Jump to content
Not connected, Your IP: 3.135.209.149

cm0s

Members2
  • Content Count

    303
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    10

Reputation Activity

  1. Like
    cm0s got a reaction from Limbo in Serious tips for securing my computing domain and activities   ...
    one of the main resources i use is eli the computer guy on youtube
     
    and watch a lot of defcon / tech vids
     
    after a while everyone finds out what they need and like for their own situation
     
    how i run arch is probably not good for most, flawed and completely different than
     
    the way someone else might run arch, i loaded up manjaro the other day for a looksy
     
    and got lost in it, straight up, got lost, way too much for me
     
    but to answer your question, i think the first thing to be identified is the actual concern,
     
    the term 'threat model' is often used but not too often given to real world terms,
     
    meaning 'conditions on the ground' application
     
    for most folks in my area, norhteast united states it's the ISP, Verizon, the major players
     
    that are the real threat, and that is generic, legal datamining
     
    this has nothing to do with ethics, morales etc. this is about money, big money
     
    these companies have 24 PHDs and a floor full of extremely talented programmers
     
    all backed up by big lobby and another room full of lawyers,
     
    for a real world grasp, shut off cookies and javascript, go to facebook's home page,
     
    right click on it, view page source, and what you will be looking at is code that is worth
     
    billions of dollars
     
    company i used to work for, i used to sell microsoft networks back in the day
     
    we were a certified dealer, had microsoft staff in the shop once in a while,
     
    we had some state contracts here in PA and lots of minor day to day floor traffic
     
    fixing Dell boxes etc.
     
    back then, before the merge between the cellular industry and internet,
     
    just like anyone else, if you would have said 'meta data' was going to be a game changer,
     
    well that would have not been too high on the list to say the least
     
    you got to remember, nobody had a phone in their hand that could chat, make a call, run a webcam,
     
    trade stocks in Europe and order donuts for the techs, the infrastructure wasn't there yet
     
    and that is to my poin: the operating systems back then were on the right track,
     
    they were lean, Windows 2000 was on the right track, i literally at that time built custom DAW
     
    workstations on that operating system, on those drivers, they were stable, solid, did nothing fancy
     
    so software in general, was not built with 3rd party involvement, no outgoing connections,
     
    all anyone had to do in microsoft land was take the best of Windows 2000, the best of Windows 7,
     
    lean it up a bit, get rid of any and all bloat, harden it and you would have had a super bad ass
     
    kill linux box operating system, and the gamers themselves would have taken it over
     
    at that point, software was still written with the business model that sales and license fees
     
    make the buck, income stream, once the cell industry and the ISPs merged, the dynamic,
     
    the motive really to how and why software gets coded, the purpose of design, changed dramatically
     
    linux is no better, it just got lucky because it held very little interest in the desktop market
     
    if linux would have traded spots with microsoft or apple, same problems, and you can actually see it starting
     
    already today, the pre rolled distros, first thing they want to do, connect, call out, even Kali,
     
    connect, call out and all the other pentest distros, if you have a live distro for pentesting well don't ya think
     
    thte first thing ya want shut off and down at boot is connecting to anything?
     
    see my point?
     
    meta data is the game changer, that simply translates, once scaled, into raw political force in any country
     
    and it goes all the way back to what a PHD dude from Cambridge Analytica stated, and the bruh was spot on:
     
    'the problem with facebook aka social media, operating systems phones apps etc is the business model'
     
    ask yourself, why hasn't anyone taken the best of tor, maybe made it more wide, why is http even allowed still,
     
    and so on, coz of money, so what we see and view is almost 100%  'human hacking'
     
    what does this got to do with your orginal post? everything, coz now you know what is the primary target,
     
    where the payload goes to: me and you
     
    and we are the problem, the real world problem
     
    i'll back that up: you look at facebook, we literally give them all of our data, access to everything, for nothing
     
    we pay our ISP's bill to then give our friends, family, coworkers and on an on to a corporation built on a business model
     
    of this: the more they collect, the more they sell, the more they make
     
    ya got to remember the one advantage i may have, with anyone my age is perspective, i knew the net before the cell biz ISP merge
     
    i knew Microsoft and worked indirectly for them before the merge
     
    if you sugar coat the poison is the human hack here
     
    i'm not different, if iwas a programmer and the boss walked up to me and said 'build this OS or app and if we make xyz deadline or meet
     
    xyz approval you will make xyz amount of additional income, i'm in'
     
    same deal with a website database, if i build a shithole that does xyz but also gets really popular and i collect the right data that is sought after by
     
    the ad industry, you walk up to me and go 'i'll give you x amount of dollars'
     
    i'm probably gonna sell
     
    hit the about:config url in mozilla and search 'url' search 'social' search 'wifi' search 'remote' search 'update' then extract all your plugins and extensions
     
    etc you will see how much of what you do is collected and piped to 3rd partys
     
    just look at google ssafe search as example, can you really get any more full of shit
     
    so going back the purpose of design, the motive, that's the threat, that's the flaw, that's what needs to be hardened
     
    linux in genearl isn't popular, malware authors code exploits to make money, bot authors want their networks running smooth
     
    so most of that 'financial targeted' exploits is aimed at the popular stuff
     
    gentoo and arch is even less popular, and the thing is if you have your own repo, roll your own kernel, just by modding your stuff
     
    'your way' coz i say 'fuck the arch way', your on linux to do it the way you want, you just left shit operating system closed source
     
    where someone else told you how to roll'
     
    case in point in legal datamining, almost all of the linux community is on that shit data mined irc server freenode
     
    even the tor developers don't run an onion server well at least listed anyway
     
    harden the browser, harden your linux, best ya can, biggest threat to my local to my box is me, the monkey at the keyboard
     
    and i'll say this in Mark Zucerberg's favor and any social media business with any kind of voting system, coz that is and has been
     
    the multibillion dollar click, just beautiful all the way to the bank:
     
    those companies saw and applied a value metric to our data, to our click, they applied a value to what we think and do and who with
     
    and that right there is a very serious tough pill to swallow
     
    Mark Zuckerberg has a jet in his driveway not because he even exploited my data, or was unethical with it
     
    but mainly because he offered me a like button that i could click on to give a voice on his platform
     
    so the real problem that Cambridge Analytica was talking about, coz for them that was business as usual
     
    is until the internet as a whole gets together and decides that their network traffic is theirs, should be protected
     
    like a utility world wide, such as water, gas, electric, coz today it is exactly that, my ISP Comcast is a utility without the
     
    correct use of government regulation, at the federal level, why shit gets wild west treatment still,
     
    same flaw as when Enron went in to California and manipulated the power grid
     
    i'm no diff, you put me as a day trader behind a business model i can exploit to make x million in 3 hours
     
    i'm in, i'll smash that like button all the way to the bank
  2. Sad
    cm0s got a reaction from SecPentester1337 in Suggestions for Setting up Bitcoin Account - Beginner   ...
    spookygoy nailed exactly what i did, localbitcoin i made that account totally legit, sent in my id blah blah
    that's my 'public' account, from there you can then do whatever and however you want to move things around
    lots of guides and tuts online
     
    i know some of the guides online have titles like 'how to buy xyz online anonymously' and yeah most folks know
    what that is meant for but truth is that's also a good way to move xyz around and have a 'backup' for a rainy day
     
    this is one of the things i learned from this forum and can't say thanx enough on coz even tho been around tech a bit
    lots of areas didn't venture into, btc is one of them and i'm really glad i did
     
    happy safe holidays to all if it applies
     
    sincerely, cm0s
  3. Like
    cm0s got a reaction from win8 in DNS Server Recommendations   ...
    check with others on how to do this with your operating system whatever it may be
    but set your local to static basically hard set your local dns
    to airvpns, set your router dns to 0.0.0.0 then each box set your
    dns config to static, assign your local ip addresses for each device
    this is a real world kill switch meaning you get no net/WAN
    without being encrypted, shut off dhcp on the router
    your ISP side will be dhcp auto config but your side on the router
    will be static
     
    this is not perfect, might brick some stuff you are doing or
    be a pain in the butt
     
    but the idea is this: keep the isp as far as you can out of your local
     
    iptables -F iptables -t nat -F iptables -t mangle -F # iptables -X iptables -t nat -X iptables -t mangle -X # iptables -P INPUT DROP iptables -P FORWARD DROP # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT # iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access # iptables -A OUTPUT -d 255.255.255.0 -j ACCEPT iptables -A INPUT -s 255.255.255.0 -j ACCEPT iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP ############################### example netctl: Description='eth0 net' Interface=eth0 Connection=ethernet IP=static Address=('192.168.0.5/24') Gateway='192.168.0.1' DNS=('10.5.0.1') ################################ say for ddwrt in your services tab assign the ip addresses there set your lease time this means you don't have to worry about resolv.conf dns problems coz your local network is now airvpn dns only i'm human, make mistakes, forget stuff, brain fart etc so this protects me from myself, helps keep my ISP on the cable modem only, my router does nothing more than route nothing fancy, i got a beefy router, does more stupid shit than i know what to do i run it totally vanilla, a generic turd tbh, i don't even use wifi on it that isn't ideal or even practical for most, i get that, so mod for what works for you and your family config, set your boxes for when they boot up, they don't connect to anything run your iptables, start netctl and you are good so when my box as example boots up i run iptables sript .xinitrc has everything set to down then i run netctl start eth0 cd to my airvpn configs folder stunnel "airvpnserver.ssl" --auth-nocache then in other termina window: openvpn --config "airvpnserver.ovpn" --auth-nocache no network manager etc i get lost in that stuff anyway but nothing wrong with using a gui or using network manager or modding it so more 'user friendly' etc hope this helps
  4. Like
    cm0s got a reaction from Limbo in Serious tips for securing my computing domain and activities   ...
    one of the main resources i use is eli the computer guy on youtube
     
    and watch a lot of defcon / tech vids
     
    after a while everyone finds out what they need and like for their own situation
     
    how i run arch is probably not good for most, flawed and completely different than
     
    the way someone else might run arch, i loaded up manjaro the other day for a looksy
     
    and got lost in it, straight up, got lost, way too much for me
     
    but to answer your question, i think the first thing to be identified is the actual concern,
     
    the term 'threat model' is often used but not too often given to real world terms,
     
    meaning 'conditions on the ground' application
     
    for most folks in my area, norhteast united states it's the ISP, Verizon, the major players
     
    that are the real threat, and that is generic, legal datamining
     
    this has nothing to do with ethics, morales etc. this is about money, big money
     
    these companies have 24 PHDs and a floor full of extremely talented programmers
     
    all backed up by big lobby and another room full of lawyers,
     
    for a real world grasp, shut off cookies and javascript, go to facebook's home page,
     
    right click on it, view page source, and what you will be looking at is code that is worth
     
    billions of dollars
     
    company i used to work for, i used to sell microsoft networks back in the day
     
    we were a certified dealer, had microsoft staff in the shop once in a while,
     
    we had some state contracts here in PA and lots of minor day to day floor traffic
     
    fixing Dell boxes etc.
     
    back then, before the merge between the cellular industry and internet,
     
    just like anyone else, if you would have said 'meta data' was going to be a game changer,
     
    well that would have not been too high on the list to say the least
     
    you got to remember, nobody had a phone in their hand that could chat, make a call, run a webcam,
     
    trade stocks in Europe and order donuts for the techs, the infrastructure wasn't there yet
     
    and that is to my poin: the operating systems back then were on the right track,
     
    they were lean, Windows 2000 was on the right track, i literally at that time built custom DAW
     
    workstations on that operating system, on those drivers, they were stable, solid, did nothing fancy
     
    so software in general, was not built with 3rd party involvement, no outgoing connections,
     
    all anyone had to do in microsoft land was take the best of Windows 2000, the best of Windows 7,
     
    lean it up a bit, get rid of any and all bloat, harden it and you would have had a super bad ass
     
    kill linux box operating system, and the gamers themselves would have taken it over
     
    at that point, software was still written with the business model that sales and license fees
     
    make the buck, income stream, once the cell industry and the ISPs merged, the dynamic,
     
    the motive really to how and why software gets coded, the purpose of design, changed dramatically
     
    linux is no better, it just got lucky because it held very little interest in the desktop market
     
    if linux would have traded spots with microsoft or apple, same problems, and you can actually see it starting
     
    already today, the pre rolled distros, first thing they want to do, connect, call out, even Kali,
     
    connect, call out and all the other pentest distros, if you have a live distro for pentesting well don't ya think
     
    thte first thing ya want shut off and down at boot is connecting to anything?
     
    see my point?
     
    meta data is the game changer, that simply translates, once scaled, into raw political force in any country
     
    and it goes all the way back to what a PHD dude from Cambridge Analytica stated, and the bruh was spot on:
     
