Hi there
I would like to prevent to the best of my ability getting malware or virus when torrenting. I know there is never 100% certainty of not getting one, but i’d like to mitigate it. I’d like to ask your advice/expertise.
These are the practices I use. Please build on them if you think there is room for improvement and how.
-
First off, I use linux (transmission) and only download media (music, movies), no software. I know this already lowers the risks significantly since most malware are on .exe for Windows, however I am aware mp3/mp4 and mkv files can still embed malware to exploit VLC vulnerabilities and also Linux.
-
I use Proton VPN with kill switch in advanced settings - no internet (at all) allowed when the VPN is not connected.
-
I limit opening the downloaded media in the PC. After seeding for a few months, I usually transfer them into an external HDD and delete them from the PC. Media may be used in a TV/phone for viewing/listening.
-
I have downloaded torrent media going into a separate internal SSD which is encrypted (obviously unencrypted when torrenting). This probably doesn’t do much, but I get somewhat piece of mind when I am not torrenting and the ssd is locked.
-
I use normally pirate bay org and get the torrents with the higher number of seeds.
I understood joining some private tracker may help, but I found it difficult to join. Any advice and recommendations are welcome!
deleted by creator
Thanks, really appreciated detailed response. I checked out the websites youshared, and found them really good and actually with more seeds than pirate bay so am definitely moving away from that. A couple of questions if you dont mind. I am currently using Transmission and also the ufw. Do you think what steps I have to take to link it like you said? I am quite noob on this and I can’t find any step that is understandable.
deleted by creator
I use and highly recommend Cleanuparr. Kills stalled torrents, and has a malware component to block known malware torrents.
Your best bet is to join MAM. From there, you can progress to Aither and other sites within a reasonable amount of time through the invite forums.
Your best bet is to join MAM. From there, you can progress to Aither and other sites within a reasonable amount of time through the invite forums.
Could you elaborate what is MAM?
MAM is myanonamouse which is a private tracker focusing on books and audiobooks. It is generally seen as one of the easier trackers to both get into and maintain your ratios on and is a good place to learn how private trackers work.
From there it helps you get into others by having a proven track record as well as being able to get invites via the MAM forum sometimes from other users etc.
I love the place as a lot of what I get is audiobooks anyway, it is super friendly and people will help you out as long as you have done your due diligence and aren’t asking stupid questions that are covered in their already extensive documentation and forum.
deleted by creator
Home IPs are transient so that’s a really weird requirement.
Yeah with CGNAT becoming way more common it actually seems kind of unreasonable.
myanonamouse
Yeah that is for me a big one
Don’t rely on the VPN kill switch for torrenting. It’s not fast enough to prevent your IP from leaking if the VPN disconnects. The torrent client needs to be bound to the VPN interface. Transmission doesn’t have an option to do that, so you would have to run it in a container instead.
Thanks for that feedback. Is that also true when using the advanced kill switch? ProtonVPN with that setting does not allow internet at all if the vpn is not connected. In the case that I must use that container, how would I do this?
I run my VPN via OpenWRT, with rules setup per device that either routes traffic through the WAN or VPN interface. If the VPN is not working, there’s simply no outbound traffic. It’s more reliable than a kill switch.
Best solution is to use docker. One container is gluetun which provides the VPN connection. The other container runs transmission or qbittorrent and its traffic is routed over gluetun.
It’s probably best to handle that at the firewall, host based, external, or ideally both. The only traffic allowed outbound from the torrent box should be the VPN connection. Then it doesn’t matter if routing or interface binding is set up wrong.
The only traffic allowed outbound from the torrent box should be the VPN connection. Then it doesn’t matter if routing or interface binding is set up wrong
Thanks, how could I do this with ufw?
Stop all incoming and outgoing traffic then allow only the VPN remote port number out to the Internet.
Remember to allow inbound connections from your local network to the management ports if you need them.
Do the same on your network firewall, block all outbound traffic from the torrent box IP address then allow only the remote vpn port out.
You
canmust do that in qBittorrent. Also, that has nothing to do with downloading malware, while being a good recommendation if your ISP reports torrenting to the copyright owner (like orange in France)
Don’t use public trackers is really the most important precaution imo.
