Using centralized networks for flooding

Recently I heard rumors about a verlihub script that is spreading around the script kiddie community in DC. The script allows the hubowner to flood a certain ip:port using his users on the hub. The script sends fake CTMs to the users to the given ip and port. I believe this is a serious problem for the DC network, as the script cannot only be done for verlihub, as for any hubsoft that supports scripting or plugins, or even by editing the software source code.
I am thinking that a centralized network is given too much power after all, no node should have such power as the hub is having, it can do whatever it wants with it’s clients.
I am waiting for some feedback about this issue from the people here at ADCPortal.

i agree with the recent problems that has hit dchublist, adchublist, hubtracker, adcportal and a loooooong line of other sites i cant do nothing else but agree with your argument.

well, this is not a verlihub problem only, even nmdc vs adc… it’s a price of open source… sad but true. everyone can take source code and change it whatever he wants to. instead making more secure soft ('cause it’s veeeeeeeeeeery hard in os world), we should get some centralized “bigbrother” to say ppl which hub is good and which isn’t (following rule: if you have nothing to hide, don’t fear big brother).
of course idea of decentralized network very nice, but in real world it’s not going to happen (or work anyway). there’s always some nasty ppl that wants to destroy sth.

Well this was the big problem when I asked about hublists signing hubs to mark them as “safe”. Everybody cried that we were giving the hublists too much power ( in this case the hublist would becme the “big brother”)
Some evil creature could get his hands of a hublist and sign bad hubs as safe, but at least its easier to manage 5-6 hublists than thousands of hubs…

as ignorant as i may be of this problem, the lesser of these evils should be the way to go, not doing anything is worse “All that is necessary for the triumph of evil is that good men do nothing.”

oh, and sorry for the silly quote :smiley:

its easier to manage 5-6 hublists than thousands of hubs

and for existing hublists - do you say they are bad guys? i think no…

They are not, but the problem is some evil persons are flooding the current “good people” hublists in order to get their corrupted hublist as the only one…
And because maintaining a hublist is free, these people are really sick of being flooded all the time and sometime they give away their 2 cents and stop maintaining… and that would be a success for the bad people again…

so maybe validation system should go from the dc roots… (dc++ crew) ?

The hublists that are in the DC++ client are the most safe at this time , this is my guess. Anyway DC++ never added a malevolent hublist to the client or a bad one. was for a long time the biggest and the best around ( the reference hublist ) and lately dchublist and hubtracker/openhublist are sharing the heads. We are returning to my initial hublist CA idea…
Perhaps make DC++ team the absolute CA that signs the hublists and the hublists signs the hubs ?

sounds good for me :slight_smile: