All versions of uTorrent 3.x BTFO. While 2.x also exhibits these entrypoints, at worst a highly specific crashing prank works. bugs.chromium.org/p/project-zero/issues/detail?id=1524 Set net.discoverable to false under Advanced and disable WebUI, and restart your client.
>Not sure what private trackers are all about? The mission of /ptg/ is to promote the highest possible standards of tracker service by providing members with opportunities for professional development, by recognizing technical competence through examinations and by advancing the interests of its members.
Remember the following: >Staff occasionally read these generals and have posted here before. >This is a thread for educational purposes only. Don't offer or ask for invites. >Staff may pretend to be normal users asking for invites and when you invite them, they ban you for inviting strangers.
In case anyone doesn’t know, these rTorrent settings aren’t enabled by default.
Zachary Brooks
fuck off shill
James Young
>give useful information to thread >must be a shill you are why ptg is shit now
Nathaniel Diaz
>you are why ptg is shit now >posts a meme that shat up /ptg/ for months ironic
Noah Watson
so basically everyone with rutorrent is fucked?
Grayson Mitchell
Nah. Only the most Darwinian idiots using practically an open seedbox.
Dylan Rodriguez
everyone using any client but BiglyBT is fucked.
Justin Mitchell
>using a client named after a drumpf thing
Kevin Flores
We need to get BiglyBT approved at the various trackers!
David Fisher
MyAnonamouse has stepped up to the plate and allowed it.
It's the best client out there right now.
Zachary Ortiz
Incredible. I may have to start giving MAM some credit.
Eli Roberts
how does it compare to qbittorrent
Hudson Nelson
there's too many seedboxes using rtorrent, i doubt any tracker will actually ban it
Jordan Johnson
Again no one would be stupid enough to enable this setting. "Leave me wide open" is practically in the name.
Ryder Rogers
Wrong. I hijack open seedboxes all of the time. There are literally hundreds of open ones right now on my list.
Kayden Diaz
Well out of curiosity, what would be someone's reasoning for enabling this setting? Now that you mention it I do remember /ptg/ finding someone's open PTP seeds.
Adam Davis
>what would be someone's reasoning for enabling this setting? Misconfigured or terminally retarded. Most likely both. If you ever want passkeys you can look for open seedbox directories too. They don't even have to have an unsecured seedbox, just a public directory.
Josiah Phillips
And, last question, these open directories are really related to this setting or something unrelated
Xavier Lopez
>what would be someone's reasoning for enabling this setting using rutorrent
Joshua Jones
Unrelated.
Ryder Nguyen
i would like to apologize to utorrent users for making fun of you
Cameron Gutierrez
del
Nicholas Morris
How the fuck do you password protect an SCGI port?
Jack King
comfy qgodtorrent
Owen Gonzalez
i meant my rutorrent has a user/pass
James Torres
alright, i don't think i'm screwed. i tested out the exploit on my seedbox and i couldn't get it to work with the /RPC2 endpoint. In fact, I don't even think I have that endpoint as I'm using the github.com/Novik/ruTorrent/wiki/PluginHTTPRPC plugin for rutorrent.
Kevin Williams
oh right, fair enough. basic auth, i assume. it's then only a problem if you surfed the web on your seedbox, since a malware site could spoof localhost commands using DNS rebinding.
Robert Wood
couldnt surf even i wanted to on it
Nathaniel Anderson
Stop wasting four times the RAM and we'll talk.
Jason Evans
>four times the RAM That's where you're wrong. I've been running the latest and greatest since release and it has been totally BUG FREE on able to handle a large load. Currently on GNU/Linux so if you're fucking about in Windows I can't speak to the quality but on GNU it is FLAWLESS.
Dominic Cox
stop seeding on a toaster nigger
Joseph Martinez
What's PU requirements in PTP? want to invite my friend.
Jeremiah Moore
upload a torrent and have like 100gb upload or something
Ryder Hernandez
Basically one upload.
