Statistics for DC++

I recently built a small application, WLPfS, that parses the web log files from SourceForge (where DC++ is hosted). The application can parse the log files and will display the client and the number of times that client attempted to grab a file on the website.

In DC++’s case, this file will always be version.xml that is updated on every new stable release of DC++.  This file is accessed each time DC++ is started or if the “About” dialog is opened. The statistics are slightly skewed in DC++’s case since Coral may be used (if the user has it on), and as such will cache the information on their servers. That means the stats presented here are NOT representative of the actual DC++ user count. However, it may be of interest that there are many old versions still in use, and it’s interesting to see users on “boundary versions” (probably based on feature changes, such as inclusion or requirement of hashes).

I can supply log files upon demand, so you can have a perusing through them yourselves.

In WLPfS, I set the filter to “^DC\+\+ v0.\d*$” (without the quotes). This will mean the application will only display the clients named “DC++ v0.” followed by a number, which is how all DC++ clients to date have identified themselves as. Note that modifications of DC++ may change their name (and will as such show up in such a listing) but keep “version.xml” grabbing.

The list below are the stats files grabbed from SourceForge. They span the days 2012-07-01 to 2012-07-10.

Version Count
DC++ v0.172 18
DC++ v0.18 4
DC++ v0.181 39
DC++ v0.20 6
DC++ v0.22 2
DC++ v0.232 5
DC++ v0.233 16
DC++ v0.24 12
DC++ v0.242 53
DC++ v0.251 7
DC++ v0.261 146
DC++ v0.263 13
DC++ v0.301 70
DC++ v0.302 3
DC++ v0.303 25
DC++ v0.304 515
DC++ v0.305 210
DC++ v0.306 5892
DC++ v0.307 1967
DC++ v0.400 5
DC++ v0.401 4567
DC++ v0.402 5
DC++ v0.403 596
DC++ v0.4032 36
DC++ v0.4033 52
DC++ v0.4034 302
DC++ v0.666 12
DC++ v0.667 103
DC++ v0.668 1589
DC++ v0.670 4401
DC++ v0.671 14
DC++ v0.672 19
DC++ v0.673 716
DC++ v0.674 44406
DC++ v0.68 396
DC++ v0.680 5
DC++ v0.6811 732
DC++ v0.686 142
DC++ v0.687 178
DC++ v0.688 404
DC++ v0.689 1780
DC++ v0.69 370
DC++ v0.691 2188
DC++ v0.693 12
DC++ v0.694 725
DC++ v0.695 197
DC++ v0.696 172
DC++ v0.697 453
DC++ v0.698 8766
DC++ v0.699 19517
DC++ v0.700 26
DC++ v0.702 162
DC++ v0.703 84
DC++ v0.704 527
DC++ v0.705 25
DC++ v0.707 242
DC++ v0.708 187
DC++ v0.709 1
DC++ v0.7091 419
DC++ v0.75 1625
DC++ v0.760 19
DC++ v0.761 245
DC++ v0.762 271
DC++ v0.770 1442
DC++ v0.780 6
DC++ v0.781 1194
DC++ v0.782 12980
DC++ v0.785 1
DC++ v0.790 403
DC++ v0.791 9252
DC++ v0.797 255
DC++ v0.799 19224

Domain changes and other information

A team of architects is building a highway.

One of these architects is in charge of building a vital bridge. His construction work is going well; although the bridge needs consolidations here and there, people have already started driving over it.

One day, the bridge architect has a disagreement with his architect colleagues. He therefore chooses to leave the construction company and focus on other projects.

However, he is still bitter about his ex-colleagues. He secretely hopes the highway never gets successful. To his dismay, the construction project keeps going on and the highway keeps being extended. The bridge he was in charge of is still being used.

Consumed by his jealousy, he decides to place a few packs of dynamite at strategic points of the bridge. He then makes the whole bridge explode while there were still people over it.