    'the problem with facebook aka social media, operating systems phones apps etc is the business model'
     
    ask yourself, why hasn't anyone taken the best of tor, maybe made it more wide, why is http even allowed still,
     
    and so on, coz of money, so what we see and view is almost 100%  'human hacking'
     
    what does this got to do with your orginal post? everything, coz now you know what is the primary target,
     
    where the payload goes to: me and you
     
    and we are the problem, the real world problem
     
    i'll back that up: you look at facebook, we literally give them all of our data, access to everything, for nothing
     
    we pay our ISP's bill to then give our friends, family, coworkers and on an on to a corporation built on a business model
     
    of this: the more they collect, the more they sell, the more they make
     
    ya got to remember the one advantage i may have, with anyone my age is perspective, i knew the net before the cell biz ISP merge
     
    i knew Microsoft and worked indirectly for them before the merge
     
    if you sugar coat the poison is the human hack here
     
    i'm not different, if iwas a programmer and the boss walked up to me and said 'build this OS or app and if we make xyz deadline or meet
     
    xyz approval you will make xyz amount of additional income, i'm in'
     
    same deal with a website database, if i build a shithole that does xyz but also gets really popular and i collect the right data that is sought after by
     
    the ad industry, you walk up to me and go 'i'll give you x amount of dollars'
     
    i'm probably gonna sell
     
    hit the about:config url in mozilla and search 'url' search 'social' search 'wifi' search 'remote' search 'update' then extract all your plugins and extensions
     
    etc you will see how much of what you do is collected and piped to 3rd partys
     
    just look at google ssafe search as example, can you really get any more full of shit
     
    so going back the purpose of design, the motive, that's the threat, that's the flaw, that's what needs to be hardened
     
    linux in genearl isn't popular, malware authors code exploits to make money, bot authors want their networks running smooth
     
    so most of that 'financial targeted' exploits is aimed at the popular stuff
     
    gentoo and arch is even less popular, and the thing is if you have your own repo, roll your own kernel, just by modding your stuff
     
    'your way' coz i say 'fuck the arch way', your on linux to do it the way you want, you just left shit operating system closed source
     
    where someone else told you how to roll'
     
    case in point in legal datamining, almost all of the linux community is on that shit data mined irc server freenode
     
    even the tor developers don't run an onion server well at least listed anyway
     
    harden the browser, harden your linux, best ya can, biggest threat to my local to my box is me, the monkey at the keyboard
     
    and i'll say this in Mark Zucerberg's favor and any social media business with any kind of voting system, coz that is and has been
     
    the multibillion dollar click, just beautiful all the way to the bank:
     
    those companies saw and applied a value metric to our data, to our click, they applied a value to what we think and do and who with
     
    and that right there is a very serious tough pill to swallow
     
    Mark Zuckerberg has a jet in his driveway not because he even exploited my data, or was unethical with it
     
    but mainly because he offered me a like button that i could click on to give a voice on his platform
     
    so the real problem that Cambridge Analytica was talking about, coz for them that was business as usual
     
    is until the internet as a whole gets together and decides that their network traffic is theirs, should be protected
     
    like a utility world wide, such as water, gas, electric, coz today it is exactly that, my ISP Comcast is a utility without the
     
    correct use of government regulation, at the federal level, why shit gets wild west treatment still,
     
    same flaw as when Enron went in to California and manipulated the power grid
     
    i'm no diff, you put me as a day trader behind a business model i can exploit to make x million in 3 hours
     
    i'm in, i'll smash that like button all the way to the bank
  5. Like
    cm0s got a reaction from Limbo in ddosed   ...
    double up on the meds
     
    and a quick safety tip:
     
    don't slip in the drool
  6. Like
    cm0s reacted to Mad_Max in [FUD] Compromised US Server? Charges on Debit Card   ...
    I have been using air for 2 and a half years. I have used my credit card many times while connected to more several different servers, and nothing happened over these 2 and a half years. I trust airvpn completely and dont worry you are safe
    Its just the banking system. say you are in a country A and have a bank account from the same country. IF you login\purchase to your bank account using a VPN (which changes your IP and location to another country) The transaction would be flagged and bank will notify you to make sure that you werent hacked
  7. Like
    cm0s reacted to OpenSourcerer in 5 years of AirVPN   ...
    It's been a while since my last "review" - 2.5 years to be somewhat exact. My first one even dates back to 2014. Both are interesting reads if you want to know more about my story and how I used AirVPN over the years - along with my experiences with AirVPN, of course.


    I quite can't believe it myself that I'm still here after five years. It's not like I expected Air to fail miserably, but I sure expected that after 3-4 years maybe the time will come to try something new because AirVPN wouldn't be able to satisfy me for some reason..
    But no, I'm still here. And it's not because other VPN providers looked less promising (there was a brief moment when I really wanted to try out IVPN for a change), it's because AirVPN beautifully adapts to problems and trends in the market while staying true to their mission and not breaking anything in the process! The company's strategy is well thought out, both in handling technical challenges and managing users, and I actually enjoy being here. I can wholeheartedly say that I trust AirVPN's decision-making and it's a no-brainer for me to entrust them with "handling" my traffic, because I cannot fully trust my ISP.
     
    [h2]What happened since the last review?
     
    A year or so ago I was more or less forced to subscribe to Vodafone Cable because I moved to another city and the DSL lines are not as fast here as I expected them to be. It was sad to terminate my subscription to Deutsche Telekom (referred to as DTAG from here) because of this - OpenVPN works extremely well over their network and I was able to reach both my maximum upload and download throughput. And their network is rock-solid, you pay for some numbers and you actually get it in full, no strings attached. I am more than ready to pay slightly higher prices for bullshit-free network access like this. Only downside is that the Snowden leaks revealed NSA's direct access to DTAG customers' traffic... which is just another good reason to always be protected connected.
     
    Now, Vodafone is a more cheeky fella. I compare them to Verizon a bit (or was it Virgin?), that one provider who injects (or did inject) advertisements into customers' traffic. I really believe they will start doing this as well one rainy day, so surfing via AirVPN is a must for me, so as to not give them any data to train some AI. Unfortunately, this comes with a price: bad packet ID warnings are a common sight, but they seem to appear irregularly and roughly correspond to the times when I think I don't get the throughput I subscribed to. I think there's some packet reordering happening in the background - rerouting traffic over other nodes or lines, who knows.
     
    [h2]Throughput / Server quality and features
     
    With AirVPN via Vodafone I was rarely able to reach some 40 MiB/s in download, but 20-30 MiB/s is more common and stable (till the next bad packet ). I see the same symptoms with upload throughput: 50 Mbit/s ordered, I rarely get it uploading on torrents, and I didn't determine numbers by other means.
    Recently I noticed that specific server/port combinations can reach stable 5 MiB/s. But there are moments when a few simple bad packet ID warnings manage to disrupt even this.  Upload throughput fluctuates  apart from that between as low as 500 KiB/s and 3 MiB/s. There is a new development here, see below.
    I use vanilla OpenVPN on Linux with the most recent three servers in Germany, namely Intercrus, Serpens and Tucana, all ports except 53, rotating by route-random. In my ovpn file I made a few comments on some servers:
    On Intercrus, qBittorrent has a steady 5 MiB/s upload and downloads from my favorite Debian repo with 30 MiB/s more often than any other server. Tucana works extremely well on UDP/41185. Adhara and Cervantes are prone to low throughput. Errai and Ogma are "good", whatever I wanted to tell myself with this. In short: Most german servers can handle 40 MiB/s in download and definitely can hit 5 MiB/s in upload.
     
    I won't go into the server's security too much because whatever AirVPN offers should be "industry standard" by now. AirVPN offers little choice on the encryption parameters used - it's always AES-256 with RSA-4096 keys. It's solely there to ensure the max of achievable security across all users and their devices. Use the maximum - it's in the interest of AirVPN and you.
     
    [h2] A few remarks on the different client softwares
    Eddie is so feature-rich, it's almost the go-to OpenVPN client on PC. It runs on all major platforms and can handle itself and some nasty OS situations. Needs more support for external ovpn configs and it needs to drop Mono. Like, now. Please? There's an Android app now, and it uses OpenVPN 3. Mr. Schwabe's client does, too, via setting, and I can tell v3 connects blazing fast and gives more thorough log output. The decision to go with v3 was not a bad one. Unfortunately, this thing is written with Xamarin, using C#, therefore it depends on MonoDroid. Please? We were promised Eddie 3 on GTK+ and Eddie-Android without Mono. The community is awesome (more on that later ). So awesome, it gave birth to Qomui by fellow forum member corrado - an alternative Qt-based AirVPN client for Linux. I don't use any of these - vanilla on Linux and Mr. Schwabe's client on Android do the job for me. I help test Eddie on Android when I have some free time, though.
     
    [h2] The community
     
    is awesome. Seriously. These forums are a gold mine if you look for knowledge, wisdom, might and magic about pretty much any topic related to (Air)VPN and general computer tech. As I said a few times in the past, the decision to create these forums for AirVPN users might just be one of the more important factors why AirVPN is held in high regard, even if regularly being called out as being "more technical that others". Honestly, you can ask some dumb question and you will not be called dumb - people who love talking to newbies like you will be there. Or, you can ask a very thorough question with lots of tech words in it and concepts one must work with to understand and you will be treated more professionally - people who love minds like yours will be there to advise you. Of course there's a nag here and there, but they are such a rarity that I almost believe writing this is not necessary. But still.
     
    Staff is a book chapter for itself. Regularly active on the forums, managing the flood of support tickets, raising an undead army of community forum moderators. You can generally count on their posts to be helpful in their own special way.
    And yes, you read right: Some of the moderators here were regular users like me and you! And through their engagement with the community and good, helpful practice they got "promoted" to forum moderators. I've known most of them for some time now and they all deserved it very much. If something like that can happen, you know that Staff is not afraid of their users - they encourage contact among them.
     
    [h2] Anything more to say?
     
    I must realize I'm not the most thorough writer of "reviews". Generally, I let my mind speak for me. So there are definitely some things I, willingly or unwillingly, didn't mention. If you want to find out everything about AirVPN as a VPN provider, you might just register and, I don't know, see for yourself?! You will not regret this.
     
    I thank you for your time.
     
    Update:
     
    I replaced my DOCSIS modem and the throttling is gone! Now I reach stable 4 to 5 MB/s upload throughput! It doesn't seem to have much to do with my ISP in the end. Some uncontrollable feature of the modem, I guess, and no, I am not willing to look deeper.
  8. Like
    cm0s got a reaction from jetpack1 in How to install AirVPN on Linux terminal-only SSH?   ...
    run your network from terminal you are on kali anyway remove network-manager, eddie, set eth0 to down upon boot, edit resolve.conf, set your iptables to airvpn and push your dns 10.5.0.1, use ssl/stunnel config you might need to fix stunnel with this: # rm /usr/bin/stunnel # ln -s /usr/bin/stunnel4 /usr/bin/stunnel # cd /etc/stunnel # touch stunnel.conf # nano stunnel.conf cert=/path/to/pem key=/path/to/key ctrl+o, ctrl+x ################################ have some tablez: iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -t nat -X iptables -t mangle -X iptables -P INPUT DROP iptables -P FORWARD DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # connectionz iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT # net, ssl iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router iptables -A INPUT -s 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT #communicate within lan iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # make sure eth0/tun0 can communicate iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to 10.5.0.1 #use vpn dns iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 # use vpn dns iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE # map tun0 outgoing IP addy iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP # if traffic isn't vpn ####################### # ifup eth0 # stunnel "awesomeairvpnserver.ssl" --auth-nocache # openvpn --config "awesomeairvpnserver.ovpn" --auth-nocache # ping -c 1 duckduckgo.com i set my iface like this adjust for your needs: # The loopback network interface auto lo iface lo inet loopback # the static shit for eth0 auto eth0 iface eth0 inet static address 192.168.1.xxx gateway 192.168.1.1 dns-nameservers 10.5.0.1 in the router i shut off dhcp on my side leave it on for my isp on their side keeps me off the business account rates yet i still get the benefits of static on my local, had the same damn external ip on 'dhcp' from them for years anyway run my website on standalone box no problems, so anyone tells ya diff, i dunno works for me anyway, plus do your mac filter shit if needed, hide yer essid if wifi if this is a wifi config lemme know i'll post notes up on that that i got, how to connect with hidden essid or not hidden assign your hostname if needed in the router don't forget you can 'nohup' say you boot debian old school right and want to see how much you can do just from the prompt you can cd, ls, cd .., cp, cp -r, everything from there also and hit the net and have openvpn/stunnel goin from same window tho you need to use the command 'nohup' and put a '&' at the end i figured this out coz yeah, locked myself out of my vps many times so say yer wanting to get stuff goin you up your eth0/enp2s2 then when you get to the stunnel part: # nohup stunnel "airvpnserver.ssl" --auth-nocache & then do your openvpn command now you won't see stuff 'finish' but you'll know yer connected do a nslookup and traceroute curl etc hope this helps i don't always explain stuff best way  
  9. Like
    cm0s reacted to DonaldDrumpf in New Review from TechRadar   ...
    Where'd they get that screenshot?  I've never seen a day when a Swedish or Dutch server ranked 5 stars. I've only ever seen that many stars on Canadian servers. Anyway, they have to be idiots to think that Eddie is complicated or confusing.  Sheesh.  I first used AirVPN back when they only had a half dozen or so servers, the founder routinely showed up on the forum and you had to screw around for an hour configuring Comodo to do the same thing the network lock does with one click. And don't even get me started on the Android variant.  That was so easy it surprised me.
     
