RTorrent BTFO

Oliver Russell
Oliver Russell

arstechnica.com/information-technology/2018/03/hackers-exploiting-rtorrent-to-install-unix-coin-miner-have-netted-4k-so-far/

First Āµtorrent now rTorrent
IS NO CLIENT SAFE?

Other urls found in this thread:

archive.fo/t5Nnz
github.com/OpenIB/OpenIB/
synapse-bt.org/
github.com/ParadoxSpiral/axon

Levi Myers
Levi Myers

Wow, they found all 10 retards that had the XML-RPC feature compiled and enabled

Isaac Cooper
Isaac Cooper

t. uTorrent users trying to feel better about themselves
Don't be a retard. If you expose service to the internet assume it's going to be owned and plan your security accordingly.

Christopher Cruz
Christopher Cruz

install qbittorrent or ktorrent, fag

Benjamin Nguyen
Benjamin Nguyen

Guess I will have to go back to Usenet then

Noah Phillips
Noah Phillips

I use rtorrent-ps without xmlrpc, latest git

Brody Wood
Brody Wood

No 'default behavior' for rpc is enabled by rtorrent, and using unix sockets for RPC is what I'm recommending.
People fucked it up if they enabled it through TCP tbh

Aiden Brooks
Aiden Brooks

literally everyone has it enabled so they can use rutorrent to control it.

Jason Stewart
Jason Stewart

I use flood instead of rutorent. flood is better. and use socket to talk to it.

Jacob Miller
Jacob Miller

Not SSHing to the server and controlling rtorrent

Dominic Sanders
Dominic Sanders

nodejs
t. dicklover

Christopher Phillips
Christopher Phillips

Also, the last commit encapsulate all the faggotry of node.js users:
Replaces Slack with Discord

Grayson Russell
Grayson Russell

Why is there no simple GUI for rtorrent?

Jose Sullivan
Jose Sullivan

replaces piss with shit
wow, something to worry about!

Leo Gutierrez
Leo Gutierrez

direct linking that shitty website
archive.fo/t5Nnz

Anthony Lopez
Anthony Lopez

where is that cute loli from?

Cooper Gutierrez
Cooper Gutierrez

Way of the Samurai 4.

Nathaniel Sullivan
Nathaniel Sullivan

Your font rendering gave me aids

Christopher Lewis
Christopher Lewis

Thanks.

Alexander Mitchell
Alexander Mitchell

Tixati masterrace!

Noah Bennett
Noah Bennett

Enjoy your ban for ratio cheating

Christopher Richardson
Christopher Richardson

proprietary software
botnet using degenerates out

Luis Young
Luis Young

using the centralized Holla Forums

Ethan Mitchell
Ethan Mitchell

I don't need to use any proprietary software to post to Holla Forums and read from it.

Mason Morris
Mason Morris

The real trouble is the fact people put a fucking server on a computer and expect it to be able to securely communicate with anyone on the planet from average joe to chinese government botnets passively scanning and trying exploits against their box.

Why don't you make it so that ONLY YOU can connect to YOUR server? Drop ALL packets by default and only open ports to an authorized computer. Use something like port knocking, or even better single packet authorization. The idea is the network stack will read packet contents and drop them all, but when a packet that is signed by an authorized key comes in it will establish a secure connection to that computer only.

Security comes from TRUST, so don't let retards you don't even know much less trust talk to your server at all.

Evan Harris
Evan Harris

as long as the client is opensource its all good

Jason Sanders
Jason Sanders

OwO wats dis?
github.com/OpenIB/OpenIB/

Ryan Price
Ryan Price

Implying thats the code they run

Jordan Bennett
Jordan Bennett

Blake Bennett
Blake Bennett

It used to not be. Just noticed the readme change.

Jeremiah Harris
Jeremiah Harris

node.js server for torrent client
How could they made this shit up, no wonder it's fucked.

Noah Flores
Noah Flores

Time to swtich to synapse-bt.org/ you faggots.

Austin Gray
Austin Gray

Yeah, really following this one; we'll get to harvest more Windows luser tears.
But there's no curses UI, only a faggot node.js web interface. If the CLI is good enough, I'll use it, though.

Jace King
Jace King

what about qBittorrent?

Dylan Watson
Dylan Watson

github.com/ParadoxSpiral/axon

???

Adrian Russell
Adrian Russell

As some user said
Qt bloatware + libtorrent boost insanity
so retarded it even depends on Qt for non-GUI stuff
six millions issues on the github
Cool. I expected one to be made soon anyway, just didn't know this one.

Levi Watson
Levi Watson

Attackers have generated $3,900 so far in an ongoing campaign that's exploiting the popular rTorrent application to install currency-mining software on computers running Unix-like operating systems, researchers said Thursday.
It's unavoidable on UNIX-like operating systems. If they weren't running rTorrent, there would be something else to exploit, like finger.

Subject: What you once thought was a brain-dead misimplementation is now the protocol definition!
or, Unix Historical Revisionism At Work Again,
or, IETF-approved RFC1196

This whole thing is pretty sad, or pathetic, or depressing
or something.

Firstly, there's the rewriting of a protocol to conform
to a ubiquitous misimplementation -- the unix story over and
over.

Then there's the growing Balkanisation (or
Multics-ification) of the net -- I remember laughing out
loud when I found that MIT-MULTICS refused finger service on
security grounds.

Then, or course, there's the pathetic implementational
warnings about how one should be very very careful in
implementing this sensitive and dangerous protocol -- as if
this perilous protocol somehow innately offered a direct way
to shove fingers up unix' sockets. Or something.

Isaiah Mitchell
Isaiah Mitchell

Was rTorrent not free software or something? Transmission and qBittorrent have always worked fine for me. Transmission has a webui and can be controlled with SSH as well

Hudson Young
Hudson Young

rtorrent is free. I think the retards had the RPC listening on the external IP instead of on localhost, they had it coming and the hackers did nothing wrong.

Nicholas Foster
Nicholas Foster

I done read the article and I guess RPC is to blame here.

Christian Morris
Christian Morris

Is there anyway to check if RPC is showing my actual IP and how to turn it off?

Bentley Price
Bentley Price

Just compile it without support for rpc. Its disabled by default on gentoo. Even if its built with support it has to be explicitly enabled in the config. And on top of that the recommended configuration on the rtorrent wiki page on github has always been to use a unix socket.

sage because we don't need anymore low effort threads.

Benjamin Wright
Benjamin Wright

netstat or try to connect to it from another machine.

Landon Edwards
Landon Edwards

Thank You My Nigger

Angel Murphy
Angel Murphy

You Too

Luke Cruz
Luke Cruz

to install unix coin miner
Joke's on them I mine CPU coins already so they won't get anything.
Or if they do I'll notice it because my hashrate will go down.

Jeremiah Jenkins
Jeremiah Jenkins

deluge?

Justin Lewis
Justin Lewis

Slowest and less scalable client. No, thanks. Transmission is already good, and synapses is getting here.

Sebastian Murphy
Sebastian Murphy

works on my machine