[Solved] Filesmonster Premium problem

Jdownloader is showing my Filesmonster Premium account as invalid although according to the Filesmonster site it is valid for another 5 months.
I have tried reloading the software, deleting and re-adding the account but no luck.
Please can you help?

[raztoki]

Please email us at support@jdownloader.org or make a support ticket http://support.jdownloader.org. Please provide example links along with your login credentials (user:pass).

Thankyou

[agross]

+1, FilesMonster seems to have changed their login procedure:

- JD HTTP POSTs the login credentials
- FM returns a HTTP/200, containing a web form with a captcha (which wasn't there before)
- the login fails because the user is not authenticated

It's easily reproduced using a browser. WireShark shows the same behavior (HTTP POST + the form returned by FM).

I already opened a support ticket with FM, but it seems they don't care much. Is it possible to detect the captcha in JD's code base and display the captcha to the JD user to finish authentication?

Thanks,
Alex

[raztoki]

yes, we can detect anything within requests assuming its not something silly like a message within a image or flash. We still need user:password in order to do this, believe none have been sent. So no fixes possible from us until that happens.

[agross]

I sent you a PM with my login credentials.

[agross]

It's probably the best idea to grep the response HTML for "For security reasons, please enter captcha code below" as this is what is displayed above the captcha.

[raztoki]

I logged in via chrome and monitored its requests via inspect element.
I also tested with JD2 SVN and never received captcha within html, both methods logged in aok.

Did you happen to enter in your password incorrectly before? Some hosters stop DDoS of their login system or even brute force testing user:passwords by prompting additional login attempts from that IP with captcha prompt.

[agross]

I logged JD's login request with WireShark. Look for "For security reasons, please enter captcha code below". The same happens for me when using the browser.

I didn't leak my username, so I wonder why FM would think my account is attacked and block it accordingly.

Code:

    POST /login.php HTTP/1.1\r\n
    User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    Accept-Language: de, en-gb;q=0.9, en;q=0.8\r\n
    Accept-Encoding: gzip\r\n
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
    Cache-Control: no-cache\r\n
    Pragma: no-cache\r\n
    Connection: close\r\n
    Host: filesmonster.com\r\n
    Content-type: application/x-www-form-urlencoded\r\n
    Content-Length: 47\r\n
    \r\n
    act=login&user=SECRET&pass=SECRET&login=Login

