Best practices to prevent malware while torrenting (lemmy.org)

submitted 11 hours ago by so0t8@lemmy.org to c/piracy@lemmy.dbzer0.com

18 comments fedilink hide all child comments

Hi there

I would like to prevent to the best of my ability getting malware or virus when torrenting. I know there is never 100% certainty of not getting one, but i'd like to mitigate it. I'd like to ask your advice/expertise.

These are the practices I use. Please build on them if you think there is room for improvement and how.

First off, I use linux (transmission) and only download media (music, movies), no software. I know this already lowers the risks significantly since most malware are on .exe for Windows, however I am aware mp3/mp4 and mkv files can still embed malware to exploit VLC vulnerabilities and also Linux.
I use Proton VPN with kill switch in advanced settings - no internet (at all) allowed when the VPN is not connected.
I limit opening the downloaded media in the PC. After seeding for a few months, I usually transfer them into an external HDD and delete them from the PC. Media may be used in a TV/phone for viewing/listening.
I have downloaded torrent media going into a separate internal SSD which is encrypted (obviously unencrypted when torrenting). This probably doesn't do much, but I get somewhat piece of mind when I am not torrenting and the ssd is locked.
I use normally pirate bay org and get the torrents with the higher number of seeds.

I understood joining some private tracker may help, but I found it difficult to join. Any advice and recommendations are welcome!

top 18 comments

sorted by: hot top controversial new old

[-] Confused_Emus@lemmy.dbzer0.com 2 points 3 hours ago

I use and highly recommend Cleanuparr. Kills stalled torrents, and has a malware component to block known malware torrents.

[-] B4DR0B0T@lemmy.dbzer0.com 6 points 6 hours ago

Using linux and downloading only media files makes you 90% safer. But malware comes in many shapes, for example i've seen it executed from .pdf or .url or .lnk files. Even if you download only music and movies, dont open included files like that. And if possible make a filter to not download anything except what you need like .mkv .mp4 .mp3 .flac

Using a killswitch on any vpn is a must, and actually number one good practice you should always do at firewall level. If you use linux use iptables or ufw for that dont rely just on your vpn software. Another good practice is to bind your transmission to specific network/ip/port. So when your vpn killswitch triggered software stops to function.

SSD/HDD encryption is really a personal preference its not required if you are torrenting. I would use encrypted storage for more important things than just your movies/shows =) But remember encrypted storage does not save you from a virus or malware.

Actually avoid using pirate bay org use something more modern like EXT (dot) TO or 1337x (dot) TO or something more smaller like YTS (dot) BZ or uIndex (dot) TO or PiratesParadise (dot) ORG or EZTVx (dot) TO or if you want CAM/TS try CinemaCity (dot) CC (but it has watermark logo flying around) The reason why I say try not to use pirate bay is because from my own experience that where the most malware and viruses are coming to torrents from.

And joing a private tracker really not required, the piracy is so widespread now its actually more work than just finding content in the open. Everything sooner or later ends up in the open. Leaks of content from scene, p2p groups or private trackers happen hourly.

Another alternative you could try is direct downloading, there are many places out there, especially for older content. For the newest content i recommendation using irc, its so easy and quick and you can automate downloads.

[-] so0t8@lemmy.org 1 points 43 minutes ago

Thanks, really appreciated detailed response. I checked out the websites youshared, and found them really good and actually with more seeds than pirate bay so am definitely moving away from that. A couple of questions if you dont mind. I am currently using Transmission and also the ufw. Do you think what steps I have to take to link it like you said? I am quite noob on this and I can't find any step that is understandable.

[-] cmnybo@discuss.tchncs.de 15 points 11 hours ago

Don't rely on the VPN kill switch for torrenting. It's not fast enough to prevent your IP from leaking if the VPN disconnects. The torrent client needs to be bound to the VPN interface. Transmission doesn't have an option to do that, so you would have to run it in a container instead.

[-] so0t8@lemmy.org 1 points 11 minutes ago

Thanks for that feedback. Is that also true when using the advanced kill switch? ProtonVPN with that setting does not allow internet at all if the vpn is not connected. In the case that I must use that container, how would I do this?

[-] reallyzen@lemmy.ml 6 points 10 hours ago* (last edited 10 hours ago)

You ~~can~~ must do that in qBittorrent. Also, that has nothing to do with downloading malware, while being a good recommendation if your ISP reports torrenting to the copyright owner (like orange in France)

[-] mangaskahn@lemmy.waynetec.us 1 points 7 hours ago

It's probably best to handle that at the firewall, host based, external, or ideally both. The only traffic allowed outbound from the torrent box should be the VPN connection. Then it doesn't matter if routing or interface binding is set up wrong.

[-] so0t8@lemmy.org 1 points 18 minutes ago

The only traffic allowed outbound from the torrent box should be the VPN connection. Then it doesn’t matter if routing or interface binding is set up wrong

Thanks, how could I do this with ufw?

[-] reallyzen@lemmy.ml 9 points 10 hours ago* (last edited 10 hours ago)

If it's too good to be true, it's malware

If it isn't released yet, it is malware

If it is an .iso file but not a Linux distribution, it is malware

What infuriates me with malware, which idgaf because "arch btw", is that I reseed that shit unknowingly. Sometimes a lot.

Always check file before you let it seed forever as you should.

[-] so0t8@lemmy.org 1 points 42 minutes ago

How could I check the file before I let it seed? They are a few gigabyte files so i guess uploading to virustotal is not really an option. I am on Linux.

[-] MagnificentSteiner@lemmy.zip 14 points 9 hours ago

If it is an .iso file but not a Linux distribution, it is malware

That's not true. There's loads of legitimate torrents with .iso files.

[-] cassandrafatigue@lemmy.dbzer0.com 5 points 7 hours ago

You should know you're looking for .iso's though.

[-] Damarus@feddit.org 5 points 11 hours ago

Don't use public trackers is really the most important precaution imo.

[-] nullptr@lemmy.dbzer0.com 4 points 11 hours ago

Your best bet is to join MAM. From there, you can progress to Aither and other sites within a reasonable amount of time through the invite forums.

[-] so0t8@lemmy.org 5 points 11 hours ago

Your best bet is to join MAM. From there, you can progress to Aither and other sites within a reasonable amount of time through the invite forums.

Could you elaborate what is MAM?

[-] theskyisfalling@lemmy.dbzer0.com 8 points 10 hours ago

MAM is myanonamouse which is a private tracker focusing on books and audiobooks. It is generally seen as one of the easier trackers to both get into and maintain your ratios on and is a good place to learn how private trackers work.

From there it helps you get into others by having a proven track record as well as being able to get invites via the MAM forum sometimes from other users etc.

I love the place as a lot of what I get is audiobooks anyway, it is super friendly and people will help you out as long as you have done your due diligence and aren't asking stupid questions that are covered in their already extensive documentation and forum.