Reputation from cm0s

cm0s got a reaction from Limbo in Serious tips for securing my computing domain and activities ...

one of the main resources i use is eli the computer guy on youtube

and watch a lot of defcon / tech vids

after a while everyone finds out what they need and like for their own situation

how i run arch is probably not good for most, flawed and completely different than

the way someone else might run arch, i loaded up manjaro the other day for a looksy

and got lost in it, straight up, got lost, way too much for me

but to answer your question, i think the first thing to be identified is the actual concern,

the term 'threat model' is often used but not too often given to real world terms,

meaning 'conditions on the ground' application

for most folks in my area, norhteast united states it's the ISP, Verizon, the major players

that are the real threat, and that is generic, legal datamining

this has nothing to do with ethics, morales etc. this is about money, big money

these companies have 24 PHDs and a floor full of extremely talented programmers

all backed up by big lobby and another room full of lawyers,

for a real world grasp, shut off cookies and javascript, go to facebook's home page,

right click on it, view page source, and what you will be looking at is code that is worth

billions of dollars

company i used to work for, i used to sell microsoft networks back in the day

we were a certified dealer, had microsoft staff in the shop once in a while,

we had some state contracts here in PA and lots of minor day to day floor traffic

fixing Dell boxes etc.

back then, before the merge between the cellular industry and internet,

just like anyone else, if you would have said 'meta data' was going to be a game changer,

well that would have not been too high on the list to say the least

you got to remember, nobody had a phone in their hand that could chat, make a call, run a webcam,

trade stocks in Europe and order donuts for the techs, the infrastructure wasn't there yet

and that is to my poin: the operating systems back then were on the right track,

they were lean, Windows 2000 was on the right track, i literally at that time built custom DAW

workstations on that operating system, on those drivers, they were stable, solid, did nothing fancy

so software in general, was not built with 3rd party involvement, no outgoing connections,

all anyone had to do in microsoft land was take the best of Windows 2000, the best of Windows 7,

lean it up a bit, get rid of any and all bloat, harden it and you would have had a super bad ass

kill linux box operating system, and the gamers themselves would have taken it over

at that point, software was still written with the business model that sales and license fees

make the buck, income stream, once the cell industry and the ISPs merged, the dynamic,

the motive really to how and why software gets coded, the purpose of design, changed dramatically

linux is no better, it just got lucky because it held very little interest in the desktop market

if linux would have traded spots with microsoft or apple, same problems, and you can actually see it starting

already today, the pre rolled distros, first thing they want to do, connect, call out, even Kali,

connect, call out and all the other pentest distros, if you have a live distro for pentesting well don't ya think

thte first thing ya want shut off and down at boot is connecting to anything?

see my point?

meta data is the game changer, that simply translates, once scaled, into raw political force in any country

and it goes all the way back to what a PHD dude from Cambridge Analytica stated, and the bruh was spot on:

'the problem with facebook aka social media, operating systems phones apps etc is the business model'

ask yourself, why hasn't anyone taken the best of tor, maybe made it more wide, why is http even allowed still,

and so on, coz of money, so what we see and view is almost 100% 'human hacking'

what does this got to do with your orginal post? everything, coz now you know what is the primary target,

where the payload goes to: me and you

and we are the problem, the real world problem

i'll back that up: you look at facebook, we literally give them all of our data, access to everything, for nothing

we pay our ISP's bill to then give our friends, family, coworkers and on an on to a corporation built on a business model

of this: the more they collect, the more they sell, the more they make

ya got to remember the one advantage i may have, with anyone my age is perspective, i knew the net before the cell biz ISP merge

i knew Microsoft and worked indirectly for them before the merge

if you sugar coat the poison is the human hack here

i'm not different, if iwas a programmer and the boss walked up to me and said 'build this OS or app and if we make xyz deadline or meet

xyz approval you will make xyz amount of additional income, i'm in'

same deal with a website database, if i build a shithole that does xyz but also gets really popular and i collect the right data that is sought after by

the ad industry, you walk up to me and go 'i'll give you x amount of dollars'

i'm probably gonna sell

hit the about:config url in mozilla and search 'url' search 'social' search 'wifi' search 'remote' search 'update' then extract all your plugins and extensions

etc you will see how much of what you do is collected and piped to 3rd partys

just look at google ssafe search as example, can you really get any more full of shit

so going back the purpose of design, the motive, that's the threat, that's the flaw, that's what needs to be hardened

linux in genearl isn't popular, malware authors code exploits to make money, bot authors want their networks running smooth

so most of that 'financial targeted' exploits is aimed at the popular stuff

gentoo and arch is even less popular, and the thing is if you have your own repo, roll your own kernel, just by modding your stuff

'your way' coz i say 'fuck the arch way', your on linux to do it the way you want, you just left shit operating system closed source

where someone else told you how to roll'

case in point in legal datamining, almost all of the linux community is on that shit data mined irc server freenode

even the tor developers don't run an onion server well at least listed anyway

harden the browser, harden your linux, best ya can, biggest threat to my local to my box is me, the monkey at the keyboard

and i'll say this in Mark Zucerberg's favor and any social media business with any kind of voting system, coz that is and has been

the multibillion dollar click, just beautiful all the way to the bank:

those companies saw and applied a value metric to our data, to our click, they applied a value to what we think and do and who with

and that right there is a very serious tough pill to swallow

Mark Zuckerberg has a jet in his driveway not because he even exploited my data, or was unethical with it

but mainly because he offered me a like button that i could click on to give a voice on his platform

so the real problem that Cambridge Analytica was talking about, coz for them that was business as usual

is until the internet as a whole gets together and decides that their network traffic is theirs, should be protected

like a utility world wide, such as water, gas, electric, coz today it is exactly that, my ISP Comcast is a utility without the

correct use of government regulation, at the federal level, why shit gets wild west treatment still,

same flaw as when Enron went in to California and manipulated the power grid

i'm no diff, you put me as a day trader behind a business model i can exploit to make x million in 3 hours

i'm in, i'll smash that like button all the way to the bank

cm0s got a reaction from SecPentester1337 in Suggestions for Setting up Bitcoin Account - Beginner ...

spookygoy nailed exactly what i did, localbitcoin i made that account totally legit, sent in my id blah blah
that's my 'public' account, from there you can then do whatever and however you want to move things around
lots of guides and tuts online

i know some of the guides online have titles like 'how to buy xyz online anonymously' and yeah most folks know
what that is meant for but truth is that's also a good way to move xyz around and have a 'backup' for a rainy day

this is one of the things i learned from this forum and can't say thanx enough on coz even tho been around tech a bit
lots of areas didn't venture into, btc is one of them and i'm really glad i did

happy safe holidays to all if it applies

sincerely, cm0s

cm0s got a reaction from win8 in DNS Server Recommendations ...

check with others on how to do this with your operating system whatever it may be
but set your local to static basically hard set your local dns
to airvpns, set your router dns to 0.0.0.0 then each box set your
dns config to static, assign your local ip addresses for each device
this is a real world kill switch meaning you get no net/WAN
without being encrypted, shut off dhcp on the router
your ISP side will be dhcp auto config but your side on the router
will be static

this is not perfect, might brick some stuff you are doing or
be a pain in the butt

but the idea is this: keep the isp as far as you can out of your local

iptables -F iptables -t nat -F iptables -t mangle -F # iptables -X iptables -t nat -X iptables -t mangle -X # iptables -P INPUT DROP iptables -P FORWARD DROP # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT # iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access # iptables -A OUTPUT -d 255.255.255.0 -j ACCEPT iptables -A INPUT -s 255.255.255.0 -j ACCEPT iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP ############################### example netctl: Description='eth0 net' Interface=eth0 Connection=ethernet IP=static Address=('192.168.0.5/24') Gateway='192.168.0.1' DNS=('10.5.0.1') ################################ say for ddwrt in your services tab assign the ip addresses there set your lease time this means you don't have to worry about resolv.conf dns problems coz your local network is now airvpn dns only i'm human, make mistakes, forget stuff, brain fart etc so this protects me from myself, helps keep my ISP on the cable modem only, my router does nothing more than route nothing fancy, i got a beefy router, does more stupid shit than i know what to do i run it totally vanilla, a generic turd tbh, i don't even use wifi on it that isn't ideal or even practical for most, i get that, so mod for what works for you and your family config, set your boxes for when they boot up, they don't connect to anything run your iptables, start netctl and you are good so when my box as example boots up i run iptables sript .xinitrc has everything set to down then i run netctl start eth0 cd to my airvpn configs folder stunnel "airvpnserver.ssl" --auth-nocache then in other termina window: openvpn --config "airvpnserver.ovpn" --auth-nocache no network manager etc i get lost in that stuff anyway but nothing wrong with using a gui or using network manager or modding it so more 'user friendly' etc hope this helps

cm0s got a reaction from Limbo in Serious tips for securing my computing domain and activities ...

one of the main resources i use is eli the computer guy on youtube

and watch a lot of defcon / tech vids

after a while everyone finds out what they need and like for their own situation

how i run arch is probably not good for most, flawed and completely different than

the way someone else might run arch, i loaded up manjaro the other day for a looksy

and got lost in it, straight up, got lost, way too much for me

but to answer your question, i think the first thing to be identified is the actual concern,

the term 'threat model' is often used but not too often given to real world terms,

meaning 'conditions on the ground' application

for most folks in my area, norhteast united states it's the ISP, Verizon, the major players

that are the real threat, and that is generic, legal datamining

this has nothing to do with ethics, morales etc. this is about money, big money

these companies have 24 PHDs and a floor full of extremely talented programmers

all backed up by big lobby and another room full of lawyers,

for a real world grasp, shut off cookies and javascript, go to facebook's home page,

right click on it, view page source, and what you will be looking at is code that is worth

billions of dollars

company i used to work for, i used to sell microsoft networks back in the day

we were a certified dealer, had microsoft staff in the shop once in a while,

we had some state contracts here in PA and lots of minor day to day floor traffic

fixing Dell boxes etc.

back then, before the merge between the cellular industry and internet,

just like anyone else, if you would have said 'meta data' was going to be a game changer,

well that would have not been too high on the list to say the least

you got to remember, nobody had a phone in their hand that could chat, make a call, run a webcam,

trade stocks in Europe and order donuts for the techs, the infrastructure wasn't there yet

and that is to my poin: the operating systems back then were on the right track,

they were lean, Windows 2000 was on the right track, i literally at that time built custom DAW

workstations on that operating system, on those drivers, they were stable, solid, did nothing fancy

so software in general, was not built with 3rd party involvement, no outgoing connections,

all anyone had to do in microsoft land was take the best of Windows 2000, the best of Windows 7,

lean it up a bit, get rid of any and all bloat, harden it and you would have had a super bad ass

kill linux box operating system, and the gamers themselves would have taken it over

at that point, software was still written with the business model that sales and license fees

make the buck, income stream, once the cell industry and the ISPs merged, the dynamic,

the motive really to how and why software gets coded, the purpose of design, changed dramatically

linux is no better, it just got lucky because it held very little interest in the desktop market

if linux would have traded spots with microsoft or apple, same problems, and you can actually see it starting

already today, the pre rolled distros, first thing they want to do, connect, call out, even Kali,

connect, call out and all the other pentest distros, if you have a live distro for pentesting well don't ya think

thte first thing ya want shut off and down at boot is connecting to anything?

see my point?

meta data is the game changer, that simply translates, once scaled, into raw political force in any country

and it goes all the way back to what a PHD dude from Cambridge Analytica stated, and the bruh was spot on:

'the problem with facebook aka social media, operating systems phones apps etc is the business model'

ask yourself, why hasn't anyone taken the best of tor, maybe made it more wide, why is http even allowed still,

and so on, coz of money, so what we see and view is almost 100% 'human hacking'

what does this got to do with your orginal post? everything, coz now you know what is the primary target,

where the payload goes to: me and you

and we are the problem, the real world problem

i'll back that up: you look at facebook, we literally give them all of our data, access to everything, for nothing

we pay our ISP's bill to then give our friends, family, coworkers and on an on to a corporation built on a business model

of this: the more they collect, the more they sell, the more they make

ya got to remember the one advantage i may have, with anyone my age is perspective, i knew the net before the cell biz ISP merge

i knew Microsoft and worked indirectly for them before the merge

if you sugar coat the poison is the human hack here

i'm not different, if iwas a programmer and the boss walked up to me and said 'build this OS or app and if we make xyz deadline or meet

xyz approval you will make xyz amount of additional income, i'm in'

same deal with a website database, if i build a shithole that does xyz but also gets really popular and i collect the right data that is sought after by

the ad industry, you walk up to me and go 'i'll give you x amount of dollars'

i'm probably gonna sell

hit the about:config url in mozilla and search 'url' search 'social' search 'wifi' search 'remote' search 'update' then extract all your plugins and extensions

etc you will see how much of what you do is collected and piped to 3rd partys

just look at google ssafe search as example, can you really get any more full of shit

so going back the purpose of design, the motive, that's the threat, that's the flaw, that's what needs to be hardened

linux in genearl isn't popular, malware authors code exploits to make money, bot authors want their networks running smooth

so most of that 'financial targeted' exploits is aimed at the popular stuff

gentoo and arch is even less popular, and the thing is if you have your own repo, roll your own kernel, just by modding your stuff

'your way' coz i say 'fuck the arch way', your on linux to do it the way you want, you just left shit operating system closed source

where someone else told you how to roll'

case in point in legal datamining, almost all of the linux community is on that shit data mined irc server freenode

even the tor developers don't run an onion server well at least listed anyway

harden the browser, harden your linux, best ya can, biggest threat to my local to my box is me, the monkey at the keyboard

and i'll say this in Mark Zucerberg's favor and any social media business with any kind of voting system, coz that is and has been

the multibillion dollar click, just beautiful all the way to the bank:

those companies saw and applied a value metric to our data, to our click, they applied a value to what we think and do and who with

and that right there is a very serious tough pill to swallow

Mark Zuckerberg has a jet in his driveway not because he even exploited my data, or was unethical with it

but mainly because he offered me a like button that i could click on to give a voice on his platform

so the real problem that Cambridge Analytica was talking about, coz for them that was business as usual

is until the internet as a whole gets together and decides that their network traffic is theirs, should be protected

like a utility world wide, such as water, gas, electric, coz today it is exactly that, my ISP Comcast is a utility without the

correct use of government regulation, at the federal level, why shit gets wild west treatment still,

same flaw as when Enron went in to California and manipulated the power grid

i'm no diff, you put me as a day trader behind a business model i can exploit to make x million in 3 hours

i'm in, i'll smash that like button all the way to the bank

cm0s got a reaction from Limbo in ddosed ...

double up on the meds

and a quick safety tip:

don't slip in the drool

cm0s reacted to Mad_Max in [FUD] Compromised US Server? Charges on Debit Card ...

