MethLabs Shuts out PeerGuardian

Lost&Confused writes to tell us Slyck News is reporting that most of Methlabs.org administration and development staff have been forced out of their own website. For the time being PeerGuardian is being hosted on sourceforge. However, users are advised to stop using the Methlabs.org and Blocklist.org hosted blocklists in favor of the Bluetack list until they can sort things out.

How....

Do they get forced out of their server? Couldn't they just fire the guy if he worked for them?

Re:How....

It's not a business.

Basically, the guys who were in charge of administering the money and servers slowly took over. Now they're claiming ownership of everything.

News To Me

FTFA:
"UPDATE: William Erwin, now confirmed as the hijacker, has posted news on Methlabs.org, claiming the hijacking news is false and stems from a revolt by former team members.

However, after speaking to the Methlabs team and various connected members of the community, P2Pnet, SuprNova and Slyck can all confirm that the original story that the domain has been hijacked is genuine."

The reporter has "heard from both sides", and said that the Methlabs team is correct. That's what real reporters do: they find all the sides of a story, decide which version is the most correct, and tell the story. They don't just report "he said / she said", which reduces the reporter and the publication to puny PR outlets for anyone with a version of the story, no matter how self-serving.

That's not to say the reporter's version is the most correct, or even correct at all. But that's what separates good reporters from bad ones: their skill at finding the most accurate story version. And then telling it so readers get the most accurate version of the story in our heads. Good journalists back up their judgements with representative quotes and descriptions of evidence to bolster the reader's confidence in their version. Really good journalists make good judgements and back it up, earning the ongoing confidence of their readers.

We still all need to take any story from where it comes. Which is why it helps to read some reporters for a long time, to understand their track record, their blind spots, biases, vested interests, and insights. We've watched "journalism" turn into a farce precisely because we no longer expect the journalist to use good judgement in reporting, highlighting what they find to be true. We expect journalists to be "objective" to the extent that the journalist disappears, acting only as a stenographer for whoever gets access to them as a channel for that interested party. Which is worse than useless.

This reporter, on this little story, in a little tech backwater, is exercising exactly the professionalism that most of the people in their industry wouldn't recognize if it faced them across an interview desk.

Now we know where Michael Sims is

What a guy^h^h^h gal!

One of those things about the open source crowd...

...they don't tend to be very big on the business accumen. Any enterprise where stuff like this can happen, needs to have contracts in force that head them off. The big business closed source world lives and dies by contracts and legally binding agreements. The licenses on the code produced should not be where the thoughts of legalities end. Internal legal matters are perhaps far more important.

Re:One of those things about the open source crowd

Indeed. We (Methlabs) had an admittedly stupid setup and were working to change it. Obviously, we worked too slow. It's a shame that small groups of friends even have to think of legalities but I guess that's reality.

Anyone have advice on keeping this from happening again, to us or other OSS groups?

Re:One of those things about the open source crowd

Form an LLC (couple hundred dollars).
Give all assets that you want to protect to the LLC.
Distribute ownership of the LLC among ALL memebers, and require license changes/ownership changes/policy changes/domain changes, etc, either unanimous consent or a 2/3 (maybe 3/4) vote.

Fundamentally, the purpose of a business 'shell', in any small organization, is to put your assets in one place so that no one can legally mismanage them.

If, for example, methlabs.org had been the property of methlabs, LLC, and the administrator tried to boot you off, you could send an e-mail to your registrar from the 'director' of the LLC, indicating that the administrator was not acting in the interest of the LLC. You send them the *signed* (can be signed electronically, using the US gov't standard, which is a bit silly \ \ ) LLC articles of incorporation, showing either that the administrator member had no right to do that, OR that he wasn't a member of the LLC.

Then they hand you the 'keys' to the castle, so to speak.

Re:One of those things about the open source crowd

Also, 2 more points ;-)

1. Form the LLC anyways. Use the name, MethLabs LLC

File a cybersquatting request. Even if you loose, its not a bad way to go. If you can show you started the project, you'll be in *really* good shape, I think. As far as I know, if you have a business name, you are virtually guaranteed the domain name. What's good for the goose is good for the gander.

Emphasize that its a *security* site. ICANN generally frowns on people trying to subvert security software.

