[GH-ISSUE #408] Compromised trackers #348

New issue

Closed

opened 2026-02-26 05:34:10 +03:00 by kerem · 2 comments

kerem commented

2026-02-26 05:34:10 +03:00

Owner

Originally created by @Noobgamer0111 on GitHub (Nov 9, 2022).
Original GitHub issue: https://github.com/ngosang/trackerslist/issues/408

Hello all,

TL;DR: My qBittorrent has been compromised by a Python script attack from some compromised public trackers.
See: https://www.reddit.com/r/Piracy/comments/yq3fus/i_think_my_qbittorrent_has_been_compromised/
Here's a list of IPs that were used by these trackers that Malwarebytes has detected. I'm removed the offending torrents for now.

Originally created by @Noobgamer0111 on GitHub (Nov 9, 2022). Original GitHub issue: https://github.com/ngosang/trackerslist/issues/408 Hello all, TL;DR: My qBittorrent has been compromised by a Python script attack from some compromised public trackers. See: https://www.reddit.com/r/Piracy/comments/yq3fus/i_think_my_qbittorrent_has_been_compromised/ Here's a list of IPs that were used by these trackers that Malwarebytes has detected. I'm removed the offending torrents for now. ![image](https://user-images.githubusercontent.com/60173797/200707506-a80702ec-55a3-47b7-8a5a-6602a0ca082d.png) ![image](https://user-images.githubusercontent.com/60173797/200707541-3bb03c0f-9598-4166-959a-17abbcb91f72.png) ![image](https://user-images.githubusercontent.com/60173797/200707569-f2ca027c-03a4-42d6-ba47-30d7c5dcf1a7.png) ![image](https://user-images.githubusercontent.com/60173797/200707651-d8cbf7d1-54a3-4109-bfc1-1edb9783dfc8.png)

kerem closed this issue

2026-02-26 05:34:10 +03:00

kerem commented

2026-02-26 05:34:11 +03:00

Author

Owner

@ckcr4lyf commented on GitHub (Nov 9, 2022):

It's a bold assumption to say "the public tracker is compromised"

Trackers don't "push content" as you mention in your reddit post, rather they give you connection details of peers that have the content you (your bittorrent client) asks for.

If a peer maliciously sends bad data, it would most likely (likely since SHA-1 is technically considered weak now) fail the hash check against the .torrent file you downloaded.

These trackers are just doing their job, which is linking you to peers that have the file you ask for. It's kinda like this:

       +--------------------------+
       |      TRACKER             |
       |                          |
       |                          |
       |                          |
       |                          |
       |                          |
       +----------------+---------+
             ^          |
             |          |
I want file  |          |  1.1.1.1 has
ABCD.exe,    |          |  it
who has it?  |          |
             |          |
             |          |
             |          |
             |          |
             |          v
        +----+--------------------+                            +----------------------+
        |       YOU               |     Gimme ABCD.exe         |        PEER          |
        |                         +--------------------------> |        (1.1.1.1)     |
        |                         |                            |                      |
        |                         |                            |                      |
        |                         |                            |                      |
        |                         | <--------------------------+                      |
        +-------------------------+     here u go              +----------------------+

Seems the problem is on your end, an executable or script you obtained has caused your client to try and download malware, and it's just using the trackers to find peers. Most trackers don't discriminate on content, they don't even know what the content is.

Source: I've written and operate public trackers

@ckcr4lyf commented on GitHub (Nov 9, 2022): It's a bold assumption to say "the public tracker is compromised" Trackers don't "push content" as you mention in your reddit post, rather they give you connection details of peers that have the content _you_ (your bittorrent client) asks for. If a peer maliciously sends bad data, it would most likely (likely since SHA-1 is technically considered weak now) fail the hash check against the `.torrent` file you downloaded. These trackers are just doing their job, which is linking you to peers that have the file you ask for. It's kinda like this: ``` +--------------------------+ | TRACKER | | | | | | | | | | | +----------------+---------+ ^ | | | I want file | | 1.1.1.1 has ABCD.exe, | | it who has it? | | | | | | | | | | | v +----+--------------------+ +----------------------+ | YOU | Gimme ABCD.exe | PEER | | +--------------------------> | (1.1.1.1) | | | | | | | | | | | | | | | <--------------------------+ | +-------------------------+ here u go +----------------------+ ``` Seems the problem is on your end, an executable or script you obtained has caused your client to try and download malware, and it's just using the trackers to find peers. Most trackers don't discriminate on content, they don't even know what the content is. Source: I've written and operate public trackers

kerem commented

2026-02-26 05:34:11 +03:00

Author

Owner

@wefalltomorrow commented on GitHub (Nov 11, 2022):

The cause was figured out and (obviously) had nothing to do with trackers.

https://www.reddit.com/r/Piracy/comments/yq3fus/-/ivof8hc

@wefalltomorrow commented on GitHub (Nov 11, 2022): The cause was figured out and (obviously) had nothing to do with trackers. https://www.reddit.com/r/Piracy/comments/yq3fus/-/ivof8hc