    I just watched a bunch of reviews for the Vivaldi browser that finally convinced me that most reviews are more about the laziness and ineptness of the reviewer than they are about the qualities of the products they purport to be reviewing.   Frankly, I'm getting sick of reading reviews from people who don't have or don't care to spend any time with the product they're reviewing before spouting off with their ill informed opinions.
  10. Like
    cm0s got a reaction from Bearanonymous in Server Physical Access   ...
    personally i think the t-shirt is a good idea
  11. Like
    cm0s got a reaction from go558a83nk in dns-tool dns-trails   ...
    http://www.dnstrails.com/index.html
     
    another online nyce to have dns-tool link
  12. Like
    cm0s reacted to air-fun in How to prevent IPv6 leaks under Linux, using OpenVPN?   ...
    ​Or try add this parameter to end of kernel boot line:
    ipv6.disable=1 ​
  13. Like
    cm0s reacted to OpenSourcerer in Can't really recommend it....   ...
    For some people, switching to vanilla OpenVPN did turn things for the better. I've been using a close-to-vanilla OpenVPN client on Windows in the past and am now using vanilla OpenVPN on Linux. I max out my connection (50/10 Mbit).
  14. Like
    cm0s got a reaction from jean claud in Torrent site hunting   ...
    here's my idea:
    if you are an admin of say a torrent site do not get involved in other activiities that will bring attention to your community.
     
    stop with the bloat code on your websites, adware, scamware etc.
     
    put a link up for your community to be able to 'donate' what they can when they can
     
    might be better to mirror the site to the tor network for the magnets not have that available via clear
    so in a way you are running two sites same thing but the tor network has the magnets
     
    maybe put another site up separate from that onion address for the 'forum' community where you probably will need java running for all the admin junk, this way your 'java' site is tor only and separate from your magnet site
     
    hire an attorney if and when you can, if needed so you got some help if something goes wrong as it tends to
     
    if you have enough from donations give some of that back some how, whatever your ethics are, do some kind of good with it
     
    if your site grows beyond your ability, bring someone else in that can handle it and can keep your community safe
     
    drink tons of coffee, like way more than needed 
     
     
     
