' && $_GET['numwant'] != 0)
{
ban the user on the spot!!
}
not planing to change that ... but I did make a promise to wrongly banned users that I will report this to taxati developers
not sure how much you guys care about private trackers, but I think this should be fixed
thanks
by
Pete on 2013/10/23 09:37:29 AM
I just checked some popular programs and you are right, most of them send numwant=0 with event=stopped, at least latest uTorrent, Vuze, Deluge, Transmission and qBittorrent do. Tixati seems to always send numwant=200. Thanks for reporting this.
I'm curious, the tracker sends reply based on numwant value, but why not always send 0 peers when event=stopped?