It might have been his bridge while he was overseeing its construction, but it was not anymore when he chose to leave the construction company. By destroying the bridge on a whim, he does more than destroy his own work: he also destroys the work of the builders; he kills the people who were enjoying the bridge when it exploded; he forces his ex-colleagues to build a new bridge (fortunately, they still have the blueprints).

He could have left the construction company with dignity, but he ended up as a jerk.

The domain is down and the project adcportal at SourceForge has been removed. It was the decision of the domain’s owner.

The project is gone, and with it is the forum and wiki as well. Backups exist, but whether it’s for the forum and wiki is too soon to tell. All I can say is that there will be an effort to try and restore some parts, while other parts will be discarded. I can’t tell you a time schedule, as time is always a limiting factor.

A new project, dcnetwork has been created, together with a new domain (now pointing at DC++, but will not in the future). The intention of the domain and project is to serve as a hub (pun intended) within DC, or at least for some of the content.

The DC development hub address is now adcs://, so be sure to change your clients.

It is unfortunate times, as it always is when losing resources, but new resources will be up as soon as time permit.

New account for Twitter; DCBase

Quick post, but just want to let everyone know that DCBase is what is going to used in the future for tweets.

Software and code for TTH generation and validation

There are multiple sites dedicated for providing information about generation and validatation of TTHs. There are many languages written to handle TTHs, so you should see this list as a small selection of all the implementations out there.

  • TigerTree Hash Code project at SourceForge intend on providing implementations for multiple languages.
  • ThexCS – TTH (tiger tree hash) maker in C# at CodeProject intend to provide a UI for simple TTH generation.
  • tthsum is probably the most widely known stand-alone application that can generate TTHs. The TTH generation was the one from DC++, but later changed to the original Tiger authors’ implementation. tthsum is in most Linux distributions.
  • Obviously, DC clients can generate TTHs…

    Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

    BerliOS to shut down operations on 2011-12-31

    BerliOS will go out of service later this year, and will as such cause projects to go dark. If you have a DC project (or, well, any project for that matter) on BerliOS, now is the time to switch hosts.

    There are multiple other hosts, and I’ve only used a subset.

    Some suggestions:
    Google Code

    Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

    Long lost response regarding DC being used as a DDoS tool

    A really long time ago, I was interviewed regarding the play that DC has concerning DDoS:ing. GargoyleMT was interviewed by a Brian Krebs ( and the following is what he said to Krebs. I don’t think Krebs published anything (or at least I can’t find it). Note that the date of this mail is 2007-05-25. (I don’t know why, but the above WordPress post have a newer timestamp than when the mail conversation took place. As the SecurityFocus article indicate, it’s around the later part of May.)

    Brian, I’m not sure if you’re still looking for information about what Prolexic (and now Netcraft) have reported about attacks using the Direct Connect network.

    A little bit of history may help understand what the Direct Connect network is. It got its start in December of 1999 by Jon Hess, then a high school student. It was heavily inspired by Internet Relay Chat (IRC), and the social aspect of chatting can be seen in his design (I have a couple old interviews of him bookmarked at home that may give a little more information). This was the year of Napster, when peer-to-peer networks were getting their start, and before Justin Frankel (of Winamp) had released Gnutella (which first pioneered decentralized peer to peer networks). Direct Connect was designed around separate, user run, independent hubs, tied together only loosely by a “hub list.” This design is a lot more like Napster’s centralization than Gnutella’s decentralization, especially since hubs themselves do not interlink (though there are some protocol commands for doing so.) Because of this design, Jon developed two separate programs: a client software (which we call NMDC for NeoModus Direct Connect [NeoModus was the company name Jon used to publish his software (see the Wayback machine at*/ and a hub software. Each hub software had an option to register on the hub list, but it was not mandatory.

    Shortly after it became popular, many people worked on reverse engineering the protocol that Jon used. Once enough knowledge of the protocol was obtained, clients were created, including DC++ by Jacek Sieka in November of 2001. Today, nearly all of the clients on the Direct Connect network are open source, and quite a few hubs are as well. The protocol used today is nearly identical, but (mostly) backwards compatible with the original client and hub. Jon’s software has fallen out of favor, and DC++ is (probably) the most popular client for the network. There are also many derivatives of DC++, since it is licensed under the GNU General Public License. There are a number of hubs, YnHub ( is one of the more popular ones, since it works on Windows, has a nice GUI, and contains enough options so that hub owners can run hubs the way they like. Hubs have grown, but a “big” hub is well under 10,000 users, and most probably in the 500 – 2500 user range.