    # airvpn irc hidden service stealth mode ssl # mkdir hidircz # cd d0wnz # touch cool.motd # vim cool.motd hit 'i' copy paste text below or your own custom motd hit 'esc' key then type ':wq' ____ _ ____ _ _ ___ _ _ |__| | |__/ | | |__] |\ | | | | | \ \/ | | \| =========================== https://airvpn.org add this to your torrc file mod for your own config if needed... VirtualAddrNetwork 10.192.0.0/10 TransPort 9040 DNSPort 53 AutomapHostsOnResolve 1 ##hidden service HiddenServiceDir /var/lib/tor/ HiddenServicePort 6697 127.0.0.1:6697 HiddenServiceAuthorizeClient stealth IRCvisitor HidServAuth newtorsitenamehere.onion stealthpasshere you'll start tor and then stop tor to get your hidden service hostname and authorization cookie, this 'cookie' is in the hostname /var/lib/tor looks like this: newtorsitenamehere.onion yourauthcookieherebruh # client: IRCvisitor now remember in the torrc file below the port you created the 'IRCvisitor' without this information from /var/lib/tor added to the torrc file in the example above you cannot access the irc server or if it were http you can not access it even from the box hosting the irc/http server the advantage to stealth mode is this: it is NOT listed in the tor directory and if anything goes wrong with your irc server or you just want to create another openssl req -x509 -sha256 -newkey rsa:2048 -keyout ~/d0wnz/ircpriv.pem -out ~/d0wnz/ircert.pem -days 1024 -nodes -subj '/CN=irc.z4ojdtiaqvdfi4ys.onion' 'domain' no problem, you are not tied to anything, and anyone accessing your site/chat has to have contacted you to get the authorization cookie from hidircz directory... # openssl req -x509 -sha256 -newkey rsa:2048 -keyout /root/hidrircz/ircpriv.pem -out /root/hidircz/ircert.pem -days 1024 -nodes -subj '/CN=irc.newtorsitenamehere.onion' # cat /root/hidircz/ircpriv.pem > hidz.pem # cat /root/hidircz/ircert.pem >> hidz.pem here's the python script.... ################################# #! /usr/bin/env python # https://github.com/jrosdahl/miniircd # Joel Rosdahl <joel@rosdahl.net> # pacman -S python-pyopenssl if needed import logging import os import re import select import socket import string import sys import tempfile import time from datetime import datetime from logging.handlers import RotatingFileHandler from optparse import OptionParser VERSION = "1.2.1" PY3 = sys.version_info[0] >= 3 if PY3: def buffer_to_socket(msg): return msg.encode() def socket_to_buffer(buf): return buf.decode() else: def buffer_to_socket(msg): return msg def socket_to_buffer(buf): return buf def create_directory(path): if not os.path.isdir(path): os.makedirs(path) class Channel(object): def __init__(self, server, name): self.server = server self.name = name self.members = set() self._topic = "" self._key = None if self.server.state_dir: self._state_path = "%s/%s" % ( self.server.state_dir, name.replace("_", "__").replace("/", "_")) self._read_state() else: self._state_path = None def add_member(self, client): self.members.add(client) def get_topic(self): return self._topic def set_topic(self, value): self._topic = value self._write_state() topic = property(get_topic, set_topic) def get_key(self): return self._key def set_key(self, value): self._key = value self._write_state() key = property(get_key, set_key) def remove_client(self, client): self.members.discard(client) if not self.members: self.server.remove_channel(self) def _read_state(self): if not (self._state_path and os.path.exists(self._state_path)): return data = {} with open(self._state_path, "rb") as state_file: exec(state_file.read(), {}, data) self._topic = data.get("topic", "") self._key = data.get("key") def _write_state(self): if not self._state_path: return (fd, path) = tempfile.mkstemp(dir=os.path.dirname(self._state_path)) fp = os.fdopen(fd, "w") fp.write("topic = %r\n" % self.topic) fp.write("key = %r\n" % self.key) fp.close() os.rename(path, self._state_path) class Client(object): __linesep_regexp = re.compile(r"\r?\n") # The RFC limit for nicknames is 9 characters, but what the heck. __valid_nickname_regexp = re.compile( r"^[][\`_^{|}A-Za-z][][\`_^{|}A-Za-z0-9-]{0,50}$") __valid_channelname_regexp = re.compile( r"^[+!][^\x00\x07\x0a\x0d ,:]{0,50}$") def __init__(self, server, socket): self.server = server self.socket = socket self.channels = {} # irc_lower(Channel name) --> Channel self.nickname = None self.user = None self.realname = None (self.host, self.port) = socket.getpeername() self.__timestamp = time.time() self.__readbuffer = "" self.__writebuffer = "" self.__sent_ping = False if self.server.password: self.__handle_command = self.__pass_handler else: self.__handle_command = self.__registration_handler def get_prefix(self): return "%s!%s@%s" % (self.nickname, self.user, self.host) prefix = property(get_prefix) def check_aliveness(self): now = time.time() if self.__timestamp + 180 < now: self.disconnect("ping timeout") return if not self.__sent_ping and self.__timestamp + 90 < now: if self.__handle_command == self.__command_handler: # Registered. self.message("PING :%s" % self.server.name) self.__sent_ping = True else: # Not registered. self.disconnect("ping timeout") def write_queue_size(self): return len(self.__writebuffer) def __parse_read_buffer(self): lines = self.__linesep_regexp.split(self.__readbuffer) self.__readbuffer = lines[-1] lines = lines[:-1] for line in lines: if not line: # Empty line. Ignore. continue x = line.split(" ", 1) command = x[0].upper() if len(x) == 1: arguments = [] else: if len(x[1]) > 0 and x[1][0] == ":": arguments = [x[1][1:]] else: y = x[1].split(" :", 1) arguments = y[0].split() if len(y) == 2: arguments.append(y[1]) self.__handle_command(command, arguments) def __pass_handler(self, command, arguments): server = self.server if command == "PASS": if len(arguments) == 0: self.reply_461("PASS") else: if arguments[0].lower() == server.password: self.__handle_command = self.__registration_handler else: self.reply("464 :Password incorrect") elif command == "QUIT": self.disconnect("Client quit") return def __registration_handler(self, command, arguments): server = self.server if command == "NICK": if len(arguments) < 1: self.reply("431 :No nickname given") return nick = arguments[0] if server.get_client(nick): self.reply("433 * %s :Nickname is already in use" % nick) elif not self.__valid_nickname_regexp.match(nick): self.reply("432 * %s :Erroneous nickname" % nick) else: self.nickname = nick server.client_changed_nickname(self, None) elif command == "USER": if len(arguments) < 4: self.reply_461("USER") return self.user = arguments[0] self.realname = arguments[3] elif command == "QUIT": self.disconnect("Client quit") return if self.nickname and self.user: self.reply("001 %s :Hi, welcome to IRC" % self.nickname) self.reply("002 %s :Your host is %s, running version miniircd-%s" % (self.nickname, server.name, VERSION)) self.reply("003 %s :This server was created sometime" % self.nickname) self.reply("004 %s %s miniircd-%s o o" % (self.nickname, server.name, VERSION)) self.send_lusers() self.send_motd() self.__handle_command = self.__command_handler def __send_names(self, arguments, for_join=False): server = self.server valid_channel_re = self.__valid_channelname_regexp if len(arguments) > 0: channelnames = arguments[0].split(",") else: channelnames = sorted(self.channels.keys()) if len(arguments) > 1: keys = arguments[1].split(",") else: keys = [] keys.extend((len(channelnames) - len(keys)) * [None]) for (i, channelname) in enumerate(channelnames): if for_join and irc_lower(channelname) in self.channels: continue if not valid_channel_re.match(channelname): self.reply_403(channelname) continue channel = server.get_channel(channelname) if channel.key is not None and channel.key != keys[i]: self.reply( "475 %s %s :Cannot join channel (+k) - bad key" % (self.nickname, channelname)) continue if for_join: channel.add_member(self) self.channels[irc_lower(channelname)] = channel self.message_channel(channel, "JOIN", channelname, True) self.channel_log(channel, "joined", meta=True) if channel.topic: self.reply("332 %s %s :%s" % (self.nickname, channel.name, channel.topic)) else: self.reply("331 %s %s :No topic is set" % (self.nickname, channel.name)) names_prefix = "353 %s = %s :" % (self.nickname, channelname) names = "" # Max length: reply prefix ":server_name(space)" plus CRLF in # the end. names_max_len = 512 - (len(server.name) + 2 + 2) for name in sorted(x.nickname for x in channel.members): if not names: names = names_prefix + name # Using >= to include the space between "names" and "name". elif len(names) + len(name) >= names_max_len: self.reply(names) names = names_prefix + name else: names += " " + name if names: self.reply(names) self.reply("366 %s %s :End of NAMES list" % (self.nickname, channelname)) def __command_handler(self, command, arguments): def away_handler(): pass def ison_handler(): if len(arguments) < 1: self.reply_461("ISON") return nicks = arguments online = [n for n in nicks if server.get_client(n)] self.reply("303 %s :%s" % (self.nickname, " ".join(online))) def join_handler(): if len(arguments) < 1: self.reply_461("JOIN") return if arguments[0] == "0": for (channelname, channel) in self.channels.items(): self.message_channel(channel, "PART", channelname, True) self.channel_log(channel, "left", meta=True) server.remove_member_from_channel(self, channelname) self.channels = {} return self.__send_names(arguments, for_join=True) def list_handler(): if len(arguments) < 1: channels = server.channels.values() else: channels = [] for channelname in arguments[0].split(","): if server.has_channel(channelname): channels.append(server.get_channel(channelname)) sorted_channels = sorted(channels, key=lambda x: x.name) for channel in sorted_channels: self.reply("322 %s %s %d :%s" % (self.nickname, channel.name, len(channel.members), channel.topic)) self.reply("323 %s :End of LIST" % self.nickname) def lusers_handler(): self.send_lusers() def mode_handler(): if len(arguments) < 1: self.reply_461("MODE") return targetname = arguments[0] if server.has_channel(targetname): channel = server.get_channel(targetname) if len(arguments) < 2: if channel.key: modes = "+k" if irc_lower(channel.name) in self.channels: modes += " %s" % channel.key else: modes = "+" self.reply("324 %s %s %s" % (self.nickname, targetname, modes)) return flag = arguments[1] if flag == "+k": if len(arguments) < 3: self.reply_461("MODE") return key = arguments[2] if irc_lower(channel.name) in self.channels: channel.key = key self.message_channel( channel, "MODE", "%s +k %s" % (channel.name, key), True) self.channel_log( channel, "set channel key to %s" % key, meta=True) else: self.reply("442 %s :You're not on that channel" % targetname) elif flag == "-k": if irc_lower(channel.name) in self.channels: channel.key = None self.message_channel( channel, "MODE", "%s -k" % channel.name, True) self.channel_log( channel, "removed channel key", meta=True) else: self.reply("442 %s :You're not on that channel" % targetname) else: self.reply("472 %s %s :Unknown MODE flag" % (self.nickname, flag)) elif targetname == self.nickname: if len(arguments) == 1: self.reply("221 %s +" % self.nickname) else: self.reply("501 %s :Unknown MODE flag" % self.nickname) else: self.reply_403(targetname) def motd_handler(): self.send_motd() def names_handler(): self.__send_names(arguments) def nick_handler(): if len(arguments) < 1: self.reply("431 :No nickname given") return newnick = arguments[0] client = server.get_client(newnick) if newnick == self.nickname: pass elif client and client is not self: self.reply("433 %s %s :Nickname is already in use" % (self.nickname, newnick)) elif not self.__valid_nickname_regexp.match(newnick): self.reply("432 %s %s :Erroneous Nickname" % (self.nickname, newnick)) else: for x in self.channels.values(): self.channel_log( x, "changed nickname to %s" % newnick, meta=True) oldnickname = self.nickname self.nickname = newnick server.client_changed_nickname(self, oldnickname) self.message_related( ":%s!%s@%s NICK %s" % (oldnickname, self.user, self.host, self.nickname), True) def notice_and_privmsg_handler(): if len(arguments) == 0: self.reply("411 %s :No recipient given (%s)" % (self.nickname, command)) return if len(arguments) == 1: self.reply("412 %s :No text to send" % self.nickname) return targetname = arguments[0] message = arguments[1] client = server.get_client(targetname) if client: client.message(":%s %s %s :%s" % (self.prefix, command, targetname, message)) elif server.has_channel(targetname): channel = server.get_channel(targetname) self.message_channel( channel, command, "%s :%s" % (channel.name, message)) self.channel_log(channel, message) else: self.reply("401 %s %s :No such nick/channel" % (self.nickname, targetname)) def part_handler(): if len(arguments) < 1: self.reply_461("PART") return if len(arguments) > 1: partmsg = arguments[1] else: partmsg = self.nickname for channelname in arguments[0].split(","): if not valid_channel_re.match(channelname): self.reply_403(channelname) elif not irc_lower(channelname) in self.channels: self.reply("442 %s %s :You're not on that channel" % (self.nickname, channelname)) else: channel = self.channels[irc_lower(channelname)] self.message_channel( channel, "PART", "%s :%s" % (channelname, partmsg), True) self.channel_log(channel, "left (%s)" % partmsg, meta=True) del self.channels[irc_lower(channelname)] server.remove_member_from_channel(self, channelname) def ping_handler(): if len(arguments) < 1: self.reply("409 %s :No origin specified" % self.nickname) return self.reply("PONG %s :%s" % (server.name, arguments[0])) def pong_handler(): pass def quit_handler(): if len(arguments) < 1: quitmsg = self.nickname else: quitmsg = arguments[0] self.disconnect(quitmsg) def topic_handler(): if len(arguments) < 1: self.reply_461("TOPIC") return channelname = arguments[0] channel = self.channels.get(irc_lower(channelname)) if channel: if len(arguments) > 1: newtopic = arguments[1] channel.topic = newtopic self.message_channel( channel, "TOPIC", "%s :%s" % (channelname, newtopic), True) self.channel_log( channel, "set topic to %r" % newtopic, meta=True) else: if channel.topic: self.reply("332 %s %s :%s" % (self.nickname, channel.name, channel.topic)) else: self.reply("331 %s %s :No topic is set" % (self.nickname, channel.name)) else: self.reply("442 %s :You're not on that channel" % channelname) def wallops_handler(): if len(arguments) < 1: self.reply_461("WALLOPS") return message = arguments[0] for client in server.clients.values(): client.message(":%s NOTICE %s :Global notice: %s" % (self.prefix, client.nickname, message)) def who_handler(): if len(arguments) < 1: return targetname = arguments[0] if server.has_channel(targetname): channel = server.get_channel(targetname) for member in channel.members: self.reply("352 %s %s %s %s %s %s H :0 %s" % (self.nickname, targetname, member.user, member.host, server.name, member.nickname, member.realname)) self.reply("315 %s %s :End of WHO list" % (self.nickname, targetname)) def whois_handler(): if len(arguments) < 1: return username = arguments[0] user = server.get_client(username) if user: self.reply("311 %s %s %s %s * :%s" % (self.nickname, user.nickname, user.user, user.host, user.realname)) self.reply("312 %s %s %s :%s" % (self.nickname, user.nickname, server.name, server.name)) self.reply("319 %s %s :%s" % (self.nickname, user.nickname, " ".join(user.channels))) self.reply("318 %s %s :End of WHOIS list" % (self.nickname, user.nickname)) else: self.reply("401 %s %s :No such nick" % (self.nickname, username)) handler_table = { "AWAY": away_handler, "ISON": ison_handler, "JOIN": join_handler, "LIST": list_handler, "LUSERS": lusers_handler, "MODE": mode_handler, "MOTD": motd_handler, "NAMES": names_handler, "NICK": nick_handler, "NOTICE": notice_and_privmsg_handler, "PART": part_handler, "PING": ping_handler, "PONG": pong_handler, "PRIVMSG": notice_and_privmsg_handler, "QUIT": quit_handler, "TOPIC": topic_handler, "WALLOPS": wallops_handler, "WHO": who_handler, "WHOIS": whois_handler, } server = self.server valid_channel_re = self.__valid_channelname_regexp try: handler_table[command]() except KeyError: self.reply("421 %s %s :Unknown command" % (self.nickname, command)) def socket_readable_notification(self): try: data = self.socket.recv(2 ** 10) self.server.print_debug( "[%s:%d] -> %r" % (self.host, self.port, data)) quitmsg = "EOT" except socket.error as x: data = "" quitmsg = x if data: self.__readbuffer += socket_to_buffer(data) self.__parse_read_buffer() self.__timestamp = time.time() self.__sent_ping = False else: self.disconnect(quitmsg) def socket_writable_notification(self): try: sent = self.socket.send(buffer_to_socket(self.__writebuffer)) self.server.print_debug( "[%s:%d] <- %r" % ( self.host, self.port, self.__writebuffer[:sent])) self.__writebuffer = self.__writebuffer[sent:] except socket.error as x: self.disconnect(x) def disconnect(self, quitmsg): self.message("ERROR :%s" % quitmsg) self.server.print_info( "Disconnected connection from %s:%s (%s)." % ( self.host, self.port, quitmsg)) self.socket.close() self.server.remove_client(self, quitmsg) def message(self, msg): self.__writebuffer += msg + "\r\n" def reply(self, msg): self.message(":%s %s" % (self.server.name, msg)) def reply_403(self, channel): self.reply("403 %s %s :No such channel" % (self.nickname, channel)) def reply_461(self, command): nickname = self.nickname or "*" self.reply("461 %s %s :Not enough parameters" % (nickname, command)) def message_channel(self, channel, command, message, include_self=False): line = ":%s %s %s" % (self.prefix, command, message) for client in channel.members: if client != self or include_self: client.message(line) def channel_log(self, channel, message, meta=False): if not self.server.channel_log_dir: return if meta: format = "[%s] * %s %s\n" else: format = "[%s] <%s> %s\n" timestamp = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S UTC") logname = channel.name.replace("_", "__").replace("/", "_") fp = open("%s/%s.log" % (self.server.channel_log_dir, logname), "a") fp.write(format % (timestamp, self.nickname, message)) fp.close() def message_related(self, msg, include_self=False): clients = set() if include_self: clients.add(self) for channel in self.channels.values(): clients |= channel.members if not include_self: clients.discard(self) for client in clients: client.message(msg) def send_lusers(self): self.reply("251 %s :There are %d users and 0 services on 1 server" % (self.nickname, len(self.server.clients))) def send_motd(self): server = self.server motdlines = server.get_motd_lines() if motdlines: self.reply("375 %s :- %s Message of the day -" % (self.nickname, server.name)) for line in motdlines: self.reply("372 %s :- %s" % (self.nickname, line.rstrip())) self.reply("376 %s :End of /MOTD command" % self.nickname) else: self.reply("422 %s :MOTD File is missing" % self.nickname) class Server(object): def __init__(self, options): self.ports = options.ports self.password = options.password self.ssl_pem_file = options.ssl_pem_file self.motdfile = options.motd self.verbose = options.verbose self.debug = options.debug self.channel_log_dir = options.channel_log_dir self.chroot = options.chroot self.setuid = options.setuid self.state_dir = options.state_dir self.log_file = options.log_file self.log_max_bytes = options.log_max_size * 1024 * 1024 self.log_count = options.log_count self.logger = None if options.password_file: with open(options.password_file, "r") as fp: self.password = fp.read().strip("\n") if self.ssl_pem_file: self.ssl = __import__("ssl") # Find certificate after daemonization if path is relative: if self.ssl_pem_file and os.path.exists(self.ssl_pem_file): self.ssl_pem_file = os.path.abspath(self.ssl_pem_file) # else: might exist in the chroot jail, so just continue if options.listen: self.address = socket.gethostbyname(options.listen) else: self.address = "" server_name_limit = 63 # From the RFC. self.name = socket.getfqdn(self.address)[:server_name_limit] self.channels = {} # irc_lower(Channel name) --> Channel instance. self.clients = {} # Socket --> Client instance. self.nicknames = {} # irc_lower(Nickname) --> Client instance. if self.channel_log_dir: create_directory(self.channel_log_dir) if self.state_dir: create_directory(self.state_dir) def make_pid_file(self, filename): try: fd = os.open(filename, os.O_RDWR | os.O_CREAT | os.O_EXCL, 0o644) os.write(fd, "%i\n" % os.getpid()) os.close(fd) except: self.print_error("Could not create PID file %r" % filename) sys.exit(1) def daemonize(self): try: pid = os.fork() if pid > 0: sys.exit(0) except OSError: sys.exit(1) os.setsid() try: pid = os.fork() if pid > 0: self.print_info("PID: %d" % pid) sys.exit(0) except OSError: sys.exit(1) os.chdir("/") os.umask(0) dev_null = open("/dev/null", "r+") os.dup2(dev_null.fileno(), sys.stdout.fileno()) os.dup2(dev_null.fileno(), sys.stderr.fileno()) os.dup2(dev_null.fileno(), sys.stdin.fileno()) def get_client(self, nickname): return self.nicknames.get(irc_lower(nickname)) def has_channel(self, name): return irc_lower(name) in self.channels def get_channel(self, channelname): if irc_lower(channelname) in self.channels: channel = self.channels[irc_lower(channelname)] else: channel = Channel(self, channelname) self.channels[irc_lower(channelname)] = channel return channel def get_motd_lines(self): if self.motdfile: try: return open(self.motdfile).readlines() except IOError: return ["Could not read MOTD file %r." % self.motdfile] else: return [] def print_info(self, msg): if self.verbose: print(msg) sys.stdout.flush() if self.logger: self.logger.info(msg) def print_debug(self, msg): if self.debug: print(msg) sys.stdout.flush() if self.logger: self.logger.debug(msg) def print_error(self, msg): sys.stderr.write("%s\n" % msg) if self.logger: self.logger.error(msg) def client_changed_nickname(self, client, oldnickname): if oldnickname: del self.nicknames[irc_lower(oldnickname)] self.nicknames[irc_lower(client.nickname)] = client def remove_member_from_channel(self, client, channelname): if irc_lower(channelname) in self.channels: channel = self.channels[irc_lower(channelname)] channel.remove_client(client) def remove_client(self, client, quitmsg): client.message_related(":%s QUIT :%s" % (client.prefix, quitmsg)) for x in client.channels.values(): client.channel_log(x, "quit (%s)" % quitmsg, meta=True) x.remove_client(client) if client.nickname \ and irc_lower(client.nickname) in self.nicknames: del self.nicknames[irc_lower(client.nickname)] del self.clients[client.socket] def remove_channel(self, channel): del self.channels[irc_lower(channel.name)] def start(self): serversockets = [] for port in self.ports: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) try: s.bind((self.address, port)) except socket.error as e: self.print_error("Could not bind port %s: %s." % (port, e)) sys.exit(1) s.listen(5) serversockets.append(s) del s self.print_info("Listening on port %d." % port) if self.chroot: os.chdir(self.chroot) os.chroot(self.chroot) self.print_info("Changed root directory to %s" % self.chroot) if self.setuid: os.setgid(self.setuid[1]) os.setuid(self.setuid[0]) self.print_info("Setting uid:gid to %s:%s" % (self.setuid[0], self.setuid[1])) self.init_logging() try: self.run(serversockets) except: if self.logger: self.logger.exception("Fatal exception") raise def init_logging(self): if not self.log_file: return log_level = logging.INFO if self.debug: log_level = logging.DEBUG self.logger = logging.getLogger("miniircd") formatter = logging.Formatter( ("%(asctime)s - %(name)s[%(process)d] - " "%(levelname)s - %(message)s")) fh = RotatingFileHandler( self.log_file, maxBytes=self.log_max_bytes, backupCount=self.log_count) fh.setLevel(log_level) fh.setFormatter(formatter) self.logger.setLevel(log_level) self.logger.addHandler(fh) def run(self, serversockets): last_aliveness_check = time.time() while True: (iwtd, owtd, ewtd) = select.select( serversockets + [x.socket for x in self.clients.values()], [x.socket for x in self.clients.values() if x.write_queue_size() > 0], [], 10) for x in iwtd: if x in self.clients: self.clients[x].socket_readable_notification() else: (conn, addr) = x.accept() if self.ssl_pem_file: try: conn = self.ssl.wrap_socket( conn, server_side=True, certfile=self.ssl_pem_file, keyfile=self.ssl_pem_file) except Exception as e: self.print_error( "SSL error for connection from %s:%s: %s" % ( addr[0], addr[1], e)) continue try: self.clients[conn] = Client(self, conn) self.print_info("Accepted connection from %s:%s." % ( addr[0], addr[1])) except socket.error as e: try: conn.close() except: pass for x in owtd: if x in self.clients: # client may have been disconnected self.clients[x].socket_writable_notification() now = time.time() if last_aliveness_check + 10 < now: for client in list(self.clients.values()): client.check_aliveness() last_aliveness_check = now _maketrans = str.maketrans if PY3 else string.maketrans _ircstring_translation = _maketrans( string.ascii_lowercase.upper() + "[]\\^", string.ascii_lowercase + "{}|~") def irc_lower(s): return s.translate(_ircstring_translation) def main(argv): op = OptionParser( version=VERSION, description="miniircd is a small and limited IRC server.") op.add_option( "--channel-log-dir", metavar="X", help="store channel log in directory X") op.add_option( "-d", "--daemon", action="store_true", help="fork and become a daemon") op.add_option( "--debug", action="store_true", help="print debug messages to stdout") op.add_option( "--listen", metavar="X", help="listen on specific IP address X") op.add_option( "--log-count", metavar="X", default=10, type="int", help="keep X log files; default: %default") op.add_option( "--log-file", metavar="X", help="store log in file X") op.add_option( "--log-max-size", metavar="X", default=10, type="int", help="set maximum log file size to X MiB; default: %default MiB") op.add_option( "--motd", metavar="X", help="display file X as message of the day") op.add_option( "--pid-file", metavar="X", help="write PID to file X") op.add_option( "-p", "--password", metavar="X", help="require connection password X; default: no password") op.add_option( "--password-file", metavar="X", help=("require connection password stored in file X;" " default: no password")) op.add_option( "--ports", metavar="X", help="listen to ports X (a list separated by comma or whitespace);" " default: 6667 or 6697 if SSL is enabled") op.add_option( "-s", "--ssl-pem-file", metavar="FILE", help="enable SSL and use FILE as the .pem certificate+key") op.add_option( "--state-dir", metavar="X", help="save persistent channel state (topic, key) in directory X") op.add_option( "--verbose", action="store_true", help="be verbose (print some progress messages to stdout)") if os.name == "posix": op.add_option( "--chroot", metavar="X", help="change filesystem root to directory X after startup" " (requires root)") op.add_option( "--setuid", metavar="U[:G]", help="change process user (and optionally group) after startup" " (requires root)") else: op.chroot = False op.setuid = False (options, args) = op.parse_args(argv[1:]) if options.debug: options.verbose = True if options.ports is None: if options.ssl_pem_file is None: options.ports = "6667" else: options.ports = "6697" if options.chroot: if os.getuid() != 0: op.error("Must be root to use --chroot") if options.setuid: from pwd import getpwnam from grp import getgrnam if os.getuid() != 0: op.error("Must be root to use --setuid") matches = options.setuid.split(":") if len(matches) == 2: options.setuid = (getpwnam(matches[0]).pw_uid, getgrnam(matches[1]).gr_gid) elif len(matches) == 1: options.setuid = (getpwnam(matches[0]).pw_uid, getpwnam(matches[0]).pw_gid) else: op.error("Specify a user, or user and group separated by a colon," " e.g. --setuid daemon, --setuid nobody:nobody") if (os.getuid() == 0 or os.getgid() == 0) and not options.setuid: op.error("Running this service as root is not recommended. Use the" " --setuid option to switch to an unprivileged account after" " startup. If you really intend to run as root, use" " \"--setuid root\".") ports = [] for port in re.split(r"[,\s]+", options.ports): try: ports.append(int(port)) except ValueError: op.error("bad port: %r" % port) options.ports = ports server = Server(options) if options.daemon: server.daemonize() if options.pid_file: server.make_pid_file(options.pid_file) try: server.start() except KeyboardInterrupt: server.print_error("Interrupted.") main(sys.argv) ################################# top of the script don't think needed just in case ya might add 'import ssl' on github the python file is named a bit different to start the script save it as example: minircd.py chmod +x the script as root from hidircz directory with your pem file and motd file: # python minircd.py --ssl-pem-file=/root/hidircz/hidz.pem --listen 127.0.0.1 --motd=huh.motd --setuid=root i didn't test this out but to run the script as non root ya might need change directory to say /home/nonrootuser move everything there, chown -R nonroot:nonroot all the files so ssl doesn't gripe about an error i might be wrong on this fyi to get help with the irc server: # python minircd.py -h i forgot to mention to start tor at least on arch: # /usr/bin/tor -f /etc/tor/torrc so now you have a irc tor chat server up in stealth mode plus an additional layer of ssl the clients say via irssi can connect as follows: # socat TCP4-LISTEN:8000,reuseaddr,fork SOCKS4a:127.0.0.1:newtorsitenamehere.onion:6697,socksport=9050 you don't add the 'irc' in front of the 'domain' just the onion address without 'irc' then launch irssi and to connect /connect -ssl 127.0.0.1 8000 you can create a room join chat typical irc stuff anything done as /whois will show localhost no ip info for pidgin users little different but not much... basic tab is irc protocol yer user name server is the tor address without 'irc' advanced tab port 6697 proxy tab... proxy is http host 127.0.0.1 port 8118 start privoxy before connecting: # /usr/bin/privoxy --no-daemon /etc/privoxy/config here is my privoxy config: ####################################### # Generally, this file goes in /etc/privoxy/config # unfucked config by cm0s 010117 # to start /usr/bin/privoxy --no-dameon /etc/privoxy/config # Tor listens as a SOCKS4a proxy here: forward-socks5 / 127.0.0.1:9050 . # confz confdir /etc/privoxy logdir /var/log/privoxy # actionsfile standard # Internal purpose, recommended actionsfile default.action # Main actions file actionsfile user.action # User customizations filterfile default.filter # timeout shit keep-alive-timeout 600 # mohr timeout shit default-server-timeout 600 # yet mohhhrrr... socket-timeout 600 # Don't log interesting things, only startup messages, warnings and errors logfile logfile #jarfile jarfile #debug 0 # show each GET/POST/CONNECT request debug 4096 # Startup banner and warnings debug 8192 # Errors - *we highly recommended enabling this* user-manual /usr/share/doc/privoxy/user-manual listen-address localhost:8118 toggle 1 enable-remote-toggle 0 enable-edit-actions 0 enable-remote-http-toggle 0 buffer-limit 4096 # # ######################################## a quick side note: make sure logging is off in pidgin and also the otr plugin so recap, ya just launched your very own irc chat server can make your own motd, publish your otr key add whatever custom stuff ya want and ya really made it private coz it's in stealth mode stealth mode tor is NOT listed in the tor directory and even if someone finds your onion address they can't do anything, won't even let them scan your address without the auth cookie, and you added another layer of ssl cheerz splif
  15. Like
    cm0s got a reaction from Casper31 in google logo   ...
    https://www.nytimes.com/2017/06/27/technology/eu-google-fine.html
     