I have been using air for 2 and a half years. I have used my credit card many times while connected to more several different servers, and nothing happened over these 2 and a half years. I trust airvpn completely and dont worry you are safe
Its just the banking system. say you are in a country A and have a bank account from the same country. IF you login\purchase to your bank account using a VPN (which changes your IP and location to another country) The transaction would be flagged and bank will notify you to make sure that you werent hacked

cm0s reacted to OpenSourcerer in 5 years of AirVPN ...

It's been a while since my last "review" - 2.5 years to be somewhat exact. My first one even dates back to 2014. Both are interesting reads if you want to know more about my story and how I used AirVPN over the years - along with my experiences with AirVPN, of course.

I quite can't believe it myself that I'm still here after five years. It's not like I expected Air to fail miserably, but I sure expected that after 3-4 years maybe the time will come to try something new because AirVPN wouldn't be able to satisfy me for some reason..
But no, I'm still here. And it's not because other VPN providers looked less promising (there was a brief moment when I really wanted to try out IVPN for a change), it's because AirVPN beautifully adapts to problems and trends in the market while staying true to their mission and not breaking anything in the process! The company's strategy is well thought out, both in handling technical challenges and managing users, and I actually enjoy being here. I can wholeheartedly say that I trust AirVPN's decision-making and it's a no-brainer for me to entrust them with "handling" my traffic, because I cannot fully trust my ISP.

[h2]What happened since the last review?

A year or so ago I was more or less forced to subscribe to Vodafone Cable because I moved to another city and the DSL lines are not as fast here as I expected them to be. It was sad to terminate my subscription to Deutsche Telekom (referred to as DTAG from here) because of this - OpenVPN works extremely well over their network and I was able to reach both my maximum upload and download throughput. And their network is rock-solid, you pay for some numbers and you actually get it in full, no strings attached. I am more than ready to pay slightly higher prices for bullshit-free network access like this. Only downside is that the Snowden leaks revealed NSA's direct access to DTAG customers' traffic... which is just another good reason to always be protected connected.

Now, Vodafone is a more cheeky fella. I compare them to Verizon a bit (or was it Virgin?), that one provider who injects (or did inject) advertisements into customers' traffic. I really believe they will start doing this as well one rainy day, so surfing via AirVPN is a must for me, so as to not give them any data to train some AI. Unfortunately, this comes with a price: bad packet ID warnings are a common sight, but they seem to appear irregularly and roughly correspond to the times when I think I don't get the throughput I subscribed to. I think there's some packet reordering happening in the background - rerouting traffic over other nodes or lines, who knows.

[h2]Throughput / Server quality and features

With AirVPN via Vodafone I was rarely able to reach some 40 MiB/s in download, but 20-30 MiB/s is more common and stable (till the next bad packet ). I see the same symptoms with upload throughput: 50 Mbit/s ordered, I rarely get it uploading on torrents, and I didn't determine numbers by other means.
Recently I noticed that specific server/port combinations can reach stable 5 MiB/s. But there are moments when a few simple bad packet ID warnings manage to disrupt even this. Upload throughput fluctuates apart from that between as low as 500 KiB/s and 3 MiB/s. There is a new development here, see below.
I use vanilla OpenVPN on Linux with the most recent three servers in Germany, namely Intercrus, Serpens and Tucana, all ports except 53, rotating by route-random. In my ovpn file I made a few comments on some servers:
On Intercrus, qBittorrent has a steady 5 MiB/s upload and downloads from my favorite Debian repo with 30 MiB/s more often than any other server. Tucana works extremely well on UDP/41185. Adhara and Cervantes are prone to low throughput. Errai and Ogma are "good", whatever I wanted to tell myself with this. In short: Most german servers can handle 40 MiB/s in download and definitely can hit 5 MiB/s in upload.

I won't go into the server's security too much because whatever AirVPN offers should be "industry standard" by now. AirVPN offers little choice on the encryption parameters used - it's always AES-256 with RSA-4096 keys. It's solely there to ensure the max of achievable security across all users and their devices. Use the maximum - it's in the interest of AirVPN and you.

[h2] A few remarks on the different client softwares
Eddie is so feature-rich, it's almost the go-to OpenVPN client on PC. It runs on all major platforms and can handle itself and some nasty OS situations. Needs more support for external ovpn configs and it needs to drop Mono. Like, now. Please? There's an Android app now, and it uses OpenVPN 3. Mr. Schwabe's client does, too, via setting, and I can tell v3 connects blazing fast and gives more thorough log output. The decision to go with v3 was not a bad one. Unfortunately, this thing is written with Xamarin, using C#, therefore it depends on MonoDroid. Please? We were promised Eddie 3 on GTK+ and Eddie-Android without Mono. The community is awesome (more on that later ). So awesome, it gave birth to Qomui by fellow forum member corrado - an alternative Qt-based AirVPN client for Linux. I don't use any of these - vanilla on Linux and Mr. Schwabe's client on Android do the job for me. I help test Eddie on Android when I have some free time, though.

[h2] The community

is awesome. Seriously. These forums are a gold mine if you look for knowledge, wisdom, might and magic about pretty much any topic related to (Air)VPN and general computer tech. As I said a few times in the past, the decision to create these forums for AirVPN users might just be one of the more important factors why AirVPN is held in high regard, even if regularly being called out as being "more technical that others". Honestly, you can ask some dumb question and you will not be called dumb - people who love talking to newbies like you will be there. Or, you can ask a very thorough question with lots of tech words in it and concepts one must work with to understand and you will be treated more professionally - people who love minds like yours will be there to advise you. Of course there's a nag here and there, but they are such a rarity that I almost believe writing this is not necessary. But still.

Staff is a book chapter for itself. Regularly active on the forums, managing the flood of support tickets, raising an undead army of community forum moderators. You can generally count on their posts to be helpful in their own special way.
And yes, you read right: Some of the moderators here were regular users like me and you! And through their engagement with the community and good, helpful practice they got "promoted" to forum moderators. I've known most of them for some time now and they all deserved it very much. If something like that can happen, you know that Staff is not afraid of their users - they encourage contact among them.

[h2] Anything more to say?

I must realize I'm not the most thorough writer of "reviews". Generally, I let my mind speak for me. So there are definitely some things I, willingly or unwillingly, didn't mention. If you want to find out everything about AirVPN as a VPN provider, you might just register and, I don't know, see for yourself?! You will not regret this.

I thank you for your time.

Update:

I replaced my DOCSIS modem and the throttling is gone! Now I reach stable 4 to 5 MB/s upload throughput! It doesn't seem to have much to do with my ISP in the end. Some uncontrollable feature of the modem, I guess, and no, I am not willing to look deeper.

cm0s got a reaction from jetpack1 in How to install AirVPN on Linux terminal-only SSH? ...

run your network from terminal you are on kali anyway remove network-manager, eddie, set eth0 to down upon boot, edit resolve.conf, set your iptables to airvpn and push your dns 10.5.0.1, use ssl/stunnel config you might need to fix stunnel with this: # rm /usr/bin/stunnel # ln -s /usr/bin/stunnel4 /usr/bin/stunnel # cd /etc/stunnel # touch stunnel.conf # nano stunnel.conf cert=/path/to/pem key=/path/to/key ctrl+o, ctrl+x ################################ have some tablez: iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -t nat -X iptables -t mangle -X iptables -P INPUT DROP iptables -P FORWARD DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # connectionz iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT # net, ssl iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router iptables -A INPUT -s 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT #communicate within lan iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # make sure eth0/tun0 can communicate iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to 10.5.0.1 #use vpn dns iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 # use vpn dns iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE # map tun0 outgoing IP addy iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP # if traffic isn't vpn ####################### # ifup eth0 # stunnel "awesomeairvpnserver.ssl" --auth-nocache # openvpn --config "awesomeairvpnserver.ovpn" --auth-nocache # ping -c 1 duckduckgo.com i set my iface like this adjust for your needs: # The loopback network interface auto lo iface lo inet loopback # the static shit for eth0 auto eth0 iface eth0 inet static address 192.168.1.xxx gateway 192.168.1.1 dns-nameservers 10.5.0.1 in the router i shut off dhcp on my side leave it on for my isp on their side keeps me off the business account rates yet i still get the benefits of static on my local, had the same damn external ip on 'dhcp' from them for years anyway run my website on standalone box no problems, so anyone tells ya diff, i dunno works for me anyway, plus do your mac filter shit if needed, hide yer essid if wifi if this is a wifi config lemme know i'll post notes up on that that i got, how to connect with hidden essid or not hidden assign your hostname if needed in the router don't forget you can 'nohup' say you boot debian old school right and want to see how much you can do just from the prompt you can cd, ls, cd .., cp, cp -r, everything from there also and hit the net and have openvpn/stunnel goin from same window tho you need to use the command 'nohup' and put a '&' at the end i figured this out coz yeah, locked myself out of my vps many times so say yer wanting to get stuff goin you up your eth0/enp2s2 then when you get to the stunnel part: # nohup stunnel "airvpnserver.ssl" --auth-nocache & then do your openvpn command now you won't see stuff 'finish' but you'll know yer connected do a nslookup and traceroute curl etc hope this helps i don't always explain stuff best way

cm0s reacted to DonaldDrumpf in New Review from TechRadar ...

Where'd they get that screenshot? I've never seen a day when a Swedish or Dutch server ranked 5 stars. I've only ever seen that many stars on Canadian servers. Anyway, they have to be idiots to think that Eddie is complicated or confusing. Sheesh. I first used AirVPN back when they only had a half dozen or so servers, the founder routinely showed up on the forum and you had to screw around for an hour configuring Comodo to do the same thing the network lock does with one click. And don't even get me started on the Android variant. That was so easy it surprised me.

I just watched a bunch of reviews for the Vivaldi browser that finally convinced me that most reviews are more about the laziness and ineptness of the reviewer than they are about the qualities of the products they purport to be reviewing. Frankly, I'm getting sick of reading reviews from people who don't have or don't care to spend any time with the product they're reviewing before spouting off with their ill informed opinions.

cm0s got a reaction from Bearanonymous in Server Physical Access ...

personally i think the t-shirt is a good idea

cm0s got a reaction from go558a83nk in dns-tool dns-trails ...

http://www.dnstrails.com/index.html

another online nyce to have dns-tool link

cm0s reacted to air-fun in How to prevent IPv6 leaks under Linux, using OpenVPN? ...

Or try add this parameter to end of kernel boot line:
ipv6.disable=1

cm0s reacted to OpenSourcerer in Can't really recommend it.... ...

