Best practices to prevent malware while torrenting (lemmy.org)

submitted 1 day ago by so0t8@lemmy.org to c/piracy@lemmy.dbzer0.com

24 comments fedilink hide all child comments

Hi there

I would like to prevent to the best of my ability getting malware or virus when torrenting. I know there is never 100% certainty of not getting one, but i'd like to mitigate it. I'd like to ask your advice/expertise.

These are the practices I use. Please build on them if you think there is room for improvement and how.

First off, I use linux (transmission) and only download media (music, movies), no software. I know this already lowers the risks significantly since most malware are on .exe for Windows, however I am aware mp3/mp4 and mkv files can still embed malware to exploit VLC vulnerabilities and also Linux.
I use Proton VPN with kill switch in advanced settings - no internet (at all) allowed when the VPN is not connected.
I limit opening the downloaded media in the PC. After seeding for a few months, I usually transfer them into an external HDD and delete them from the PC. Media may be used in a TV/phone for viewing/listening.
I have downloaded torrent media going into a separate internal SSD which is encrypted (obviously unencrypted when torrenting). This probably doesn't do much, but I get somewhat piece of mind when I am not torrenting and the ssd is locked.
I use normally pirate bay org and get the torrents with the higher number of seeds.

I understood joining some private tracker may help, but I found it difficult to join. Any advice and recommendations are welcome!

you are viewing a single comment's thread
view the rest of the comments

[-] B4DR0B0T@lemmy.dbzer0.com 9 points 22 hours ago

Using linux and downloading only media files makes you 90% safer. But malware comes in many shapes, for example i've seen it executed from .pdf or .url or .lnk files. Even if you download only music and movies, dont open included files like that. And if possible make a filter to not download anything except what you need like .mkv .mp4 .mp3 .flac

Using a killswitch on any vpn is a must, and actually number one good practice you should always do at firewall level. If you use linux use iptables or ufw for that dont rely just on your vpn software. Another good practice is to bind your transmission to specific network/ip/port. So when your vpn killswitch triggered software stops to function.

SSD/HDD encryption is really a personal preference its not required if you are torrenting. I would use encrypted storage for more important things than just your movies/shows =) But remember encrypted storage does not save you from a virus or malware.

Actually avoid using pirate bay org use something more modern like EXT (dot) TO or 1337x (dot) TO or something more smaller like YTS (dot) BZ or uIndex (dot) TO or PiratesParadise (dot) ORG or EZTVx (dot) TO or if you want CAM/TS try CinemaCity (dot) CC (but it has watermark logo flying around) The reason why I say try not to use pirate bay is because from my own experience that where the most malware and viruses are coming to torrents from.

And joing a private tracker really not required, the piracy is so widespread now its actually more work than just finding content in the open. Everything sooner or later ends up in the open. Leaks of content from scene, p2p groups or private trackers happen hourly.

Another alternative you could try is direct downloading, there are many places out there, especially for older content. For the newest content i recommendation using irc, its so easy and quick and you can automate downloads.

[-] so0t8@lemmy.org 2 points 15 hours ago

Thanks, really appreciated detailed response. I checked out the websites youshared, and found them really good and actually with more seeds than pirate bay so am definitely moving away from that. A couple of questions if you dont mind. I am currently using Transmission and also the ufw. Do you think what steps I have to take to link it like you said? I am quite noob on this and I can't find any step that is understandable.

[-] B4DR0B0T@lemmy.dbzer0.com 2 points 12 hours ago* (last edited 12 hours ago)

I don't use Transmission or UFW, I use Area2 (CLI) and IPTables. But from what i know of UFW its just a frontend for IPTables. So firewall rules should be similar. So here are few rules you can try, but I highly recommend you do your research on how to properly use UFW or IPTables with Transmission.

// This command resets all your existing rules.
sudo ufw reset

// Block all outgoing and incoming traffic by default.
sudo ufw default deny outgoing
sudo ufw default deny incoming

// Allow outgoing connections via VPN interface only.
// Allow forwarding traffic through the VPN interface tun0
// Change "tun0" to your VPN interface and 12345 port to your Transmission port.
sudo ufw allow out on tun0 to any port 12345 proto tcp
sudo ufw allow out on tun0 to any port 12345 proto udp

// Allow VPN service traffic on your normal interface (exp. eth0 or wlan0)
// Replace x.x.x.x to your VPN server port and 1194 port to your VPN port.
sudo ufw allow out to x.x.x.x port 1194 proto udp

// Optionally if you dont want to restrict your vpn per ip/port do something like this.
// Change eth0 to your network interface and 1194 port to your VPN port.
sudo ufw allow out on eth0 to any port 1194 proto udp

// Enable your UFW firewall rules.
sudo ufw enable