Why does qBittorrent download search indexes when I click update, and do I need to worry about being infected because of it?

  • FactoryDweller@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    8
    ·
    7 months ago

    Are you talking about search plugins? If you are, that’s expected behaviour.

    “Note that python plugins/scripts are, by its nature, not considered to be safe. Therefore any use of the unofficial plugins is at your own risk. It is a good practice to audit/take a look at the plugin/script before you install.” (From the link)

    Have a look at Jackett or Prowlarr (and the rest of the arr suite), it would greatly reduce your attack surface if you are worried about that and they are very easy to set up if you look for the servarr wiki.

      • FactoryDweller@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        7 months ago

        Yeah, that’s happening because you installed and enabled those plugins, and as long as they are maintained, they will be getting updates from time to time.

        any drawbacks or disadvantages of using Jackett and Prowlarr.

        Not that I know of. You’d have to configure flaresolverr because of certain websites cannot be accessed if you don’t pass the CAPTCHA, and that’s about it.

        Edit: Yeah, I checked now that I was on the computer and seems that I was wrong. Checking for updates installs and enables a small list of plugins without any more input from the user, and even though they are open source, that is not cool.

        If you are on the “Search” tab and click on “Search plugins” and check for updates (like on the gif above) you can check if they are installed and if they are enabled, from there right click them to do whatever you want.

        • Garry@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          7 months ago

          I had the same thing, I never installed a piratebay plugin but when I clicked check for update it magically appeared

          • FactoryDweller@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            7 months ago

            Yeah, I was wrong before. I don’t like this one bit, but I very much doubt there is any malicious intent from anyone at qBit.

            Hopefully someone more knowledgeable than me will step in and offer some insight.

            • Thebay@lemmings.worldOP
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              7 months ago

              I don’t believe there are any malicious intentions, but there are two other things that i don’t like. Their forum only permits sign-ups with Gmail and Outlook, and their website has a very strict Cloudflare DDoS protection police. I understand the rationale behind Cloudflare’s DDoS protection policy, but I would prefer if they used another DDoS protection provider.

              • FactoryDweller@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                7 months ago

                Their forum only permits sign-ups with Gmail and Outlook

                I went to see if it was true because I found it hard to believe, but you are right. I don’t understand why it is like this, given the nature of the program and the whole philosophy behind it.

                I guess that we can consider ourselves lucky that they don’t use Google’s CAPTCHA.

                Tomorrow I will raise an issue on their repo, I want to see what is the official stance on all this bullshit.

                • Thebay@lemmings.worldOP
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  7 months ago

                  Thanks for making a issue. Can share the link with us so that we can follow the discussions.