2. Trademark the term "Peerguardian". This costs about ~$400. You may have to take a collection for this. Then, you can pretty reliably prevent him from using that term on methlabs.org.

A trademark will help you achieve number 1, above, and virtually guarantees number 3, below.

3. Sue in small claims court. Make sure to sue in *his* state, but not necessarily his jurisdiction. Even if you don't get the domain back, claim the maximum (usually $3000) in damage. The loss of your projects domain name is easily worth much, much more, but $3000 should be fairly easy to start up again with (pays Domain fees hosting fees LLC fees, etc. . .), and its a fun way to stick it to him.

Small claims court usually only takes a day of work, and the filing fees are pretty small, too. Even if he doesn't pay, you can enter a judgement against him, have the pleasure of actually employing a creditor FOR you (not against ;-) ) and use this as additional proof (even though small claims doesn't set a precedent) for your cybersquatting claim.

Plus, small claims judges are big on practical issues. They don't like to see people get screwed, and generally side with the abused party.

What an asshole!

What possible reason would Mr. Erwin want with methlabs.org? I can't believe he would pull this shit. He needs a good ass kicking for stepping out of line.

Re:What an asshole!

He thought that methlabs.org had established such a good reputation that they could start charge customers money for the service?

But didn't he realize that the developers would have backup copies of the site and just set up a new site elsewhere?

I've seen this thing happen with small companies. They recruit a couple of software architects to get the core software written. Once they get the software developed they give the architects the boot, and hire cheap graduates to do any customisation.

Hijacked!

Take this web site to....hmmmm....wait....

Hmm

I have gotton various things, at methlabs.org it says to ignore e-mails I get from anyone about PG unless it is from @methlabs.org. In an e-mail I got from someone else saying to go to the Sourceforge site. So for the time being, I probabaly will not download anything from either place since I don't know who to believe.

Dupe!

Not really. But it sounds almost exactly the same as what Michael Sims, the Slashdot editor, did to the Censorware Project [sethf.com].

Expecting a bitchslap in 5... 4... 3...

Consider the jihad

This and other injustices perpetrated by slashdot's editors are documented within the pages of Anti-slash: Sacred Jihad Against Slashdot [anti-slash.org]. We invite you to join our community and force slashdot's editors to answer for their crimes.

In Sacred Jihad,

jihadi_31337

Ironically...

This kind of thing happens all the time in real methamphetamine labs across the country.

A group of like-minded people pool their resources within an abandoned house to create something and inevitably one of them puts a padlock on the formerly abandoned house to keep it all for himself.

Product Explanation?

For the uninformed among us (myself included), what is PeerGuardian?

Re:Product Explanation?

http://en.wikipedia.org/wiki/PeerGuardian [wikipedia.org]

PeerGuardian and PeerGuardian 2 are free and open source software firewalls capable of blocking incoming and outgoing IP addresses. The application uses a blocklist of IP addresses to filter the computers of several organisations, including the RIAA and MPAA while using filesharing networks such as FastTrack and BitTorrent. The system is also capable of blocking advertising, spyware, government and educational ranges, depending upon user preferences.

Does PeerGuardian really work?

Does it really cut down the number of connections by listed IP addresses? I heard it doesn't stop them.

Re:Does PeerGuardian really work?

We keep track of various organizations as best we can. I don't have a link on hand but I do remember a study folks at MIT did (couple years ago) that showed PeerGuardian caused a 75% reduction in fake/corrupt files on Kazaa.

Re:Does PeerGuardian really work?

The lists got a bit inaccurate over time. We had just got Blocklist.org setup so we could review all the blocked ranges, but then a month later this happens :(

Oh well. We'll recover.

A question...

I'm reluctant to update my lists using either source at the moment until it's cleared up. The plan for me is to keep the status quo until told otherwise from a reputable source.

I have a problem though; I have two main computers I use regularly and one of them was last updated on the 11th of September, the other on the 14th of September. The $64,000 question is:

Which of my computers, if any, are using reputable blocklists?

I don't know when this coup was started and thus I don't know at what stage we were supposed to stop trusting the auto-updating. I've already turned off my auto-updating for PG2 on both computers but I'd like some info on whether my current lists have been 'tainted.' By the sounds of it, this was a bit of a 'slow mutiny' so I'm somewhat paranoid that the lists may have been compromised far earlier than say, a week ago and thus this is all null and void. Needless to say, we just don't know at the moment.

