MethLabs Shuts out PeerGuardian

Lost&Confused writes to tell us Slyck News is reporting that most of Methlabs.org administration and development staff have been forced out of their own website. For the time being PeerGuardian is being hosted on sourceforge. However, users are advised to stop using the Methlabs.org and Blocklist.org hosted blocklists in favor of the Bluetack list until they can sort things out.

Re:How....

[Anonymous Coward]

Because Apparently the rogue admin, had all the passwords. Now my guess is either he was the only one with them or he changed them and didn't tell anyone else what they were.

As for fire the guy...they aren't a business or anything. Maybe you should read up a little more on the situation.

Re:Product Explanation?

[ravenspear]

http://en.wikipedia.org/wiki/PeerGuardian [wikipedia.org]

PeerGuardian and PeerGuardian 2 are free and open source software firewalls capable of blocking incoming and outgoing IP addresses. The application uses a blocklist of IP addresses to filter the computers of several organisations, including the RIAA and MPAA while using filesharing networks such as FastTrack and BitTorrent. The system is also capable of blocking advertising, spyware, government and educational ranges, depending upon user preferences.

Re:Does PeerGuardian really work?

[PhrostyMcByte]

We keep track of various organizations as best we can. I don't have a link on hand but I do remember a study folks at MIT did (couple years ago) that showed PeerGuardian caused a 75% reduction in fake/corrupt files on Kazaa.

Re:Hmm

[Anonymous Coward]

I RTFA'd:

However, after speaking to the Methlabs team and various connected members of the community, P2Pnet, SuprNova and Slyck can all confirm that the original story that the domain has been hijacked is genuine.

Update on the Methlabs.org site

[Rac3r5]

I visited the Methlabs.org site and I found this. Seems like the complete opposite of what I read on the other site, like some conspiracy.

http://www.slyck.com/news.php?story=913 [slyck.com]

Methlabs Update

September 16th, 2005 by Administrator

"Dear Methlabs and P2P Community,

Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data.

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums (http://methlabs.org/forums/ [methlabs.org]) and change your password. We sincerely apologize for this issue. As of right now, the Methlabs site is back online, although forum posts from the past month have been lost.

Since all the data was stolen by former staff members, YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs. If they do not come from the Methlabs.org domain and from our email servers, DO NOT BELIEVE THEM.

We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted.

To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay. The current real news is that PeerGuardian development and Blocklist development is on schedule, and Blocklist should be out of Beta within the next week or so.

Please spread the word that Methlabs.org is ALIVE and DO NOT believe or TRUST any emails that do not come directly from Methlabs.org and our mail servers. These emails are from disgruntled staff members trying to hurt the P2P community as a whole.

We apoligize for the current situation. Please visit http://methlabs.org/ [methlabs.org] for OFFICIAL updates, and help us spread the word!

- The Methlabs Team"

Re:A question...

[PhrostyMcByte]

The last safe backup we have was taken on September 9th, pretty much right before all hell broke loose.

Bluetack may go a bit overkill on who they block on their lists, but they are generally trusted by the community. We'd rather users setup PeerGuardian to use our competitors lists than use possibly unsafe lists from a compromised server.

We setup instructions [sf.net] to switch to the Bluetack lists if anyone is interested.

Re:One of those things about the open source crowd

[WhiteWolf666]

Form an LLC (couple hundred dollars).
Give all assets that you want to protect to the LLC.
Distribute ownership of the LLC among ALL memebers, and require license changes/ownership changes/policy changes/domain changes, etc, either unanimous consent or a 2/3 (maybe 3/4) vote.

Fundamentally, the purpose of a business 'shell', in any small organization, is to put your assets in one place so that no one can legally mismanage them.

If, for example, methlabs.org had been the property of methlabs, LLC, and the administrator tried to boot you off, you could send an e-mail to your registrar from the 'director' of the LLC, indicating that the administrator was not acting in the interest of the LLC. You send them the *signed* (can be signed electronically, using the US gov't standard, which is a bit silly \ \ ) LLC articles of incorporation, showing either that the administrator member had no right to do that, OR that he wasn't a member of the LLC.

Then they hand you the 'keys' to the castle, so to speak.

Re:Hmm

[Anonymous Coward]

Alternative blacklists from:
http://bluetack.co.uk/config/sources.txt [bluetack.co.uk]