Connor Moore
>utorrent oh nononono
Noah Allen
What you said has nothing to do with the fact uTorrent runs more stable on 1/4th the RAM and CPU. Apparently you have to set it to “active torrents” to achieve just double.
hey, my dudes. quick question - i've been running transmission 2.92 via docker for a while. after seeing that a couple of my regular trackers are planning to phase it out, i decided to download 2.93 from a different docker repository which is more actively maintained and has better documentation.
if i want to keep an instance from 2.92 on my old container, can i simply mirror the /downloads and /config/torrents folder, along with resume.dat? or do i need to move other stuff, modify resume.dat, etc.?
my 2.92 containers all have a ton of cross-seeding stuff with custom download directories (e.g., PTP is just a .mkv file but HDB is a folder, so i point the PTP data directory to the HDB folder rather than just to /downloads) -- and i don't want to manually re-add hundreds of torrents like this, if i can avoid it.
Henry Brooks
to clarify, i'm asking about basically upgrading from 2.92 to 2.93 without breaking my currently seeding torrents across multiple containers currently running 2.92.
Who would win, a corporation using simple tried and true native Windows APIs to achieve the stated goal of being 'micro', or a massive bundle of external libraries linked to an unresolved issue queue (no pun intended) 2,823 deep?
John Ortiz
yes, thank you! looks like basically what i was expecting. ahd and hdb seem to be a bit spotty tonight so i'll give this a shot in the morning and hope it's as simple as it seems.
Adam Brooks
Which repo are you planning to use for 2.93 (asking for a friend)
Connor Edwards
tracker for braphogs and brapsows?
Aaron Myers
I need an invite to Bitme, and I have IPtorrents invite to give. Here is my ratio, and I will need to see yours as well. Thanks in advance. private message pls.
Xavier Nelson
It's all over.
Adrian Bennett
Thank god. Now I have zero reason to waste RAM on downgrading from uTorrent.
Gabriel Barnes
i'm testing how well some headless clients handle seeding, you can follow the results here i guess: challonge.com/rw7zvi6k
basically that;s gonna be a couple of duels, the torrent clients are all inside their own debian 9 virtual machine, with their own copy of the files on a virtual disk the VMs are stored on an SSD, but the downloading with utorrent 2.2.1 will take place to an external hdd to throttle the speeds a bit
so in each duel, there's two bittorrent clients seeding a private torrent on the lan, sharing a single ssd drive, also the swarm is entirely in my control, i'm using the tracker built into utorrent 2.2.1 at first i wanted to use the qbittorrent tracker instead, but btpd would complain that it got "bad data" from the tracker
Gavin Allen
Great idea user.
One thing to clarify: deluge-gui or deluge-cli?
Eli Johnson
>DigitalHive >Online since: 2006-05-04
1 week until the bills are due and we are at 24% donations. We will not be able to make up the difference this time. We would like to thank everyone for their patronage over the years, it's been a good run.
Goodnight Sweet Prince
Jayden Johnson
deluged, the daemon the vms have no gui at all (no x server)
Dominic Wright
that warning was up a few days ago before the donation % reached 100. my theory is that they just forgot to remove the warning. either that or they're scamming.
Easton Campbell
fwiw, the results i enter is the amount of data uploaded by each client the torrent is 1457 pieces x 1 MiB, and for example for the first duel, aria2 reported 668.50 MiB uploaded and lftp reported 787.9 MiB so it kind of matches the 1457 MiB figure
Isaac Flores
Wait so you are only vulnerable if you have the scgi port open on your firewall?
Easton Thompson
my understanding is if you have the /RPC2 endpoint unprotected. i don't have that endpoint since i use the HTTP-RPC plugin for rutorrent, but if i did, i'd put it behind basic auth.
Jose Wood
and yes, you're right, you also don't want to have your SCGI port open to the world
Landon Ross
Hope rtorrent wil get BTFOED from RED, BIB, AB, OT and IPT
Logan Gonzalez
but why? it would hurt the seedboxers though...
Camden Murphy
Anyone know if this affects Flood?
