Identify password protected uploads

[zoned]

That said older and yet some .rar archive voles that are the type *.r00 , *r.01 to *.rar opening the first *.r00 after it has downloaded will show the contents and able to navigate through any sub folders it has. After opening if parse contents any file with *password* then stop the download continue to next download.

Or even stop the download when check that if any of the enclosed files are password protected stop the download continue with next download. Alternative idea if unable to auto parse file for names within first downloaded file *.r00 when download rar set archives like this

[Hecks]

Just to be clear, the *.rar is always the first in the set that includes *.r00, *.r01 etc, regardless of the upload order. File headers are spread across volumes, but always serially - files packed in early volumes will not have file headers in later volumes. So what you see in the .r00 depends entirely on how large the packed files are.

For reasons explained, this does not help at all if the archive only contains *one* file spread across all the volumes which is itself a RAR that contains passworded files. All that the file headers in the different volumes will tell you is that they contain a single RAR that isn't itself encrypted. What we're interested in is the contents of *that* RAR, and that info can only be in the first *.rar volume, where its contents actually start ... if that's missing, or if the packed RAR is compressed, you're out of luck.

If you want to see what I mean, try downloading this NZB and try inspecting each volume with this PHP class or the like, or a hex editor if you know how to read the RAR specification. Compare the contents of the .rar that Alt.Binz needs to create by PAR2 repair *after downloading all the volumes* (see the small PAR2 to confirm that the .rar is needed) with the .r00 that's actually included in the NZB.

And no, opening a volume in WinRAR or similar doesn't give an accurate view of what's actually in each volume, as those proggies inspect all the volumes in the same directory and collate their file headers.

[zoned]

Yes that one doesn't have any other files likely in the sub .rar file only accessible when the download is complete. I also download the same name but with padlock to see difference from BS I note that one has two files one a sub rar the other a text. No mention in either archives of the word password, which puts to bed that that wasn't possible anyway. These should be auto checked and erased from the servers after upload when found to be password protected files. Problem there is what of those that belong to groups that do password protect their files for whatever reason they think they should have password protection. Maybe it should be no files ever allowed to be uploaded that contain any passworded archives at any level of the archive !

[Hecks]

Yep, as you point out NZBIndex does mark that same BS example as password protected. The last volume, .r26, actually contains a 'CLICK HERE FOR PASSWORD.html' right at the end, I guess they scanned for that, which is easy enough when you're only indexing ... or they applied some other fuzzy guesswork, like if the PAR2 contains .rar but the collection doesn't, then it's probably suspect.

Alt.Binz could do the same: check NZB & PAR2 for .rar if it contains .r00; if missing, check last .r** for any suspect files, etc.  But I suspect in the long run it would just be a game of whack-a-mole with the spammers. Far better to identify trusted sources for NZBs and stick with those, methinks.

Edit: another passworded version of that example on NZBIndex contains a Readme.txt right at the start of the first volume, *.part01.rar in this case, with a 'please download password from here' message. That's an easy one to detect, since the word 'password' appears in plain text within the first 200 bytes of the volume.

[Rdl]

Finally some movement on this.

Few detect cases are implemented: Downloaded rar(.rar .partxxx.rar .001) is password protected, rar has files inside that have word 'password' in the name, rar has small files inside that have word 'password' in the content.
Few more methods will be added later.

Option is located in Setup->Misc #3->Rar password checker mode
You have options for disabled, Warning only and Warning+Pause collection. Default is disabled.

[Hellster]

Love the password detection features added. But i have a question, if you set it to Warn + pause, will it pause collections you have added the password for ? or only collections with no password added for them.
Thanks

[Rdl]

If password is set for collection, no checking/warning/pausing applies.

[Hellster]

Ahh awesome, thanks RDL, i didn't want to set it to pause until i found out

[gazix]

Just quickly scanned over the  3 pages for this thread, so sorry if just rehashing what someone had already brought up.

Was wondering if could have an option to pause (no warning) and change the colour of the pause icon to x instead of blue? I guess was hoping to have the same thing with no enough par files. Meaning no error message at all, and just pause and change to a different colour pause icon.

Also, in terms of the password searching feature, is there a way to check for a file with the name password within the archives without downloading the whole thing first?  I notice that sometimes there is a single pw protected rar file within the rar set itself.  Along with a file (usually html) say something like click here for password....

Thanks

[gazix]

Oops, one more ask.  Would be possible to just delete the files off the computer (or when delete from the paused queue in alt binz) for the not enough pars and/or password protected files?  Obviously either isn't really useful since can't really do anything with them.

[Hecks]

@gazix The problem is that the .html with the links to scam password sites is typically right at the end of the archive, in the last segment of the final .rar in the set. I guess Alt.Binz could try downloading that one first, but this would probably confuse a lot of users. Remember also the whole category of spam posts that can't be scanned properly because of rars deliberately removed by posters to force a whole download and par2 repair. Any compression applied also complicates things.

Having spent rather too much of my life implementing different ways for detecting spam, I can say with confidence: the only guaranteed way to have a trouble-free life on usenet is to make sure you get your NZBs from *trusted sources only*. If you're getting unexpected passworded files to the extent that you need some automated checking like this, it's a 100% sure sign that you're going about things the wrong way and it's time to rethink your whole approach.

Just my $0.02

[gazix]

Ahh, thanks for the heads up.  Shows what I know, figured that everything would be have to be listed within the first few files.... I guess downloading the first and last file wouldn't be any solution

[zoned]

To warn by a colour on download queue and par2 queue for those archives found to need a password to extract the contents. No pop-up to be generated for any warning. Warning could be placed on ui grab bar (top bar of alt.binz ui window) after Alt.Binz version## where it would also be seen. For the tray as does for each download when completed that does remain until clicked away

For downloads (such as episodes) that are downloaded from one group. So that all archives with passwords are paused and allow all other archives in the a group to continue downloading

[Tim]

@gazix The problem is that the .html with the links to scam password sites is typically right at the end of the archive, in the last segment of the final .rar in the set. I guess Alt.Binz could try downloading that one first, but this would probably confuse a lot of users. Remember also the whole category of spam posts that can't be scanned properly because of rars deliberately removed by posters to force a whole download and par2 repair. Any compression applied also complicates things.

Having spent rather too much of my life implementing different ways for detecting spam, I can say with confidence: the only guaranteed way to have a trouble-free life on usenet is to make sure you get your NZBs from *trusted sources only*. If you're getting unexpected passworded files to the extent that you need some automated checking like this, it's a 100% sure sign that you're going about things the wrong way and it's time to rethink your whole approach.

Just my $0.02

So true. 

[gazix]

I'm guessing that the rar checker mode won't have a warning/pause option that doesn't include the hidden option of "always be on top" mode?  Never seen an program another program has a pop up dialog box that even shows up over top of the screen saver (while screen saver continues to run uninterrupted).

Also thinking that the algorithm for determining what is password protected and what is not might need an update.