SETI: All Users of The Enterprise SetiQueue

[Smoke]

It appears the same person or persons that recently bombed Woodie's Q has now done the same thing to The Enterprise - TeAm AnandTech SetiQueue.

It appears the DISABLING of NEW CLIENTS has stopped this person from downloading NEW WUs but it has not stopped the PASS THROUGH of his DUPLICATES.

So my Q is being burdened and my bandwidth has been compromised. :|

I'm not sure how or what to do to put a stop to this. If someone can advise me (and thereby the rest of the TeAm) I'd be most appreciative.

Look at this damn backload!

 

[Smoke]

I've just taken the following steps:

1. I have TORCHED:

Seti User ID 4796509
Seti User ID 4683123
Seti User ID 4674522

2. I have DISABLED Upload pending results.

Hopefully this will give me time to try and sort out how to remove all of these DUPS from my SetiQueue.

:|

Advice still needed and appreciated

 

[Smoke]

Could someone help me identify who is using this IP ADDRESS: 80.131.87.218

 

[Confused]

Greg, YGPM


Garry

 

[MechEng]

Originally posted by: Smoke
Could someone help me identify who is using this IP ADDRESS: 80.131.87.218

I don't know if this is of any help, but here goes.


Reverse DNS Lookup
IP Address 80.131.87.218 resolves to:
p508357DA.dip0.t-ipconnect.de

 

[Assimilator1]

To delete the dupes (in the Dir) go to SETIQ>Client>Duplicates.
I hope that's what your looking for.
[edit] I wonder if they only get there after an attempted submission?.......

Btw that sucks that someone is bombing your Q like that .
Have you tried email them with their SETI email add?
Or contacting SETIQ HQ with the ID numbers?

Hope you can get it sorted

 

[Unforgiven]

someone from ipconnect.de hammered my home ip about 4 months ago to the point where i had to write them up and they told me exactly where the person lived, their phone number and that the authorities were involved! the folks at that isp are german but were extremely prompt and they go rid of the person hammering the crap out of me. it was so bad that i had to shut my queue down because they were completely stealing all my bandwidth and causing my computer to lag hard!

 

[ICXRa]

Target: 80.131.87.218

Nodes: 12


Node Data
Node Net Reg IP Address Location Node Name
12 1 1 80.131.87.218 Stuttgart p508357da.dip0.t-ipconnect.de


Packet Data
Node High Low Avg Tot Lost
12 ---- ---- ---- 2 2


Network Data
Network id#: 1

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL

ReferralServer: whois://whois.ripe.net

NetRange: 80.0.0.0 - 80.255.255.255
CIDR: 80.0.0.0/8
NetName: 80-RIPE
NetHandle: NET-80-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: AUTH62.NS.UU.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate:
Updated: 2004-03-16

OrgTechHandle: RIPE-NCC-ARIN
OrgTechName: RIPE NCC Hostmaster
OrgTechPhone: +31 20 535 4444
OrgTechEmail: search-ripe-ncc-not-arin@ripe.net

ARIN WHOIS database, last updated 2004-05-02 19:15


Registrant Data
Registrant id#: 1
domain: t-ipconnect.de

 

[RaySun2Be]

:|

 

[Smoke]

Originally posted by: Assimilator1
To delete the dupes (in the Dir) go to SETIQ>Client>Duplicates.
I hope that's what your looking for.
[edit] I wonder if they only get there after an attempted submission?.......

Btw that sucks that someone is bombing your Q like that .
Have you tried email them with their SETI email add?
Or contacting SETIQ HQ with the ID numbers?

Hope you can get it sorted

I have 1,549 Results Queued to be sent to the Seti@Home server. They are all residing (I think) in the:

C:\Program Files\SetiQueue\Client DIRECTORY

They (the bad DUPLICATE WUs) are mixed in with GOOD WUs from many different USERS. I'm not really sure what to do. I have stopped submissions to Berkeley but WUs are still coming in from good people.

There is a DUPLICATE Folder but it only contains those WUs rejected by Berkeley (I think) and the numbers there are not very many (when you look at the whole picture). Maybe I should turn on UPLOADING to Berkeley and just let it try and work its way through them. Maybe then as you suggest they will all end up in the Duplicate Folder where they can be easily deleted.

About the User's Seti Email Address. I only wish there was a user email address I could find for that would be the end of this bas............. :|

I am going to write S@H as soon as I can get together as much info as possible but with the changeover situation I really hate to burden them.

 

[Polo]

And I'm sure he find this funny... :disgust: :frown: :|

 

[Smoke]

At least the markets are now closed and I won't need the bandwidth until tomorrow morning. :Q

I've just DISABLED downloading NEW WUs from Berkeley. I've turned back on UPLOADING PENDING RESULTS. This will give the Q only the job of receiving completed WUs and submitting them on to Berkeley. All USERS except the TORCHED ones should still be able to download WUs.

I'll just monitor the situation and see if the backlog can be whittled down.

Looking at my logs it appears when my SetiQueue tries to send in a WU (one of the DUPS), I'm getting a message (in the log) that says the Q is "going to wait 10 minutes before trying again".