For some people, switching to vanilla OpenVPN did turn things for the better. I've been using a close-to-vanilla OpenVPN client on Windows in the past and am now using vanilla OpenVPN on Linux. I max out my connection (50/10 Mbit).

cm0s got a reaction from jean claud in Torrent site hunting ...

here's my idea:
if you are an admin of say a torrent site do not get involved in other activiities that will bring attention to your community.

stop with the bloat code on your websites, adware, scamware etc.

put a link up for your community to be able to 'donate' what they can when they can

might be better to mirror the site to the tor network for the magnets not have that available via clear
so in a way you are running two sites same thing but the tor network has the magnets

maybe put another site up separate from that onion address for the 'forum' community where you probably will need java running for all the admin junk, this way your 'java' site is tor only and separate from your magnet site

hire an attorney if and when you can, if needed so you got some help if something goes wrong as it tends to

if you have enough from donations give some of that back some how, whatever your ethics are, do some kind of good with it

if your site grows beyond your ability, bring someone else in that can handle it and can keep your community safe

drink tons of coffee, like way more than needed

# airvpn irc hidden service stealth mode ssl # mkdir hidircz # cd d0wnz # touch cool.motd # vim cool.motd hit 'i' copy paste text below or your own custom motd hit 'esc' key then type ':wq' ____ _ ____ _ _ ___ _ _ |__| | |__/ | | |__] |\ | | | | | \ \/ | | \| =========================== https://airvpn.org add this to your torrc file mod for your own config if needed... VirtualAddrNetwork 10.192.0.0/10 TransPort 9040 DNSPort 53 AutomapHostsOnResolve 1 ##hidden service HiddenServiceDir /var/lib/tor/ HiddenServicePort 6697 127.0.0.1:6697 HiddenServiceAuthorizeClient stealth IRCvisitor HidServAuth newtorsitenamehere.onion stealthpasshere you'll start tor and then stop tor to get your hidden service hostname and authorization cookie, this 'cookie' is in the hostname /var/lib/tor looks like this: newtorsitenamehere.onion yourauthcookieherebruh # client: IRCvisitor now remember in the torrc file below the port you created the 'IRCvisitor' without this information from /var/lib/tor added to the torrc file in the example above you cannot access the irc server or if it were http you can not access it even from the box hosting the irc/http server the advantage to stealth mode is this: it is NOT listed in the tor directory and if anything goes wrong with your irc server or you just want to create another openssl req -x509 -sha256 -newkey rsa:2048 -keyout ~/d0wnz/ircpriv.pem -out ~/d0wnz/ircert.pem -days 1024 -nodes -subj '/CN=irc.z4ojdtiaqvdfi4ys.onion' 'domain' no problem, you are not tied to anything, and anyone accessing your site/chat has to have contacted you to get the authorization cookie from hidircz directory... # openssl req -x509 -sha256 -newkey rsa:2048 -keyout /root/hidrircz/ircpriv.pem -out /root/hidircz/ircert.pem -days 1024 -nodes -subj '/CN=irc.newtorsitenamehere.onion' # cat /root/hidircz/ircpriv.pem > hidz.pem # cat /root/hidircz/ircert.pem >> hidz.pem here's the python script.... ################################# #! /usr/bin/env python # https://github.com/jrosdahl/miniircd # Joel Rosdahl <joel@rosdahl.net> # pacman -S python-pyopenssl if needed import logging import os import re import select import socket import string import sys import tempfile import time from datetime import datetime from logging.handlers import RotatingFileHandler from optparse import OptionParser VERSION = "1.2.1" PY3 = sys.version_info[0] >= 3 if PY3: def buffer_to_socket(msg): return msg.encode() def socket_to_buffer(buf): return buf.decode() else: def buffer_to_socket(msg): return msg def socket_to_buffer(buf): return buf def create_directory(path): if not os.path.isdir(path): os.makedirs(path) class Channel(object): def __init__(self, server, name): self.server = server self.name = name self.members = set() self._topic = "" self._key = None if self.server.state_dir: self._state_path = "%s/%s" % ( self.server.state_dir, name.replace("_", "__").replace("/", "_")) self._read_state() else: self._state_path = None def add_member(self, client): self.members.add(client) def get_topic(self): return self._topic def set_topic(self, value): self._topic = value self._write_state() topic = property(get_topic, set_topic) def get_key(self): return self._key def set_key(self, value): self._key = value self._write_state() key = property(get_key, set_key) def remove_client(self, client): self.members.discard(client) if not self.members: self.server.remove_channel(self) def _read_state(self): if not (self._state_path and os.path.exists(self._state_path)): return data = {} with open(self._state_path, "rb") as state_file: exec(state_file.read(), {}, data) self._topic = data.get("topic", "") self._key = data.get("key") def _write_state(self): if not self._state_path: return (fd, path) = tempfile.mkstemp(dir=os.path.dirname(self._state_path)) fp = os.fdopen(fd, "w") fp.write("topic = %r\n" % self.topic) fp.write("key = %r\n" % self.key) fp.close() os.rename(path, self._state_path) class Client(object): __linesep_regexp = re.compile(r"\r?\n") # The RFC limit for nicknames is 9 characters, but what the heck. __valid_nickname_regexp = re.compile( r"^[][\`_^{|}A-Za-z][][\`_^{|}A-Za-z0-9-]{0,50}$") __valid_channelname_regexp = re.compile( r"^[+!][^\x00\x07\x0a\x0d ,:]{0,50}$") def __init__(self, server, socket): self.server = server self.socket = socket self.channels = {} # irc_lower(Channel name) --> Channel self.nickname = None self.user = None self.realname = None (self.host, self.port) = socket.getpeername() self.__timestamp = time.time() self.__readbuffer = "" self.__writebuffer = "" self.__sent_ping = False if self.server.password: self.__handle_command = self.__pass_handler else: self.__handle_command = self.__registration_handler def get_prefix(self): return "%s!%s@%s" % (self.nickname, self.user, self.host) prefix = property(get_prefix) def check_aliveness(self): now = time.time() if self.__timestamp + 180 < now: self.disconnect("ping timeout") return if not self.__sent_ping and self.__timestamp + 90 < now: if self.__handle_command == self.__command_handler: # Registered. self.message("PING :%s" % self.server.name) self.__sent_ping = True else: # Not registered. self.disconnect("ping timeout") def write_queue_size(self): return len(self.__writebuffer) def __parse_read_buffer(self): lines = self.__linesep_regexp.split(self.__readbuffer) self.__readbuffer = lines[-1] lines = lines[:-1] for line in lines: if not line: # Empty line. Ignore. continue x = line.split(" ", 1) command = x[0].upper() if len(x) == 1: arguments = [] else: if len(x[1]) > 0 and x[1][0] == ":": arguments = [x[1][1:]] else: y = x[1].split(" :", 1) arguments = y[0].split() if len(y) == 2: arguments.append(y[1]) self.__handle_command(command, arguments) def __pass_handler(self, command, arguments): server = self.server if command == "PASS": if len(arguments) == 0: self.reply_461("PASS") else: if arguments[0].lower() == server.password: self.__handle_command = self.__registration_handler else: self.reply("464 :Password incorrect") elif command == "QUIT": self.disconnect("Client quit") return def __registration_handler(self, command, arguments): server = self.server if command == "NICK": if len(arguments) < 1: self.reply("431 :No nickname given") return nick = arguments[0] if server.get_client(nick): self.reply("433 * %s :Nickname is already in use" % nick) elif not self.__valid_nickname_regexp.match(nick): self.reply("432 * %s :Erroneous nickname" % nick) else: self.nickname = nick server.client_changed_nickname(self, None) elif command == "USER": if len(arguments) < 4: self.reply_461("USER") return self.user = arguments[0] self.realname = arguments[3] elif command == "QUIT": self.disconnect("Client quit") return if self.nickname and self.user: self.reply("001 %s :Hi, welcome to IRC" % self.nickname) self.reply("002 %s :Your host is %s, running version miniircd-%s" % (self.nickname, server.name, VERSION)) self.reply("003 %s :This server was created sometime" % self.nickname) self.reply("004 %s %s miniircd-%s o o" % (self.nickname, server.name, VERSION)) self.send_lusers() self.send_motd() self.__handle_command = self.__command_handler def __send_names(self, arguments, for_join=False): server = self.server valid_channel_re = self.__valid_channelname_regexp if len(arguments) > 0: channelnames = arguments[0].split(",") else: channelnames = sorted(self.channels.keys()) if len(arguments) > 1: keys = arguments[1].split(",") else: keys = [] keys.extend((len(channelnames) - len(keys)) * [None]) for (i, channelname) in enumerate(channelnames): if for_join and irc_lower(channelname) in self.channels: continue if not valid_channel_re.match(channelname): self.reply_403(channelname) continue channel = server.get_channel(channelname) if channel.key is not None and channel.key != keys[i]: self.reply( "475 %s %s :Cannot join channel (+k) - bad key" % (self.nickname, channelname)) continue if for_join: channel.add_member(self) self.channels[irc_lower(channelname)] = channel self.message_channel(channel, "JOIN", channelname, True) self.channel_log(channel, "joined", meta=True) if channel.topic: self.reply("332 %s %s :%s" % (self.nickname, channel.name, channel.topic)) else: self.reply("331 %s %s :No topic is set" % (self.nickname, channel.name)) names_prefix = "353 %s = %s :" % (self.nickname, channelname) names = "" # Max length: reply prefix ":server_name(space)" plus CRLF in # the end. names_max_len = 512 - (len(server.name) + 2 + 2) for name in sorted(x.nickname for x in channel.members): if not names: names = names_prefix + name # Using >= to include the space between "names" and "name". elif len(names) + len(name) >= names_max_len: self.reply(names) names = names_prefix + name else: names += " " + name if names: self.reply(names) self.reply("366 %s %s :End of NAMES list" % (self.nickname, channelname)) def __command_handler(self, command, arguments): def away_handler(): pass def ison_handler(): if len(arguments) < 1: self.reply_461("ISON") return nicks = arguments online = [n for n in nicks if server.get_client(n)] self.reply("303 %s :%s" % (self.nickname, " ".join(online))) def join_handler(): if len(arguments) < 1: self.reply_461("JOIN") return if arguments[0] == "0": for (channelname, channel) in self.channels.items(): self.message_channel(channel, "PART", channelname, True) self.channel_log(channel, "left", meta=True) server.remove_member_from_channel(self, channelname) self.channels = {} return self.__send_names(arguments, for_join=True) def list_handler(): if len(arguments) < 1: channels = server.channels.values() else: channels = [] for channelname in arguments[0].split(","): if server.has_channel(channelname): channels.append(server.get_channel(channelname)) sorted_channels = sorted(channels, key=lambda x: x.name) for channel in sorted_channels: self.reply("322 %s %s %d :%s" % (self.nickname, channel.name, len(channel.members), channel.topic)) self.reply("323 %s :End of LIST" % self.nickname) def lusers_handler(): self.send_lusers() def mode_handler(): if len(arguments) < 1: self.reply_461("MODE") return targetname = arguments[0] if server.has_channel(targetname): channel = server.get_channel(targetname) if len(arguments) < 2: if channel.key: modes = "+k" if irc_lower(channel.name) in self.channels: modes += " %s" % channel.key else: modes = "+" self.reply("324 %s %s %s" % (self.nickname, targetname, modes)) return flag = arguments[1] if flag == "+k": if len(arguments) < 3: self.reply_461("MODE") return key = arguments[2] if irc_lower(channel.name) in self.channels: channel.key = key self.message_channel( channel, "MODE", "%s +k %s" % (channel.name, key), True) self.channel_log( channel, "set channel key to %s" % key, meta=True) else: self.reply("442 %s :You're not on that channel" % targetname) elif flag == "-k": if irc_lower(channel.name) in self.channels: channel.key = None self.message_channel( channel, "MODE", "%s -k" % channel.name, True) self.channel_log( channel, "removed channel key", meta=True) else: self.reply("442 %s :You're not on that channel" % targetname) else: self.reply("472 %s %s :Unknown MODE flag" % (self.nickname, flag)) elif targetname == self.nickname: if len(arguments) == 1: self.reply("221 %s +" % self.nickname) else: self.reply("501 %s :Unknown MODE flag" % self.nickname) else: self.reply_403(targetname) def motd_handler(): self.send_motd() def names_handler(): self.__send_names(arguments) def nick_handler(): if len(arguments) < 1: self.reply("431 :No nickname given") return newnick = arguments[0] client = server.get_client(newnick) if newnick == self.nickname: pass elif client and client is not self: self.reply("433 %s %s :Nickname is already in use" % (self.nickname, newnick)) elif not self.__valid_nickname_regexp.match(newnick): self.reply("432 %s %s :Erroneous Nickname" % (self.nickname, newnick)) else: for x in self.channels.values(): self.channel_log( x, "changed nickname to %s" % newnick, meta=True) oldnickname = self.nickname self.nickname = newnick server.client_changed_nickname(self, oldnickname) self.message_related( ":%s!%s@%s NICK %s" % (oldnickname, self.user, self.host, self.nickname), True) def notice_and_privmsg_handler(): if len(arguments) == 0: self.reply("411 %s :No recipient given (%s)" % (self.nickname, command)) return if len(arguments) == 1: self.reply("412 %s :No text to send" % self.nickname) return targetname = arguments[0] message = arguments[1] client = server.get_client(targetname) if client: client.message(":%s %s %s :%s" % (self.prefix, command, targetname, message)) elif server.has_channel(targetname): channel = server.get_channel(targetname) self.message_channel( channel, command, "%s :%s" % (channel.name, message)) self.channel_log(channel, message) else: self.reply("401 %s %s :No such nick/channel" % (self.nickname, targetname)) def part_handler(): if len(arguments) < 1: self.reply_461("PART") return if len(arguments) > 1: partmsg = arguments[1] else: partmsg = self.nickname for channelname in arguments[0].split(","): if not valid_channel_re.match(channelname): self.reply_403(channelname) elif not irc_lower(channelname) in self.channels: self.reply("442 %s %s :You're not on that channel" % (self.nickname, channelname)) else: channel = self.channels[irc_lower(channelname)] self.message_channel( channel, "PART", "%s :%s" % (channelname, partmsg), True) self.channel_log(channel, "left (%s)" % partmsg, meta=True) del self.channels[irc_lower(channelname)] server.remove_member_from_channel(self, channelname) def ping_handler(): if len(arguments) < 1: self.reply("409 %s :No origin specified" % self.nickname) return self.reply("PONG %s :%s" % (server.name, arguments[0])) def pong_handler(): pass def quit_handler(): if len(arguments) < 1: quitmsg = self.nickname else: quitmsg = arguments[0] self.disconnect(quitmsg) def topic_handler(): if len(arguments) < 1: self.reply_461("TOPIC") return channelname = arguments[0] channel = self.channels.get(irc_lower(channelname)) if channel: if len(arguments) > 1: newtopic = arguments[1] channel.topic = newtopic self.message_channel( channel, "TOPIC", "%s :%s" % (channelname, newtopic), True) self.channel_log( channel, "set topic to %r" % newtopic, meta=True) else: if channel.topic: self.reply("332 %s %s :%s" % (self.nickname, channel.name, channel.topic)) else: self.reply("331 %s %s :No topic is set" % (self.nickname, channel.name)) else: self.reply("442 %s :You're not on that channel" % channelname) def wallops_handler(): if len(arguments) < 1: self.reply_461("WALLOPS") return message = arguments[0] for client in server.clients.values(): client.message(":%s NOTICE %s :Global notice: %s" % (self.prefix, client.nickname, message)) def who_handler(): if len(arguments) < 1: return targetname = arguments[0] if server.has_channel(targetname): channel = server.get_channel(targetname) for member in channel.members: self.reply("352 %s %s %s %s %s %s H :0 %s" % (self.nickname, targetname, member.user, member.host, server.name, member.nickname, member.realname)) self.reply("315 %s %s :End of WHO list" % (self.nickname, targetname)) def whois_handler(): if len(arguments) < 1: return username = arguments[0] user = server.get_client(username) if user: self.reply("311 %s %s %s %s * :%s" % (self.nickname, user.nickname, user.user, user.host, user.realname)) self.reply("312 %s %s %s :%s" % (self.nickname, user.nickname, server.name, server.name)) self.reply("319 %s %s :%s" % (self.nickname, user.nickname, " ".join(user.channels))) self.reply("318 %s %s :End of WHOIS list" % (self.nickname, user.nickname)) else: self.reply("401 %s %s :No such nick" % (self.nickname, username)) handler_table = { "AWAY": away_handler, "ISON": ison_handler, "JOIN": join_handler, "LIST": list_handler, "LUSERS": lusers_handler, "MODE": mode_handler, "MOTD": motd_handler, "NAMES": names_handler, "NICK": nick_handler, "NOTICE": notice_and_privmsg_handler, "PART": part_handler, "PING": ping_handler, "PONG": pong_handler, "PRIVMSG": notice_and_privmsg_handler, "QUIT": quit_handler, "TOPIC": topic_handler, "WALLOPS": wallops_handler, "WHO": who_handler, "WHOIS": whois_handler, } server = self.server valid_channel_re = self.