Question about running PG Lite

[Mike89]

I got WinMX up and running (again) thanks to all the instructions. I have a question about the two icons I now have in the system tray.

Should I have these running all the time even when I don't have WinMX open?

I use Spyware Blaster which to my knowledge blocks spyware sites. When SpywareBlaster is run it checks for more sites and downloads and adds them to the block list (then you close SpywareBlaster until the next time you want to run it to check for more spyware sites it blocks).

Does running the PG Lite all the time interfere or change what SpywareBlaster has added to their blocked spyware list or does it just add to it? I assume all this is done in the host file?

Also, if closing down the two icons in the system tray (until I run WinMX again), does the host file revert to what it was originally or is it altered forever?

Forgive my "rookiness" if these questions sound dumb.

[..Ñøßߥ..]

Hey Mike

WB to Winmx

The MXpie auto updater file (mxpie icon) will start on boot up. This in turn starts PGlyte. This seemed the simplest way to ensure if and when Winmx was opened that your connection would remain stable and protected from flooders.

I am not aware of any interference between Spywareblaster and PGlyte, although i have not personally tested this combination myself, i would imagine Spywareblaster has its own specific blocklist and in no way interacts with PGlyte.

The hosts file has no link to blocking whatsoever, the hosts file simply redirects Winmx's attempts to connect to the caches, to the actual location of the new caches (Since the original ones no longer exisit)

If you close the 2 icons, that is ofc up to you, it will not change the hosts, that will remain as is. I would ofc remind you that it is crucial especially on Primary connection to ensure PGlyte is running, should you not, you will almost certainly be assisting the Riaa in flooder our network.

Ask all you like here, i and others will do out best to provide answers for you!

[Mike89]

Thanks for the quick response. So lets say one didn't even use WinMX. Would it still be a good idea to have PGlyte running all the time? Curious if there is a benefit to it independent of WinMX or is just needed specifically to run WinMX.

One more thing. I see there are different versions of the PieUpdater. I believe the latest is 3.2. How does one know which version it is? I don't see anything relating to a version number on either the PieUpdater or the PGlyte I have. I assume I have the latest one since I just downloaded it about a month ago.

[Love]

PGLite is in essence a firewall that protects u against riaa flooding. So it protects ur system against riaa flooders in any p2p u use. So pls leave Pie Auto Updater (which comes with PGLite) running all the time. It is of no bother as Pie Auto Updater uses very little cpu resources. Pie Auto Updater comes only in 1 version as Pie Auto Updater 1.0 ... U can see yr Pie Auto Updater Readme at Start > All Programs > Pie Auto Updater > Pie Auto Updater Readme.

To check whether u have Pie Auto Updater installed, the message left of yr Ignored button at the top of yr winmx shd show Click for Web Help Live Help at Vladd44 Help Room_7A090E74411C (Read this : http://www.vladd44.com/mx/piepatch.php )

If u don't see this message, pls come to our Vladd44 Help room where we can help u : http://www.vladd44.com/phpbb2/viewtopic.php?t=6514

[..Ñøßߥ..]

The blocklist used by PGlyte is Winmxworlds winmx specific blocklist.

[Mike89]

Yes I do have that message at the top of WinMX. When I was asking about versions, this is what I was referring to. Clicking on say 3.2 takes you to a page to get the pieupdater.

http://www.vladd44.com/phpbb2/viewforum.php?f=11

[..Ñøßߥ..]

There is only 1 version of the MXpie updater, older versions of the mxpie patch, are host files only and offer no protection against flooders.

[bacon665]

the pglite blocklist contains known ips for mcrovision and the riaa if you click the guading.p2p file in the pie folder its merely a text file with the ips it blocks. theoreticlly it could be imported to spyblaster if you wanted to be really anal
but other than that it should serve no real purpose outside of winmx unless ofc ur running limewire and torrents.
then it could stop some of that shi too its still the riaa and macrovision but im not aware as to wether they have dept divisons such as a group of pcs that attcks winmx and a seperate group that attacks limewire as for that you would have to find out for yourself.
but plz 4 ur sake dont ever go on primary without it runnng i did once by mistake the riaa got my ip and they distribute it to pcs not on that list wich are then used to connect to you in the future if your on primary i had to change ips wich was a long boring and stressfull process.
heres another note theres only say 80 ips+ip ranges
the riaa is governemnt and charity funded
so they more than likely have hundreds of pcs at their disposal never beleive that they are a small target that can easily be blocked thay have and will find ways around it thats why winmxworld started actively monitering their activity so that we could perform better blocklists. those ips and ranges are only the most common used to find primaries as they dont connect through the caches
they could use a rarely used pc to find one of us and then distrubute that ip out to some other pcs and we would never kno it. thus they could alsoobtain ips of other primaries through that 1 connection and have another pc or the same connect to it
and if they have say one or two pcs connected to each primary who would kno?
thus why the blocklist is vital to being run but is still not a good gaurentee/protection against the riaa

and yes canda joe nobby vladd linda sable and ne 1 else who reads im aware that this was a ridiculously long post but its much needed
if you read it im hoping you will have the since to leave it be and not delete it like cj did aprils post lol

