/tech/ - Technology★

Wow, they found all 10 retards that had the XML-RPC feature compiled and enabled

>t. uTorrent users trying to feel better about themselves

Don't be a retard. If you expose service to the internet assume it's going to be owned and plan your security accordingly.

>>876712 (OP)

install qbittorrent or ktorrent, fag

>>876712 (OP)

Guess I will have to go back to Usenet then

>No 'default behavior' for rpc is enabled by rtorrent, and using unix sockets for RPC is what I'm recommending.

People fucked it up if they enabled it through TCP tbh

>>876715

literally everyone has it enabled so they can use rutorrent to control it.

>>876715

I use flood instead of rutorent. flood is better. and use socket to talk to it.

>>876763

>nodejs

t. dicklover

>>876783

Also, the last commit encapsulate all the faggotry of node.js users:

>Replaces Slack with Discord

>>876785

Why is there no simple GUI for rtorrent?

>>876785

>replaces piss with shit

wow, something to worry about!

>>876712 (OP)

>direct linking that shitty website

https://archive.fo/t5Nnz

>>876897

where is that cute loli from?

>>876897

Your font rendering gave me aids

>>876904

Thanks.

Tixati masterrace!

>>876945

Enjoy your ban for ratio cheating

>>876945

>proprietary software

botnet using degenerates out

>>876965

>using the centralized 8chan

>>877014

I don't need to use any proprietary software to post to 8chan and read from it.

The real trouble is the fact people put a fucking server on a computer and expect it to be able to securely communicate with anyone on the planet from average joe to chinese government botnets passively scanning and trying exploits against their box.

Why don't you make it so that ONLY YOU can connect to YOUR server? Drop ALL packets by default and only open ports to an authorized computer. Use something like port knocking, or even better single packet authorization. The idea is the network stack will read packet contents and drop them all, but when a packet that is signed by an authorized key comes in it will establish a secure connection to that computer only.

Security comes from TRUST, so don't let retards you don't even know much less trust talk to your server at all.

>>877018

>as long as the client is opensource its all good

>>877039

OwO wats dis?

https://github.com/OpenIB/OpenIB/

>>877040

>Implying thats the code they run

>>877042

It used to not be. Just noticed the readme change.

>>876897

>node.js server for torrent client

How could they made this shit up, no wonder it's fucked.

Time to swtich to https://synapse-bt.org/ you faggots.

>>877186

Yeah, really following this one; we'll get to harvest more Windows luser tears.

But there's no curses UI, only a faggot node.js web interface. If the CLI is good enough, I'll use it, though.

>>876712 (OP)

what about qBittorrent?

>>877206

https://github.com/ParadoxSpiral/axon

???

>>877239

As some anon said

>Qt bloatware + libtorrent boost insanity

>so retarded it even depends on Qt for non-GUI stuff

>six millions issues on the github

>>877240

Cool. I expected one to be made soon anyway, just didn't know this one.

>Attackers have generated $3,900 so far in an ongoing campaign that's exploiting the popular rTorrent application to install currency-mining software on computers running Unix-like operating systems, researchers said Thursday.

It's unavoidable on UNIX-like operating systems. If they weren't running rTorrent, there would be something else to exploit, like finger.

Subject: What you once thought was a brain-dead misimplementation is now the protocol definition!
  or, Unix Historical Revisionism At Work Again,
  or, IETF-approved RFC1196

    This whole thing is pretty sad, or pathetic, or depressing
or something.  

    Firstly, there's the rewriting of a protocol to conform
to a ubiquitous misimplementation -- the unix story over and
over.

    Then there's the growing Balkanisation (or
Multics-ification) of the net -- I remember laughing out
loud when I found that MIT-MULTICS refused finger service on
security grounds.

    Then, or course, there's the pathetic implementational
warnings about how one should be very very careful in
implementing this sensitive and dangerous protocol -- as if
this perilous protocol somehow innately offered a direct way
to shove fingers up unix' sockets.  Or something.

Was rTorrent not free software or something? Transmission and qBittorrent have always worked fine for me. Transmission has a webui and can be controlled with SSH as well

>>877394

rtorrent is free. I think the retards had the RPC listening on the external IP instead of on localhost, they had it coming and the hackers did nothing wrong.

>>877394

I done read the article and I guess RPC is to blame here.

>>877398

>>877396

Is there anyway to check if RPC is showing my actual IP and how to turn it off?

>>877424

Just compile it without support for rpc. Its disabled by default on gentoo. Even if its built with support it has to be explicitly enabled in the config. And on top of that the recommended configuration on the rtorrent wiki page on github has always been to use a unix socket.

sage because we don't need anymore low effort threads.

>>877424

netstat or try to connect to it from another machine.

>>877438

You Too

>to install unix coin miner

Joke's on them I mine CPU coins already so they won't get anything.

Or if they do I'll notice it because my hashrate will go down.

deluge?

>>877653

Slowest and less scalable client. No, thanks. Transmission is already good, and synapses is getting here.

>>877260

works on my machine