__valid_channelname_regexp try: handler_table[command]() except KeyError: self.reply("421 %s %s :Unknown command" % (self.nickname, command)) def socket_readable_notification(self): try: data = self.socket.recv(2 ** 10) self.server.print_debug( "[%s:%d] -> %r" % (self.host, self.port, data)) quitmsg = "EOT" except socket.error as x: data = "" quitmsg = x if data: self.__readbuffer += socket_to_buffer(data) self.__parse_read_buffer() self.__timestamp = time.time() self.__sent_ping = False else: self.disconnect(quitmsg) def socket_writable_notification(self): try: sent = self.socket.send(buffer_to_socket(self.__writebuffer)) self.server.print_debug( "[%s:%d] <- %r" % ( self.host, self.port, self.__writebuffer[:sent])) self.__writebuffer = self.__writebuffer[sent:] except socket.error as x: self.disconnect(x) def disconnect(self, quitmsg): self.message("ERROR :%s" % quitmsg) self.server.print_info( "Disconnected connection from %s:%s (%s)." % ( self.host, self.port, quitmsg)) self.socket.close() self.server.remove_client(self, quitmsg) def message(self, msg): self.__writebuffer += msg + "\r\n" def reply(self, msg): self.message(":%s %s" % (self.server.name, msg)) def reply_403(self, channel): self.reply("403 %s %s :No such channel" % (self.nickname, channel)) def reply_461(self, command): nickname = self.nickname or "*" self.reply("461 %s %s :Not enough parameters" % (nickname, command)) def message_channel(self, channel, command, message, include_self=False): line = ":%s %s %s" % (self.prefix, command, message) for client in channel.members: if client != self or include_self: client.message(line) def channel_log(self, channel, message, meta=False): if not self.server.channel_log_dir: return if meta: format = "[%s] * %s %s\n" else: format = "[%s] <%s> %s\n" timestamp = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S UTC") logname = channel.name.replace("_", "__").replace("/", "_") fp = open("%s/%s.log" % (self.server.channel_log_dir, logname), "a") fp.write(format % (timestamp, self.nickname, message)) fp.close() def message_related(self, msg, include_self=False): clients = set() if include_self: clients.add(self) for channel in self.channels.values(): clients |= channel.members if not include_self: clients.discard(self) for client in clients: client.message(msg) def send_lusers(self): self.reply("251 %s :There are %d users and 0 services on 1 server" % (self.nickname, len(self.server.clients))) def send_motd(self): server = self.server motdlines = server.get_motd_lines() if motdlines: self.reply("375 %s :- %s Message of the day -" % (self.nickname, server.name)) for line in motdlines: self.reply("372 %s :- %s" % (self.nickname, line.rstrip())) self.reply("376 %s :End of /MOTD command" % self.nickname) else: self.reply("422 %s :MOTD File is missing" % self.nickname) class Server(object): def __init__(self, options): self.ports = options.ports self.password = options.password self.ssl_pem_file = options.ssl_pem_file self.motdfile = options.motd self.verbose = options.verbose self.debug = options.debug self.channel_log_dir = options.channel_log_dir self.chroot = options.chroot self.setuid = options.setuid self.state_dir = options.state_dir self.log_file = options.log_file self.log_max_bytes = options.log_max_size * 1024 * 1024 self.log_count = options.log_count self.logger = None if options.password_file: with open(options.password_file, "r") as fp: self.password = fp.read().strip("\n") if self.ssl_pem_file: self.ssl = __import__("ssl") # Find certificate after daemonization if path is relative: if self.ssl_pem_file and os.path.exists(self.ssl_pem_file): self.ssl_pem_file = os.path.abspath(self.ssl_pem_file) # else: might exist in the chroot jail, so just continue if options.listen: self.address = socket.gethostbyname(options.listen) else: self.address = "" server_name_limit = 63 # From the RFC. self.name = socket.getfqdn(self.address)[:server_name_limit] self.channels = {} # irc_lower(Channel name) --> Channel instance. self.clients = {} # Socket --> Client instance. self.nicknames = {} # irc_lower(Nickname) --> Client instance. if self.channel_log_dir: create_directory(self.channel_log_dir) if self.state_dir: create_directory(self.state_dir) def make_pid_file(self, filename): try: fd = os.open(filename, os.O_RDWR | os.O_CREAT | os.O_EXCL, 0o644) os.write(fd, "%i\n" % os.getpid()) os.close(fd) except: self.print_error("Could not create PID file %r" % filename) sys.exit(1) def daemonize(self): try: pid = os.fork() if pid > 0: sys.exit(0) except OSError: sys.exit(1) os.setsid() try: pid = os.fork() if pid > 0: self.print_info("PID: %d" % pid) sys.exit(0) except OSError: sys.exit(1) os.chdir("/") os.umask(0) dev_null = open("/dev/null", "r+") os.dup2(dev_null.fileno(), sys.stdout.fileno()) os.dup2(dev_null.fileno(), sys.stderr.fileno()) os.dup2(dev_null.fileno(), sys.stdin.fileno()) def get_client(self, nickname): return self.nicknames.get(irc_lower(nickname)) def has_channel(self, name): return irc_lower(name) in self.channels def get_channel(self, channelname): if irc_lower(channelname) in self.channels: channel = self.channels[irc_lower(channelname)] else: channel = Channel(self, channelname) self.channels[irc_lower(channelname)] = channel return channel def get_motd_lines(self): if self.motdfile: try: return open(self.motdfile).readlines() except IOError: return ["Could not read MOTD file %r." % self.motdfile] else: return [] def print_info(self, msg): if self.verbose: print(msg) sys.stdout.flush() if self.logger: self.logger.info(msg) def print_debug(self, msg): if self.debug: print(msg) sys.stdout.flush() if self.logger: self.logger.debug(msg) def print_error(self, msg): sys.stderr.write("%s\n" % msg) if self.logger: self.logger.error(msg) def client_changed_nickname(self, client, oldnickname): if oldnickname: del self.nicknames[irc_lower(oldnickname)] self.nicknames[irc_lower(client.nickname)] = client def remove_member_from_channel(self, client, channelname): if irc_lower(channelname) in self.channels: channel = self.channels[irc_lower(channelname)] channel.remove_client(client) def remove_client(self, client, quitmsg): client.message_related(":%s QUIT :%s" % (client.prefix, quitmsg)) for x in client.channels.values(): client.channel_log(x, "quit (%s)" % quitmsg, meta=True) x.remove_client(client) if client.nickname \ and irc_lower(client.nickname) in self.nicknames: del self.nicknames[irc_lower(client.nickname)] del self.clients[client.socket] def remove_channel(self, channel): del self.channels[irc_lower(channel.name)] def start(self): serversockets = [] for port in self.ports: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) try: s.bind((self.address, port)) except socket.error as e: self.print_error("Could not bind port %s: %s." % (port, e)) sys.exit(1) s.listen(5) serversockets.append(s) del s self.print_info("Listening on port %d." % port) if self.chroot: os.chdir(self.chroot) os.chroot(self.chroot) self.print_info("Changed root directory to %s" % self.chroot) if self.setuid: os.setgid(self.setuid[1]) os.setuid(self.setuid[0]) self.print_info("Setting uid:gid to %s:%s" % (self.setuid[0], self.setuid[1])) self.init_logging() try: self.run(serversockets) except: if self.logger: self.logger.exception("Fatal exception") raise def init_logging(self): if not self.log_file: return log_level = logging.INFO if self.debug: log_level = logging.DEBUG self.logger = logging.getLogger("miniircd") formatter = logging.Formatter( ("%(asctime)s - %(name)s[%(process)d] - " "%(levelname)s - %(message)s")) fh = RotatingFileHandler( self.log_file, maxBytes=self.log_max_bytes, backupCount=self.log_count) fh.setLevel(log_level) fh.setFormatter(formatter) self.logger.setLevel(log_level) self.logger.addHandler(fh) def run(self, serversockets): last_aliveness_check = time.time() while True: (iwtd, owtd, ewtd) = select.select( serversockets + [x.socket for x in self.clients.values()], [x.socket for x in self.clients.values() if x.write_queue_size() > 0], [], 10) for x in iwtd: if x in self.clients: self.clients[x].socket_readable_notification() else: (conn, addr) = x.accept() if self.ssl_pem_file: try: conn = self.ssl.wrap_socket( conn, server_side=True, certfile=self.ssl_pem_file, keyfile=self.ssl_pem_file) except Exception as e: self.print_error( "SSL error for connection from %s:%s: %s" % ( addr[0], addr[1], e)) continue try: self.clients[conn] = Client(self, conn) self.print_info("Accepted connection from %s:%s." % ( addr[0], addr[1])) except socket.error as e: try: conn.close() except: pass for x in owtd: if x in self.clients: # client may have been disconnected self.clients[x].socket_writable_notification() now = time.time() if last_aliveness_check + 10 < now: for client in list(self.clients.values()): client.check_aliveness() last_aliveness_check = now _maketrans = str.maketrans if PY3 else string.maketrans _ircstring_translation = _maketrans( string.ascii_lowercase.upper() + "[]\\^", string.ascii_lowercase + "{}|~") def irc_lower(s): return s.translate(_ircstring_translation) def main(argv): op = OptionParser( version=VERSION, description="miniircd is a small and limited IRC server.") op.add_option( "--channel-log-dir", metavar="X", help="store channel log in directory X") op.add_option( "-d", "--daemon", action="store_true", help="fork and become a daemon") op.add_option( "--debug", action="store_true", help="print debug messages to stdout") op.add_option( "--listen", metavar="X", help="listen on specific IP address X") op.add_option( "--log-count", metavar="X", default=10, type="int", help="keep X log files; default: %default") op.add_option( "--log-file", metavar="X", help="store log in file X") op.add_option( "--log-max-size", metavar="X", default=10, type="int", help="set maximum log file size to X MiB; default: %default MiB") op.add_option( "--motd", metavar="X", help="display file X as message of the day") op.add_option( "--pid-file", metavar="X", help="write PID to file X") op.add_option( "-p", "--password", metavar="X", help="require connection password X; default: no password") op.add_option( "--password-file", metavar="X", help=("require connection password stored in file X;" " default: no password")) op.add_option( "--ports", metavar="X", help="listen to ports X (a list separated by comma or whitespace);" " default: 6667 or 6697 if SSL is enabled") op.add_option( "-s", "--ssl-pem-file", metavar="FILE", help="enable SSL and use FILE as the .pem certificate+key") op.add_option( "--state-dir", metavar="X", help="save persistent channel state (topic, key) in directory X") op.add_option( "--verbose", action="store_true", help="be verbose (print some progress messages to stdout)") if os.name == "posix": op.add_option( "--chroot", metavar="X", help="change filesystem root to directory X after startup" " (requires root)") op.add_option( "--setuid", metavar="U[:G]", help="change process user (and optionally group) after startup" " (requires root)") else: op.chroot = False op.setuid = False (options, args) = op.parse_args(argv[1:]) if options.debug: options.verbose = True if options.ports is None: if options.ssl_pem_file is None: options.ports = "6667" else: options.ports = "6697" if options.chroot: if os.getuid() != 0: op.error("Must be root to use --chroot") if options.setuid: from pwd import getpwnam from grp import getgrnam if os.getuid() != 0: op.error("Must be root to use --setuid") matches = options.setuid.split(":") if len(matches) == 2: options.setuid = (getpwnam(matches[0]).pw_uid, getgrnam(matches[1]).gr_gid) elif len(matches) == 1: options.setuid = (getpwnam(matches[0]).pw_uid, getpwnam(matches[0]).pw_gid) else: op.error("Specify a user, or user and group separated by a colon," " e.g. --setuid daemon, --setuid nobody:nobody") if (os.getuid() == 0 or os.getgid() == 0) and not options.setuid: op.error("Running this service as root is not recommended. Use the" " --setuid option to switch to an unprivileged account after" " startup. If you really intend to run as root, use" " \"--setuid root\".") ports = [] for port in re.split(r"[,\s]+", options.ports): try: ports.append(int(port)) except ValueError: op.error("bad port: %r" % port) options.ports = ports server = Server(options) if options.daemon: server.daemonize() if options.pid_file: server.make_pid_file(options.pid_file) try: server.start() except KeyboardInterrupt: server.print_error("Interrupted.") main(sys.argv) ################################# top of the script don't think needed just in case ya might add 'import ssl' on github the python file is named a bit different to start the script save it as example: minircd.py chmod +x the script as root from hidircz directory with your pem file and motd file: # python minircd.py --ssl-pem-file=/root/hidircz/hidz.pem --listen 127.0.0.1 --motd=huh.motd --setuid=root i didn't test this out but to run the script as non root ya might need change directory to say /home/nonrootuser move everything there, chown -R nonroot:nonroot all the files so ssl doesn't gripe about an error i might be wrong on this fyi to get help with the irc server: # python minircd.py -h i forgot to mention to start tor at least on arch: # /usr/bin/tor -f /etc/tor/torrc so now you have a irc tor chat server up in stealth mode plus an additional layer of ssl the clients say via irssi can connect as follows: # socat TCP4-LISTEN:8000,reuseaddr,fork SOCKS4a:127.0.0.1:newtorsitenamehere.onion:6697,socksport=9050 you don't add the 'irc' in front of the 'domain' just the onion address without 'irc' then launch irssi and to connect /connect -ssl 127.0.0.1 8000 you can create a room join chat typical irc stuff anything done as /whois will show localhost no ip info for pidgin users little different but not much... basic tab is irc protocol yer user name server is the tor address without 'irc' advanced tab port 6697 proxy tab... proxy is http host 127.0.0.1 port 8118 start privoxy before connecting: # /usr/bin/privoxy --no-daemon /etc/privoxy/config here is my privoxy config: ####################################### # Generally, this file goes in /etc/privoxy/config # unfucked config by cm0s 010117 # to start /usr/bin/privoxy --no-dameon /etc/privoxy/config # Tor listens as a SOCKS4a proxy here: forward-socks5 / 127.0.0.1:9050 . # confz confdir /etc/privoxy logdir /var/log/privoxy # actionsfile standard # Internal purpose, recommended actionsfile default.action # Main actions file actionsfile user.action # User customizations filterfile default.filter # timeout shit keep-alive-timeout 600 # mohr timeout shit default-server-timeout 600 # yet mohhhrrr... socket-timeout 600 # Don't log interesting things, only startup messages, warnings and errors logfile logfile #jarfile jarfile #debug 0 # show each GET/POST/CONNECT request debug 4096 # Startup banner and warnings debug 8192 # Errors - *we highly recommended enabling this* user-manual /usr/share/doc/privoxy/user-manual listen-address localhost:8118 toggle 1 enable-remote-toggle 0 enable-edit-actions 0 enable-remote-http-toggle 0 buffer-limit 4096 # # ######################################## a quick side note: make sure logging is off in pidgin and also the otr plugin so recap, ya just launched your very own irc chat server can make your own motd, publish your otr key add whatever custom stuff ya want and ya really made it private coz it's in stealth mode stealth mode tor is NOT listed in the tor directory and even if someone finds your onion address they can't do anything, won't even let them scan your address without the auth cookie, and you added another layer of ssl cheerz splif

