Just about everyone starting out in the world of seedboxes usually begins on a shared seedbox. They’re much more affordable (when compared to a dedicated box), they come pre-configured with a BitTorrent GUI & client, and there’s usually no setup fee. Simply pay, login to the box, and start adding torrents. Recently, however; there’s been an increasing trend whereby users of shared seedboxes are having their private tracker accounts hijacked. We explain how & why this is happening - and what you can do to prevent it.
Choose Wisely: Trust Your ‘Shared Seedbox’ Provider
On par with any Internet-based supplier, there are trustworthy reputable seedbox providers - and there are also unscrupulous scammers looking for a quick buck. The reality is, just about anyone can become a so-called “seedbox provider”. Nobody wants to lose money for unrendered services or be forced to launch PayPal disputes. But there’s also the danger of having your private tracker accounts stolen.
Certain private trackers are reporting an alarming increase in account theft, solely related to the use of shared seedboxes. It works like this: the owner of the seedbox obtains your login details (username & password) to your private tracker account. Once logged in to the tracker, the password and email address are promptly changed in the user profile - and *presto* you’ve lost the ability to login. However, what cannot be changed is the username, which can be useful when attempting to recover the account, notably through a private tracker’s IRC channel.
Hijacked accounts can be sold on eBay, Craigslist etc. or quickly traded for other sites on torrent forums.
Protecting Your Tracker Accounts
Never give out your account information
Some seedbox providers may outright ask you for your private tracker account details, perhaps to troubleshoot a problem such as transfer speeds. Under no circumstances should anyone divulge such information - it will not help solve any issues pertaining to speed or problems with the seedbox.
Never login to your private tracker account from your seedbox
When you login to your private tracker account through a seedbox, it’s completely reasonable to assume that the owner of the seedbox server can steal your account information (login details). The ‘cookies’ may be left on the server (either through a previously used proxy, or a web browser cache) - thus your account info is retained for future access. It is unknown if a keylogger is being used to record this info, but likely not even required.
Essentially there are only a couple of ways that you can login to your tracker account via a shared seedbox; both should be avoided.
Seedbox Proxy: Some seedbox providers supply a proxy with the server, in order for users to be able to download torrents directly to the box. While 99% of private trackers have now adopted the passkey system; this is no longer necessary in most cases. One major exception is Demonoid.com - you’ll need to use a proxy or web browser on the seedbox to get the stats for the torrent to be counted towards your account. Otherwise, don’t use a proxy associated directly with the seedbox.
Desktop/Web Browser Access: Providers may offer “desktop” access to the server, whereby an Internet browser such as Firefox is available directly through the seedbox. This is especially true of Windows servers, but can also be found on Linux/*nix OSes as in the case with Ubuntu Desktop. Do not login to your private trackers from a seedbox web browser.
It’s unlikely that your tracker account can be stolen just from knowing the passkey in the torrent, but this is also a threat. Someone who obtains your passkey can manipulate the statistics on your account which can lead to unfavorable ratios, H&Rs, or even you being banned. Your passkey can also be used to upload bad torrents or download files without your knowledge.
Take for example: TorrentFlux. A provider (admin) of a seedbox running TorrentFlux has access to all of the torrents from all of the users. These are saved in a central location on the server (outside of the BT UI), and are not removed through TFlux even when “deleted” or “deleted with data” is applied. Below is a example of the path to all .torrent files on the server, as connected through SFTP:
Tips / What To Avoid
• Opt for a shared seedbox from a reputable supplier; one that’s been in business for awhile and has positive feedback (most torrent forums have discussion areas for this). Private tracker forums can also be a great place to find a seedbox - just be sure to check out the member first.
• Don’t use the same username/password on a seedbox that you use on your private tracker accounts (if applicable). Most seedbox providers will give you a random password, anyways.
• Avoid any seedbox offers through email, or through PMs on torrent boards and/or private trackers. Report these PMs to an admin on the site.
• Steer clear of services that offer to seed your torrents for you, or free seedbox offers (free torrent slots). Also avoid the use of temporary seedboxes. If it sounds too good to be true, it probably is.
Great article. The key, as usual, is to not give passwords to anyone, changing them frequently and so on.
The passkey part is interesting, basically a seedbox provider has access to all users passkeys, right? Sounds very unreliable!
New Wallpapers Added (103 Wallpapers) to Super Cars With Hot Girls. Wallpapers
132 Total Wallpapers
good article, we have to trust the seedbox providers like private torrent sites admin
Look for seedbox providers that run trackers. They tend to be the best and reliable.
Sometimes people in private tracker forums are very reliable and actually have nice deals. Vars in What.CD was a well known name and had stellar deals that he sold to What.CD members. He quit and sectioned his business off to some friends, but the product is still a great deal.
Just make sure it isn’t some obscure person who just joined the tracker a week ago. And people who buy 1 server and sell a few accounts on it are common. They want a nice seed box for a cheaper price so they sell off sections. Since it isn’t a business you need to be more weary, make sure its a well known person at least.
EL JOKER Says:
is it a coincidence that there is a mrseedbox.com advert in this article, or is that a supposed dangerous seedbox?
Scammed By WeWillHostIt Says:
It is worth me noting that Pham, who is a producer at PassThePopcorn is one who also hosts a dodgy seedbox company. He has been known to, over the course of who knows how long, sign people up for his seedbox services, then completely disable their account and not respond to any support enquiries. He knows all to well that PayPay wont touch him for being fraudulent, and knows that no one has the guts to come talk to him about it.
If this has happened to anyone else, best thing to do is to go to what network IRC, and have a chat to him in the #gazelle channel, or spread the word that this company is fucking dodgy, and not worth getting scammed over. He is a scammer and needs to take accountability for what he is doing to people like you and me in here. He ripped me off a couple of hundred dollars over the course of a few months.
check for new cheap and best seedbox services
rapidseeder Says: 13.06.09 at 11:48 pm
check for new cheap and best seedbox services
yh right, and ppl that hijack threads to advertise their seedbox company seem very reliable, lmao. Well done m8, you just showed everyone here how you operate.
Thanx Sharky, very informative, nice article.
And Your Forum Seems To Be Down
Tom Allen Says:
All these shared services are rubbish, you get charged way to much! You can get a dedicated server from whatload that can upload at 11MB/s, or 125MB/s for 1gig/s.
Pi TASARIM Says:
If this has happened to anyone else, best thing to do is to go to what network IRC, and have a chat to him in the #gazelle channel, or spread the word that this company is fucking dodgy, and not worth getting scammed over. He is a scammer and needs to take accountability for what he is doing to people like you and me in here.
Karsan Nakliyat Says:
… It is worth me noting that Pham, who is a producer at PassThePopcorn is one who also hosts a dodgy seedbox company. He has been known to, over the course of who knows how long, sign people up for his seedbox services, then completely disable their account and not respond to any support enquiries. He knows all to well that PayPay wont touch him for being fraudulent, and knows that no one has the guts to come talk to him about it … tnx