    HTTP/1.1 200 OK\r\n
    Server: nginx/1.2.7\r\n
    Date: Tue, 11 Jun 2013 19:19:44 GMT\r\n
    Content-Type: text/html\r\n
    Content-Length: 2049\r\n
    Connection: close\r\n
    X-Powered-By: PHP/5.3.10-1ubuntu3.6\r\n
    Set-Cookie: hascookies=1; expires=Wed, 11-Jun-2014 19:10:35 GMT; path=/\r\n
    Set-Cookie: PHPSESSID=s9g97ask4s6qbfp5gameadsi77; path=/; HttpOnly\r\n
    Expires: Thu, 19 Nov 1981 08:52:00 GMT\r\n
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\n
    Pragma: no-cache\r\n
    Set-Cookie: yab_sess_id=c51edf5770e75103b6cf3af09c2fd977; expires=Wed, 11-Jun-2014 19:10:35 GMT; path=/; domain=.filesmonster.com; httponly\r\n
    Set-Cookie: yab_ulang=en; expires=Wed, 11-Jun-2014 19:10:35 GMT; path=/; domain=.filesmonster.com; httponly\r\n
    Set-Cookie: yab_logined=0; expires=Wed, 11-Jun-2014 19:10:35 GMT; path=/; domain=.filesmonster.com; httponly\r\n
    Set-Cookie: yab_uid=0; expires=Wed, 11-Jun-2014 19:10:35 GMT; path=/; domain=.filesmonster.com; httponly\r\n
    Set-Cookie: yab_last_click=1370977835; expires=Wed, 11-Jun-2014 19:10:35 GMT; path=/; domain=.filesmonster.com; httponly\r\n
    Set-Cookie: yab_country=DE; expires=Wed, 11-Jun-2014 19:10:35 GMT; path=/; domain=.filesmonster.com; httponly\r\n
    Vary: Accept-Encoding\r\n
    Content-Encoding: gzip\r\n
    \r\n
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "**External links are only visible to Support Staff**>\n
    <html xmlns="**External links are only visible to Support Staff** lang="en" xml:lang="en">\n
    <head>\n
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />\n
    <meta name="description" content="Digital Content Distrubition." />\n
    <meta name="keywords" content="Legal Files, Legal Files Distribution, Digital Content Distrubition" />\n
    <link href="**External links are only visible to Support Staff** rel="shortcut icon" />\n
    <script type='text/javascript' src='**External links are only visible to Support Staff**></script>\n
    <script type='text/javascript' src='**External links are only visible to Support Staff**></script>\n
    <script type='text/javascript' src='**External links are only visible to Support Staff**></script>\n
    <script type='text/javascript' src='**External links are only visible to Support Staff**></script>\n
    <script type='text/javascript' src='**External links are only visible to Support Staff**></script>\n
    <script type='text/javascript' src='**External links are only visible to Support Staff**></script>\n
    <script type='text/javascript' src='**External links are only visible to Support Staff**></script>\n
    <script type='text/javascript' src='**External links are only visible to Support Staff**></script>\n
    <link href='**External links are only visible to Support Staff** type='text/css' rel='stylesheet'>\n
    <link href='**External links are only visible to Support Staff** type='text/css' rel='stylesheet'>\n
    <link href='**External links are only visible to Support Staff** type='text/css' rel='stylesheet'>\n
    <link href='**External links are only visible to Support Staff** type='text/css' rel='stylesheet'>\n
    <link href='**External links are only visible to Support Staff** type='text/css' rel='stylesheet'>\n
    </head>\n
    <body>\n
    <a name="top"></a>\r\n
    <!--wrapper for all content-->\r\n
    <div class="global_container">\r\n
    \r\n
    <div class="logo_line">\n
    \n
    \t\n
    \t<a class="logo" href="/" style="text-decoration:none;"></a>\n
    \n
    </div>\n
    \n
    \n
    <div class="top_nav" style="">\n
    \t\t<a class="small" href="/premium/"><b>\n
    \t\t\t\t\tPremium\t\t</b>\n
    \t\t</a>\n
    \t\t<span class="separate">&nbsp;</span>\n
    \t\t\t\t\t<a  href="/info/upload/">Upload files</a>\n
    \t\t\t<span class="separate">&nbsp;</span>\n
    \t\t\t\t<a  href="/info/api/">API</a>\n
    \t\t<span class="separate">&nbsp;</span>\n
    \t\t<a  href="/info/copyrightowners/">For Copyright Owners</a>\n
    \t\t<span class="separate">&nbsp;</span>\n
    \t\t<a  href="**External links are only visible to Support Staff** target="_blank">Contacts</a>\n
    </div>\n
    <noscript>\r\n
    \t<div style="color:brown; border: solid 1px brown;padding:10px;margin:10px 0px; font-weight: bold; background-color: yellow">\r\n
    \t\tYou should <a target="_blank" href="**External links are only visible to Support Staff**>turn on Javascript</a> in your browser to work with all features of the service.\t</div>\r\n
    </noscript>\r\n
    \r\n
    \t\n
    \t<form action="/login.php" method="post" name='login' onsubmit=''>\n
    <input type=hidden name=act value=login>\n
    <div class="login_n stdblock">\n
    \t<h1 class="block_header">\n
    \t\tEnter your account\t</h1>  \n
    \t\t\t\t<p class="red">For security reasons, please enter captcha code below</p>\n
    \t\t<div class="s_big input_box" style="">\n
    \t\t<label for="user">Login:</label>\n
    \t\t<input type='text' name='user' class='textinput_short gray_style' value='SECRET' />\n
    \t\t&nbsp;&nbsp;\n
    \t\t<label for="password">Password:</label>\n
    \t\t<input type='password' name='pass' class='textinput_short gray_style' value='SECRET' />\n
    \t\t&nbsp;\n
    \t\t<div class="vm5">\n
    \t\t\t<input type="hidden" name="captcha_shown" value="1" /><script type="text/javascript" src="**External links are only visible to Support Staff**></script>\n
    \n
    \t<noscript>\n
      \t\t<iframe src="**External links are only visible to Support Staff** height="300" width="500" frameborder="0"></iframe><br/>\n
      \t\t<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>\n
      \t\t<input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>\n
    \t</noscript>\t\t</div>\n
    \t\t<input type="submit" name='login' class="color_button_middle" value="Login" />\n
    \t</div>\n
    \t\t\n
    \t<div style="padding-left: 10px;">\n
    \t\t<a style="font-size:110%" href="/login.php?act=getpass">Forgot password?</a>\n
    \t\t<br />\n
    \t\t<br />\n
    \t\t<br />\n
    \t\t<a class="color2 em" style="font-size:120%" href="/register.php">Don't have a FilesMonster.com account?</a>\n
    \t\t<br />\n
    \t</div>\n
    </div>\n
    </form>    <br />\n
    \r\n
    \r\n
    \n
    <div class="footer darkgray">\n
    \t<div style="float:right;width:200px;text-align:right">\n
    \t\t<a href="/"><img src="**External links are only visible to Support Staff** border="0" alt="small logo"/></a>\n
    \t</div>\n
    \t<div style="font-size:11px">\n
    \n
    \t<p>\n
    \t\t<a href="/">Home</a>\n
    \t\t&nbsp;|&nbsp;\n
    \t\t\t\t\t<a href="/info/upload/">Upload files</a>\n
    \t\t\t&nbsp;|&nbsp;\n
    \t\t\t\t<a href="/info/copyrightowners/">Content Owners</a>\n
    \t\t&nbsp;|&nbsp;\n
    \t\t\t\t\t<a href="/info/webpromoters/">Webmasters</a>\n
    \t\t\t&nbsp;|&nbsp;\n
    \t\t\t<a href="/info/siteowners/">Site Owners</a>\n
    \t\t\t&nbsp;|&nbsp;\n
    \t\t\t\n
    \t\t<a href="/info/resellers/">Resellers</a>\n
    \t</p>\n
    \t<p class="copyright note">\n
    \t\tCopyright &copy; 2010 FilesMonster.com. All rights reserved.\t\t&nbsp;\n
    \t\t<a href="/rules/" >TOS</a>\n
    \t\t&nbsp;|&nbsp;\n
    \t\t<a href="/info/privacypolicy/">Privacy Policy</a>\n
    \t\t&nbsp;|&nbsp;\n
    \t\t<a href="/report.php">Report</a>\n
    \t\t&nbsp;|&nbsp;\n
    \t\t<a href="/contact.php">Contacts</a>\n
    \t</p>\n
    \t</div>\n
    </div>\n
    \t\r\n
    <script type="text/javascript">\n
    var gaJsHost = (("https:" == document.location.protocol) ? "**External links are only visible to Support Staff** : "**External links are only visible to Support Staff**);\n
    document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));\n
    </script>\n
    <script type="text/javascript">\n
    var pageTracker = _gat._getTracker("UA-2177262-16");\n
    pageTracker._initData();\n
    pageTracker._trackPageview();\n
    </script>\t\r\n
    </div> <!--global container closed--></body>\n
    </html>