    The abuse, as can see it, doesn’t exploit any bugs in DC++ per-se. Nothing as glorious as buffer overflows, at least. Only not armoring itself against ways the protocol could be misused to hurt others. The protocol was intended to be proprietary, and wasn’t designed to protect against malicious clients or hubs.

    The two commands which are being exploited are the following commands:
    $ForceMove <ip or address:optional port>
    This command forces a DC client to disconnect from the current hub and try to connect to the address specified. (It is used in some multi-hub configurations to shuffle users between hubs, generally as a form of load balancing.) The original DC hub software had a port of 411, but it allowed customization. A malicious hub can “$ForceMove; to multiple users and get them to try to connect to that server using the DC protocol. In DC++ 0.699 (released Dec. 18, 2006), DC++ will try to connect once, but not reconnect unless it has successfully completed a full Direct Connect handshake with the remote address. This type of attack shouldn’t be very effective with DC++ 0.699. Versions before this will reconnect on a slightly variable scale, in between 2 and 3 minutes. ($ForceMove is what we typically classify as an “operator” command, so normal users should not (unless the hub is configured for it) be able to use this command to initiate an attack. Rogue operators on white hat hubs could, however.)

    $ConnectToMe <RemoteNick> :<SenderPort>
    This is the command that instructs the receiving user (<RemoteNick>) to try to connect to SenderIp on SenderPort (via TCP). This connection is nearly exclusively for downloading of files. This command, as does the above, and most others, passes through the hub. A white hat hub will check <SenderIp> against the IP address of the sender, and only relay the command if they match. A black hat hub may not do that. Or worse, it may modify well formed $CTMs (as we shorten it) to contain the IP of a machine it would like pummeled with connections. DC++ (as will any DC client) will try to connect to the remote IP on the specified port once. It will not retry on its own, but it will try one time per $CTM. (I'm not sure whether it can be persuaded to try multiple connections to the same IP/port at the same time.) This attack cannot succeed without the complicity of the hub in the attack.

    Prolexia certainly has drawn attention to this subject, but they're not the first to suffer such attacks., created by Marko Virkkula (aka Gadget), was the default hub list for DC++ for a long period of time (July 2003). has been experiencing attacks since April of 2006, and the methods used above may be a direct result of his war of escalation against the attackers. A domain I bought ( to host DC++'s web presence was definitely attacked by one of the two above methods. We changed hosting companies once, but were ultimately forced to pare back our web site and move a smaller version of it back to's project space. I wasn't involved enough in the administration of either host machine to come away with the specifics of the attack, other than that it was DC traffic directed to the HTTP port.

    As for preventing or mitigating the severity of this type of attack, I think there are a couple key points. We cannot change the protocol radically to fix this, as we're (Jacek Sieka, Fredrik, myself, and couple other regular contributors) only in control of one of the clients. (There is a developer community that represents quite a few of the packages, but not all of them.) All client and hub software would also need to be changed, and users would have to upgrade their respective software. We have an alternate protocol under development (ADC) that should lessen the concerns (as IP addresses are distributed to each client during the initial connection to the hub). That said, users can (and should) upgrade their client when a new version of DC++ comes out. On the release of a new stable version, each user with an older client is told about it once per startup of the application. Currently, 0.698 is marked as stable, so users need to ensure they have 0.699 installed. Developers who base their DC client on DC++ can sync their client more quickly following a release of DC++, or backport all of the fixes. Most importantly, we know that some of the hubs on the DC network are not to be trusted. They may be either public hubs (registered on one or more hub list) or private hubs (unregistered but allowing new members or protected via user name and password). Users who watch the output of their client can guess whether they're being involved in an attack. For the $ForceMove attacks, one of their hub windows will show as disconnected, with a long line of "*** Connecting …" messages without a single success. Users should close this window, and be wary if they decide to visit the hub that issued the redirect. For users involved in a $ConnectToMe attack, the "transfer view" of their client will show a number of upload connections in the "Connecting…" state. Through the process of elimination, they can determine which hub is issuing these bogus connection attempts. We have been burned with these attacks as well, so we'll keep looking for ways of improving the program.

