Removed qBittorrent LXC from this repository #1725
Replies: 2 comments 4 replies
-
|
My rationale is that if installing an application with its default configuration exposes you to external attacks, there's no need to employ that application. Until the vulnerability is addressed. |
Beta Was this translation helpful? Give feedback.
-
|
Added back to the repository with UPnP disabled and password changed. |
Beta Was this translation helpful? Give feedback.
-
|
So let me gry this right: disabling upnp and changing password for web will "fix" already deployed qbittorrent lxc and there is no need for re-installation? |
Beta Was this translation helpful? Give feedback.
-
|
Correct |
Beta Was this translation helpful? Give feedback.
-
|
Apologies, but I tried the script and the default user+password combination listed does not work for the web interface. Is there another password that should be used? |
Beta Was this translation helpful? Give feedback.
-
|
I have just set up a new qBittorrent LXC, and I can confirm that the provided credentials are accurate. |
Beta Was this translation helpful? Give feedback.
-
Reason: potential malicious hidden code
Potential Unauthorized Mining: This script is executed on a system without the user's consent or knowledge, it is considered unauthorized mining, also known as "cryptojacking." Unauthorized mining can slow down the system, consume resources, and lead to increased electricity costs.
Potential Downloading from Untrusted Sources: The script downloads files from external sources, including URLs like "cdnsrv.in." Relying on external sources for software can be risky, as they might be compromised or deliver malicious payloads.
Potential Modifying System Settings: The script modifies firewall rules, SSH settings, and potentially other system configurations. Altering system settings without proper understanding or consent can lead to security vulnerabilities or unexpected behavior.
Potential Running as Root: The script uses sudo and makes changes as the root user. Giving root privileges to a script without a clear understanding of its actions can be risky, as it can potentially compromise the entire system.
Potential for Harm: Although the script seems to be related to mining, its behaviors and external dependencies might change over time. This could result in unexpected actions that could be detrimental to the system or user's privacy.
Potential Risk of Malicious Updates: The script downloads and installs software from external sources. If these sources are compromised, they could deliver malicious updates or trojanized versions of the mining software.
More info: #1720
Beta Was this translation helpful? Give feedback.
All reactions