[pspzockerscene]

Well, so JD is actually correct?!
The only thing I could imagine is that they recognize and block JD by User-Agent or something else.
...or you failed to log in too often or it's just normal.

GreeZ pspzockerscene

[raztoki]

That was just a guess.

It could be because you have logged in too often, from too many different IP addresses over x time. While not always at concurrently (like if you shared account) it might be caused by the reconnection module if you use that feature in JDownloader. Some hosters only allow x logins a day, before captchas or preventing you from logging into your account. We tend to store cookie sessions until they no longer work if that's the case.

What sort of information did you get out of FM ? Did they indicate what the cause was? I really need to know so I can code the appropriate fix, as in maybe save session info vs captcha support issuing you millions of unnecessary captchas all the time.

[agross]

Yes, JD sends the correct credentials, but FM also wants to have the captcha passed before logging me in.

I don't log in from other machines or networks, I don't use the reconnection module, I haven't changed my passwords (and use a password tool - i.e. I never sent incorrect username/password) and nobody knows my logins. I really wonder why they decided to mark my account as requiring that extra captcha.

I really would appreciate if you would support that extra captcha, such that JD remains usable with my FM account.

All that FM support told me is this:

Quote:

Hello,

Unfortunately, JDownloader is not our product. You should apply to their support.
---
Kind regards,
Tanya Ketner

[raztoki]

The thing I found a little strange is from my IP your account didn't have the captcha, which would lead me to believe it could be more issue of how many times you login from a specific IP address or even IP range/subnet?