cm0s got a reaction from Casper31 in google logo ...

https://www.nytimes.com/2017/06/27/technology/eu-google-fine.html

# airvpn irc hidden service stealth mode ssl

# mkdir hidircz
# cd d0wnz
# touch cool.motd
# vim cool.motd
hit 'i' copy paste
text below or your own
custom motd
hit 'esc' key then type ':wq'
____ _ ____ _ _ ___ _ _
|__| | |__/ | | |__] |\ |
| | | | \ \/ |    | \|
===========================
https://airvpn.org

add this to your torrc file
mod for your own config if needed...

VirtualAddrNetwork 10.192.0.0/10
TransPort 9040
DNSPort 53
AutomapHostsOnResolve 1

##hidden service
HiddenServiceDir /var/lib/tor/
HiddenServicePort 6697 127.0.0.1:6697
HiddenServiceAuthorizeClient stealth IRCvisitor
HidServAuth newtorsitenamehere.onion stealthpasshere

you'll start tor and then stop tor to get your hidden service
hostname and authorization cookie, this 'cookie' is in the hostname
/var/lib/tor
looks like this:
newtorsitenamehere.onion yourauthcookieherebruh # client: IRCvisitor

now remember in the torrc file below the port you created the 'IRCvisitor'
without this information from /var/lib/tor added to the torrc file in the example
above you cannot access the irc server or if it were http you can not access it
even from the box hosting the irc/http server
the advantage to stealth mode is this: it is NOT listed in the tor directory
and if anything goes wrong with your irc server or you just want to create another openssl req -x509 -sha256 -newkey rsa:2048 -keyout ~/d0wnz/ircpriv.pem -out ~/d0wnz/ircert.pem -days 1024 -nodes -subj '/CN=irc.z4ojdtiaqvdfi4ys.onion'
'domain' no problem, you are not tied to anything, and anyone accessing your site/chat
has to have contacted you to get the authorization cookie

from hidircz directory...
# openssl req -x509 -sha256 -newkey rsa:2048 -keyout /root/hidrircz/ircpriv.pem -out /root/hidircz/ircert.pem -days 1024 -nodes -subj '/CN=irc.newtorsitenamehere.onion'
# cat /root/hidircz/ircpriv.pem > hidz.pem
# cat /root/hidircz/ircert.pem >> hidz.pem

here's the python script....
#################################

#! /usr/bin/env python
# https://github.com/jrosdahl/miniircd
# Joel Rosdahl <joel@rosdahl.net>
# pacman -S python-pyopenssl if needed

import logging
import os
import re
import select
import socket
import string
import sys
import tempfile
import time
from datetime import datetime
from logging.handlers import RotatingFileHandler
from optparse import OptionParser

VERSION = "1.2.1"

PY3 = sys.version_info[0] >= 3

if PY3:
    def buffer_to_socket(msg):
        return msg.encode()

    def socket_to_buffer(buf):
        return buf.decode()
else:
    def buffer_to_socket(msg):
        return msg

    def socket_to_buffer(buf):
        return buf

def create_directory(path):
    if not os.path.isdir(path):
        os.makedirs(path)

class Channel(object):
    def __init__(self, server, name):
        self.server = server
        self.name = name
        self.members = set()
        self._topic = ""
        self._key = None
        if self.server.state_dir:
            self._state_path = "%s/%s" % (
                self.server.state_dir,
                name.replace("_", "__").replace("/", "_"))
            self._read_state()
        else:
            self._state_path = None

    def add_member(self, client):
        self.members.add(client)

    def get_topic(self):
        return self._topic

    def set_topic(self, value):
        self._topic = value
        self._write_state()

    topic = property(get_topic, set_topic)

    def get_key(self):
        return self._key

    def set_key(self, value):
        self._key = value
        self._write_state()

    key = property(get_key, set_key)

    def remove_client(self, client):
        self.members.discard(client)
        if not self.members:
            self.server.remove_channel(self)

    def _read_state(self):
        if not (self._state_path and os.path.exists(self._state_path)):
            return
        data = {}

        with open(self._state_path, "rb") as state_file:
            exec(state_file.read(), {}, data)

        self._topic = data.get("topic", "")
        self._key = data.get("key")

    def _write_state(self):
        if not self._state_path:
            return
        (fd, path) = tempfile.mkstemp(dir=os.path.dirname(self._state_path))
        fp = os.fdopen(fd, "w")
        fp.write("topic = %r\n" % self.topic)
        fp.write("key = %r\n" % self.key)
        fp.close()
        os.rename(path, self._state_path)

class Client(object):
    __linesep_regexp = re.compile(r"\r?\n")
    # The RFC limit for nicknames is 9 characters, but what the heck.
    __valid_nickname_regexp = re.compile(
        r"^[][\`_^{|}A-Za-z][][\`_^{|}A-Za-z0-9-]{0,50}$")
    __valid_channelname_regexp = re.compile(
        r"^[+!][^\x00\x07\x0a\x0d ,:]{0,50}$")

    def __init__(self, server, socket):
        self.server = server
        self.socket = socket
        self.channels = {} # irc_lower(Channel name) --> Channel
        self.nickname = None
        self.user = None
        self.realname = None
        (self.host, self.port) = socket.getpeername()
        self.__timestamp = time.time()
        self.__readbuffer = ""
        self.__writebuffer = ""
        self.__sent_ping = False
        if self.server.password:
            self.__handle_command = self.__pass_handler
        else:
            self.__handle_command = self.__registration_handler

    def get_prefix(self):
        return "%s!%s@%s" % (self.nickname, self.user, self.host)
    prefix = property(get_prefix)

    def check_aliveness(self):
        now = time.time()
        if self.__timestamp + 180 < now:
            self.disconnect("ping timeout")
            return
        if not self.__sent_ping and self.__timestamp + 90 < now:
            if self.__handle_command == self.__command_handler:
                # Registered.
                self.message("PING :%s" % self.server.name)
                self.__sent_ping = True
            else:
                # Not registered.
                self.disconnect("ping timeout")

    def write_queue_size(self):
        return len(self.__writebuffer)

    def __parse_read_buffer(self):
        lines = self.__linesep_regexp.split(self.__readbuffer)
        self.__readbuffer = lines[-1]
        lines = lines[:-1]
        for line in lines:
            if not line:
                # Empty line. Ignore.
                continue
            x = line.split(" ", 1)
            command = x[0].upper()
            if len(x) == 1:
                arguments = []
            else:
                if len(x[1]) > 0 and x[1][0] == ":":
                    arguments = [x[1][1:]]
                else:
                    y = x[1].split(" :", 1)
                    arguments = y[0].split()
                    if len(y) == 2:
                        arguments.append(y[1])
            self.__handle_command(command, arguments)

    def __pass_handler(self, command, arguments):
        server = self.server
        if command == "PASS":
            if len(arguments) == 0:
                self.reply_461("PASS")
            else:
                if arguments[0].lower() == server.password:
                    self.__handle_command = self.__registration_handler
                else:
                    self.reply("464 :Password incorrect")
        elif command == "QUIT":
            self.disconnect("Client quit")
            return

    def __registration_handler(self, command, arguments):
        server = self.server
        if command == "NICK":
            if len(arguments) < 1:
                self.reply("431 :No nickname given")
                return
            nick = arguments[0]
            if server.get_client(nick):
                self.reply("433 * %s :Nickname is already in use" % nick)
            elif not self.__valid_nickname_regexp.match(nick):
                self.reply("432 * %s :Erroneous nickname" % nick)
            else:
                self.nickname = nick
                server.client_changed_nickname(self, None)
        elif command == "USER":
            if len(arguments) < 4:
                self.reply_461("USER")
                return
            self.user = arguments[0]
            self.realname = arguments[3]
        elif command == "QUIT":
            self.disconnect("Client quit")
            return
        if self.nickname and self.user:
            self.reply("001 %s :Hi, welcome to IRC" % self.nickname)
            self.reply("002 %s :Your host is %s, running version miniircd-%s"
                       % (self.nickname, server.name, VERSION))
            self.reply("003 %s :This server was created sometime"
                       % self.nickname)
            self.reply("004 %s %s miniircd-%s o o"
                       % (self.nickname, server.name, VERSION))
            self.send_lusers()
            self.send_motd()
            self.__handle_command = self.__command_handler

    def __send_names(self, arguments, for_join=False):
        server = self.server
        valid_channel_re = self.__valid_channelname_regexp
        if len(arguments) > 0:
            channelnames = arguments[0].split(",")
        else:
            channelnames = sorted(self.channels.keys())
        if len(arguments) > 1:
            keys = arguments[1].split(",")
        else:
            keys = []
        keys.extend((len(channelnames) - len(keys)) * [None])
        for (i, channelname) in enumerate(channelnames):
            if for_join and irc_lower(channelname) in self.channels:
                continue
            if not valid_channel_re.match(channelname):
                self.reply_403(channelname)
                continue
            channel = server.get_channel(channelname)
            if channel.key is not None and channel.key != keys:
                self.reply(
                    "475 %s %s :Cannot join channel (+k) - bad key"
                    % (self.nickname, channelname))
                continue