Any info from some reputable PG2 personnel (I've seen you guys post here before, PS - love your work! I donate!) would go a very, very long way.

Re:A question...

The last safe backup we have was taken on September 9th, pretty much right before all hell broke loose.

Bluetack may go a bit overkill on who they block on their lists, but they are generally trusted by the community. We'd rather users setup PeerGuardian to use our competitors lists than use possibly unsafe lists from a compromised server.

We setup instructions [sf.net] to switch to the Bluetack lists if anyone is interested.

Update on the Methlabs.org site

I visited the Methlabs.org site and I found this. Seems like the complete opposite of what I read on the other site, like some conspiracy.

http://www.slyck.com/news.php?story=913 [slyck.com]

Methlabs Update

September 16th, 2005 by Administrator

"Dear Methlabs and P2P Community,

Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data.

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums (http://methlabs.org/forums/ [methlabs.org]) and change your password. We sincerely apologize for this issue. As of right now, the Methlabs site is back online, although forum posts from the past month have been lost.

Since all the data was stolen by former staff members, YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs. If they do not come from the Methlabs.org domain and from our email servers, DO NOT BELIEVE THEM.

We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted.

To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay. The current real news is that PeerGuardian development and Blocklist development is on schedule, and Blocklist should be out of Beta within the next week or so.

Please spread the word that Methlabs.org is ALIVE and DO NOT believe or TRUST any emails that do not come directly from Methlabs.org and our mail servers. These emails are from disgruntled staff members trying to hurt the P2P community as a whole.

We apoligize for the current situation. Please visit http://methlabs.org/ [methlabs.org] for OFFICIAL updates, and help us spread the word!

- The Methlabs Team"

Re:Update on the Methlabs.org site

"we had several former staff members revolt against the entire P2P community as a whole"

Yeah, that's a really believable line. The site has obviously been hijacked.

Re:Update on the Methlabs.org site

I know Ken (d3f) personally, and most of the ml.org staff. Ken would shoot someone for putting up a message like that.

Re:Update on the Methlabs.org site

YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs

Really? Hey guys, I think I got one, but I'm not sure this one isn't for real:

Dear Sir:

                I have been requested by the Methlabs and P2P Company to contact you for assistance in resolving a matter. The Methlabs and P2P Company has recently concluded a revolution where several high ranking members of the Company attempted to wipe the company servers of data and abscond with funds totalling $400 gazillion dollars. It is of uptmost concern to us that these funds not find their way into the hands of revolutionaries and so we ask your assistance.

                You assistance is requested as a non-Methlabs member to assist the Methlabs and P2P Company, and also the Peerguardian Community, in moving these funds out of Methlabs. If the funds can be transferred to your name, in your United States account, then you can forward the funds as directed by the Methlabs and P2P Company. In exchange for your accomodating services, the Methlabs and P2P Company would agree to allow you to retain 10%, or US$4 million of this amount.

                However, to be a legitimate transferee of these moneys according to ICANN law, you must presently be a depositor of at least US$100,000 in a Nigerian bank which is regulated by the Central Bank of Nigeria.

                If it will be possible for you to assist us, we would be most grateful. We suggest that you meet with us in person on the forums, and that during your visit I introduce you to the representatives of the Methlabs and P2P Company, as well as with certain officials of the PeerGuardian community.

                Please call me at your earliest convenience at [Phone Number]. Time is of the essence in this matter; very quickly the revolutionaries will realize that the server backup was intact and will attempt to transfer it to another domain.

Yours truly, etc.

Did other members get an email like this?

"Dear Member,

The majority of the Methlabs.org administration and development team have been forced out of their website following a series of threats and incidents. The member of the group that had been trusted to handle the finances and servers slowly managed to take over each individual part of the web site's assets, eventually claiming control over the entire group and locking out the majority of staff.

The organisation's founders, Tim Leonard and Ken McKelland, as well as the majority of the organisation's staff and developers (including the main developer of the PeerGuardian2 application, Cory Nelson and the staff members responsible for auditing the PeerGuardian Blocklists) have all been forcibly removed from the servers that were funded from donations given to the organisation by happy users, and from text advertising placed on the websites forum and project pages.

