Best practices to prevent malware while torrenting (lemmy.org)

submitted 19 hours ago by so0t8@lemmy.org to c/piracy@lemmy.dbzer0.com

20 comments fedilink hide all child comments

Hi there

I would like to prevent to the best of my ability getting malware or virus when torrenting. I know there is never 100% certainty of not getting one, but i'd like to mitigate it. I'd like to ask your advice/expertise.

These are the practices I use. Please build on them if you think there is room for improvement and how.

First off, I use linux (transmission) and only download media (music, movies), no software. I know this already lowers the risks significantly since most malware are on .exe for Windows, however I am aware mp3/mp4 and mkv files can still embed malware to exploit VLC vulnerabilities and also Linux.
I use Proton VPN with kill switch in advanced settings - no internet (at all) allowed when the VPN is not connected.
I limit opening the downloaded media in the PC. After seeding for a few months, I usually transfer them into an external HDD and delete them from the PC. Media may be used in a TV/phone for viewing/listening.
I have downloaded torrent media going into a separate internal SSD which is encrypted (obviously unencrypted when torrenting). This probably doesn't do much, but I get somewhat piece of mind when I am not torrenting and the ssd is locked.
I use normally pirate bay org and get the torrents with the higher number of seeds.

I understood joining some private tracker may help, but I found it difficult to join. Any advice and recommendations are welcome!

top 20 comments

sorted by: hot top controversial new old

[-] Confused_Emus@lemmy.dbzer0.com 4 points 11 hours ago

I use and highly recommend Cleanuparr. Kills stalled torrents, and has a malware component to block known malware torrents.

[-] B4DR0B0T@lemmy.dbzer0.com 8 points 14 hours ago

Using linux and downloading only media files makes you 90% safer. But malware comes in many shapes, for example i've seen it executed from .pdf or .url or .lnk files. Even if you download only music and movies, dont open included files like that. And if possible make a filter to not download anything except what you need like .mkv .mp4 .mp3 .flac

Using a killswitch on any vpn is a must, and actually number one good practice you should always do at firewall level. If you use linux use iptables or ufw for that dont rely just on your vpn software. Another good practice is to bind your transmission to specific network/ip/port. So when your vpn killswitch triggered software stops to function.

SSD/HDD encryption is really a personal preference its not required if you are torrenting. I would use encrypted storage for more important things than just your movies/shows =) But remember encrypted storage does not save you from a virus or malware.

Actually avoid using pirate bay org use something more modern like EXT (dot) TO or 1337x (dot) TO or something more smaller like YTS (dot) BZ or uIndex (dot) TO or PiratesParadise (dot) ORG or EZTVx (dot) TO or if you want CAM/TS try CinemaCity (dot) CC (but it has watermark logo flying around) The reason why I say try not to use pirate bay is because from my own experience that where the most malware and viruses are coming to torrents from.

And joing a private tracker really not required, the piracy is so widespread now its actually more work than just finding content in the open. Everything sooner or later ends up in the open. Leaks of content from scene, p2p groups or private trackers happen hourly.

Another alternative you could try is direct downloading, there are many places out there, especially for older content. For the newest content i recommendation using irc, its so easy and quick and you can automate downloads.

[-] so0t8@lemmy.org 2 points 8 hours ago

Thanks, really appreciated detailed response. I checked out the websites youshared, and found them really good and actually with more seeds than pirate bay so am definitely moving away from that. A couple of questions if you dont mind. I am currently using Transmission and also the ufw. Do you think what steps I have to take to link it like you said? I am quite noob on this and I can't find any step that is understandable.

[-] B4DR0B0T@lemmy.dbzer0.com 2 points 5 hours ago* (last edited 5 hours ago)

I don't use Transmission or UFW, I use Area2 (CLI) and IPTables. But from what i know of UFW its just a frontend for IPTables. So firewall rules should be similar. So here are few rules you can try, but I highly recommend you do your research on how to properly use UFW or IPTables with Transmission.