            if for_join:
                channel.add_member(self)
                self.channels[irc_lower(channelname)] = channel
                self.message_channel(channel, "JOIN", channelname, True)
                self.channel_log(channel, "joined", meta=True)
                if channel.topic:
                    self.reply("332 %s %s :%s"
                               % (self.nickname, channel.name, channel.topic))
                else:
                    self.reply("331 %s %s :No topic is set"
                               % (self.nickname, channel.name))
            names_prefix = "353 %s = %s :" % (self.nickname, channelname)
            names = ""
            # Max length: reply prefix ":server_name(space)" plus CRLF in
            # the end.
            names_max_len = 512 - (len(server.name) + 2 + 2)
            for name in sorted(x.nickname for x in channel.members):
                if not names:
                    names = names_prefix + name
                # Using >= to include the space between "names" and "name".
                elif len(names) + len(name) >= names_max_len:
                    self.reply(names)
                    names = names_prefix + name
                else:
                    names += " " + name
            if names:
                self.reply(names)
            self.reply("366 %s %s :End of NAMES list"
                       % (self.nickname, channelname))

    def __command_handler(self, command, arguments):
        def away_handler():
            pass

        def ison_handler():
            if len(arguments) < 1:
                self.reply_461("ISON")
                return
            nicks = arguments
            online = [n for n in nicks if server.get_client(n)]
            self.reply("303 %s :%s" % (self.nickname, " ".join(online)))

        def join_handler():
            if len(arguments) < 1:
                self.reply_461("JOIN")
                return
            if arguments[0] == "0":
                for (channelname, channel) in self.channels.items():
                    self.message_channel(channel, "PART", channelname, True)
                    self.channel_log(channel, "left", meta=True)
                    server.remove_member_from_channel(self, channelname)
                self.channels = {}
                return
            self.__send_names(arguments, for_join=True)

        def list_handler():
            if len(arguments) < 1:
                channels = server.channels.values()
            else:
                channels = []
                for channelname in arguments[0].split(","):
                    if server.has_channel(channelname):
                        channels.append(server.get_channel(channelname))

            sorted_channels = sorted(channels, key=lambda x: x.name)
            for channel in sorted_channels:
                self.reply("322 %s %s %d :%s"
                           % (self.nickname, channel.name,
                              len(channel.members), channel.topic))
            self.reply("323 %s :End of LIST" % self.nickname)

        def lusers_handler():
            self.send_lusers()

        def mode_handler():
            if len(arguments) < 1:
                self.reply_461("MODE")
                return
            targetname = arguments[0]
            if server.has_channel(targetname):
                channel = server.get_channel(targetname)
                if len(arguments) < 2:
                    if channel.key:
                        modes = "+k"
                        if irc_lower(channel.name) in self.channels:
                            modes += " %s" % channel.key
                    else:
                        modes = "+"
                    self.reply("324 %s %s %s"
                               % (self.nickname, targetname, modes))
                    return
                flag = arguments[1]
                if flag == "+k":
                    if len(arguments) < 3:
                        self.reply_461("MODE")
                        return
                    key = arguments[2]
                    if irc_lower(channel.name) in self.channels:
                        channel.key = key
                        self.message_channel(
                            channel, "MODE", "%s +k %s" % (channel.name, key),
                            True)
                        self.channel_log(
                            channel, "set channel key to %s" % key, meta=True)
                    else:
                        self.reply("442 %s :You're not on that channel"
                                   % targetname)
                elif flag == "-k":
                    if irc_lower(channel.name) in self.channels:
                        channel.key = None
                        self.message_channel(
                            channel, "MODE", "%s -k" % channel.name,
                            True)
                        self.channel_log(
                            channel, "removed channel key", meta=True)
                    else:
                        self.reply("442 %s :You're not on that channel"
                                   % targetname)
                else:
                    self.reply("472 %s %s :Unknown MODE flag"
                               % (self.nickname, flag))
            elif targetname == self.nickname:
                if len(arguments) == 1:
                    self.reply("221 %s +" % self.nickname)
                else:
                    self.reply("501 %s :Unknown MODE flag" % self.nickname)
            else:
                self.reply_403(targetname)

        def motd_handler():
            self.send_motd()

        def names_handler():
            self.__send_names(arguments)

        def nick_handler():
            if len(arguments) < 1:
                self.reply("431 :No nickname given")
                return
            newnick = arguments[0]
            client = server.get_client(newnick)
            if newnick == self.nickname:
                pass
            elif client and client is not self:
                self.reply("433 %s %s :Nickname is already in use"
                           % (self.nickname, newnick))
            elif not self.__valid_nickname_regexp.match(newnick):
                self.reply("432 %s %s :Erroneous Nickname"
                           % (self.nickname, newnick))
            else:
                for x in self.channels.values():
                    self.channel_log(
                        x, "changed nickname to %s" % newnick, meta=True)
                oldnickname = self.nickname
                self.nickname = newnick
                server.client_changed_nickname(self, oldnickname)
                self.message_related(
                    ":%s!%s@%s NICK %s"
                    % (oldnickname, self.user, self.host, self.nickname),
                    True)

        def notice_and_privmsg_handler():
            if len(arguments) == 0:
                self.reply("411 %s :No recipient given (%s)"
                           % (self.nickname, command))
                return
            if len(arguments) == 1:
                self.reply("412 %s :No text to send" % self.nickname)
                return
            targetname = arguments[0]
            message = arguments[1]
            client = server.get_client(targetname)
            if client:
                client.message(":%s %s %s :%s"
                               % (self.prefix, command, targetname, message))
            elif server.has_channel(targetname):
                channel = server.get_channel(targetname)
                self.message_channel(
                    channel, command, "%s :%s" % (channel.name, message))
                self.channel_log(channel, message)
            else:
                self.reply("401 %s %s :No such nick/channel"
                           % (self.nickname, targetname))

        def part_handler():
            if len(arguments) < 1:
                self.reply_461("PART")
                return
            if len(arguments) > 1:
                partmsg = arguments[1]
            else:
                partmsg = self.nickname
            for channelname in arguments[0].split(","):
                if not valid_channel_re.match(channelname):
                    self.reply_403(channelname)
                elif not irc_lower(channelname) in self.channels:
                    self.reply("442 %s %s :You're not on that channel"
                               % (self.nickname, channelname))
                else:
                    channel = self.channels[irc_lower(channelname)]
                    self.message_channel(
                        channel, "PART", "%s :%s" % (channelname, partmsg),
                        True)
                    self.channel_log(channel, "left (%s)" % partmsg, meta=True)
                    del self.channels[irc_lower(channelname)]
                    server.remove_member_from_channel(self, channelname)

        def ping_handler():
            if len(arguments) < 1:
                self.reply("409 %s :No origin specified" % self.nickname)
                return
            self.reply("PONG %s :%s" % (server.name, arguments[0]))

        def pong_handler():
            pass

        def quit_handler():
            if len(arguments) < 1:
                quitmsg = self.nickname
            else:
                quitmsg = arguments[0]
            self.disconnect(quitmsg)

        def topic_handler():
            if len(arguments) < 1:
                self.reply_461("TOPIC")
                return
            channelname = arguments[0]
            channel = self.channels.get(irc_lower(channelname))
            if channel:
                if len(arguments) > 1:
                    newtopic = arguments[1]
                    channel.topic = newtopic
                    self.message_channel(
                        channel, "TOPIC", "%s :%s" % (channelname, newtopic),
                        True)
                    self.channel_log(
                        channel, "set topic to %r" % newtopic, meta=True)
                else:
                    if channel.topic:
                        self.reply("332 %s %s :%s"
                                   % (self.nickname, channel.name,
                                      channel.topic))
                    else:
                        self.reply("331 %s %s :No topic is set"
                                   % (self.nickname, channel.name))
            else:
                self.reply("442 %s :You're not on that channel" % channelname)

        def wallops_handler():
            if len(arguments) < 1:
                self.reply_461("WALLOPS")
                return
            message = arguments[0]
            for client in server.clients.values():
                client.message(":%s NOTICE %s :Global notice: %s"
                               % (self.prefix, client.nickname, message))

        def who_handler():
            if len(arguments) < 1:
                return
            targetname = arguments[0]
            if server.has_channel(targetname):
                channel = server.get_channel(targetname)
                for member in channel.members:
                    self.reply("352 %s %s %s %s %s %s H :0 %s"
                               % (self.nickname, targetname, member.user,
                                  member.host, server.name, member.nickname,
                                  member.realname))
                self.reply("315 %s %s :End of WHO list"
                           % (self.nickname, targetname))

        def whois_handler():
            if len(arguments) < 1:
                return
            username = arguments[0]
            user = server.get_client(username)
            if user:
                self.reply("311 %s %s %s %s * :%s"
                           % (self.nickname, user.nickname, user.user,
                              user.host, user.realname))
                self.reply("312 %s %s %s :%s"
                           % (self.nickname, user.nickname, server.name,
                              server.name))
                self.reply("319 %s %s :%s"
                           % (self.nickname, user.nickname,
                              " ".join(user.channels)))
                self.reply("318 %s %s :End of WHOIS list"
                           % (self.nickname, user.nickname))
            else:
                self.reply("401 %s %s :No such nick"
                           % (self.nickname, username))

        handler_table = {
            "AWAY": away_handler,
            "ISON": ison_handler,
            "JOIN": join_handler,
            "LIST": list_handler,
            "LUSERS": lusers_handler,
            "MODE": mode_handler,
            "MOTD": motd_handler,
            "NAMES": names_handler,
            "NICK": nick_handler,
            "NOTICE": notice_and_privmsg_handler,
            "PART": part_handler,
            "PING": ping_handler,
            "PONG": pong_handler,
            "PRIVMSG": notice_and_privmsg_handler,
            "QUIT": quit_handler,
            "TOPIC": topic_handler,
            "WALLOPS": wallops_handler,
            "WHO": who_handler,
            "WHOIS": whois_handler,
        }
        server = self.server
        valid_channel_re = self.__valid_channelname_regexp
        try:
            handler_table[command]()
        except KeyError:
            self.reply("421 %s %s :Unknown command" % (self.nickname, command))

    def socket_readable_notification(self):
        try:
            data = self.socket.recv(2 ** 10)
            self.server.print_debug(
                "[%s:%d] -> %r" % (self.host, self.port, data))
            quitmsg = "EOT"
        except socket.error as x:
            data = ""
            quitmsg = x
        if data:
            self.__readbuffer += socket_to_buffer(data)
            self.__parse_read_buffer()
            self.__timestamp = time.time()
            self.__sent_ping = False
        else:
            self.disconnect(quitmsg)

    def socket_writable_notification(self):
        try:
            sent = self.socket.send(buffer_to_socket(self.__writebuffer))
            self.server.print_debug(
                "[%s:%d] <- %r" % (
                    self.host, self.port, self.__writebuffer[:sent]))
            self.__writebuffer = self.__writebuffer[sent:]
        except socket.error as x:
            self.disconnect(x)

    def disconnect(self, quitmsg):
        self.message("ERROR :%s" % quitmsg)
        self.server.print_info(
            "Disconnected connection from %s:%s (%s)." % (
                self.host, self.port, quitmsg))
        self.socket.close()
        self.server.remove_client(self, quitmsg)

    def message(self, msg):
        self.__writebuffer += msg + "\r\n"

    def reply(self, msg):
        self.message(":%s %s" % (self.server.name, msg))

    def reply_403(self, channel):
        self.reply("403 %s %s :No such channel" % (self.nickname, channel))

    def reply_461(self, command):
        nickname = self.nickname or "*"
        self.reply("461 %s %s :Not enough parameters" % (nickname, command))

    def message_channel(self, channel, command, message, include_self=False):
        line = ":%s %s %s" % (self.prefix, command, message)
        for client in channel.members:
            if client != self or include_self:
                client.message(line)

    def channel_log(self, channel, message, meta=False):
        if not self.server.channel_log_dir:
            return
        if meta:
            format = "[%s] * %s %s\n"
        else:
            format = "[%s] <%s> %s\n"
        timestamp = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S UTC")
        logname = channel.name.replace("_", "__").replace("/", "_")
        fp = open("%s/%s.log" % (self.server.channel_log_dir, logname), "a")
        fp.write(format % (timestamp, self.nickname, message))
        fp.close()

    def message_related(self, msg, include_self=False):
        clients = set()
        if include_self:
            clients.add(self)
        for channel in self.channels.values():
            clients |= channel.members
        if not include_self:
            clients.discard(self)
        for client in clients:
            client.message(msg)

    def send_lusers(self):
        self.reply("251 %s :There are %d users and 0 services on 1 server"
                   % (self.nickname, len(self.server.clients)))

    def send_motd(self):
        server = self.server
        motdlines = server.get_motd_lines()
        if motdlines:
            self.reply("375 %s :- %s Message of the day -"
                       % (self.nickname, server.name))
            for line in motdlines:
                self.reply("372 %s :- %s" % (self.nickname, line.rstrip()))
            self.reply("376 %s :End of /MOTD command" % self.nickname)
        else:
            self.reply("422 %s :MOTD File is missing" % self.nickname)

class Server(object):
    def __init__(self, options):
        self.ports = options.ports
        self.password = options.password
        self.ssl_pem_file = options.ssl_pem_file
        self.motdfile = options.motd
        self.verbose = options.verbose
        self.debug = options.debug
        self.channel_log_dir = options.channel_log_dir
        self.chroot = options.chroot
        self.setuid = options.setuid
        self.state_dir = options.state_dir
        self.log_file = options.log_file
        self.log_max_bytes = options.log_max_size * 1024 * 1024
        self.log_count = options.log_count
        self.logger = None

        if options.password_file:
            with open(options.password_file, "r") as fp:
                self.password = fp.read().strip("\n")

        if self.ssl_pem_file:
            self.ssl = __import__("ssl")