     
     
     
    # airvpn irc hidden service stealth mode ssl

    # mkdir hidircz
    # cd d0wnz
    # touch cool.motd
    # vim cool.motd
    hit 'i' copy paste
    text below or your own
    custom motd
    hit 'esc' key then type ':wq'
    ____ _ ____ _  _ ___  _  _
    |__| | |__/ |  | |__] |\ |
    |  | | |  \  \/  |    | \|
    ===========================                          
    https://airvpn.org

    add this to your torrc file
    mod for your own config if needed...

    VirtualAddrNetwork 10.192.0.0/10
    TransPort 9040
    DNSPort 53
    AutomapHostsOnResolve 1

    ##hidden service
    HiddenServiceDir /var/lib/tor/
    HiddenServicePort 6697 127.0.0.1:6697
    HiddenServiceAuthorizeClient stealth IRCvisitor
    HidServAuth newtorsitenamehere.onion stealthpasshere

    you'll start tor and then stop tor to get your hidden service
    hostname and authorization cookie, this 'cookie' is in the hostname
    /var/lib/tor
    looks like this:
    newtorsitenamehere.onion yourauthcookieherebruh # client: IRCvisitor

    now remember in the torrc file below the port you created the 'IRCvisitor'
    without this information from /var/lib/tor added to the torrc file in the example
    above you cannot access the irc server or if it were http you can not access it
    even from the box hosting the irc/http server
    the advantage to stealth mode is this: it is NOT listed in the tor directory
    and if anything goes wrong with your irc server or you just want to create another openssl req -x509 -sha256 -newkey rsa:2048 -keyout ~/d0wnz/ircpriv.pem -out ~/d0wnz/ircert.pem -days 1024 -nodes -subj '/CN=irc.z4ojdtiaqvdfi4ys.onion'
    'domain' no problem, you are not tied to anything, and anyone accessing your site/chat
    has to have contacted you to get the authorization cookie

    from hidircz directory...
    # openssl req -x509 -sha256 -newkey rsa:2048 -keyout /root/hidrircz/ircpriv.pem -out /root/hidircz/ircert.pem -days 1024 -nodes -subj '/CN=irc.newtorsitenamehere.onion'
    # cat /root/hidircz/ircpriv.pem > hidz.pem
    # cat /root/hidircz/ircert.pem >> hidz.pem

    here's the python script....
    #################################

    #! /usr/bin/env python
    # https://github.com/jrosdahl/miniircd
    # Joel Rosdahl <joel@rosdahl.net>
    # pacman -S python-pyopenssl if needed

    import logging
    import os
    import re
    import select
    import socket
    import string
    import sys
    import tempfile
    import time
    from datetime import datetime
    from logging.handlers import RotatingFileHandler
    from optparse import OptionParser

    VERSION = "1.2.1"


    PY3 = sys.version_info[0] >= 3

    if PY3:
        def buffer_to_socket(msg):
            return msg.encode()

        def socket_to_buffer(buf):
            return buf.decode()
    else:
        def buffer_to_socket(msg):
            return msg

        def socket_to_buffer(buf):
            return buf


    def create_directory(path):
        if not os.path.isdir(path):
            os.makedirs(path)


    class Channel(object):
        def __init__(self, server, name):
            self.server = server
            self.name = name
            self.members = set()
            self._topic = ""
            self._key = None
            if self.server.state_dir:
                self._state_path = "%s/%s" % (
                    self.server.state_dir,
                    name.replace("_", "__").replace("/", "_"))
                self._read_state()
            else:
                self._state_path = None

        def add_member(self, client):
            self.members.add(client)

        def get_topic(self):
            return self._topic

        def set_topic(self, value):
            self._topic = value
            self._write_state()

        topic = property(get_topic, set_topic)

        def get_key(self):
            return self._key

        def set_key(self, value):
            self._key = value
            self._write_state()

        key = property(get_key, set_key)

        def remove_client(self, client):
            self.members.discard(client)
            if not self.members:
                self.server.remove_channel(self)

        def _read_state(self):
            if not (self._state_path and os.path.exists(self._state_path)):
                return
            data = {}

            with open(self._state_path, "rb") as state_file:
                exec(state_file.read(), {}, data)

            self._topic = data.get("topic", "")
            self._key = data.get("key")

        def _write_state(self):
            if not self._state_path:
                return
            (fd, path) = tempfile.mkstemp(dir=os.path.dirname(self._state_path))
            fp = os.fdopen(fd, "w")
            fp.write("topic = %r\n" % self.topic)
            fp.write("key = %r\n" % self.key)
            fp.close()
            os.rename(path, self._state_path)


    class Client(object):
        __linesep_regexp = re.compile(r"\r?\n")
        # The RFC limit for nicknames is 9 characters, but what the heck.
        __valid_nickname_regexp = re.compile(
            r"^[][\`_^{|}A-Za-z][][\`_^{|}A-Za-z0-9-]{0,50}$")
        __valid_channelname_regexp = re.compile(
            r"^[+!][^\x00\x07\x0a\x0d ,:]{0,50}$")

        def __init__(self, server, socket):
            self.server = server
            self.socket = socket
            self.channels = {}  # irc_lower(Channel name) --> Channel
            self.nickname = None
            self.user = None
            self.realname = None
            (self.host, self.port) = socket.getpeername()
            self.__timestamp = time.time()
            self.__readbuffer = ""
            self.__writebuffer = ""
            self.__sent_ping = False
            if self.server.password:
                self.__handle_command = self.__pass_handler
            else:
                self.__handle_command = self.__registration_handler

        def get_prefix(self):
            return "%s!%s@%s" % (self.nickname, self.user, self.host)
        prefix = property(get_prefix)

        def check_aliveness(self):
            now = time.time()
            if self.__timestamp + 180 < now:
                self.disconnect("ping timeout")
                return
            if not self.__sent_ping and self.__timestamp + 90 < now:
                if self.__handle_command == self.__command_handler:
                    # Registered.
                    self.message("PING :%s" % self.server.name)
                    self.__sent_ping = True
                else:
                    # Not registered.
                    self.disconnect("ping timeout")

        def write_queue_size(self):
            return len(self.__writebuffer)

        def __parse_read_buffer(self):
            lines = self.__linesep_regexp.split(self.__readbuffer)
            self.__readbuffer = lines[-1]
            lines = lines[:-1]
            for line in lines:
                if not line:
                    # Empty line. Ignore.
                    continue
                x = line.split(" ", 1)
                command = x[0].upper()
                if len(x) == 1:
                    arguments = []
                else:
                    if len(x[1]) > 0 and x[1][0] == ":":
                        arguments = [x[1][1:]]
                    else:
                        y = x[1].split(" :", 1)
                        arguments = y[0].split()
                        if len(y) == 2:
                            arguments.append(y[1])
                self.__handle_command(command, arguments)

        def __pass_handler(self, command, arguments):
            server = self.server
            if command == "PASS":
                if len(arguments) == 0:
                    self.reply_461("PASS")
                else:
                    if arguments[0].lower() == server.password:
                        self.__handle_command = self.__registration_handler
                    else:
                        self.reply("464 :Password incorrect")
            elif command == "QUIT":
                self.disconnect("Client quit")
                return

        def __registration_handler(self, command, arguments):
            server = self.server
            if command == "NICK":
                if len(arguments) < 1:
                    self.reply("431 :No nickname given")
                    return
                nick = arguments[0]
                if server.get_client(nick):
                    self.reply("433 * %s :Nickname is already in use" % nick)
                elif not self.__valid_nickname_regexp.match(nick):
                    self.reply("432 * %s :Erroneous nickname" % nick)
                else:
                    self.nickname = nick
                    server.client_changed_nickname(self, None)
            elif command == "USER":
                if len(arguments) < 4:
                    self.reply_461("USER")
                    return
                self.user = arguments[0]
                self.realname = arguments[3]
            elif command == "QUIT":
                self.disconnect("Client quit")
                return
            if self.nickname and self.user:
                self.reply("001 %s :Hi, welcome to IRC" % self.nickname)
                self.reply("002 %s :Your host is %s, running version miniircd-%s"
                           % (self.nickname, server.name, VERSION))
                self.reply("003 %s :This server was created sometime"
                           % self.nickname)
                self.reply("004 %s %s miniircd-%s o o"
                           % (self.nickname, server.name, VERSION))
                self.send_lusers()
                self.send_motd()
                self.__handle_command = self.__command_handler