    World domination: Step 2: Twitter

    As part of our (further) desire for world domination for Direct Connect, Twitter is not saved from us! The intent is to have the site act as an aggregate of Direct Connect links and posts, as well as allowing people to use a well-known source of information for their DC content as well. Yeah, I know, pretty much the same as with Reddit, but you have to remember the way in which content is published; we don’t control who posts at reddit, while with Twitter you can easily be completely up to date with news etc, right in your mobile devices.

    Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

    World domination: Step 1: Reddit

    AS part of our desire for world domination for Direct Connect, the (sub)Reddit DirectConnect has been created!. The intent is to have the site act as an aggregate of Direct Connect links and posts, as well as allowing people to use a well-known source of information for their DC content as well.

    Go there and write a post!

    Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

    ADC Recommendations

    A while back (a really long time ago, it appears), I started the document ADC Recommendations. The intent is to create a document that can be reviewed for best-practices, common implementations and other useful information that need not be in the official specification(s).

    Also, my intent was to have the document be more frequently updated (once done), so that it can quickly reference the latest software, so as to not having to update versions for the specifications, for simply guidance.

    If you want to add more or revise the existing content, leave a comment below or go to the ADCPortal forum post.

    Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

    Interview series: poy

    This is one part of a blog series where influential people in Direct Connect are interviewed about the past, present and future state of Direct Connect.

    poy is a developer known for his influence in the development of DC++ and ADCH++. He raised code base standards to a new high, made the UI library transition (in DC++) end up well, have been one of the main developers of DC++ and ADCH++, and more.

    What follows are the questions I asked and the answers he gave.

    • What made and when did you start with Direct Connect?

    About 8 years ago, back when all I knew of P2P was eMule, KaZaA, Limewire, emerging torrents and other faceless global file sharing solutions, a friend of mine told me about this great gem he had just found, where getting into servers depends upon how well and how much you share yourself.

    • When did you start with the development of DC++?

    Looking into the changelog, my first patches landed in version 0.695, released 5 years ago. Before that, I had been spending most of my C++ coding time modding my own version of DC++.

    • What made you interested in the development of DC and DC++?

    DC has a unique set of communities that care about sharing in a sense that I fully appreciate. It is therefore always a pleasure to look into its inner workings.

    Being reverse-engineered, the initial DC protocol has always left me with a slightly bitter feeling, thus getting me to look for a better, more future-proof alternative. Fortunately, by the time I got interested in that, ADC was already on its way up. It was however far from perfect, especially with regards to the lack of hub programs available. This has led to a constant state of motion, ideas, achievements which quickly appealed to me.

    For DC++ specifically, I enjoy its use of many modern programming constructs, its large user base and the fact that there are still so many things to do with it.

    • You are one of the main developers for DC++; What are your goals and ideas?

    One of my primary goals is and has always been to be able to replace the mod I used to develop a while ago, which included various features I have yet to see in any other DC client so far. This includes a more evolved chatting facility, configuration for each hub or each hub group, various UI fanciness…

    I have many ideas but mostly smaller, short-term ones, such as (just dropping some from my todo list) ways to filter lists with Regular expressions, using the binary and/or city databases of GeoIP, adding right-click accelerators similar to those in Internet Explorer

    One untold goal of the UI library that DC++ is using (formerly SmartWin++, now DWT for “DC++ Widget Toolkit”) is to support more than just Windows and to be released separately. Knowing of other applications than DC++ that are able to use DWT would be quite an accomplishment.

    Another ongoing goal is to keep DC++ on top of the latest changes in C++ standards. The C++ committee has been quite productive these last few years.