PG,http://www.bluetack.co.uk/config/ads-trackers-a nd-bad-pr0n.txt,Ad [bluetack.co.uk] Trackers,0,Ads Ad-Trackers and Bad Porn
PG,http://www.bluetack.co.uk/config/level1.txt,Lev el [bluetack.co.uk] 1,0,Level 1 Basic Blocklist
PG,http://www.bluetack.co.uk/config/level2.txt,Lev el [bluetack.co.uk] 2 Corp,0,Level 2 Corporate Ranges
PG,http://www.bluetack.co.uk/config/bogon.txt,Bogo n [bluetack.co.uk] Ranges,0,Bogon Addresses List
PG,http://www.bluetack.co.uk/config/dshield.txt,DS hield [bluetack.co.uk] Recommended,0,DShield Blocklist - More info @ www.dshield.org
PG,http://www.bluetack.co.uk/config/edu.txt,Edu [bluetack.co.uk] Ranges,0,Educational Institution Ranges
PG,http://www.bluetack.co.uk/config/hijacked.txt,H ijacked [bluetack.co.uk] IP Blocks,0,Hijacked IP Ranges List
PG,http://www.bluetack.co.uk/config/iana-multicast .txt,IANA [bluetack.co.uk] Multicast,0,IANA Multicast Addresses
PG,http://www.bluetack.co.uk/config/iana-private.t xt,IANA [bluetack.co.uk] Private,0,IANA Private Addresses
PG,http://www.bluetack.co.uk/config/iana-reserved. txt,IANA [bluetack.co.uk] Reserved,0,IANA Reserved Addresses
DONK,http://www.bluetack.co.uk/config/exclusions.t xt,Master [bluetack.co.uk] Exclusions,0,Recommended Exclusions List
PG,http://www.bluetack.co.uk/config/Microsoft.txt [bluetack.co.uk], Microsoft Related,0,Microsoft Associated Addresses List
PG,http://www.bluetack.co.uk/config/fornonlancompu ters.txt,Non-LAN [bluetack.co.uk] List,0,LAN Blacklist 0.* 10.* and 192.168.* Ranges
PG,http://www.bluetack.co.uk/config/spider.txt,Spi ders [bluetack.co.uk] List,0,Webspiders and Bots
PG,http://www.bluetack.co.uk/config/spyware.txt,Sp yware [bluetack.co.uk] List,0,Spyware and Malware
PG,http://www.bluetack.co.uk/config/trojan.txt,Tro jan [bluetack.co.uk] & Portscanners,0,The Trojan Port Hits and Scans List

Re:I've got a better idea

[Seumas]

PeerGaurdian isn't about spam email blocking. It's about blocking IPs that belong to MPAA/RIAA/DOJ/Government/BSA and other organizations that flood p2p networks, looking to gather information on you and send you a lawsuit.

No honour amongst theives.

[Chmarr]

No honour amongst thieves.

Okay, I'm NOT saying that ALL P2P users are thieves, but I don't think ANYONE in their right mind is going to argue that copyright violations is not the majority use of P2P networks.

So... EVEN IF a handful of folk in a group are using P2P software for utterly and totally legitimate purposes, the majority aren't, and of THOSE people, their sense of ethics is at least tainted, and most likely totally horked.

So... takeover of a P2P-related group by one of its members? No surprise there. Roll in the next drama please.

Re:I've got a better idea

[Anonymous Coward]

Peerguardian has nothing to do with spam, primarily its designed to keep the RIAA and MPAA (and thier slimy bloodhounds) from connecting to your PC whilst you are using P2P file sharing software. Of course, you can add known spammers to your list of Ip's to block, but this really isnt an RBL system for e-mail.

As for the flaw of RBL's, I do agree that they are not perfect. A much better blacklisting scheme is to generate your own local temporary blacklists based on mail (and mailservers) which appear to be spamming. http://www.acme.com/mail_filtering/introduction_fr ameset.html [acme.com] has a good article on such things. By and large though, you are right, RBL's fall down because they are not Realtime enough. They don't adapt to false negative or positive conditions fast enough to be relied on as a anti-spam measure.

Re:I've got a better idea

[evilviper]

PeerGuardian is not for e-mail, it's for P2P networks.

Also, I don't know how you can believe that blacklists are useless. I'm down to only about a spam a day, despite my current primary e-mail address being listed all over the internet for years now. Obviously, your choice of blacklists is important, and using other metrics as well helps.

Besides that, the forces at work in P2P spam are completely different than that of e-mail spam. I can vouch for the PeerGuardian blacklist being extremely effective at blocking probably 99% of P2P spam, and making that last 1% look far less legitimate, and far less likely to be selected.

Re:Does PeerGuardian really work?

[PhrostyMcByte]

The lists got a bit inaccurate over time. We had just got Blocklist.org setup so we could review all the blocked ranges, but then a month later this happens :(

Oh well. We'll recover.

Re:One of those things about the open source crowd

[Infinityis]

Not to be too particular, but since I'm currently going throught the LLC application process, it might be useful to point out that it's not "articles of incorporation" but "articles of organization". "Articles of incorporation" is reserved for a corporation.

The difference between a corporation (Inc.) and limited liability company (LLC) is subtle but important. A corporation is a perpetual entity, so if a founding member dies, no problem. But if a founding member of an LLC dies, that pretty much ends the LLC. Taxes are a lot easier to handle, along with determining profit. Also, you don't have to have annual meetings where the minutes recorded, etc. However, with either one you get the benefit that your personal assets are not at risk. If the company fails miserably and owes a million dollars in debt, you still get to keep your personal car, your house, your money, etc. Thus the term "limited liability".

Re:One of those things about the open source crowd

[WhiteWolf666]

At legalzoom.com, you can incorporate a Nevada LLC (with registered agent) for ~205, IIRC

I've done this many times.

You'll have to find/pay a registered agent unless you can find an address/phone number in state. This is usually under a hundred dollars per year.