That's a typical buck passing exercise that most hosters do! Time = money

I'll email them see if I can get more detailed response and a test account in which the capthca is imposed.

raztoki

[agross]

Hm, that's probably true. When my problems with FM started, I only used JD to log in. Probably they found that JD is too aggressive and thus marked my account as requiring the captcha. I log in from my ISP's subnet, nothing special here.

Please keep me posted about what they tell you.

[pspzockerscene]

I think I can help.
Please send me your account via PM so I'll change the login function to save and re-use cookies.
This should prevent those problems because at the moment, JDF will log in for every download -> This is probably too much.

GreeZ pspzockerscene

[raztoki]

Already have the account details, just waiting for a response from FM before making next logical change (saving cookie sessions and re-using them).

=]

[raztoki]

I got a response out of filesmonster.
Indication was that recaptcha is shown after 30 successful logins since beginning of the day or after unsuccessful logins.

So implemented the following
- login, premium login now supports recaptcha
- login, caches cookies
- fetchAccountInfo, only performs a fresh login once every four hours. This is needed because we generally update once every 10-15minutes, thus quickly using up your login quota.
- handlePremium, uses cached cookies

[agross]

That sounds like excellent news. Thank you very much for your persistence when talking to FM :-)

How can I obtain the updated plugin to test?

Thanks!

[raztoki]

You will need to wait for updates to come out for 0.9.581 (stable) / old NIGHTLY. These older versions update process is controlled manually. We try to update every 0-14 days (but some times longer).
or
use JDownloader 2 (this version has instant plugin update system), and wait no more!

JDownloader 2 install instructions and download link http://board.jdownloader.org/showthread.php?t=37365

(from macro)

[agross]

Thank you, guys. It seems to work very well with JD2beta! Your support is very much appreciated!

If I might ask for two features:

- If you have more than one account with FM JD and JD2beta won't switch accounts when an account's daily quota is reached (account switching worked a while back on JD)

- JD took some time to recognize that you are a premium user and when it did the LinkGrabber didn't show the free user files (FM splits files > 100 MB into foo.ext.zip, foo.ext.z01 etc.) JD2beta always grabs these "parts" (including the single-link premium file), and you have to work with Link Filters to hide them. It's an 80% solution, because for files < 100 MB you cannot detect if a link is valid for premium or not just by looking at the file name/extension.

[raztoki]

The plugins are the shared(the same) between versions of JD, they should behave in the same manner other than minor differences. For example between components of code that's changed eg. Browser.

Think the way account balancing works is, the one with most quota left will get used first. Account updates of user data happens roughly once every ten minutes. Currently Filesmonster plugin doesn't provide any readable data of this given limit/quota. I do see error handling for it within the download method.
if (br.containsHTML("but it has exceeded the daily download limit")) throw new PluginException(LinkStatus.ERROR_PREMIUM, PluginException.VALUE_ID_PREMIUM_TEMP_DISABLE);

which will temp disable that account and move onto the next available account.

I talked to Filesmonster about if they had API as it kinda indicated they might by there mainpage. Anyway if they deciding on making one available it will hopefully provide more features than there website.

[agross]

I'm not sure the error message is still correct. When you visit a download link using the browser and the daily quota is exceeded, FM will display the following text in the HTML page:

Quote:

Today you have already downloaded 13.0 GB. And now you want to download 248.7 MB, but it has exceeded the daily download limit of 12.0 GB. Please try again in 15 hours and 40 minutes.
Click here to view the list of your today's downloads.

The text has some bold parts, probably containsHTML won't here:

Code:

<div id="error">Today you have already downloaded <b>13.0 GB</b>. And now you want to download <b>248.7 MB</b>, but it has exceeded the daily download limit of <b>12.0 GB</b>.
Please try again in <b>15</b> hours and <b>40</b> minutes.<br>
Click <a href="/today_downloads/">here</a> to view the list of your today's downloads.</div>

[agross]

FYI, JD says "Try restarting this link (plugin outdated?)" if the quota is used up.

[raztoki]

ok, committed changes to address this in a more effective way.

Please test in JD2.

[agross]

raztoki, thank you very much for your effort! It's working well and JD now also displays the traffic left for FM accounts. No need to uncheck accounts when the quota is exceeded. Excellent work!

[raztoki]

yep, benieft of scraping updating account stats all the time. Just you wont get that extra 1gb/day now.. as your error message implied that you where already over 1gb.