all downloads and mirrors wont work

i tested the ip, it was correct and julian bubbles and lahey have a server disallowed and ricky came up with this potentially invalid download ID i dont understand?

Comments

  • I did a WHOIS lookup on your IP and see you're using a satellite internet provider.

    Satellite-based ISPs are renown for using CGNAT and other network shenanigans which interfere with our anti-leech system. Unfortunately there's no immediate solution; as I'm mentioned previously an improved anti-leech/hotlink system is in the works which isn't so finicky.

  • edited July 6

    Maybe ask a trusted friend to download the file you want (assuming he/she doesn't have satellite internet) and give it to you on a flash drive.

    @Duff we could prompt the user to solve a CAPTCHA (every time he/she attempts a download) if and only if the anti-leech system detects a discrepancy. There are many benefits to this. You can use the same CAPTCHA generator from the login form (although you might want to increase the complexity a bit).

  • edited July 7

    I'm in China and trying to download something and getting the same thing...

    I tried it from a server in the USA and also got:

    Failed to download Abandonware Applications/PC/Microsoft FORTRAN
    PowerStation 4.0 (4.00.523).7z from IP 172.86.179.XXX (Server
    disallowed)

    So yeah... :(

  • Same problem here, it seems this only started when they re-designed the website. Must be a new anti-leech system. Rip Hotspot users.

  • These download issues started with the move to the database system and distributed mirrors a number of years back. But the main problem really is crappy ISPs are increasingly doing dirty things.

  • But don't they do because the avaible IP range is getting smaller with tons of more devices connected to the net?

  • I checked my IP Address and all of them came back correct, yet, the download link wouldn't show up

  • I have the same problem. Tells me I have downloaded 0 out of 25 for the day but does not allow me to download. I think I have a standard setup, the isp IP is assigned to a router and lots of private devices/ip addresses behind the router. Does configuration itself mean I can never download/upload?
    In order to make this question/comment. I registered. Like some comments suggest, after registering and signing in the comment page did not let me leave a comment. It said howdy stranger, then displayed the name I was logged in and told me to choose a button (sign in or register). I clicked sign in 2 or three times within a second of each other and that option disappeared and I was allowed to comment.
    Then while filing out this comment, I went back through the download process to find/document the reported IP address for me. But the download started working. And the line says something like "you have downloaded 0 of 50 allowed".

    So for some of you don't give up. An unwritten requirement may be that you must register and keep signing in until you can leave a comment. Then you will be blessed with a download.

    Now for the question; What Is this leaching problem?

    Just wondering

    -- Sir Wonder.

  • @SirWonder said:
    I have the same problem. Tells me I have downloaded 0 out of 25 for the day but does not allow me to download. I think I have a standard setup, the isp IP is assigned to a router and lots of private devices/ip addresses behind the router. Does configuration itself mean I can never download/upload?
    In order to make this question/comment. I registered. Like some comments suggest, after registering and signing in the comment page did not let me leave a comment. It said howdy stranger, then displayed the name I was logged in and told me to choose a button (sign in or register). I clicked sign in 2 or three times within a second of each other and that option disappeared and I was allowed to comment.
    Then while filing out this comment, I went back through the download process to find/document the reported IP address for me. But the download started working. And the line says something like "you have downloaded 0 of 50 allowed".

    So for some of you don't give up. An unwritten requirement may be that you must register and keep signing in until you can leave a comment. Then you will be blessed with a download.

    Now for the question; What Is this leaching problem?

    Just wondering

    -- Sir Wonder.

    I'll check with the problem are causing not working properly. It's depends of my entire time, its takes less within 24h to verify that problem.

  • Can you not use a VPN to bypass this issue?

  • VPN? I use VPN to connect my home network to my girlfriends home network via Internet.
    How could VPN help on this issue? I think you meant a proxy, arent you?

  • @sdose said:
    VPN? I use VPN to connect my home network to my girlfriends home network via Internet.
    How could VPN help on this issue? I think you meant a proxy, arent you?

    No, I mean a full tunnel VPN connection so that all traffic flows out through the tunnel.

  • edited August 20

    @sdose said:
    VPN? I use VPN to connect my home network to my girlfriends home network via Internet.
    How could VPN help on this issue? I think you meant a proxy, arent you?

    A proxy may work as well as a VPN. The idea is to bypass your ISP's network address translation (NAT). The ISP (apparently) routes the requests (the request to the mirror selection page and the request to the mirror itself) through different IP addresses, whereas a VPN or proxy hopefully wouldn't do that.

    WinWorld uses the IP address matching to prevent hot-linking (i.e., another website linking directly to WinWorld's mirrors).

    There are alternative solutions to this that WinWorld could implement, but the staff members here are busy, so things like that don't have a high priority. I would send a fix in, but I'm not familiar enough with NodeJS.