The money, which was to have been used to help fund the development and hosting costs of the group is now unavailable, stolen by the one who was trusted to keep it.

Development of PeerGuardian will resume, and the website will temporarily move to http://peerguardian.sourceforge.net/ [sourceforge.net] until a new domain is registered and a new server found. The intention of the group is to register a non-profit organisation to handle the development of Methlabs applications and to promote open source projects that aid both security, privacy and peer-to-peer technologies, in order to prevent a repeat of this incident.

The team wish all their users the best through this difficult time, but promise that development will continue. Please visit http://peerguardian.sf.net/ [sf.net] for news as we make progress. All other sites, including http://methlabs.org/ [methlabs.org] and http://blocklist.org/ [blocklist.org] are under control of the rogue member and should not be trusted for safe updates to our applications or lists.

A new build of PeerGuardian will be released soon to reflect these changes. Until then we ask you to continue using Beta 6a but with caution as the update servers are no longer under our control.

All staff are available in irc.freenode.net, channel #methlabs if you wish to chat.

Thanks, The Methlabs Staff (looking for a new home) -----

Adam Hoier, Cory Nelson, Eric Mayuk, Fox Lowe, James Shanelec, Joseph Farthing, Ken McKelland, Steffen Tuzar, Tim Leonard

aka

braindancer, D3F, fox, FuRiOuS1, JFM, KuKIE, method, phrosty, r00ted"

Sources for who to trust and not to trust in this.

Slyck.com, Zeropaid.com, UniteTheCows.com, p2pnet.net, p2pconsortium.com and many others are saying the same thing... even the person who started the whole thing and who the domain name is named after has been locked out.

Officially, according to the founders of the community, their lead article writer, almost all senior administrators and the software developer of PeerGuardian 2... methlabs.org was hijacked.

peerguardian.sourceforge.net IS trustworthy.

(it's where the developers, founders, etc. are saying to go for new releases.)

"login ... and change your password" = danger

Without knowing any details, it's hard to know which party in this situation is the malicious one (possibly both). But this message on the methlabs.org blog [methlabs.org] is causing the Lost-In-Space-Robot in my head to wave its arms madly [wikipedia.org]:

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums ([url redacted]) and change your password. We sincerely apologize for this issue.

If the webmaster is telling the truth, this is an innocuous request. [Of course, sufficiently strong passwords will survive precomputed hash attacks [passcracking.com], and it's still pretty hard to brute-force MD5 hashes (even given recent weaknesses).] However, if the webmaster is malicious, this is no different than a PayPal phishing scam: "Come visit our website (the legitimacy of which is, at best, in doubt) and enter your old password on a Web form. Go ahead, enter a new one, too. Thanks."

The right thing to do in this case, where you have multiple parties which may all be malicious and some of which may have your passwords, in plaintext or hashed format, is probably to stop using those passwords immediately. If you use that forum password elsewhere, change it elsewhere. As for methlabs.org, the safest course of action is probably to wait and see who the good guys are before typing any passwords in, old or new.

Attack of the PeerGuardian Robots

We are the PeerGuardian Robots
We are here to protect you
We are here to protect you from the terrible secret of PeerGuardian
Do not trust the Methlabs Robot. He is malfunctioning
Do not trust the Sourceforge robot. He is inferior.

Nice biased summary

Sheesh, maybe, just maybe, Scuttlemonkey, there is more to the story than the one side's view of events? Why are you assuming there is a "hijack" going on here?

Too Bad... Sooo Sad...Another CDDB

I noticed this just last week. The forums went offline and there hasn't been hardly any moderator updates made to correct the mistakes in the IP DB.

Many of the mistakes can be put down to them assuming whois.sc IP location is current, when in fact much of it's historical.

I was getting frustrated trying to get a couple of updates done, but there are 100's of mislabelled/ named IP ranges yet to be addressed. It's now obvious why nothing was being done.

If the blocklist isn't going to be updated regularly and with reasonable accuracy, then there's not much point to it.

As the article states time to source your blocklist elsewhere...Just another CDDB type fiasco.