        def __send_names(self, arguments, for_join=False):
            server = self.server
            valid_channel_re = self.__valid_channelname_regexp
            if len(arguments) > 0:
                channelnames = arguments[0].split(",")
            else:
                channelnames = sorted(self.channels.keys())
            if len(arguments) > 1:
                keys = arguments[1].split(",")
            else:
                keys = []
            keys.extend((len(channelnames) - len(keys)) * [None])
            for (i, channelname) in enumerate(channelnames):
                if for_join and irc_lower(channelname) in self.channels:
                    continue
                if not valid_channel_re.match(channelname):
                    self.reply_403(channelname)
                    continue
                channel = server.get_channel(channelname)
                if channel.key is not None and channel.key != keys:
                    self.reply(
                        "475 %s %s :Cannot join channel (+k) - bad key"
                        % (self.nickname, channelname))
                    continue

                if for_join:
                    channel.add_member(self)
                    self.channels[irc_lower(channelname)] = channel
                    self.message_channel(channel, "JOIN", channelname, True)
                    self.channel_log(channel, "joined", meta=True)
                    if channel.topic:
                        self.reply("332 %s %s :%s"
                                   % (self.nickname, channel.name, channel.topic))
                    else:
                        self.reply("331 %s %s :No topic is set"
                                   % (self.nickname, channel.name))
                names_prefix = "353 %s = %s :" % (self.nickname, channelname)
                names = ""
                # Max length: reply prefix ":server_name(space)" plus CRLF in
                # the end.
                names_max_len = 512 - (len(server.name) + 2 + 2)
                for name in sorted(x.nickname for x in channel.members):
                    if not names:
                        names = names_prefix + name
                    # Using >= to include the space between "names" and "name".
                    elif len(names) + len(name) >= names_max_len:
                        self.reply(names)
                        names = names_prefix + name
                    else:
                        names += " " + name
                if names:
                    self.reply(names)
                self.reply("366 %s %s :End of NAMES list"
                           % (self.nickname, channelname))

        def __command_handler(self, command, arguments):
            def away_handler():
                pass

            def ison_handler():
                if len(arguments) < 1:
                    self.reply_461("ISON")
                    return
                nicks = arguments
                online = [n for n in nicks if server.get_client(n)]
                self.reply("303 %s :%s" % (self.nickname, " ".join(online)))

            def join_handler():
                if len(arguments) < 1:
                    self.reply_461("JOIN")
                    return
                if arguments[0] == "0":
                    for (channelname, channel) in self.channels.items():
                        self.message_channel(channel, "PART", channelname, True)
                        self.channel_log(channel, "left", meta=True)
                        server.remove_member_from_channel(self, channelname)
                    self.channels = {}
                    return
                self.__send_names(arguments, for_join=True)

            def list_handler():
                if len(arguments) < 1:
                    channels = server.channels.values()
                else:
                    channels = []
                    for channelname in arguments[0].split(","):
                        if server.has_channel(channelname):
                            channels.append(server.get_channel(channelname))

                sorted_channels = sorted(channels, key=lambda x: x.name)
                for channel in sorted_channels:
                    self.reply("322 %s %s %d :%s"
                               % (self.nickname, channel.name,
                                  len(channel.members), channel.topic))
                self.reply("323 %s :End of LIST" % self.nickname)

            def lusers_handler():
                self.send_lusers()

            def mode_handler():
                if len(arguments) < 1:
                    self.reply_461("MODE")
                    return
                targetname = arguments[0]
                if server.has_channel(targetname):
                    channel = server.get_channel(targetname)
                    if len(arguments) < 2:
                        if channel.key:
                            modes = "+k"
                            if irc_lower(channel.name) in self.channels:
                                modes += " %s" % channel.key
                        else:
                            modes = "+"
                        self.reply("324 %s %s %s"
                                   % (self.nickname, targetname, modes))
                        return
                    flag = arguments[1]
                    if flag == "+k":
                        if len(arguments) < 3:
                            self.reply_461("MODE")
                            return
                        key = arguments[2]
                        if irc_lower(channel.name) in self.channels:
                            channel.key = key
                            self.message_channel(
                                channel, "MODE", "%s +k %s" % (channel.name, key),
                                True)
                            self.channel_log(
                                channel, "set channel key to %s" % key, meta=True)
                        else:
                            self.reply("442 %s :You're not on that channel"
                                       % targetname)
                    elif flag == "-k":
                        if irc_lower(channel.name) in self.channels:
                            channel.key = None
                            self.message_channel(
                                channel, "MODE", "%s -k" % channel.name,
                                True)
                            self.channel_log(
                                channel, "removed channel key", meta=True)
                        else:
                            self.reply("442 %s :You're not on that channel"
                                       % targetname)
                    else:
                        self.reply("472 %s %s :Unknown MODE flag"
                                   % (self.nickname, flag))
                elif targetname == self.nickname:
                    if len(arguments) == 1:
                        self.reply("221 %s +" % self.nickname)
                    else:
                        self.reply("501 %s :Unknown MODE flag" % self.nickname)
                else:
                    self.reply_403(targetname)

            def motd_handler():
                self.send_motd()

            def names_handler():
                self.__send_names(arguments)

            def nick_handler():
                if len(arguments) < 1:
                    self.reply("431 :No nickname given")
                    return
                newnick = arguments[0]
                client = server.get_client(newnick)
                if newnick == self.nickname:
                    pass
                elif client and client is not self:
                    self.reply("433 %s %s :Nickname is already in use"
                               % (self.nickname, newnick))
                elif not self.__valid_nickname_regexp.match(newnick):
                    self.reply("432 %s %s :Erroneous Nickname"
                               % (self.nickname, newnick))
                else:
                    for x in self.channels.values():
                        self.channel_log(
                            x, "changed nickname to %s" % newnick, meta=True)
                    oldnickname = self.nickname
                    self.nickname = newnick
                    server.client_changed_nickname(self, oldnickname)
                    self.message_related(
                        ":%s!%s@%s NICK %s"
                        % (oldnickname, self.user, self.host, self.nickname),
                        True)

            def notice_and_privmsg_handler():
                if len(arguments) == 0:
                    self.reply("411 %s :No recipient given (%s)"
                               % (self.nickname, command))
                    return
                if len(arguments) == 1:
                    self.reply("412 %s :No text to send" % self.nickname)
                    return
                targetname = arguments[0]
                message = arguments[1]
                client = server.get_client(targetname)
                if client:
                    client.message(":%s %s %s :%s"
                                   % (self.prefix, command, targetname, message))
                elif server.has_channel(targetname):
                    channel = server.get_channel(targetname)
                    self.message_channel(
                        channel, command, "%s :%s" % (channel.name, message))
                    self.channel_log(channel, message)
                else:
                    self.reply("401 %s %s :No such nick/channel"
                               % (self.nickname, targetname))

            def part_handler():
                if len(arguments) < 1:
                    self.reply_461("PART")
                    return
                if len(arguments) > 1:
                    partmsg = arguments[1]
                else:
                    partmsg = self.nickname
                for channelname in arguments[0].split(","):
                    if not valid_channel_re.match(channelname):
                        self.reply_403(channelname)
                    elif not irc_lower(channelname) in self.channels:
                        self.reply("442 %s %s :You're not on that channel"
                                   % (self.nickname, channelname))
                    else:
                        channel = self.channels[irc_lower(channelname)]
                        self.message_channel(
                            channel, "PART", "%s :%s" % (channelname, partmsg),
                            True)
                        self.channel_log(channel, "left (%s)" % partmsg, meta=True)
                        del self.channels[irc_lower(channelname)]
                        server.remove_member_from_channel(self, channelname)

            def ping_handler():
                if len(arguments) < 1:
                    self.reply("409 %s :No origin specified" % self.nickname)
                    return
                self.reply("PONG %s :%s" % (server.name, arguments[0]))

            def pong_handler():
                pass

            def quit_handler():
                if len(arguments) < 1:
                    quitmsg = self.nickname
                else:
                    quitmsg = arguments[0]
                self.disconnect(quitmsg)

            def topic_handler():
                if len(arguments) < 1:
                    self.reply_461("TOPIC")
                    return
                channelname = arguments[0]
                channel = self.channels.get(irc_lower(channelname))
                if channel:
                    if len(arguments) > 1:
                        newtopic = arguments[1]
                        channel.topic = newtopic
                        self.message_channel(
                            channel, "TOPIC", "%s :%s" % (channelname, newtopic),
                            True)
                        self.channel_log(
                            channel, "set topic to %r" % newtopic, meta=True)
                    else:
                        if channel.topic:
                            self.reply("332 %s %s :%s"
                                       % (self.nickname, channel.name,
                                          channel.topic))
                        else:
                            self.reply("331 %s %s :No topic is set"
                                       % (self.nickname, channel.name))
                else:
                    self.reply("442 %s :You're not on that channel" % channelname)

            def wallops_handler():
                if len(arguments) < 1:
                    self.reply_461("WALLOPS")
                    return
                message = arguments[0]
                for client in server.clients.values():
                    client.message(":%s NOTICE %s :Global notice: %s"
                                   % (self.prefix, client.nickname, message))

            def who_handler():
                if len(arguments) < 1:
                    return
                targetname = arguments[0]
                if server.has_channel(targetname):
                    channel = server.get_channel(targetname)
                    for member in channel.members:
                        self.reply("352 %s %s %s %s %s %s H :0 %s"
                                   % (self.nickname, targetname, member.user,
                                      member.host, server.name, member.nickname,
                                      member.realname))
                    self.reply("315 %s %s :End of WHO list"
                               % (self.nickname, targetname))

            def whois_handler():
                if len(arguments) < 1:
                    return
                username = arguments[0]
                user = server.get_client(username)
                if user:
                    self.reply("311 %s %s %s %s * :%s"
                               % (self.nickname, user.nickname, user.user,
                                  user.host, user.realname))
                    self.reply("312 %s %s %s :%s"
                               % (self.nickname, user.nickname, server.name,
                                  server.name))
                    self.reply("319 %s %s :%s"
                               % (self.nickname, user.nickname,
                                  " ".join(user.channels)))
                    self.reply("318 %s %s :End of WHOIS list"
                               % (self.nickname, user.nickname))
                else:
                    self.reply("401 %s %s :No such nick"
                               % (self.nickname, username))

            handler_table = {
                "AWAY": away_handler,
                "ISON": ison_handler,
                "JOIN": join_handler,
                "LIST": list_handler,
                "LUSERS": lusers_handler,
                "MODE": mode_handler,
                "MOTD": motd_handler,
                "NAMES": names_handler,
                "NICK": nick_handler,
                "NOTICE": notice_and_privmsg_handler,
                "PART": part_handler,
                "PING": ping_handler,
                "PONG": pong_handler,
                "PRIVMSG": notice_and_privmsg_handler,
                "QUIT": quit_handler,
                "TOPIC": topic_handler,
                "WALLOPS": wallops_handler,
                "WHO": who_handler,
                "WHOIS": whois_handler,
            }
            server = self.server
            valid_channel_re = self.__valid_channelname_regexp
            try:
                handler_table[command]()
            except KeyError:
                self.reply("421 %s %s :Unknown command" % (self.nickname, command))

        def socket_readable_notification(self):
            try:
                data = self.socket.recv(2 ** 10)
                self.server.print_debug(
                    "[%s:%d] -> %r" % (self.host, self.port, data))
                quitmsg = "EOT"
            except socket.error as x:
                data = ""
                quitmsg = x
            if data:
                self.__readbuffer += socket_to_buffer(data)
                self.__parse_read_buffer()
                self.__timestamp = time.time()
                self.__sent_ping = False
            else:
                self.disconnect(quitmsg)

        def socket_writable_notification(self):
            try:
                sent = self.socket.send(buffer_to_socket(self.__writebuffer))
                self.server.print_debug(
                    "[%s:%d] <- %r" % (
                        self.host, self.port, self.__writebuffer[:sent]))
                self.__writebuffer = self.__writebuffer[sent:]
            except socket.error as x:
                self.disconnect(x)

        def disconnect(self, quitmsg):
            self.message("ERROR :%s" % quitmsg)
            self.server.print_info(
                "Disconnected connection from %s:%s (%s)." % (
                    self.host, self.port, quitmsg))
            self.socket.close()
            self.server.remove_client(self, quitmsg)

        def message(self, msg):
            self.__writebuffer += msg + "\r\n"

        def reply(self, msg):
            self.message(":%s %s" % (self.server.name, msg))

        def reply_403(self, channel):
            self.reply("403 %s %s :No such channel" % (self.nickname, channel))

        def reply_461(self, command):
            nickname = self.nickname or "*"
            self.reply("461 %s %s :Not enough parameters" % (nickname, command))

        def message_channel(self, channel, command, message, include_self=False):
            line = ":%s %s %s" % (self.prefix, command, message)
            for client in channel.members:
                if client != self or include_self:
                    client.message(line)

        def channel_log(self, channel, message, meta=False):
            if not self.server.channel_log_dir:
                return
            if meta:
                format = "[%s] * %s %s\n"
            else:
                format = "[%s] <%s> %s\n"
            timestamp = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S UTC")
            logname = channel.name.replace("_", "__").replace("/", "_")
            fp = open("%s/%s.log" % (self.server.channel_log_dir, logname), "a")
            fp.write(format % (timestamp, self.nickname, message))
            fp.close()

        def message_related(self, msg, include_self=False):
            clients = set()
            if include_self:
                clients.add(self)
            for channel in self.channels.values():
                clients |= channel.members
            if not include_self:
                clients.discard(self)
            for client in clients:
                client.message(msg)

        def send_lusers(self):
            self.reply("251 %s :There are %d users and 0 services on 1 server"
                       % (self.nickname, len(self.server.clients)))

        def send_motd(self):
            server = self.server
            motdlines = server.get_motd_lines()
            if motdlines:
                self.reply("375 %s :- %s Message of the day -"
                           % (self.nickname, server.name))
                for line in motdlines:
                    self.reply("372 %s :- %s" % (self.nickname, line.rstrip()))
                self.reply("376 %s :End of /MOTD command" % self.nickname)
            else:
                self.reply("422 %s :MOTD File is missing" % self.nickname)


    class Server(object):
        def __init__(self, options):
            self.ports = options.ports
            self.password = options.password
            self.ssl_pem_file = options.ssl_pem_file
            self.motdfile = options.motd
            self.verbose = options.verbose
            self.debug = options.debug
            self.channel_log_dir = options.channel_log_dir
            self.chroot = options.chroot
            self.setuid = options.setuid
            self.state_dir = options.state_dir
            self.log_file = options.log_file
            self.log_max_bytes = options.log_max_size * 1024 * 1024
            self.log_count = options.log_count
            self.logger = None

            if options.password_file:
                with open(options.password_file, "r") as fp:
                    self.password = fp.read().strip("\n")

            if self.ssl_pem_file:
                self.ssl = __import__("ssl")