If you dont already I would highly recommend private trackers.
I’ve heard this for years, and I’ve never once found my way onto private trackers.
I had a torrentleech account which got hacked like 15 years ago
You won’t just find your way onto one. It’s a bit of a process and you need to be willing to put in a bit of effort to maintain a good ratio depending on the tracker it can be easy or difficult. If your interested you can check out the wiki attached to this community, that’s were I started also this spreadsheet has been a really good resource for me.
I have 4 invites for torrentleech.org. Dm me. Only active lemmy accounts older than 1 year.
I’m probably the most security paranoid person you may find here on Lemmy, I’m the kind of person who actually checks the gpg signatures of software I download, and refuses to use anything like AUR.
And I never worried one time in my life about exploits in media files, it’s just extremely unlikely that between the time a 0day is discovered, and your system is updated (you do update frequently, right?), that torrent is going to exploit some player or media library.
Last time I heard of something like that, it was like 10 years ago, a gstreamer 0day that got quickly patched.
Executable files aren’t going to execute themselves. If you don’t chmod +x them they shouldn’t execute at all even if you click them. I guess it can depend on your system.
I am much more concerned about internet facing applications like a web browser or torrent client.
And I never worried one time in my life about exploits in media files, it’s just extremely unlikely that between the time a 0day is discovered, and your system is updated (you do update frequently, right?), that torrent is going to exploit some player or media library.
Last time I heard of something like that, it was like 10 years ago, a gstreamer 0day that got quickly patched.
Executable files aren’t going to execute themselves. If you don’t chmod +x them they shouldn’t execute at all even if you click them. I guess it can depend on your system.
I am much more concerned about internet facing applications like a web browser or torrent client.
True, the combination of Media Player exploit + Linux + not patched, it is very unlikely. However, what if he is using a Debian based distro? Those may have a couple of year old version of VLC installed in the package manager for example…
Well, supposedly Debian stable backports security updates and bug fixes. So should it’s derivates.
There’s an issue where this isn’t always the case and small bugs are patched upstream without making the news, but something as big as remote code execution from a media file it’s something that doesn’t go unnoticed. That’s usually big news.
On another topic, I used to be a proponent of rolling release for better security, but the recent xz supply chain attack made me question that wisdom.
I understood they backport security updates, but is that also for apps in the software manager? For example: Currently I am using Mint. The VLC version there is 3.0.20 which is behind 2 years (current is 3.0.23). According to the releases of VLC, it indicated security fixes. Do these get fixes within the old number or are they neglected? What do you think? I concord by the wya on what you say related to rolling distro vs stable.
Do these get fixes within the old number or are they neglected?
From what I understand (and I may be wrong) at least on debian the fixes get backported if it’s viable to backport, when that happen they increment the number after the dash ex. 1.2.3-1 to 1.2.3-2. If backporting the fixes isn’t viable they backport the package.
I couldn’t find information relating to mint, it seems that packages.linuxmint.com website is broken atm. But ubuntu seems to have backported fixes on their VLC 3.0.21 package 11 times, the latest one in 29 Aug 2025 https://changelogs.ubuntu.com/changelogs/pool/universe/v/vlc/vlc_3.0.21-11/changelog
Ah, interesting. So in principle they wouldn’t leave a VLC or Media player with a big bug out there for long. The VLC of Mint is actually older 3.0.20-3build6 and it also looks like backported 3 times. I thought they were the same as Ubuntu but apparently not.
Read comments
Look for high seed counts
Trust your gut
Trusted uploaders
Private torrent sites, some of them open to public periodically
If it’s too good to be true, it’s malware
If it isn’t released yet, it is malware
If it is an .iso file but not a Linux distribution, it is malware
What infuriates me with malware, which idgaf because “arch btw”, is that I reseed that shit unknowingly. Sometimes a lot.
Always check file before you let it seed forever as you should.
If it is an .iso file but not a Linux distribution, it is malware
That’s not true. There’s loads of legitimate torrents with .iso files.
You should know you’re looking for .iso’s though.
How could I check the file before I let it seed? They are a few gigabyte files so i guess uploading to virustotal is not really an option. I am on Linux.
You might have significantly reduced risk but don’t think you’re safe and get complacent just bc you’re on Linux
