RTorrent BTFO

arstechnica.com/information-technology/2018/03/hackers-exploiting-rtorrent-to-install-unix-coin-miner-have-netted-4k-so-far/

First Āµtorrent now rTorrent
IS NO CLIENT SAFE?

Other urls found in this thread:

archive.fo/t5Nnz
github.com/OpenIB/OpenIB/
synapse-bt.org/
github.com/ParadoxSpiral/axon

Wow, they found all 10 retards that had the XML-RPC feature compiled and enabled

Don't be a retard. If you expose service to the internet assume it's going to be owned and plan your security accordingly.

install qbittorrent or ktorrent, fag

Guess I will have to go back to Usenet then

I use rtorrent-ps without xmlrpc, latest git

People fucked it up if they enabled it through TCP tbh

literally everyone has it enabled so they can use rutorrent to control it.

I use flood instead of rutorent. flood is better. and use socket to talk to it.

...

t. dicklover

Also, the last commit encapsulate all the faggotry of node.js users:

Why is there no simple GUI for rtorrent?

wow, something to worry about!

archive.fo/t5Nnz

...

where is that cute loli from?

Way of the Samurai 4.

Your font rendering gave me aids

Thanks.

Tixati masterrace!

Enjoy your ban for ratio cheating

botnet using degenerates out

...

I don't need to use any proprietary software to post to Holla Forums and read from it.

The real trouble is the fact people put a fucking server on a computer and expect it to be able to securely communicate with anyone on the planet from average joe to chinese government botnets passively scanning and trying exploits against their box.

Why don't you make it so that ONLY YOU can connect to YOUR server? Drop ALL packets by default and only open ports to an authorized computer. Use something like port knocking, or even better single packet authorization. The idea is the network stack will read packet contents and drop them all, but when a packet that is signed by an authorized key comes in it will establish a secure connection to that computer only.

Security comes from TRUST, so don't let retards you don't even know much less trust talk to your server at all.

...

OwO wats dis?
github.com/OpenIB/OpenIB/

...

...

It used to not be. Just noticed the readme change.

How could they made this shit up, no wonder it's fucked.

Time to swtich to synapse-bt.org/ you faggots.

Yeah, really following this one; we'll get to harvest more Windows luser tears.
But there's no curses UI, only a faggot node.js web interface. If the CLI is good enough, I'll use it, though.

what about qBittorrent?

github.com/ParadoxSpiral/axon

???

As some user said

Cool. I expected one to be made soon anyway, just didn't know this one.

It's unavoidable on UNIX-like operating systems. If they weren't running rTorrent, there would be something else to exploit, like finger.

Subject: What you once thought was a brain-dead misimplementation is now the protocol definition! or, Unix Historical Revisionism At Work Again, or, IETF-approved RFC1196 This whole thing is pretty sad, or pathetic, or depressingor something. Firstly, there's the rewriting of a protocol to conformto a ubiquitous misimplementation -- the unix story over andover. Then there's the growing Balkanisation (orMultics-ification) of the net -- I remember laughing outloud when I found that MIT-MULTICS refused finger service onsecurity grounds. Then, or course, there's the pathetic implementationalwarnings about how one should be very very careful inimplementing this sensitive and dangerous protocol -- as ifthis perilous protocol somehow innately offered a direct wayto shove fingers up unix' sockets. Or something.

Was rTorrent not free software or something? Transmission and qBittorrent have always worked fine for me. Transmission has a webui and can be controlled with SSH as well

rtorrent is free. I think the retards had the RPC listening on the external IP instead of on localhost, they had it coming and the hackers did nothing wrong.

I done read the article and I guess RPC is to blame here.

Is there anyway to check if RPC is showing my actual IP and how to turn it off?

Just compile it without support for rpc. Its disabled by default on gentoo. Even if its built with support it has to be explicitly enabled in the config. And on top of that the recommended configuration on the rtorrent wiki page on github has always been to use a unix socket.

sage because we don't need anymore low effort threads.

netstat or try to connect to it from another machine.

Thank You My Nigger

You Too

Joke's on them I mine CPU coins already so they won't get anything.
Or if they do I'll notice it because my hashrate will go down.

deluge?

Slowest and less scalable client. No, thanks. Transmission is already good, and synapses is getting here.

works on my machine