I'll just tell you guys what has happened so far.. I do not understand it myself and I can't find any explanation to this. At all.
Ok, so yesterday I downloaded some comics from TPB using magnets. I then noticed that qBT would almost freeze during the later files population fetching but eventually the add torrent (magnet) window appeared and down it went. As usually when downloading from TPB I got hundreds of blocked IP and what not. That is normal.
Okay, fast forward till tonight I am trying to download some real torrents from my private tracker and qBT just freezes. Won't do anything. I try to process kill it to no avail. It wont be killed. All I got is a non responsive tray icon. Never happened before. When I look in process hacker I noticed though, that qBT is indeed connected as in an established TCP connection to 202.97.139.24. That is a Chinese Uni or "Uni".
So I add the IP to my firewall and by doing so killing the connection. And as soon as that connection is killed qBT then halts and dies due to the process killing tries before.
Okay, super weird. Then I open qBT again and it sits there nice and calm doing nothing. Again I try do download from my private tracker and voila; qBT immediately freezes and becomes totally unresponsive. Again I look in process hacker and this time qBT is connected to 202.97.139.28. And 202.97.139.26. But nothing else. By now I kind of panic and try to kill those connections, but to no avail as the connection and process won't budge. Adding these new IPs to the firewall works though. And qBT dies again. By now I do not know what to do.
I downloaded Deluge and the very same torrent I tried to download before went down nice and smooth and not a single packet to or from those 202.97.139.X addresses...
The reason I included the comics from TPB part is that it was the only thing out of the ordinary in my torrent usage as of late and maybe that is significant.
I'm usually a healthy paranoid as in borderline tinfoil.. but right now I am wrapping my whole apartment in said foil and hope I have some answers by tomorrow.
Hacked or what? Can't wrap my head around this..
-
UsL
Hacked or what? Can't wrap my head around this..
Last edited by UsL on Mon Dec 01, 2014 4:52 am, edited 1 time in total.
-
Switeck
Re: Hacked or what? Can't wrap my head around this..
Those ip addresses could be a red herring.
Could you find any of those ip addresses listed in the trackers or peers tabs of your torrents?
While we don't know what that connection is for, we at least know what it is not. That the connection is via TCP rules out DHT, utp, and udp trackers.
It may be a magnet send of an oversized .torrent file, (like 10+ MB size) possibly generating errors in the sending and constantly trying to resend from scratch.
qBitTorrent's ip blocklist should be able to stop magnet links from questionable/unreliable ips, but I don't know if it has any effect on trackers.
Are you using a network monitor (such as Windows Task Monitor) to see how much bandwidth this strange activity is using?
Could you find any of those ip addresses listed in the trackers or peers tabs of your torrents?
While we don't know what that connection is for, we at least know what it is not. That the connection is via TCP rules out DHT, utp, and udp trackers.
It may be a magnet send of an oversized .torrent file, (like 10+ MB size) possibly generating errors in the sending and constantly trying to resend from scratch.
qBitTorrent's ip blocklist should be able to stop magnet links from questionable/unreliable ips, but I don't know if it has any effect on trackers.
Are you using a network monitor (such as Windows Task Monitor) to see how much bandwidth this strange activity is using?
-
ciaobaby
Re: Hacked or what? Can't wrap my head around this..
"IN" or "OUT" and what port?in an established TCP connection to 202.97.139.24
Why not simply deny the CIDR of 202.97.128.0/19 (202.97.139.24 - 202.97.139.31) using your router SPI firewall. that way it uses no resources on your machine.