    • You are also involved with the development of ADCH++; What are your goals and ideas?

    My ultimate goal for ADCH++ would be a hub that anyone can easily configure, yet expert users can still enjoy. I believe the latter part to be close to reality right now; the former, however, is not quite so according to the feedback we are getting. A GUI would be most welcome. One was in development at one point but it seems to have halted; I hope it gets picked up again.

    Aside from that, I consider ADCH++ to be quite complete; its author has made a wonderful job with it. A few features may not yet be available but they are all doable with plugins / scripts, so that doesn’t really fall on ADCH++ itself.

    • Do you have any goals and ideas with the further expansion of NMDC and/or ADC?

    I hope ADC can provide a fully secure environment; it is already possible to encrypt ADC traffic, but that doesn’t mean it is completely secure.

    I hope ADC can reach a state comparable to other Internet protocols such as HTTP, FTP, etc.

    I have been wondering about an ADC extension idea that I would call HFAV, where clients would send the hub addresses they know about to hubs, which in turn would poll all the addresses they have gathered, regularly ping them and dispatch the results to any client that requests them.

    • What other DC projects are you involved in, and what are your goals and ideas with those?

    I have written DCBouncer mostly for my own use: it stays connected on a server I own and simulates a presence on some hubs, gathering chat messages (including private ones); then when i log back in, it forwards them to me. Usage scenarios are multiple: logging, hiding one’s actual IP, perhaps in the future even share directly from the server…

    • What do you think will attract more users of DC in general? Would that be desirable?

    Internet ads praising the DC idea would, in my opinion, be a great way to attract users. Another is to troll P2P forums.

    The main reason I like DC is its elitist philosophy: the better and the faster you share, the more likely you are to get invited to better hubs with users with a better sharing quality. If I wanted some kind of global server where anyone could enter, I would prefer the programs previously mentioned. That is the reason I am not a fan of hubs that strive for a maximum amount of users and disregard the community aspect; and especially why i dislike the DHT feature that some clients have implemented as DHT is taking that idea of faceless hubs to an extreme.

    The stuff one can find on global P2P networks / faceless hubs is very different than what is available in elitist DC communities. I believe luring users of the former category into DC would not necessarily be beneficial; it would be more interesting to strive for those who are likely to contribute to the very unique DC sharing spirit.

    • Would you change anything with DC, DC++, ADC etc if you could?

    All the ideas I have had so far have been quite realistic; I guess I tend to unconsciously discard those I couldn’t be able to implement myself.

    • How much time do you spend on DC development?

    This depends a lot on real life, other Internet groups I frequent and the motivation I have to accomplish a particular task. At times I have spent 6 hours straight; other times, just 15 minutes to do an otherwise awesome change. I try to at least check what’s up once a day or once a week on busy weeks.

    • What would cause you to spend more time with development?

    An awesome idea that would have many code ramifications; or a crazily hard-to-find bug.

    • What was the most difficult thing you have done with DC?

    I would be tempted to mention the recent crash logger, which led me to fully read the libdwarf, DWARF 2 and PE/COFF documentations. This was a unique achievement so I had no example on how to go about it at first. But in retrospect, this wasn’t quite that difficult.

    The hardest thing I can remember is having to track down bug 590651. It was a leak of a graphic object that resulted in all debug reports being useless. We ended up having to ask some testers to run several versions of the program at the same time to try to figure out a scheme to the crash, until one postulated that they were related to the amounts of hub disconnects received by the program. That wasn’t much to go on from but I eventually figured it may have been related to tab icon changes on disconnects. Although the fix was trivial, pinpointing the bug was quite the hardship.

    • What was the most important thing you have done with DC?

    I am quite proud of the DC++ window manager, which restores the session to the way it was before the program was closed. This goes with the menu of recent windows in the toolbar.

    • What was the most fun thing you have done with DC?

    Hard to say, it’s always fun and a unique sensation of accomplishment that only a developer can know of. :) But I guess ADCH++-PtokaX is pretty fun in its own ironic way.

    Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”