[..Ñøßߥ..]

they could use a rarely used pc to find one of us and then distrubute that ip out to some other pcs and we would never kno it. thus they could alsoobtain ips of other primaries through that 1 connection and have another pc or the same connect to it
and if they have say one or two pcs connected to each primary who would kno?
thus why the blocklist is vital to being run but is still not a good gaurentee/protection against the riaa

This is not the case. Whilst they "could" in theory find IPs or user primaries and pass them to their flooding dept, as soon as flooding secondaries from the Riaa began conecting and flooding they would be detected and added to the block list, the blocklist IS an excellent way to defeat their flooding techniques, where it falls down is when users are running primaries without using the WmW list and suitable software. For examples of this happening, just stop by mxpie.info forum, there you can often see users posting that are using "hosts only" patch with no blocking, its these folks that are unwittingly assisting the Riaa, and IMHO the fault of the mxpie.info team who although seem happy to selectively block winmx users from their caches, are unwilling to help protect users by blocking the Riaa. They claim they advise users to use PG2 with their Winmx list, i havent checked this list, so i have no way to know how accurate it is, but one things for sure, simply "hoping" users use it, is ensuring the Riaa have plenty of available unprotected primaries to flood on, proof of this can be readily found on their own forum.

[Love]

I have helped hundreds of MXPIE users to uninstall the MXPIE patch version 3.6, 3.5 and 3.4 distributed by mxpie.info and know on average, that 80% of MXPIE patch users DO NOT use PG2 at all. I know cos not only I have to get them to uninstall their MXPIE patch version 3.6, 3.5 or 3.4, I also have to get them to uninstall their PG2 for our patch Vladd's Pie Auto Updater to work with its PGLlite. And for 80% of those MXPIE users...PG2 was not even installed in the 1st place.

Pls do not help RIAA to flood our winmx network ... if u do not see *Click for Web Help Live Help at Vladd44 Help Room_7A090E74411C* at the top of yr winmx left of yr Ignored button, pls follow the instructions here http://www.vladd44.com/mx/piepatch.php to update to Vladd's patch Pie Auto Updater or go to this room for online help : http://www.vladd44.com/phpbb2/viewtopic.php?t=6514

[Canada Joe]

..and yes canda joe nobby vladd linda sable and ne 1 else who reads im aware that this was a ridiculously long post but ...

Not even close .. you're about 8 pages short of LONG.

[DragonRider]

CJ, let me pick your brain for a moment...Could we be looking at bot flooding?

5.3 Detecting IRC-based Botnets
Attackers systematically install trojans together with bots for remote command execution on vulnerable systems. Together, these form large botnets controlled by a human master that communicates with the bots by sending commands. Such commands can be to flood a victim, send spam, or sniff confidential information such as passwords. Often, thousands of individual bots are controlled by a single master, constituting one of the largest security threats in today's Internet.

The IRC protocol is a popular means for communication within botnets as it has some appealing properties for remote control: it provides public channels for one-to-many communication, with channel topics well-suited for holding commands; and it provides private channels for one-to-one communication.

It is difficult for a traditional NIDS to reliably detect members of IRC-based botnets. Often, the bots never connect to a standard IRC server--if they did they would be easy to track down--but to a separate bot-server on some non-IRC port somewhere in the Internet. However, users also sometimes connect to IRC servers running on non-standard ports for legitimate (non-policy-violating) purposes. Even if a traditional NIDS has the capability of detecting IRC servers on non-standard ports, it lacks the ability to then distinguish between these two cases.

We used PIA-Bro to implement a reliable bot-detector that has already identified a significant number of bot-clients at MWN and UCB. The detector operates on top of the IRC analyzer and can thus perform protocol-aware analysis of all detected IRC sessions. To identify a bot connection, it uses three heuristics. First, it checks if the client's nickname matches a (customizable) set of regular expression patterns we have found to be used by some botnets (e.g., a typical botnet ``nick'' identifier is [0]CHN|3436036). Second, it examines the channel topics to see if it includes a typical botnet command (such as .advscan, which is used by variants of the SdBot family). Third, it flags new clients that establish an IRC connection to an already identified bot-server as bots. The last heuristic is very powerful, as it leverages the state that the detector accumulates over time and does not depend on any particular payload pattern. Figure 4 shows an excerpt of the list of known bots and bot-servers that one of our operational detectors maintains. This includes the server(s) contacted as well as the timestamp of the last alarming IRC command. (Such timestamps aid in identifying the owner of the system in NAT'd or DHCP environments.) For the servers, the list contains channel information, including topics and passwords, as well as the clients that have contacted them.

http://www.icir.org/robin/papers/usenix06/

If we are looking at bot flooding then despite the blocklist the number of zombie machines will continue to grow and it will be a constant running battle. Wouldn't something like a "honeypot" be more effective?

[Canada Joe]

Sorry, DR ... way beyond my expertise ..

[Knot4Prophet]

...yes ...im aware that this was a ridiculously long post but its much needed

The only thing here ridiculously long is your f**k signature, buddy.