I want to know how to block bots from accessing my server?
I am getting many bot IP's in DHT or they are connecting to me from all over the world so IP block bans don't work.
The main bot I am having issues with is called "BM 0.0.0.1"
How do I block a peer with a client named "BM 0.0.0.1" or a Peer ID that starts with "-BM"??
It appears that this bot is trying to overflow a buffer.
I am trying to ignore them, but there are so many it is difficult!!!
In response to your question:
can you post screenshot in postimages.org and teach me how to identify such malicious peers?
Here is an image showing status codes of misbehaving clients. I was having a large number of clients with the same status code of "metadata request overflow" as you will see in the image. Almost all of these errors were generated by the same client software which was mostly likely a bot. I have my own web space, so I will post the image there.
(link removed by Mod - please re-post the image with IP's blurred)
by Guest on 2025/05/19 07:34:47 AM
To filter the BM/0.0.0.1 botnet, as well as its little cousin, the MC/0.0.0.8 botnet (which does the same thing but less aggressively), go to settings > peers > client filter > peer ID tab
and in the bottom box that says "never allow", copy and paste the following wildcard filters:
-BM0001-*
-MC0008-*
This will filter them by client ID, preventing them from ever connecting. They will still appear in the peer list, but they cannot waste your bandwidth or take up resources anymore.
I've been following this bot for a long time, and whoever is behind it is one evil SOB and likely attempting to sabotage BitTorrent DHT on a massive scale.
by Guest on 2025/07/12 10:51:22 AM
Those are pretty obvious because they appear on most public torrents no matter what the content is. Obviously, it is highly unlikely that some real peer downloads the exact same set of torrents you've chosen (if you have a lot of different ones). Authors seem to have zero worries about sending and receiving a lot of useless traffic just to check data availability for some pirate streaming application(s).
They sometimes switch to using proxies at popular hosting providers, so keep an eye on other IP addresses with similar behaviour.