This is the holy grail of P2P. There really is no magic solution - there is no way that a node can detect other nodes without having a well-known point to act as a link (well, you can do this on a local network using broadcast transmission, but not on the Internet) P2P files tend to work because well-known websites distribute โstarting pointsโ for discovery, and then further discovery (I would expect) may come from letting the nodes know about other nodes that they know about.
A good place to start your research would be Distributed Hash Tables .
As for security, this topic will be in the literature somewhere, I have to think - again I would recommend Wikipedia. Nonspecific solutions are trivial: if you cannot communicate with the IP / port, do not save it in your list, and if node regularly provides non-existent pointers, consider prioritizing or removing it entirely from your list.
For evil sites, it depends on your use case, but let them say that you are doing file sharing. If you are requesting a file section, check with a few nodes what the hash of the file should be, and then request the hash. If an evil node gives you a piece that has a different hash, you can again de-prioritize or forget that node.
Distributed processing systems work somewhat differently: they tend to ask several unconnected nodes to do the same job, and then they use a voting system (possibly using hashing again) to determine if evil is available. If the node provides consistently bad results, the administrator contacts or the IP address is removed from the list of known nodes.