A similar thing

Happened to the uklinux Guy:

http://www.jasonclifford.com/uklinux.html [jasonclifford.com]

BTW, if you are in UK stop using UKLINUX, use http://www.ukfsn.org/ [ukfsn.org] which is what Jason started after the take over of his first ISP.

Seems both sides are accusing the other.

and oddly, both sides are encouraging people not to use the other sides list.

These are just blacklists aren't they? Having both will - at worst - mean that too many IP addresses are blocked. Why no tuse both lists until we can find out what's happening?

the problem with "news" sites

...is that we really don't know who to believe, especially since nobody has bothered to the things journalists do. Like go out and interview people, corroborate stories, and so on.

We get:

"However, after speaking to the Methlabs team and various connected members of the community, P2Pnet, SuprNova and Slyck can all confirm that the original story that the domain has been hijacked is genuine"

So "Slyck News" is claiming they've done so- but they haven't given any names, quotes, or details as to how they arrived at this conclusion?

The whole thing is one Big Internet Drama, and pardon me if I just don't care.

No honour amongst theives.

No honour amongst thieves.

Okay, I'm NOT saying that ALL P2P users are thieves, but I don't think ANYONE in their right mind is going to argue that copyright violations is not the majority use of P2P networks.

So... EVEN IF a handful of folk in a group are using P2P software for utterly and totally legitimate purposes, the majority aren't, and of THOSE people, their sense of ethics is at least tainted, and most likely totally horked.

So... takeover of a P2P-related group by one of its members? No surprise there. Roll in the next drama please.

Re:No honour amongst theives.

Yes, I agree that the use of 'theft' is inappropriate. However, it really is drawn out to say 'copyright violation' all the time. Can we take it as read that I DO understand the difference between theft of proprty, and the unlawful redistribution of information ?

And, no, you don't get a specific vote on copyright law. You didn't get a specific vote on a bunch of things. You live in a republic, not a democracy. The last TRUE democracy was ancient Greece, where they voted on near everything, and things didn't turn out so well for them :)

My point (and I really don't see why it was labelled 'off topic'... even 'flamebait' might have been more accurate) was that P2P communities are rife with people that just want their free stuff, and they don't give a damn who they hurt. So, it should be NO surprise that one of them turned against the PeerGuardian developers. William wanted his free stuff - where 'stuff' here meant the methlabs.org site - and he didn't give a damn who he hurt.

No surprise whatsoever.

If one wants to deal only with ethical people, don't create programs that will attract a highly disproportionate amount of unethical people.

slashmelt the hijacked server

[methlab_member]: Wanna hijack my server?!?! well guess what, its gonna get slashmeleted!

Sue

Anyone who contributed money to PG support should be suing the person who forced the rest of the team out for fraud and theft. I would expect them to have standing in court to pursue such a claim, and could make life very difficult for this apparent criminal.

MPAA/RIAA

Could the admin have been influenced (via loads of cash) to cause this confusion. Remove or modigy all MPAA/RIAA ip addresses, and make sure they do not go anywhere else for updates? If I was one of the above orginizations, that is what I would do.

context plz

Could someone tell me who the hell methlabs.org and PeerGuardian are? I've never heard of them before.

Now that they're divided

Now that they're divided, I wouldn't be surprised at all to see the ??AA swoop in and compromise at least one of the two (or more) sides. Sounds like this is over money, which the ??AA has in abundance. How long before the blocklist has just a tiny little hole in it waiting to be exploited?

Download location hasn't changed!

peerguardian.sourceforge.net has always been the location to download the PeerGuardian software, that hasn't changed. It's the only place that the 'hijacker' couldn't take over.

Odd, and probably bad

Right before i noticed this story, I updated PG2. It had a new blocklist and program update. Anyone else notice this?

Not so secure

I guess this means that Peer Guardian is not so secure after all, if you can't trust the folks who make and host it. But then, I would have thought that hosting it on a site called "methlabs" in the first place would have clued people in.

From the Founder of Methlabs.org ...

The administrators/authors at slyck.com, zeropaid.com, p2pnet.net, unitethecows.com, p2pconsortium.com, digg.com, etc. are all saying the same thing as we are.

The founder, co-founder, developers and the majority of staff are saying:

Methlabs.org WAS hijacked.

