Hackers and renju databases
#1 Hackers and renju databases 作者:有志青年 发表时间:2008-3-18 17:07:02
原文地址:http://www.renju.net/blog/index.php?showtopic=586 ,发表时间:2008-03-16 18:51:59
The renju hacker
Today, when I was doing a routine check on log files of renju.net, I found out that the number of hits is very strange in some days.
Normally it is around 5000 - 10000 hits per day, but sometimes the hits per day can increase to 20 000 without any serious reason (no specially published attractive info or anything).
The only conclusion is that someone is running a program that is making those queries to renjunet.
For my sadness, during more careful check of logs I discovered that for so many times in the past, some renju fans have hacked the renjunet game system in order to download all the 8000 game records, for composing some self-made database. I never set any limits for loading the games, because I assumed everybody is using the renjunet fairly, using human clicks only. However, some people took advantage of it and kept server busy just to update their illegal renju databases.
Today a Chinese hacker from 221.223.64.36 made over 8000 queries to renjunet, his program was set to make about 1-4 queries per second.
Furthermore, he is very ridiculous, he let the program keep disturbing the server even when all the games were already downloaded.
His program is still trying to collect info from renjunet even now. It is 18:35pm in China now.
What saddens me is the hacker's lack of respect to everyone's hard work who have published games. I hope such guys will be found soon. If they keep doing this again, renjunet will be forced to set the firewall limits to block access from all the users who share same ISP. Also, "thanks to" those hackers, I am forced to spend my time on securing the games show protocol.
About the legal databases
Speaking of the legal methods of downloading databases, very soon there will be an official downloadable database version available. Then everyone in the world can download all the game records of renjunet into their PC together with all the details, such as player names, tournament names, etc. In fact, I discussed this with Frank Arkbo already a year ago, and he implemented the format into his Renlib that will be able to read the database file and convert it into a Renlib format. All the renjunet game records will be available for downloads for non-commercial purposes only.
Anyway, in the near future, I will announce the exact format that renjunet games can be downloaded, and all the programmers can design their own programs for operating with such file. Then, we can publish such programs in renjunet download section as well, and perhaps the best programs will become very popular in the future.
#2 Re:Hackers and renju databases 作者:天京 发表时间:2008-3-19 15:26:55
差了一段,本文我在百度五子棋吧发过,但也不全:)
Already 5 hours passed since I posted this article, and believe it or not, that hacker is still trying so hard - his program has been running for whole day, trying to collect games from renju.net. I think, he already generated some 20 000 hits today.
Maybe because I set a limitation to automated queries, and blocked his ip, his program keeps trying to repeat the failed queries, until the hacker turns it off.
Maybe you can help with finding that person who is doing these things to us. If you have received any e-mail from a person with ip 221.223.64.36 or he has written something into your blogs with such ip, please let me know who that person is. We can be most certain he/she is a renju player because the whole program was built on collecting renju games (moves only, without tournament and player names though).
Also, perhaps anyone of you has seen such self-made database being spread around, that only has the sequences of moves, while no names, tournament information, results etc. Please let me know then. Thanks!
Below is the WHOIS information regarding that IP:
inetnum: 221.216.0.0 - 221.223.255.255
netname: CNCGROUP-BJ
descr: CNCGROUP Beijing province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: SY21-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-BJ
mnt-routes: MAINT-CNCGROUP-RR
changed: hm-changed@apnic.net 20031119
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20060124
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: fu xing men nei da jie 97, Xicheng District
address: Beijing 100800
country: CN
phone: +86-10-66030657
fax-no: +86-10-66078815
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: suny@publicf.bta.net.cn 19980824
changed: hm-changed@apnic.net 20060717
source: APNIC
#3 Re:Hackers and renju databases 作者:有志青年 发表时间:2008-3-19 15:33:07
呵呵,看来是有人在拉他的棋谱数据
We can be most certain he/she is a renju player because the whole program was built on collecting renju games (moves only, without tournament and player names though).
爱五子棋网声明,呵呵,我们不需要从他那里得到棋谱。这次的email通讯赛的棋谱,均不是来自renju.net的。
#4 Re:Hackers and renju databases 作者:daiyue 发表时间:2008-3-19 19:49:28
连地址、电话号码都被曝光了。