        # Find certificate after daemonization if path is relative:
        if self.ssl_pem_file and os.path.exists(self.ssl_pem_file):
            self.ssl_pem_file = os.path.abspath(self.ssl_pem_file)
        # else: might exist in the chroot jail, so just continue

        if options.listen:
            self.address = socket.gethostbyname(options.listen)
        else:
            self.address = ""
        server_name_limit = 63 # From the RFC.
        self.name = socket.getfqdn(self.address)[:server_name_limit]

        self.channels = {} # irc_lower(Channel name) --> Channel instance.
        self.clients = {} # Socket --> Client instance.
        self.nicknames = {} # irc_lower(Nickname) --> Client instance.
        if self.channel_log_dir:
            create_directory(self.channel_log_dir)
        if self.state_dir:
            create_directory(self.state_dir)

    def make_pid_file(self, filename):
        try:
            fd = os.open(filename, os.O_RDWR | os.O_CREAT | os.O_EXCL, 0o644)
            os.write(fd, "%i\n" % os.getpid())
            os.close(fd)
        except:
            self.print_error("Could not create PID file %r" % filename)
            sys.exit(1)

    def daemonize(self):
        try:
            pid = os.fork()
            if pid > 0:
                sys.exit(0)
        except OSError:
            sys.exit(1)
        os.setsid()
        try:
            pid = os.fork()
            if pid > 0:
                self.print_info("PID: %d" % pid)
                sys.exit(0)
        except OSError:
            sys.exit(1)
        os.chdir("/")
        os.umask(0)
        dev_null = open("/dev/null", "r+")
        os.dup2(dev_null.fileno(), sys.stdout.fileno())
        os.dup2(dev_null.fileno(), sys.stderr.fileno())
        os.dup2(dev_null.fileno(), sys.stdin.fileno())

    def get_client(self, nickname):
        return self.nicknames.get(irc_lower(nickname))

    def has_channel(self, name):
        return irc_lower(name) in self.channels

    def get_channel(self, channelname):
        if irc_lower(channelname) in self.channels:
            channel = self.channels[irc_lower(channelname)]
        else:
            channel = Channel(self, channelname)
            self.channels[irc_lower(channelname)] = channel
        return channel

    def get_motd_lines(self):
        if self.motdfile:
            try:
                return open(self.motdfile).readlines()
            except IOError:
                return ["Could not read MOTD file %r." % self.motdfile]
        else:
            return []

    def print_info(self, msg):
        if self.verbose:
            print(msg)
            sys.stdout.flush()
        if self.logger:
            self.logger.info(msg)

    def print_debug(self, msg):
        if self.debug:
            print(msg)
            sys.stdout.flush()
        if self.logger:
            self.logger.debug(msg)

    def print_error(self, msg):
        sys.stderr.write("%s\n" % msg)
        if self.logger:
            self.logger.error(msg)

    def client_changed_nickname(self, client, oldnickname):
        if oldnickname:
            del self.nicknames[irc_lower(oldnickname)]
        self.nicknames[irc_lower(client.nickname)] = client

    def remove_member_from_channel(self, client, channelname):
        if irc_lower(channelname) in self.channels:
            channel = self.channels[irc_lower(channelname)]
            channel.remove_client(client)

    def remove_client(self, client, quitmsg):
        client.message_related(":%s QUIT :%s" % (client.prefix, quitmsg))
        for x in client.channels.values():
            client.channel_log(x, "quit (%s)" % quitmsg, meta=True)
            x.remove_client(client)
        if client.nickname \
                and irc_lower(client.nickname) in self.nicknames:
            del self.nicknames[irc_lower(client.nickname)]
        del self.clients[client.socket]

    def remove_channel(self, channel):
        del self.channels[irc_lower(channel.name)]

    def start(self):
        serversockets = []
        for port in self.ports:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
            try:
                s.bind((self.address, port))
            except socket.error as e:
                self.print_error("Could not bind port %s: %s." % (port, e))
                sys.exit(1)
            s.listen(5)
            serversockets.append(s)
            del s
            self.print_info("Listening on port %d." % port)
        if self.chroot:
            os.chdir(self.chroot)
            os.chroot(self.chroot)
            self.print_info("Changed root directory to %s" % self.chroot)
        if self.setuid:
            os.setgid(self.setuid[1])
            os.setuid(self.setuid[0])
            self.print_info("Setting uid:gid to %s:%s"
                            % (self.setuid[0], self.setuid[1]))

        self.init_logging()
        try:
            self.run(serversockets)
        except:
            if self.logger:
                self.logger.exception("Fatal exception")
            raise

    def init_logging(self):
        if not self.log_file:
            return

        log_level = logging.INFO
        if self.debug:
            log_level = logging.DEBUG
        self.logger = logging.getLogger("miniircd")
        formatter = logging.Formatter(
            ("%(asctime)s - %(name)s[%(process)d] - "
             "%(levelname)s - %(message)s"))
        fh = RotatingFileHandler(
            self.log_file,
            maxBytes=self.log_max_bytes,
            backupCount=self.log_count)
        fh.setLevel(log_level)
        fh.setFormatter(formatter)
        self.logger.setLevel(log_level)
        self.logger.addHandler(fh)

    def run(self, serversockets):
        last_aliveness_check = time.time()
        while True:
            (iwtd, owtd, ewtd) = select.select(
                serversockets + [x.socket for x in self.clients.values()],
                [x.socket for x in self.clients.values()
                 if x.write_queue_size() > 0],
                [],
                10)
            for x in iwtd:
                if x in self.clients:
                    self.clients[x].socket_readable_notification()
                else:
                    (conn, addr) = x.accept()
                    if self.ssl_pem_file:
                        try:
                            conn = self.ssl.wrap_socket(
                                conn,
                                server_side=True,
                                certfile=self.ssl_pem_file,
                                keyfile=self.ssl_pem_file)
                        except Exception as e:
                            self.print_error(
                                "SSL error for connection from %s:%s: %s" % (
                                    addr[0], addr[1], e))
                            continue
                    try:
                        self.clients[conn] = Client(self, conn)
                        self.print_info("Accepted connection from %s:%s." % (
                            addr[0], addr[1]))
                    except socket.error as e:
                        try:
                            conn.close()
                        except:
                            pass
            for x in owtd:
                if x in self.clients: # client may have been disconnected
                    self.clients[x].socket_writable_notification()
            now = time.time()
            if last_aliveness_check + 10 < now:
                for client in list(self.clients.values()):
                    client.check_aliveness()
                last_aliveness_check = now

_maketrans = str.maketrans if PY3 else string.maketrans
_ircstring_translation = _maketrans(
    string.ascii_lowercase.upper() + "[]\\^",
    string.ascii_lowercase + "{}|~")

def irc_lower(s):
    return s.translate(_ircstring_translation)

def main(argv):
    op = OptionParser(
        version=VERSION,
        description="miniircd is a small and limited IRC server.")
    op.add_option(
        "--channel-log-dir",
        metavar="X",
        help="store channel log in directory X")
    op.add_option(
        "-d", "--daemon",
        action="store_true",
        help="fork and become a daemon")
    op.add_option(
        "--debug",
        action="store_true",
        help="print debug messages to stdout")
    op.add_option(
        "--listen",
        metavar="X",
        help="listen on specific IP address X")
    op.add_option(
        "--log-count",
        metavar="X", default=10, type="int",
        help="keep X log files; default: %default")
    op.add_option(
        "--log-file",
        metavar="X",
        help="store log in file X")
    op.add_option(
        "--log-max-size",
        metavar="X", default=10, type="int",
        help="set maximum log file size to X MiB; default: %default MiB")
    op.add_option(
        "--motd",
        metavar="X",
        help="display file X as message of the day")
    op.add_option(
        "--pid-file",
        metavar="X",
        help="write PID to file X")
    op.add_option(
        "-p", "--password",
        metavar="X",
        help="require connection password X; default: no password")
    op.add_option(
        "--password-file",
        metavar="X",
        help=("require connection password stored in file X;"
              " default: no password"))
    op.add_option(
        "--ports",
        metavar="X",
        help="listen to ports X (a list separated by comma or whitespace);"
             " default: 6667 or 6697 if SSL is enabled")
    op.add_option(
        "-s", "--ssl-pem-file",
        metavar="FILE",
        help="enable SSL and use FILE as the .pem certificate+key")
    op.add_option(
        "--state-dir",
        metavar="X",
        help="save persistent channel state (topic, key) in directory X")
    op.add_option(
        "--verbose",
        action="store_true",
        help="be verbose (print some progress messages to stdout)")
    if os.name == "posix":
        op.add_option(
            "--chroot",
            metavar="X",
            help="change filesystem root to directory X after startup"
                 " (requires root)")
        op.add_option(
            "--setuid",
            metavar="U[:G]",
            help="change process user (and optionally group) after startup"
                 " (requires root)")
    else:
        op.chroot = False
        op.setuid = False

    (options, args) = op.parse_args(argv[1:])
    if options.debug:
        options.verbose = True
    if options.ports is None:
        if options.ssl_pem_file is None:
            options.ports = "6667"
        else:
            options.ports = "6697"
    if options.chroot:
        if os.getuid() != 0:
            op.error("Must be root to use --chroot")
    if options.setuid:
        from pwd import getpwnam
        from grp import getgrnam
        if os.getuid() != 0:
            op.error("Must be root to use --setuid")
        matches = options.setuid.split(":")
        if len(matches) == 2:
            options.setuid = (getpwnam(matches[0]).pw_uid,
                              getgrnam(matches[1]).gr_gid)
        elif len(matches) == 1:
            options.setuid = (getpwnam(matches[0]).pw_uid,
                              getpwnam(matches[0]).pw_gid)
        else:
            op.error("Specify a user, or user and group separated by a colon,"
                     " e.g. --setuid daemon, --setuid nobody:nobody")
    if (os.getuid() == 0 or os.getgid() == 0) and not options.setuid:
        op.error("Running this service as root is not recommended. Use the"
                 " --setuid option to switch to an unprivileged account after"
                 " startup. If you really intend to run as root, use"
                 " \"--setuid root\".")

    ports = []
    for port in re.split(r"[,\s]+", options.ports):
        try:
            ports.append(int(port))
        except ValueError:
            op.error("bad port: %r" % port)
    options.ports = ports
    server = Server(options)
    if options.daemon:
        server.daemonize()
    if options.pid_file:
        server.make_pid_file(options.pid_file)
    try:
        server.start()
    except KeyboardInterrupt:
        server.print_error("Interrupted.")

main(sys.argv)

#################################

top of the script don't think needed just in case
ya might add 'import ssl'
on github the python file is named a bit different
to start the script save it as example: minircd.py
chmod +x the script

as root from hidircz directory with your pem file and motd file:
# python minircd.py --ssl-pem-file=/root/hidircz/hidz.pem --listen 127.0.0.1 --motd=huh.motd --setuid=root

i didn't test this out but to run the script as non root ya might need change directory to say /home/nonrootuser
move everything there, chown -R nonroot:nonroot all the files
so ssl doesn't gripe about an error i might be wrong on this fyi

to get help with the irc server:
# python minircd.py -h

i forgot to mention to start tor at least on arch:
# /usr/bin/tor -f /etc/tor/torrc

so now you have a irc tor chat server up in stealth mode
plus an additional layer of ssl

the clients say via irssi can connect as follows:
# socat TCP4-LISTEN:8000,reuseaddr,fork SOCKS4a:127.0.0.1:newtorsitenamehere.onion:6697,socksport=9050

you don't add the 'irc' in front of the 'domain' just the onion address without 'irc'

then launch irssi and to connect
/connect -ssl 127.0.0.1 8000

you can create a room join chat typical irc stuff
anything done as /whois will show localhost no ip info

for pidgin users little different but not much...
basic tab is irc protocol
yer user name
server is the tor address without 'irc'
advanced tab
port 6697
proxy tab...
proxy is http
host 127.0.0.1 port 8118

start privoxy before connecting:
# /usr/bin/privoxy --no-daemon /etc/privoxy/config

here is my privoxy config:
#######################################

# Generally, this file goes in /etc/privoxy/config
# unfucked config by cm0s 010117
# to start /usr/bin/privoxy --no-dameon /etc/privoxy/config
# Tor listens as a SOCKS4a proxy here:
forward-socks5 / 127.0.0.1:9050 .

