• Stars
    star
    256
  • Rank 159,219 (Top 4 %)
  • Language
    JavaScript
  • License
    Other
  • Created almost 11 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Check which IP adresses your BitTorrent client is handing out to trackers

ipMagnet

ipMagnet allows you to quickly check what adresses your BitTorrent client is handing out to its Trackers. It does this by generating a magnet link, which when being requested by BitTorrent clients generates a database entry.

The source code is freely available on http://github.com/cbdevnet/ipmagnet and is designed to be read and understood by anyone having basic knowledge of HTML, PHP and JavaScript.

The interface can be used without having JavaScript enabled and without allowing access to external resources which would facilitate further tracking.

Requirements

  • A web server accessible on the internet
    • providing an HTTP daemon (eg. lighttpd) with
    • a working PHP installation (eg. php7.0-cgi for Debian)
    • optionally with enabled JSON extensions for use by the AJAX interface (mostly the default by now)
  • SQLite PDO modules for the PHP installation (eg. php7.0-sqlite3 on Debian)
  • The user running the HTTP daemon (www-data on debian) must have read/write access on the database file as well as the folder containing it

Setup

  1. Clone the repo into a folder that is available by the http daemon.
  2. Edit index.php
    • Change the tracker URL (line 2) to point to the public location of the index.php file.
    • Optionally edit the database path (line 3) if you do not want to have the database in the same folder for security reasons (or set up your webserver so it denies access to the database file).

Setting a timeout value

If you'd like to set a timeout after which clients should recheck their IP against the tracking link, set $enableInterval to true on line 4.

WARNING: This feature may be ignored or may break some clients (and they'd be right). The BitTorrent specification explicitly states that when a 'failure reason' key is sent (which ipMagnet does), NO other key may be present. Use this feature at your own risk.

High traffic hosts

Large or high-volume installations, much as I would encourage everyone to host their own instances instead, should probably use some advanced safeguards. This includes using an RDBMS more suited for high workloads (such as PostgreSQL or MariaDB) as the data backend. Switching the backing data store can be done by changing the DSN (Data Source Name). Please refer to the PHP PDO manual for information on how to do that.

The database needs to contain a table named 'hits' with the columns

'id' INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL UNIQUE
'hash' TEXT NOT NULL or VARCHAR(40) NOT NULL /* (depending on your RDBMS) */
'timestamp' INTEGER NOT NULL
'addr' TEXT NOT NULL or VARCHAR(255) NOT NULL
'agent' TEXT NOT NULL or VARCHAR(255) NOT NULL

Another good idea would be to use a cronjob to regularly wipe the database to ensure better privacy on behalf of the users.

Preventing download of the SQLite database

To protect the privacy of your users, you should configure your httpd to deny access to the database containing all non-deleted accesses (ipmagnet.db3 in the standard configuration) by remote users. This can either be done by having the database file exist in a location not served by the httpd, or introducing additional configuration.

Example configuration snippet for Apache

<Files "ipmagnet.db3">
	Order allow,deny
	Deny from all
</Files>

Basic web panel access control

Note that ipMagnet by design stores very little important data, uses randomly generated pseudonyms (hashes) for identifying it and provides a simple deletion method for that data. Thus, attack surface and potential risk on breach is already very much minimized.

If for some reason, you want to limit access to the web panel via a password, you can either configure basic authentication in your web server, while taking care to also embed valid credentials into the $TRACKER variable at line 2 or insert the following lines at/after line 60 of index.php:

if (!isset($_SERVER["PHP_AUTH_USER"]) || $_SERVER["PHP_AUTH_PW"] != "SUPER_SECRET_PASSWORD") {
    header('WWW-Authenticate: Basic realm="ipMagnet"');
    header('HTTP/1.0 401 Unauthorized');
    exit();
} 

Replace SUPER_SECRET_PASSWORD with a plaintext password of your choice. This should allow BitTorrent clients to access the tracking link without problems while preventing access to the web panel.

Deployment behind a reverse proxy

Deploying ipMagnet behind a reverse proxy is possible, but it is very much an advanced use-case. To do so, make sure that the front-end server correctly sets the HTTP X-Forwarded-For header in the backend requests and overwrites it, if it is supplied by the client.

To access the original client data instead of the reverse proxy address, change the references to REMOTE_ADDR before the hit insert statements in index.php with HTTP_X_FORWARDED_FOR.

More Repositories

1

midimonster

Multi-protocol control & translation software (ArtNet, MIDI, OSC, sACN, ...)
C
495
star
2

rtl2dot

C call graph generator
Python
52
star
3

adhosts

Minimal composite ad-blocking hosts file generator
Shell
49
star
4

websocksy

Highly configurable dynamic WebSocket bridge
C
34
star
5

pt1230

Brother P-Touch 1230PC Linux interface
C
32
star
6

fugit

_Really_ lightweight git access control
Shell
26
star
7

mima

MIninmal MAchine Assembler and Simulator
C
21
star
8

ledger-reports

Ledger reporting scripts
Shell
16
star
9

piechart

Create SVG pie charts from the command line
C
12
star
10

xecho

Render text messages to the screen with minimal dependencies
C
11
star
11

martrix

ArtNet and sACN grid/matrix visualizer and fixture
C
9
star
12

xelflut

Pretty fast server for multiplayer X11 canvas (pixelflut)
C
8
star
13

megadmx

Microcontroller ArtNet and DMX experiments (ATmega8/ATtiny13, ENC28J60)
Assembly
7
star
14

xlaser

X11 ArtNet scanner fixture
C
5
star
15

2t3

Ultimate TicTacToe (with JSON API) Web Implementation
JavaScript
4
star
16

akadns

Hacky dnsmasq API & Frontend
JavaScript
4
star
17

traccoon

Multi-threaded BitTorrent Tracker with SQLite backend
C
3
star
18

signet

Simplified GPG key signing
Shell
3
star
19

jamdisk

Toolchain for creating custom initial RAM filesystems
Shell
2
star
20

rplock

Simple screen locker for ratpoison
Shell
2
star
21

microcontroller-workshop

Assembly listings for a 1-week microcontroller workshop
Assembly
2
star
22

unfit

Periodically read and upload data from BLE bracelet (Miband 1S only currently)
Java
1
star
23

kbserver

Serve configurable strings triggered by input events
C
1
star
24

libsigrokdecode

Decoders for sigrok & pulseview
Python
1
star
25

taskboard

Simple web-based task/todo-list manager
JavaScript
1
star