// This command resets all your existing rules.
sudo ufw reset

// Block all outgoing and incoming traffic by default.
sudo ufw default deny outgoing
sudo ufw default deny incoming

// Allow outgoing connections via VPN interface only.
// Allow forwarding traffic through the VPN interface tun0
// Change "tun0" to your VPN interface and 12345 port to your Transmission port.
sudo ufw allow out on tun0 to any port 12345 proto tcp
sudo ufw allow out on tun0 to any port 12345 proto udp

// Allow VPN service traffic on your normal interface (exp. eth0 or wlan0)
// Replace x.x.x.x to your VPN server port and 1194 port to your VPN port.
sudo ufw allow out to x.x.x.x port 1194 proto udp

// Optionally if you dont want to restrict your vpn per ip/port do something like this.
// Change eth0 to your network interface and 1194 port to your VPN port.
sudo ufw allow out on eth0 to any port 1194 proto udp

// Enable your UFW firewall rules.
sudo ufw enable

[-] cmnybo@discuss.tchncs.de 18 points 18 hours ago

Don't rely on the VPN kill switch for torrenting. It's not fast enough to prevent your IP from leaking if the VPN disconnects. The torrent client needs to be bound to the VPN interface. Transmission doesn't have an option to do that, so you would have to run it in a container instead.

[-] so0t8@lemmy.org 1 points 8 hours ago

Thanks for that feedback. Is that also true when using the advanced kill switch? ProtonVPN with that setting does not allow internet at all if the vpn is not connected. In the case that I must use that container, how would I do this?

[-] reallyzen@lemmy.ml 6 points 18 hours ago* (last edited 18 hours ago)

You ~~can~~ must do that in qBittorrent. Also, that has nothing to do with downloading malware, while being a good recommendation if your ISP reports torrenting to the copyright owner (like orange in France)

[-] mangaskahn@lemmy.waynetec.us 2 points 15 hours ago

It's probably best to handle that at the firewall, host based, external, or ideally both. The only traffic allowed outbound from the torrent box should be the VPN connection. Then it doesn't matter if routing or interface binding is set up wrong.

[-] so0t8@lemmy.org 1 points 8 hours ago

The only traffic allowed outbound from the torrent box should be the VPN connection. Then it doesn’t matter if routing or interface binding is set up wrong

Thanks, how could I do this with ufw?

[-] mangaskahn@lemmy.waynetec.us 1 points 55 minutes ago

https://yottasrc.com/wiki/article?t=how-to-block-outgoing-traffic-to-private-networks-using-ufw-on-your-server

Stop all incoming and outgoing traffic then allow only the VPN remote port number out to the Internet.

Remember to allow inbound connections from your local network to the management ports if you need them.

Do the same on your network firewall, block all outbound traffic from the torrent box IP address then allow only the remote vpn port out.

[-] reallyzen@lemmy.ml 10 points 18 hours ago* (last edited 18 hours ago)

If it's too good to be true, it's malware

If it isn't released yet, it is malware

If it is an .iso file but not a Linux distribution, it is malware

What infuriates me with malware, which idgaf because "arch btw", is that I reseed that shit unknowingly. Sometimes a lot.

Always check file before you let it seed forever as you should.

[-] so0t8@lemmy.org 1 points 8 hours ago

How could I check the file before I let it seed? They are a few gigabyte files so i guess uploading to virustotal is not really an option. I am on Linux.

[-] MagnificentSteiner@lemmy.zip 16 points 17 hours ago

If it is an .iso file but not a Linux distribution, it is malware

That's not true. There's loads of legitimate torrents with .iso files.

[-] cassandrafatigue@lemmy.dbzer0.com 6 points 15 hours ago

You should know you're looking for .iso's though.

[-] Damarus@feddit.org 5 points 19 hours ago

Don't use public trackers is really the most important precaution imo.

[-] nullptr@lemmy.dbzer0.com 4 points 19 hours ago

Your best bet is to join MAM. From there, you can progress to Aither and other sites within a reasonable amount of time through the invite forums.

[-] so0t8@lemmy.org 5 points 19 hours ago

Your best bet is to join MAM. From there, you can progress to Aither and other sites within a reasonable amount of time through the invite forums.

Could you elaborate what is MAM?

[-] theskyisfalling@lemmy.dbzer0.com 8 points 18 hours ago

MAM is myanonamouse which is a private tracker focusing on books and audiobooks. It is generally seen as one of the easier trackers to both get into and maintain your ratios on and is a good place to learn how private trackers work.

From there it helps you get into others by having a proven track record as well as being able to get invites via the MAM forum sometimes from other users etc.

I love the place as a lot of what I get is audiobooks anyway, it is super friendly and people will help you out as long as you have done your due diligence and aren't asking stupid questions that are covered in their already extensive documentation and forum.