PeerGuardian 2 in itself is fine, just read the FAQ about turning off auto-updates from blocklist.org - you've nothing to worry about.

We just can't vouch for the lists from blocklist.org any more. People who had abused it recently are now fully in control of it, as such it's our duty to report that fact. - If you wish to use those lists despite our warnings that's your decision.

If it helps to confirm who I am... and if it's possible. Please feel free to get a slashdot admin to check the email I signed up here with as it correlates with who I claim to be and will hopefully help validate my post.

Sorry for all the confusion this crap is obviously causing, it's the last thing we wanted to drag our users through.

...and yes... we are looking into legal action.

Bottom line: peerguardian.sf.net is okay, that's where we're using as a temporary home for now, if you'd like more confirmation on any of the details regarding this... feel free to drop by the site or our IRC channel on freenode. Again, sorry for all the drama. It's not what we wanted to happen at all. :(

The Truth from a different point of view

If you didn't RTFA or even if you did, you might not have read the comments on slyck.com.

I found this comment [slyck.com] very interesting. It is the only evidence I've seen of the other side of the story being posted on slyck.com.

eremini

Joined: 13 Mar 2005
PostPosted: Sat Sep 17, 2005 3:29 am
Post subject:
Post Body: eremini here. I am gonna post exactly what happened, since there's no need to hide it now. As some of you know cerberius has always been the one that did technicall things on methlabs, set up the servers, updated server software, etc... So it only naturaly the servers were registered to him. Now about a week ago, Furi and Phrosty decided to kick cerb out, right now they are going around forums truying to say that they wanna be professional, but how do profesionals fire peope? They talk to them, explain the reasons, etc. Did they do that? No. Did they try to do that? No. Just one day all of a sudden, they changed the methlabs.org server root password, wiped all the data off it and hijacked a google adsence account, which was registered to cerb's social security number. Now about the domain. Yes, cerb did transfer the domain to him, a couple of months before that (Miles might call this keep all your balls in one sack), but he did not hijack anything, he transfered it with complience to all ICANN rules, which state that the preveious owner gets send an email, to which he gets to reply 60 days (!) if you want to reject the transfer, that didn't happen. So its transfered fair and square. Now about stealing money. What money? The google adsence money (which cerb got back with google being ready to press charges against hijackers for fraud) is still there, no money transfered. Same with paypal, the money, like always, will be used to pay hosting costs and other fees concerning methlabs. There thats the end of the store. Now you decide who to trust, but please don't trust them, just because they put their real names in some attemp to "be profesional"

It sounds like to me that these idiots tried to covertly take over the server, only to find out that the admin caught them and fixed the problem. I hope google goes after them for stealing the adsence account.

Re:I've got a better idea

PeerGaurdian isn't about spam email blocking. It's about blocking IPs that belong to MPAA/RIAA/DOJ/Government/BSA and other organizations that flood p2p networks, looking to gather information on you and send you a lawsuit.

Re:I've got a better idea

Peerguardian has nothing to do with spam, primarily its designed to keep the RIAA and MPAA (and thier slimy bloodhounds) from connecting to your PC whilst you are using P2P file sharing software. Of course, you can add known spammers to your list of Ip's to block, but this really isnt an RBL system for e-mail.

As for the flaw of RBL's, I do agree that they are not perfect. A much better blacklisting scheme is to generate your own local temporary blacklists based on mail (and mailservers) which appear to be spamming. http://www.acme.com/mail_filtering/introduction_fr ameset.html [acme.com] has a good article on such things. By and large though, you are right, RBL's fall down because they are not Realtime enough. They don't adapt to false negative or positive conditions fast enough to be relied on as a anti-spam measure.

Re:I've got a better idea

PeerGuardian is not for e-mail, it's for P2P networks.

Also, I don't know how you can believe that blacklists are useless. I'm down to only about a spam a day, despite my current primary e-mail address being listed all over the internet for years now. Obviously, your choice of blacklists is important, and using other metrics as well helps.

Besides that, the forces at work in P2P spam are completely different than that of e-mail spam. I can vouch for the PeerGuardian blacklist being extremely effective at blocking probably 99% of P2P spam, and making that last 1% look far less legitimate, and far less likely to be selected.