# confz
confdir /etc/privoxy
logdir /var/log/privoxy
# actionsfile standard # Internal purpose, recommended
actionsfile default.action   # Main actions file
actionsfile user.action      # User customizations
filterfile default.filter

# timeout shit
keep-alive-timeout 600
# mohr timeout shit
default-server-timeout 600
# yet mohhhrrr...
socket-timeout 600

# Don't log interesting things, only startup messages, warnings and errors
logfile logfile
#jarfile jarfile
#debug   0    # show each GET/POST/CONNECT request
debug   4096 # Startup banner and warnings
debug   8192 # Errors - *we highly recommended enabling this*

user-manual /usr/share/doc/privoxy/user-manual
listen-address localhost:8118
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
buffer-limit 4096
#
#
########################################

a quick side note:
make sure logging is off in pidgin and also the otr plugin

so recap, ya just launched your very own irc chat server
can make your own motd, publish your otr key add whatever custom
stuff ya want and ya really made it private coz it's in stealth mode
stealth mode tor is NOT listed in the tor directory and even if someone
finds your onion address they can't do anything, won't even let them
scan your address without the auth cookie, and you added another layer of ssl

cheerz

splif

cm0s reacted to NaDre in Ubuntu 16,04.2 LTS on VPS - can not connect (openvpn or airvpn --cli) ...

You may have some additional problem, but you should be aware that in order to start OpenVPN on a VPS, and not lose your SSH connection, you need to make some configuration changes so that you can maintain the SSH connection on the real interface of the VPS, once the VPN becomes the default gateway. See this:

https://airvpn.org/topic/12274-ubuntu-vm-cant-connect-through-openvpn/?p=44812

cm0s reacted to zhang888 in Does AirVPN use OpenConnect? ...

OpenConnect is an implementation of AnyConnect, which is a patented, closed source protocol from Cisco. The AirVPN mission is to use only free, open source software, so the answer is no.
"Fastest and most secure" is a very questionable statement.
The blog post you linked describes AES-256-GSM. This is a very interesting cipher we are not aware of

cm0s reacted to Soupcan Sam Hootkins in What I like / Don't like ...

Or, you could pay for a year without waiting for a sale and support them in a way they deserve to be supported. Their service is superior than many other VPN services out there, and costs less. Many fail to realize this, until they to comparisons on multiple services, like I have. AirVPN is simply the best in all aspects, in my book. Support them, and give them what they deserve.

cm0s reacted to tiger83052 in 4 important security vulnerabilities discovered in OpenVPN - not found by the two recently completed audits of OpenVPN code ...

full article : https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/

Summary
"I’ve discovered 4 important security vulnerabilities in OpenVPN. Interestingly, these were not found by the two recently completed audits of OpenVPN code. Below you’ll find mostly technical information about the vulnerabilities and about how I found them, but also some commentary on why commissioning code audits isn’t always the best way to find vulnerabilities."

cm0s got a reaction from go558a83nk in airvpn AP script ...

script put together today for those wanting a quick AP
tested with iphone and 36nh wifi card

i'm not a coder so mod it for your distro
fixes/improvements etc

#!/bin/bash # 062117 # ap script for openvpn via ssl/443 # mod for yer distro or vpn needs # i'm not a coder so double check for # any errors/improvements etc. # tested with iphone and alfa awus036nh ################################################## LG='\033[0;37m' LB='\033[1;34m' LC='\033[1;36m' BO='\033[0;33m' YL='\033[1;33m' GR='\033[0;32m' RD='\033[0;31m' NC='\033[0m' # No Color ################################################## f_exit(){ clear exit 2> /dev/null } ################################################## # ctrl+c trap f_stop 2 ################################################## f_stop(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}flushen the toilet bruh...${NC}\n" sleep 1 # stop the mcluvnz if [ ! -z "$(pidof dnsmasq)" ]; then kill $(pidof dnsmasq); fi if [ ! -z "$(pidof macchanger)" ]; then kill $(pidof macchanger); fi if [ ! -z "$(pidof xterm)" ]; then kill $(pidof xterm); fi if [ ! -z "$(pidof create_ap)" ]; then kill $(pidof create_ap); fi # echo "0" > /proc/sys/net/ipv4/ip_forward # # stop apz killall -9 create_ap > /dev/null 2>&1 sleep 1 f_mainmenu } ################################################## f_tblzvpn(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}IPTABLEs VPN/SSL${NC}" sleep 4 # iptables -F iptables -t nat -F iptables -t mangle -F # iptables -X iptables -t nat -X iptables -t mangle -X # iptables -P INPUT DROP iptables -P FORWARD DROP # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT # iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT iptables -A INPUT -s 255.255.255.255 -j ACCEPT iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to 10.5.0.1 iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP # # ignore bad error messages for f in /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses; do echo 1 > $f done # # Disable response to broadcasts for f in /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; do echo 1 > $f done # # disable source routed packets for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done # # enable TCP SYN cookie for f in /proc/sys/net/ipv4/tcp_syncookies; do echo 1 > $f done # # disable ICMP redirect acceptance for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f done # # no redirect messages for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f done # # drop spoofz for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done # # save stuff if [ ! -e /root/tablz ]; then mkdir /root/tablz; fi iptables-save > /root/tablz/iptables.rules # f_mainmenu } ################################################## f_tblzallow(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}IPTABLEs ALLOW ALL${NC}" sleep 4 # iptables -F iptables -X iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT # f_mainmenu } ################################################## f_install(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}nstallen create_ap${NC}\n" sleep 2 reqs1="create_ap" sleep 1 pacman -S --noconfirm --needed $reqs1 sleep 2 clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}create_ap installed${NC}\n" sleep 4 # f_mainmenu } ################################################## f_makaddy(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear unset WIFACE while [ -z "${WIFACE}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}name of wifi card such as wlan0: ${NC}\n")" WIFACE; done sleep 1 # clear unset macvar f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}wanna change yer mac addy for AP? [y/N]: ${NC}\n")" macvar mac_answer=$(echo ${macvar} | tr '[:upper:]' '[:lower:]') # sleep 1 clear unset random_mac unset ap_mac if [ "${mac_answer}" == "y" ]; then while [ -z "${random_mac}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}random or manual? [r/m]: ${NC}\n")" random_mac; done case ${random_mac} in r|R) ip link set ${WIFACE} down && macchanger -r ${WIFACE} && ip link set ${WIFACE} up;; m|M) while [ -z "${ap_mac}" ]; do clear && f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}with caps enter macaddy for AP: ${NC}\n")" ap_mac; done if [ -z $(echo ${ap_mac} | sed -n "/^$[0-9A-Z][0-9A-Z]:$\{5\}[0-9A-Z][0-9A-Z]$/p") ]; then clear && f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}nvalid macaddy bruh...${NC}\n" sleep 1 f_makaddy else ip link set ${WIFACE} down sleep 1 macchanger -m ${ap_mac} ${WIFACE} sleep 1 iplink set ${WIFACE} up fi esac fi } ################################################## f_airAP(){ # virtcent=$((`tput lines`/2-5)) horcent=$((`tput cols`/2-10)) # clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}HIDDEN AP WPA2 STATIC DNS w/NET${NC}" sleep 4 clear f_banz && tput cup $virtcent $horcent && echo -e "\n\e[1;34m [*]\e[0m ${GR}ctrl + c to stop the AP ${NC}" sleep 4 # f_makaddy # clear unset DNSZ while [ -z "${DNSZ}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}enter static dns such as 10.5.0.1: ${NC}\n")" DNSZ; done sleep 2 # clear unset IFACE while [ -z "${IFACE}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}iface connected to net such as eth0/tun0: ${NC}\n")" IFACE; done sleep 2 # clear unset ESSID while [ -z "${ESSID}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}enter name of AP: ${NC}\n")" ESSID; done sleep 2 # clear unset PASZ while [ -z "${PASZ}" ]; do f_banz && tput cup $virtcent $horcent && read -p "$(echo -e "\n\e[1;34m [*]\e[0m ${GR}enter wpa2 password: ${NC}\n")" PASZ; done sleep 2 create_ap -m nat --dhcp-dns ${DNSZ} ${WIFACE} ${IFACE} --hidden ${ESSID} ${PASZ} --no-virt sleep 2 f_mainmenu } ################################################## # menu stuff ################################################## f_banz(){ tput setaf 2 echo -e ' ____ _ ____ _ _ ___ _ _ ____ ___ |__| | |__/ | | |__] |\ | __ |__| |__] | | | | \ \/ | | \| | | | ' tput setaf 7 echo -e ' ======================================= ' tput sgr0 } ################################################## f_mainmenu(){ clear f_banz echo -e " ${LB}Main Menu\n" echo -e " ${RD}1. ${BO}airAP${NC}" echo -e " ${RD}2. ${BO}tablz VPN${NC}" echo -e " ${RD}3. ${BO}tablz ALLOW${NC}" echo -e " ${RD}4. ${BO}install${NC}" echo -e " ${RD}5. ${BO}exit${NC}" echo echo read -p " Choice: " mainmenuchoice case ${mainmenuchoice} in 1) unset clean; f_airAP ;; 2) unset clean; f_tblzvpn ;; 3) unset clean; f_tblzallow ;; 4) unset clean; f_install ;; 5) f_exit ;; *) f_mainmenu ;; esac } ################################################## # root shit if [ "$(id -u)" != "0" ]; then echo -e "\n\e[1;34m [*]\e[0m ${GR}roll as root bruh...\n" 1>&2 exit 1 else clean=1 f_mainmenu fi ##################################################

cm0s reacted to pr1v in Amazing... ...

How highly advanced hackers (ab)used satellites to stay under the radar:

https://arstechnica.com/security/2015/09/how-highly-advanced-hackers-abused-satellites-to-stay-under-the-radar/

cm0s reacted to OmniNegro in Can I stream Netflix in another country using the VPN? ...

Actually, Netflix does *NOT* want to block VPNs. But Netflix is required by their contracts with the big media owners to "protect" their content from unauthorized users, and for years now they have been basically blaming VPN users for every lost sale ever. Netflix actually has been down this road many times, and really has no good options. They either lose some customers using VPNs, or they get sued by the big media trolls who own the content.

It literally requires exactly one user on any VPN to set a precedent that we are all "stealing" their content. I would not be the least bit surprised if the media trolls do it themselves just so they can sue and demand action be taken.

What I have done in the past is this.
1. Subscribe to Netflix without the VPN running.
2. Peruse the content and make a list of what I want to see.
3. Reconnect to the VPN and download everything from sources that work with the VPN.
4. Watch and delete everything from the list.

So long as everything happens while I am still subscribed to Netflix, then it is debatable if there is any theft happening.

cm0s reacted to catman7 in Hello AirVPN, Goodbye NordVPN :D ...

Well, I did it , I finally signed up and paid for a month which is more than enough time to get a good idea how AirVPN works for me and early indications are excellent, though I am tired tonight and have only had an hour or so to "play" around with it since I signed up .

When I first ran the software I wanted to test the famous "kill switch" everyone rates so highly but I forgot I disabled windows firewall a long time ago in favor of Private firewall only and hadn't realised that your kill switch depends on WF Rules to work . Took a bit of messing about with services but got there eventually and the kill switch then worked ok. Then I could no longer connect to a new server so a swift reboot and I can now change servers at will with the kill switch in place.

If anyone saw my other thread (moved to off topic) about my problems with my real IP address being revealed on https://ipleak.net/ (I won't bore you with it just have a read if you can be bothered), then I can confirm that with the kill switch in place, AirVPN DOES NOT appear to reveal my real IP address on the site or to the rest of the known world despite many server changes and refreshing the page as I did before! Superb!

I then went to ookla a ran a speedtest.....Um, wow, I have an 80 Megabit connection and on an AirVPN NL server I got a d/l speed of 65 Megabit so approx 6,5 mb/sec Astonishing!

Fastest I ever saw with NordVPN on ANY server was approx 1.3 mb/sec, yes, I did mean 1.3 mb/sec .

Further thorough testing will continue but so far it seems to be looking good! If that's the case, I will be signing up for a 12 month package after my month ends. Btw, in the end I had no choice but to pay with my debit card as paypal will not work it seems Ah well I guess in the great scheme of things it doesn't really matter as one's ISP may not be able to see/read your packets, but they know you're connected to an IP address that belongs to a VPN Company/server.

As the title says, Hello AirVPN, Goodbye NordVPN

Catman7

cm0s reacted to OpenSourcerer in Those overreaching blocking-trolls on wikipedia ...

Curious, I never experienced Wikipedia banning someone from reading articles.. from editing yes, but I see it as a way of self-defense. In those four years you mentioned Wikipedia saw articles of things that never existed in the entire history. Also, there are the sockpuppets, or accounts with the sole purpose of biased editing. Locking out VPN addresses of editing articles is expected to make those easier to identify.

Yes, you will say they will find another VPN, or another way, but they are forced to look for these ways. You cannot completely avoid it, you can only make it less affordable, more difficult or both.

cm0s reacted to LZ1 in Those overreaching blocking-trolls on wikipedia ...

Hello!

Maybe it's the "cheapest" way of handling their issues. As I understand it, they're quite in need of money, judging by the banner ads you sometimes get when you visit .

Sign In

cm0s

Content Count

Joined

Last visited

Days Won

Reputation Activity

Home

Community