The PENDING WUs are therefore piling up ... now at 1,569 WUs.

I've tried to change the settings to wait only 1 minutes but it appears the shortest you can set that is 10 minutes. I'm talking about the MAX DELAY BETWEEN RETIRES adjustment. Any ideas?

:disgust:

 

[Unforgiven]

you can set their min/max in the queue setting to 1. that wil force the seti server to fetch only a few units for this person. i dunno man, just a shot in the dark. $hit like this really pisses me off! what a prick! :|

 

[Freewolf]

Shut the q down and restart it, it will then start tranmitting again if you keep doing this they will all get send. just takes time.

 

[Freewolf]

If you are using a router you should be able to block his ip address so it can't happen again.

 

[Smoke]

Originally posted by: Freewolf
If you are using a router you should be able to block his ip address so it can't happen again.

Do you think the Q has him blocked now since I've TORCHED his accounts?

Or do I need to do something else? I've never blocked an IP ADDRESS before. How do I do that?

I'm using a "LINKSYS BEFW11S4 Ver. 2"

His IP ADDRESSES is 80.131.87.218

 

[Soggysocks]

Remember , a short while back. We all were getting Emails wanting us to confirm Our Anandtech accounts?

I think this has some connection. A malicious code that no ones detected yet.


Just a thought....some of you coder's start looking. This seems to be a direct attack on the unsuspecting, and not directed at Anandtech exclusively. Someone or some one's are trying to make a name for themselves.

:disgust:

 

[Freewolf]

Originally posted by: Smoke

Originally posted by: Freewolf
If you are using a router you should be able to block his ip address so it can't happen again.

Do you think the Q has him blocked now since I've TORCHED his accounts?

Or do I need to do something else? I've never blocked an IP ADDRESS before. How do I do that?

I'm using a "LINKSYS BEFW11S4 Ver. 2"

His IP ADDRESSES is 80.131.87.218

I don't know aout the q part but I've been reading the manual for your router and I can't find anything on blocking ip addresses.

 

[Rattledagger]

Didn't I answer this a couple of days ago... :beer:

Anyway, all results that is ready to upload is residing in C:\Program Files\SetiQueue\Client and is named result_1234 & result_1234.ini (2 files for every result).

Anything in a sub-directory to ..\setiqueue\client named duplicates or history ir ThisIsMyResults or whatever isn't used for anything by setiqueue, so the only point to deleting anything from duplicates is to save some hd-space.

To minimize impact, my 1st thing to do is move all result_* to another setiqueue, and use this queue to upload them. Of course, if you're lazy and doesn't want to manually delete anything, example split the results in 10 setiqueues and let them upload. This way you should instead of uploading 1 result/10 min you will upload 1 result/min.

Anyway, the best is to manually look on user_id=4796509 in result_#### and delete these. You can also use the fact the results is numbered in increasing order, so since many is coming after eachother you don't need to look on all.


Oh, and block his ip, and don't ask me on this.

 

[Smoke]

I got the bastard!

Here is the trick for any of you that have the same thing happen.

Shutdown the SetiQueue.

Use the SOB's Seti User Number (in this case the guy had three different ones) and do a SEARCH FOR A WORD OR PHRASE IN THE FILE in your SetiQueue/Client Folder. You will find all of the config files that contain the SOB's Seti Number. DELETE THEM! :|

Now your Client Folder will still have both good and bad DUP Results Files. Just look for the ones that don't have a matching CONFIG FILE (same name) and delete those.

I deleted the SOB's QUEUEs and then restarted the SetiQueue.

Almost 200 good WUs were saved and have been delivered to S@H.

Now that I think about it I am going to put the SOBs Queues back in the SetiQueue Folder and make sure they are marked TORCHED. Hopefully, that will keep him from paying me a return visit.

Here are the QUEUES ... see the SOBs User Numbers (Queues) marked TORCHED!

 

[Starrider]

Glad to hear you got rid of him.

 

[Rattledagger]

If by config file you mean the result_####.ini-files, you don't need to delete the corresponding result_#### since setiqueue automatically deletes these if you're missing the ini-file.

 

[Pokey]

I ran a NeoTrace and got pretty much exactly the same results as ICXRa, sorry I can't do more.
:|

 

[Smoke]

Yes, you are right RD ... I noticed that I had missed a couple but in the LOGS it showed where SetiQueue just removed them:

6:38pm: Removing dangling result: result_c028
6:38pm: Removing dangling result: result_c027
6:38pm: Removing dangling result: result_c023
6:38pm: Removing dangling result: result_c022
6:38pm: Removing dangling result: result_c021

 

[Smoke]

Originally posted by: Pokey
I ran a NeoTrace and got pretty much exactly the same results as ICXRa, sorry I can't do more.
:|

No problem, thanks for trying. I have the guys Seti User Number(s) so I'm going to write the S@H Admins and report it. If they can do something (like remove his ass completely from the stats) that would be great but no matter ... I'm done with the CxxxSxxxxx. :|