    If someone is familiar with NodeJS and can whip up CSRF token authentication for this, they could open a pull request on GitHub to see if they accept that.

    EDIT:
    From what I can tell from the code, this is actually not part of adventure, but something running on the mirrors themselves? CSRF tokens may still be viable, but not by submitting code to adventure.

  • @Totengeist said:

    @sdose said:
    VPN? I use VPN to connect my home network to my girlfriends home network via Internet.
    How could VPN help on this issue? I think you meant a proxy, arent you?

    A proxy may work as well as a VPN. The idea is to bypass your ISP's network address translation (NAT). The ISP (apparently) routes the requests (the request to the mirror selection page and the request to the mirror itself) through different IP addresses, whereas a VPN or proxy hopefully wouldn't do that.

    WinWorld uses the IP address matching to prevent hot-linking (i.e., another website linking directly to WinWorld's mirrors).

    There are alternative solutions to this that WinWorld could implement, but the staff members here are busy, so things like that don't have a high priority. I would send a fix in, but I'm not familiar enough with NodeJS.

    If someone is familiar with NodeJS and can whip up CSRF token authentication for this, they could open a pull request on GitHub to see if they accept that.

    EDIT:
    From what I can tell from the code, this is actually not part of adventure, but something running on the mirrors themselves? CSRF tokens may still be viable, but not by submitting code to adventure.

    It's very interesting. Your help is useful, my two phones have an VPN options or settings, too.

  • edited August 27

    I apologize to the seemingly increasing number of users facing these issues.

    The whole reason we have this admittedly partially-broken script is to prevent 'leeching' and hotlinkers. Prior to forcing people through the antileech, it was possible to simply scrape a download mirror with a download manager tool which led to huge spikes in bandwidth consumption. In one particular case, a Chinese IP ran up several hundred gigabytes of bandwidth in <12 hours, requiring us to pay an overage fee to re-enable the mirror.

    In other cases, people throw up websites loaded with ads then hotlink directly to our downloads. This of course takes away from bandwidth for legitimate users of WinWorld trying to get a few files as well as sending ad money to sites that don't deserve it.

    As @Totengeist suggested, a VPN is certainly an option worth trying on the user-end for anyone having this problem - it should bypass an ISP's CGNAT and allow for the IP matching to work, in theory.

    On our end, an intermediate option I'm looking at is providing a mirror that is speed limited but doesn't require IP matching - downloads would still go through Adventure, and I'd implement some level of basic referrer checking to deter casual hotlinkers. Keep an eye out for this.

    The mirror-side of the anti-hotlink is single PHP file not on GitHub; I'm willing to share that with to anyone interested in taking a look at this.

  • @Duff said:
    As @Totengeist suggested, a VPN is certainly an option worth trying on the user-end for anyone having this problem - it should bypass an ISP's CGNAT and allow for the IP matching to work, in theory.

    Yes. VPN is sort of a recommend thing to use on a lot of downloading sites, to protect your identity and things like that. They do the same thing on websites like The Pirate Bay, saying that people are required to use VPN to download their files, because incognito mode is sometimes not enough.

  • @Duff said:
    I apologize to the seemingly increasing number of users facing these issues.

    The whole reason we have this admittedly partially-broken script is to prevent 'leeching' and hotlinkers. Prior to forcing people through the antileech, it was possible to simply scrape a download mirror with a download manager tool which led to huge spikes in bandwidth consumption. In one particular case, a Chinese IP ran up several hundred gigabytes of bandwidth in <12 hours, requiring us to pay an overage fee to re-enable the mirror.

    In other cases, people throw up websites loaded with ads then hotlink directly to our downloads. This of course takes away from bandwidth for legitimate users of WinWorld trying to get a few files as well as sending ad money to sites that don't deserve it.

    As @Totengeist suggested, a VPN is certainly an option worth trying on the user-end for anyone having this problem - it should bypass an ISP's CGNAT and allow for the IP matching to work, in theory.

    On our end, an intermediate option I'm looking at is providing a mirror that is speed limited but doesn't require IP matching - downloads would still go through Adventure, and I'd implement some level of basic referrer checking to deter casual hotlinkers. Keep an eye out for this.

    The mirror-side of the anti-hotlink is single PHP file not on GitHub; I'm willing to share that with to anyone interested in taking a look at this.

    It's great, @Duff ! All downloads is working now?

  • hey people im saving all downloads to https://web.archive.org/ can someone make it so downloads from the downloads for each OS are able to be saved? for example https://web.archive.org/web/20180903010907/https://winworldpc.com/download/407dc39b-5b18-c39a-11c3-a4e284a2c3a5

  • The Idea is good, but this would cause a lot of used space, that isn't searchable but in an old, archived winworld version.

    I am also uploading to archive.org, this is a better solution I think:
    (klick on list rather than thumbnail view, makes easier to read)
    https://archive.org/details/@sdose

Sign In or Register to comment.