Nolan Thompson
>but why? Can't play double standards now can we? If utorrent got BTFOED, then so should rtorrent.
Xavier Miller
the exact abuse described in the article doesn't affect flood. regardless, for flood, you'd still not want to have rtorrent's scgi port be open to the world. and of course if you're running flood on a public-facing seedbox you'll want to protect it behind a login like basic auth.
Jaxon Reyes
the rtorrent thing has several workarounds and i don't agree with banning utorrent 2.2.1 either
Thomas Reyes
u mad cause you had to resort to the very best client on windows? boo fucking hoo
Noah Thompson
The rtorrent thing is literally NOTHING
Logan White
Anyone gloating about either is a total idiot not worth responding to, but who honestly might not understand what nothing burgers both issues are.
Ian Nelson
see
Luke Perry
>be retarded on leave RPC open for external access >OMG GUISE RTORRENT IS COMPROMISED!!11 retard
Ethan Morgan
You mean like uTorrent's WebUI? Sounds like it should be banned then, others using it might compromise my security, maybe.
There's no way for trackers to detect this though. Better safe than sorry, take it off the whitelist until it's updated.
Deja vu.
Jason Nelson
>it's as if they only pay to keep it up 25 days a month That's exactly what it feels like AHD is doing. It's down a few days every month and that's what's happening
Henry Hall
>give gold What does that mean? Serious question
Jace Miller
It's domain is .ch? That's so currynigger. I'm still waiting for a real music tracker to emerge
Tyler Williams
Go to the wiki you faggot
Hudson Martin
the difference between the utorrent issues and the rtorrent issues is that no one knew about utorrent's problems from the get-go. for rtorrent, the docs for it and for rutorrent already made it clear what security precautions you needed to take to prevent what the arstechnica article is describing.
Charles Gomez
best yer gonna get fucko
Lincoln Torres
AHD is down for maintenance
Ryder Ross
results updated: challonge.com/rw7zvi6k Transmission 2.93 wins against Deluged 1.3.15 in a match
Landon White
red is down and that actually matters
Brody Baker
who cares about red, it's useless for climbing
Oliver Martin
you disgust me
Kevin Gray
Trackers can't tell if a user's taken precautions or not, it's not YOUR choice to endanger MY security.
it surely is fun to watch glorious Transmission OBLITERATE qStalledMeme
Oliver Brooks
Are you using a performance config or the default one?
Matthew Collins
on which side? it's definitely the defaults for the cache sizes and stuff, but each of the clients is configured to disable encryption, pex, dht, lpd
Benjamin Reyes
Why the fuck do I care about what client is the fastest uploader if nobody's leeching from me
Camden Moore
Create your own competiition and measure that faggot
Caleb Clark
So if I'm understanding this correctly, only non-password protected rutorrent instances are vulnerable? Am I correct on this or have I missed something?
Connor Smith
Go to the wrong website, and malicious javascript could access the xmlrpc port running locally on your computer, and if they can do that, they can run any shell command they want.
Josiah Long
do you have a /RPC2 (or whatever) endpoint enabled in your webserver config? if so, make sure it's behind basic auth or the like.
on a different note, make sure whatever scgi_port rtorrent uses isn't accessible to the public
Carson Long
why does it matter? was it raided?
John Long
Thank you. I shouldn't have any configs like that but I will double check everything to be sure.
Aaron White
Retard here, does that mean I'm safe and I don't have to do anything?
Nicholas Myers
...
William Long
Answer might depend on if you used a seedbox script or not
Luke Lee
It's been a while but I'm pretty sure I installed rtorrent (0.9.2) myself with some package manager on debian and the only config I changed is my .rtorrent.rc schedule = watch_directory,5,5,"load_start=/home/share/media/torrents/*.torrent,d.set_directory=/home/share/media/torrents" upload_rate=50 download_rate=500 directory=/home/share/media/torrents system.umask.set = 000
Nolan Lee
Javascript was a mistake.
Aiden Thomas
>in the news: lftp barely edges out rtorrent in the seeding competition: challonge.com/rw7zvi6k