            # Find certificate after daemonization if path is relative:
            if self.ssl_pem_file and os.path.exists(self.ssl_pem_file):
                self.ssl_pem_file = os.path.abspath(self.ssl_pem_file)
            # else: might exist in the chroot jail, so just continue

            if options.listen:
                self.address = socket.gethostbyname(options.listen)
            else:
                self.address = ""
            server_name_limit = 63  # From the RFC.
            self.name = socket.getfqdn(self.address)[:server_name_limit]

            self.channels = {}  # irc_lower(Channel name) --> Channel instance.
            self.clients = {}  # Socket --> Client instance.
            self.nicknames = {}  # irc_lower(Nickname) --> Client instance.
            if self.channel_log_dir:
                create_directory(self.channel_log_dir)
            if self.state_dir:
                create_directory(self.state_dir)

        def make_pid_file(self, filename):
            try:
                fd = os.open(filename, os.O_RDWR | os.O_CREAT | os.O_EXCL, 0o644)
                os.write(fd, "%i\n" % os.getpid())
                os.close(fd)
            except:
                self.print_error("Could not create PID file %r" % filename)
                sys.exit(1)

        def daemonize(self):
            try:
                pid = os.fork()
                if pid > 0:
                    sys.exit(0)
            except OSError:
                sys.exit(1)
            os.setsid()
            try:
                pid = os.fork()
                if pid > 0:
                    self.print_info("PID: %d" % pid)
                    sys.exit(0)
            except OSError:
                sys.exit(1)
            os.chdir("/")
            os.umask(0)
            dev_null = open("/dev/null", "r+")
            os.dup2(dev_null.fileno(), sys.stdout.fileno())
            os.dup2(dev_null.fileno(), sys.stderr.fileno())
            os.dup2(dev_null.fileno(), sys.stdin.fileno())

        def get_client(self, nickname):
            return self.nicknames.get(irc_lower(nickname))

        def has_channel(self, name):
            return irc_lower(name) in self.channels

        def get_channel(self, channelname):
            if irc_lower(channelname) in self.channels:
                channel = self.channels[irc_lower(channelname)]
            else:
                channel = Channel(self, channelname)
                self.channels[irc_lower(channelname)] = channel
            return channel

        def get_motd_lines(self):
            if self.motdfile:
                try:
                    return open(self.motdfile).readlines()
                except IOError:
                    return ["Could not read MOTD file %r." % self.motdfile]
            else:
                return []

        def print_info(self, msg):
            if self.verbose:
                print(msg)
                sys.stdout.flush()
            if self.logger:
                self.logger.info(msg)

        def print_debug(self, msg):
            if self.debug:
                print(msg)
                sys.stdout.flush()
            if self.logger:
                self.logger.debug(msg)

        def print_error(self, msg):
            sys.stderr.write("%s\n" % msg)
            if self.logger:
                self.logger.error(msg)

        def client_changed_nickname(self, client, oldnickname):
            if oldnickname:
                del self.nicknames[irc_lower(oldnickname)]
            self.nicknames[irc_lower(client.nickname)] = client

        def remove_member_from_channel(self, client, channelname):
            if irc_lower(channelname) in self.channels:
                channel = self.channels[irc_lower(channelname)]
                channel.remove_client(client)

        def remove_client(self, client, quitmsg):
            client.message_related(":%s QUIT :%s" % (client.prefix, quitmsg))
            for x in client.channels.values():
                client.channel_log(x, "quit (%s)" % quitmsg, meta=True)
                x.remove_client(client)
            if client.nickname \
                    and irc_lower(client.nickname) in self.nicknames:
                del self.nicknames[irc_lower(client.nickname)]
            del self.clients[client.socket]

        def remove_channel(self, channel):
            del self.channels[irc_lower(channel.name)]

        def start(self):
            serversockets = []
            for port in self.ports:
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
                try:
                    s.bind((self.address, port))
                except socket.error as e:
                    self.print_error("Could not bind port %s: %s." % (port, e))
                    sys.exit(1)
                s.listen(5)
                serversockets.append(s)
                del s
                self.print_info("Listening on port %d." % port)
            if self.chroot:
                os.chdir(self.chroot)
                os.chroot(self.chroot)
                self.print_info("Changed root directory to %s" % self.chroot)
            if self.setuid:
                os.setgid(self.setuid[1])
                os.setuid(self.setuid[0])
                self.print_info("Setting uid:gid to %s:%s"
                                % (self.setuid[0], self.setuid[1]))

            self.init_logging()
            try:
                self.run(serversockets)
            except:
                if self.logger:
                    self.logger.exception("Fatal exception")
                raise

        def init_logging(self):
            if not self.log_file:
                return

            log_level = logging.INFO
            if self.debug:
                log_level = logging.DEBUG
            self.logger = logging.getLogger("miniircd")
            formatter = logging.Formatter(
                ("%(asctime)s - %(name)s[%(process)d] - "
                 "%(levelname)s - %(message)s"))
            fh = RotatingFileHandler(
                self.log_file,
                maxBytes=self.log_max_bytes,
                backupCount=self.log_count)
            fh.setLevel(log_level)
            fh.setFormatter(formatter)
            self.logger.setLevel(log_level)
            self.logger.addHandler(fh)

        def run(self, serversockets):
            last_aliveness_check = time.time()
            while True:
                (iwtd, owtd, ewtd) = select.select(
                    serversockets + [x.socket for x in self.clients.values()],
                    [x.socket for x in self.clients.values()
                     if x.write_queue_size() > 0],
                    [],
                    10)
                for x in iwtd:
                    if x in self.clients:
                        self.clients[x].socket_readable_notification()
                    else:
                        (conn, addr) = x.accept()
                        if self.ssl_pem_file:
                            try:
                                conn = self.ssl.wrap_socket(
                                    conn,
                                    server_side=True,
                                    certfile=self.ssl_pem_file,
                                    keyfile=self.ssl_pem_file)
                            except Exception as e:
                                self.print_error(
                                    "SSL error for connection from %s:%s: %s" % (
                                        addr[0], addr[1], e))
                                continue
                        try:
                            self.clients[conn] = Client(self, conn)
                            self.print_info("Accepted connection from %s:%s." % (
                                addr[0], addr[1]))
                        except socket.error as e:
                            try:
                                conn.close()
                            except:
                                pass
                for x in owtd:
                    if x in self.clients:  # client may have been disconnected
                        self.clients[x].socket_writable_notification()
                now = time.time()
                if last_aliveness_check + 10 < now:
                    for client in list(self.clients.values()):
                        client.check_aliveness()
                    last_aliveness_check = now


    _maketrans = str.maketrans if PY3 else string.maketrans
    _ircstring_translation = _maketrans(
        string.ascii_lowercase.upper() + "[]\\^",
        string.ascii_lowercase + "{}|~")


    def irc_lower(s):
        return s.translate(_ircstring_translation)


    def main(argv):
        op = OptionParser(
            version=VERSION,
            description="miniircd is a small and limited IRC server.")
        op.add_option(
            "--channel-log-dir",
            metavar="X",
            help="store channel log in directory X")
        op.add_option(
            "-d", "--daemon",
            action="store_true",
            help="fork and become a daemon")
        op.add_option(
            "--debug",
            action="store_true",
            help="print debug messages to stdout")
        op.add_option(
            "--listen",
            metavar="X",
            help="listen on specific IP address X")
        op.add_option(
            "--log-count",
            metavar="X", default=10, type="int",
            help="keep X log files; default: %default")
        op.add_option(
            "--log-file",
            metavar="X",
            help="store log in file X")
        op.add_option(
            "--log-max-size",
            metavar="X", default=10, type="int",
            help="set maximum log file size to X MiB; default: %default MiB")
        op.add_option(
            "--motd",
            metavar="X",
            help="display file X as message of the day")
        op.add_option(
            "--pid-file",
            metavar="X",
            help="write PID to file X")
        op.add_option(
            "-p", "--password",
            metavar="X",
            help="require connection password X; default: no password")
        op.add_option(
            "--password-file",
            metavar="X",
            help=("require connection password stored in file X;"
                  " default: no password"))
        op.add_option(
            "--ports",
            metavar="X",
            help="listen to ports X (a list separated by comma or whitespace);"
                 " default: 6667 or 6697 if SSL is enabled")
        op.add_option(
            "-s", "--ssl-pem-file",
            metavar="FILE",
            help="enable SSL and use FILE as the .pem certificate+key")
        op.add_option(
            "--state-dir",
            metavar="X",
            help="save persistent channel state (topic, key) in directory X")
        op.add_option(
            "--verbose",
            action="store_true",
            help="be verbose (print some progress messages to stdout)")
        if os.name == "posix":
            op.add_option(
                "--chroot",
                metavar="X",
                help="change filesystem root to directory X after startup"
                     " (requires root)")
            op.add_option(
                "--setuid",
                metavar="U[:G]",
                help="change process user (and optionally group) after startup"
                     " (requires root)")
        else:
            op.chroot = False
            op.setuid = False

        (options, args) = op.parse_args(argv[1:])
        if options.debug:
            options.verbose = True
        if options.ports is None:
            if options.ssl_pem_file is None:
                options.ports = "6667"
            else:
                options.ports = "6697"
        if options.chroot:
            if os.getuid() != 0:
                op.error("Must be root to use --chroot")
        if options.setuid:
            from pwd import getpwnam
            from grp import getgrnam
            if os.getuid() != 0:
                op.error("Must be root to use --setuid")
            matches = options.setuid.split(":")
            if len(matches) == 2:
                options.setuid = (getpwnam(matches[0]).pw_uid,
                                  getgrnam(matches[1]).gr_gid)
            elif len(matches) == 1:
                options.setuid = (getpwnam(matches[0]).pw_uid,
                                  getpwnam(matches[0]).pw_gid)
            else:
                op.error("Specify a user, or user and group separated by a colon,"
                         " e.g. --setuid daemon, --setuid nobody:nobody")
        if (os.getuid() == 0 or os.getgid() == 0) and not options.setuid:
            op.error("Running this service as root is not recommended. Use the"
                     " --setuid option to switch to an unprivileged account after"
                     " startup. If you really intend to run as root, use"
                     " \"--setuid root\".")

        ports = []
        for port in re.split(r"[,\s]+", options.ports):
            try:
                ports.append(int(port))
            except ValueError:
                op.error("bad port: %r" % port)
        options.ports = ports
        server = Server(options)
        if options.daemon:
            server.daemonize()
        if options.pid_file:
            server.make_pid_file(options.pid_file)
        try:
            server.start()
        except KeyboardInterrupt:
            server.print_error("Interrupted.")


    main(sys.argv)

    #################################

    top of the script don't think needed just in case
    ya might add 'import ssl'
    on github the python file is named a bit different
    to start the script save it as example: minircd.py
    chmod +x the script

    as root from hidircz directory with your pem file and motd file:
    # python minircd.py --ssl-pem-file=/root/hidircz/hidz.pem --listen 127.0.0.1 --motd=huh.motd --setuid=root

    i didn't test this out but to run the script as non root ya might need change directory to say /home/nonrootuser
    move everything there, chown -R nonroot:nonroot all the files
    so ssl doesn't gripe about an error i might be wrong on this fyi

    to get help with the irc server:
    # python minircd.py -h

    i forgot to mention to start tor at least on arch:
    # /usr/bin/tor -f /etc/tor/torrc

    so now you have a irc tor chat server up in stealth mode
    plus an additional layer of ssl

    the clients say via irssi can connect as follows:
    # socat TCP4-LISTEN:8000,reuseaddr,fork SOCKS4a:127.0.0.1:newtorsitenamehere.onion:6697,socksport=9050

    you don't add the 'irc' in front of the 'domain' just the onion address without 'irc'

    then launch irssi and to connect
    /connect -ssl 127.0.0.1 8000

    you can create a room join chat typical irc stuff
    anything done as /whois will show localhost no ip info

    for pidgin users little different but not much...
    basic tab is irc protocol
    yer user name
    server is the tor address without 'irc'
    advanced tab
    port 6697
    proxy tab...
    proxy is http
    host 127.0.0.1 port 8118

    start privoxy before connecting:
    # /usr/bin/privoxy --no-daemon /etc/privoxy/config

    here is my privoxy config:
    #######################################

    # Generally, this file goes in /etc/privoxy/config
    # unfucked config by cm0s 010117
    # to start /usr/bin/privoxy --no-dameon /etc/privoxy/config
    # Tor listens as a SOCKS4a proxy here:
    forward-socks5 / 127.0.0.1:9050 .

