After a short time serving one of those torrents, I have lots of connections from China, each pulling down about 130KiB/s. My outgoing bandwidth has been rising slowly, from only 400KiB/s when I started writing this comment to 3MiB/s now.

https://emergent.unpythonic.net/files/sandbox/Screenshot_202...

    % Information related to '117.188.0.0/14AS9808'

    route:          117.188.0.0/14
    descr:          China Mobile communications corporation

And 112.6 and 27.192, also in China, are connecting at a few MiB/s each client IP. However, its clients aren't serving up the "\0" client IDs and are connecting with encryption. https://emergent.unpythonic.net/files/sandbox/Screenshot_202...

Those are legitimate peers. The bots are all unencrypted with the \0 client ID. You must also have your torrent port open for them to connect to you because they don’t have ports open. This fact is the only reason one is still able to download these torrents.

It will likely require some scrolling down to see the bot-driven downloads visible around the middle of the web page.

On what basis is this being attributed to Chinese?

EDIT: When this comment was made, there were 4 torrents with ~300K leeches. At the time of this update, the leecher counts on each all went down to ~150K.

I can’t vouch that all of them are Chinese but the vast majority of them are coming from Chinese IP addresses. They seem to be under C&C and come and go in massive quantities.

Are they xferring ubuntu? Or leveraging it somehow to move their own data?

Downloading but remaining at 0% completed.

connecting but not transferring, you mean?

They do the transfer, but then they don't indicate that they have the data. They will connect to more peers and download the same chunks again.