    # confz
    confdir /etc/privoxy
    logdir /var/log/privoxy
    # actionsfile standard  # Internal purpose, recommended
    actionsfile default.action   # Main actions file
    actionsfile user.action      # User customizations
    filterfile default.filter

    # timeout shit
    keep-alive-timeout 600
    # mohr timeout shit
    default-server-timeout 600
    # yet mohhhrrr...
    socket-timeout 600

    # Don't log interesting things, only startup messages, warnings and errors
    logfile logfile
    #jarfile jarfile
    #debug   0    # show each GET/POST/CONNECT request
    debug   4096 # Startup banner and warnings
    debug   8192 # Errors - *we highly recommended enabling this*

    user-manual /usr/share/doc/privoxy/user-manual
    listen-address  localhost:8118
    toggle  1
    enable-remote-toggle 0
    enable-edit-actions 0
    enable-remote-http-toggle 0
    buffer-limit 4096
    #
    #
    ########################################

    a quick side note:
    make sure logging is off in pidgin and also the otr plugin

    so recap, ya just launched your very own irc chat server
    can make your own motd, publish your otr key add whatever custom
    stuff ya want and ya really made it private coz it's in stealth mode
    stealth mode tor is NOT listed in the tor directory and even if someone
    finds your onion address they can't do anything, won't even let them
    scan your address without the auth cookie, and you added another layer of ssl

    cheerz

    splif
     
  16. Like
    cm0s reacted to NaDre in Ubuntu 16,04.2 LTS on VPS - can not connect (openvpn or airvpn --cli)   ...
    You may have some additional problem, but you should be aware that in order to start OpenVPN on a VPS, and not lose your SSH connection, you need to make some configuration changes so that you can maintain the SSH connection on the real interface of the VPS, once the VPN becomes the default gateway. See this:
     
    https://airvpn.org/topic/12274-ubuntu-vm-cant-connect-through-openvpn/?p=44812
  17. Like
    cm0s reacted to zhang888 in Does AirVPN use OpenConnect?   ...
    OpenConnect is an implementation of AnyConnect, which is a patented, closed source protocol from Cisco. The AirVPN mission is to use only free, open source software, so the answer is no.
    "Fastest and most secure" is a very questionable statement.
    The blog post you linked describes AES-256-GSM. This is a very interesting cipher we are not aware of
  18. Like
    cm0s reacted to Soupcan Sam Hootkins in What I like / Don't like   ...
    Or, you could pay for a year without waiting for a sale and support them in a way they deserve to be supported. Their service is superior than many other VPN services out there, and costs less. Many fail to realize this, until they to comparisons on multiple services, like I have. AirVPN is simply the best in all aspects, in my book. Support them, and give them what they deserve. 
  19. Like
    cm0s reacted to tiger83052 in 4 important security vulnerabilities discovered in OpenVPN - not found by the two recently completed audits of OpenVPN code   ...
    full article : https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
     
    Summary
    "I’ve discovered 4 important security vulnerabilities in OpenVPN. Interestingly, these were not found by the two recently completed audits of OpenVPN code. Below you’ll find mostly technical information about the vulnerabilities and about how  I found them, but also some commentary on why commissioning code audits isn’t always the best way to find vulnerabilities."
  20. Like
    cm0s got a reaction from go558a83nk in airvpn AP script   ...
    script put together today for those wanting a quick AP
    tested with iphone and 36nh wifi card
     
    i'm not a coder so mod it for your distro
    fixes/improvements etc
     

     
    #!/bin/bash # 062117 # ap script for openvpn via ssl/443 # mod for yer distro or vpn needs # i'm not a coder so double check for # any errors/improvements etc. # tested with iphone and alfa awus036nh ################################################## LG='\033[0;37m' LB='\033[1;34m' LC='\033[1;36m' BO='\033[0;33m' YL='\033[1;33m' GR='\033[0;32m' RD='\033[0;31m' NC='\033[0m' # No Color ################################################## f_exit(){ clear exit 2> /dev/null } ################################################## # ctrl+c trap f_stop 2 ################################################## f_stop(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}flushen the toilet bruh...${NC}\n" sleep 1 # stop the mcluvnz if [ ! -z "$(pidof dnsmasq)" ]; then kill $(pidof dnsmasq); fi if [ ! -z "$(pidof macchanger)" ]; then kill $(pidof macchanger); fi if [ ! -z "$(pidof xterm)" ]; then kill $(pidof xterm); fi if [ ! -z "$(pidof create_ap)" ]; then kill $(pidof create_ap); fi # echo "0" > /proc/sys/net/ipv4/ip_forward # # stop apz killall -9 create_ap > /dev/null 2>&1 sleep 1 f_mainmenu } ################################################## f_tblzvpn(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}IPTABLEs VPN/SSL${NC}" sleep 4 # iptables -F iptables -t nat -F iptables -t mangle -F # iptables -X iptables -t nat -X iptables -t mangle -X # iptables -P INPUT DROP iptables -P FORWARD DROP # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT # iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT iptables -A INPUT -s 255.255.255.255 -j ACCEPT iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to 10.5.0.1 iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP # # ignore bad error messages for f in /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses; do echo 1 > $f done # # Disable response to broadcasts for f in /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; do echo 1 > $f done # # disable source routed packets for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done # # enable TCP SYN cookie for f in /proc/sys/net/ipv4/tcp_syncookies; do echo 1 > $f done # # disable ICMP redirect acceptance for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f done # # no redirect messages for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f done # # drop spoofz for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done # # save stuff if [ ! -e /root/tablz ]; then mkdir /root/tablz; fi iptables-save > /root/tablz/iptables.rules # f_mainmenu } ################################################## f_tblzallow(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}IPTABLEs ALLOW ALL${NC}" sleep 4 # iptables -F iptables -X iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT # f_mainmenu } ################################################## f_install(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}nstallen create_ap${NC}\n" sleep 2 reqs1="create_ap" sleep 1 pacman -S --noconfirm --needed $reqs1 sleep 2 clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}create_ap installed${NC}\n" sleep 4 # f_mainmenu } ################################################## f_makaddy(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear unset WIFACE while [ -z "${WIFACE}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}name of wifi card such as wlan0: ${NC}\n")" WIFACE; done sleep 1 # clear unset macvar f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}wanna change yer mac addy for AP? [y/N]: ${NC}\n")" macvar mac_answer=$(echo ${macvar} | tr '[:upper:]' '[:lower:]') # sleep 1 clear unset random_mac unset ap_mac if [ "${mac_answer}" == "y" ]; then while [ -z "${random_mac}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}random or manual? [r/m]: ${NC}\n")" random_mac; done case ${random_mac} in r|R) ip link set ${WIFACE} down && macchanger -r ${WIFACE} && ip link set ${WIFACE} up;; m|M) while [ -z "${ap_mac}" ]; do clear && f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}with caps enter macaddy for AP: ${NC}\n")" ap_mac; done if [ -z $(echo ${ap_mac} | sed -n "/^\([0-9A-Z][0-9A-Z]:\)\{5\}[0-9A-Z][0-9A-Z]$/p") ]; then clear && f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}nvalid macaddy bruh...${NC}\n" sleep 1 f_makaddy else ip link set ${WIFACE} down sleep 1 macchanger -m ${ap_mac} ${WIFACE} sleep 1 iplink set ${WIFACE} up fi esac fi } ################################################## f_airAP(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}HIDDEN AP WPA2 STATIC DNS w/NET${NC}" sleep 4 clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}ctrl + c to stop the AP ${NC}" sleep 4 # f_makaddy # clear unset DNSZ while [ -z "${DNSZ}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}enter static dns such as 10.5.0.1: ${NC}\n")" DNSZ; done sleep 2 # clear unset IFACE while [ -z "${IFACE}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}iface connected to net such as eth0/tun0: ${NC}\n")" IFACE; done sleep 2 # clear unset ESSID while [ -z "${ESSID}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}enter name of AP: ${NC}\n")" ESSID; done sleep 2 # clear unset PASZ while [ -z "${PASZ}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}enter wpa2 password: ${NC}\n")" PASZ; done sleep 2 create_ap -m nat --dhcp-dns ${DNSZ} ${WIFACE} ${IFACE} --hidden ${ESSID} ${PASZ} --no-virt sleep 2 f_mainmenu } ################################################## # menu stuff ################################################## f_banz(){ tput setaf 2 echo -e ' ____ _ ____ _ _ ___ _ _ ____ ___ |__| | |__/ | | |__] |\ | __ |__| |__] | | | | \ \/ | | \| | | | ' tput setaf 7 echo -e ' ======================================= ' tput sgr0 } ################################################## f_mainmenu(){ clear f_banz echo -e " ${LB}Main Menu\n" echo -e " ${RD}1. ${BO}airAP${NC}" echo -e " ${RD}2. ${BO}tablz VPN${NC}" echo -e " ${RD}3. ${BO}tablz ALLOW${NC}" echo -e " ${RD}4. ${BO}install${NC}" echo -e " ${RD}5. ${BO}exit${NC}" echo echo read -p " Choice: " mainmenuchoice case ${mainmenuchoice} in 1) unset clean; f_airAP ;; 2) unset clean; f_tblzvpn ;; 3) unset clean; f_tblzallow ;; 4) unset clean; f_install ;; 5) f_exit ;; *) f_mainmenu ;; esac } ################################################## # root shit if [ "$(id -u)" != "0" ]; then echo -e "\n\e[1;34m [*]\e[0m ${GR}roll as root bruh...\n" 1>&2 exit 1 else clean=1 f_mainmenu fi ##################################################  
  21. Like
    cm0s reacted to pr1v in Amazing...   ...
    How highly advanced hackers (ab)used satellites to stay under the radar:
     
    https://arstechnica.com/security/2015/09/how-highly-advanced-hackers-abused-satellites-to-stay-under-the-radar/
  22. Like
    cm0s reacted to OmniNegro in Can I stream Netflix in another country using the VPN?   ...
    Actually, Netflix does *NOT* want to block VPNs. But Netflix is required by their contracts with the big media owners to "protect" their content from unauthorized users, and for years now they have been basically blaming VPN users for every lost sale ever. Netflix actually has been down this road many times, and really has no good options. They either lose some customers using VPNs, or they get sued by the big media trolls who own the content.
     
    It literally requires exactly one user on any VPN to set a precedent that we are all "stealing" their content. I would not be the least bit surprised if the media trolls do it themselves just so they can sue and demand action be taken.
     
    What I have done in the past is this.
    1. Subscribe to Netflix without the VPN running.
    2. Peruse the content and make a list of what I want to see.
    3. Reconnect to the VPN and download everything from sources that work with the VPN.
    4. Watch and delete everything from the list.
     
    So long as everything happens while I am still subscribed to Netflix, then it is debatable if there is any theft happening.
  23. Like
    cm0s reacted to catman7 in Hello AirVPN, Goodbye NordVPN :D   ...
    Well, I did it , I finally signed up and paid for a month which is more than enough time to get a good idea how AirVPN works for me and early indications are excellent, though I am tired tonight and have only had an hour or so to "play" around with it since I signed up .
     
    When I first ran the software I wanted to test the famous "kill switch" everyone rates so highly but I forgot I disabled windows firewall a long time ago in favor of Private firewall only and hadn't realised that your kill switch depends on WF Rules to work . Took a bit of messing about with services but got there eventually and the kill switch then worked ok. Then I could no longer connect to a new server    so a swift reboot and I can now change servers at will with the kill switch in place.
     
    If anyone saw my other thread (moved to off topic) about my problems with my real IP address being revealed on https://ipleak.net/ (I won't bore you with it just have a read if you can be bothered), then I can confirm that with the kill switch in place, AirVPN DOES NOT appear to reveal my real IP address on the site or to the rest of the known world    despite many server changes and refreshing the page as I did before! Superb!
     
    I then went to ookla a ran a speedtest.....Um, wow, I have an 80 Megabit connection and on an AirVPN NL server I got a d/l speed of 65 Megabit so approx 6,5 mb/sec Astonishing!
     
    Fastest I ever saw with NordVPN on ANY server was approx 1.3 mb/sec, yes, I did mean 1.3 mb/sec .
     
    Further thorough testing will continue but so far it seems to be looking good! If that's the case, I will be signing up for a 12 month package after my month ends. Btw, in the end I had no choice but to pay with my debit card as paypal will not work it seems Ah well I guess in the great scheme of things it doesn't really matter as one's ISP may not be able to see/read your packets, but they know you're connected to an IP address that belongs to a VPN Company/server.
     
    As the title says, Hello AirVPN, Goodbye NordVPN
     
    Catman7
  24. Like
    cm0s reacted to OpenSourcerer in Those overreaching blocking-trolls on wikipedia   ...
    Curious, I never experienced Wikipedia banning someone from reading articles.. from editing yes, but I see it as a way of self-defense. In those four years you mentioned Wikipedia saw articles of things that never existed in the entire history. Also, there are the sockpuppets, or accounts with the sole purpose of biased editing. Locking out VPN addresses of editing articles is expected to make those easier to identify.
     
    Yes, you will say they will find another VPN, or another way, but they are forced to look for these ways. You cannot completely avoid it, you can only make it less affordable, more difficult or both.
  25. Like
    cm0s reacted to LZ1 in Those overreaching blocking-trolls on wikipedia   ...
    Hello!
     
    Maybe it's the "cheapest" way of handling their issues. As I understand it, they're quite in need of money, judging by the banner ads you sometimes get when you visit .
×
×
  • Create New...