Trecerea Thepiratebay de la tracker based la Trackerless a fost reusita

De ceva timp, cei care sunt activi pe site-urile bittorrent( me included) au observat trecerea de la tracker based la trackerless a site-ului ThePirateBay.org ca o treaba inovatoare, prin faptul ca ai scapat de problema trackerelor care pot sau nu sa fie deschise si active.
tehnic vorbind , trecerea de la un site cu tracker la unul fara tracker este interesanta, deoarece suntem scutiti de necesitatea unui tracker bittorrent, care poate sau nu sa iti provoace diferite "meciuri" cu politia, atat a noastra cat si cea internationala, baietii de la thepiratebay au optat cu succes in a scoate din "ilegalitatea" care exista si pluteste asupra celor care conduceau site-ul, prin trecerea tuturor torrentelor de la stadiul de tracker based la trackerless, lasand ca userii, prin intermediul PeerXchage-ului si a DHT ( Distribuited Hash Table) sa scoata in totalitate site-ul in fata.

O idee extrem de buna, si de sustinut, vom putea sa avem comunitati bittorrent trackerless fara sa ne fie frica de politie, care de obicei sarea pe gazda care sustinea trackerul, lua din swarm IP-urile celor care faceau download/upload si incepeau puricarea lor in justitie si discriminirea lor ca si criminali ( deci daca eu sunt criminal ce sa mai zic de domnul Nastase, si de altii, care prin probleme aduse au creat gauri de milioane de euro statului roman. sa incercam sa nu bagam un on care descarca un film si o piesa in aceeashi celula cu cel care a violat, ucis sau altceva de o natura mai inumana. pana acum nimeni nu a murit deoarece vecinul meu a facut un download, mai ales de la artistii straini, deoarece calitatea muzicii din Ro(m)mania cam da de gandit... )

scapam de probleme cu politia fratilor, sa ne traiasca cu succes PeerXchange-ul si DHT ! :)

incercare de internet mobil

Cea mai mare noutate de pe piata este cea a ofertei RDS/RCS de internet mobil.
E plina de BS (BULLSHIT) ... deci decat aia ... mai bine fara net :))
384 de kbps, nici macar youtube nu se incarca... sa ne auzim un serviciu mai bun de internet mobil si atunci voi lua si eu internet de la RDS sau orice alta firma..

ZeitGeist - The Movie - Addendum

Zeitgeist the movie and Zeitgeist Addendum are the the best movies for any kind of man woman and child...
After you will watch these movies you will be thrilled to what THE EARTH can give you FREE and without the need of MONEY.

We need a resource based economy, this is the only way will continue in our quest for the big PICTURE ( That is, OUR LIVES)

http://sector.yweb.sk/Zeitgeist.Final.Edition.DVDRip.XviD.torrent

http://sector.yweb.sk/Zeitgeist.Addendum.DVDRip.XviD.torrent


Please Download them and watch Them !

Otherwise you have lost countless hours on you home TV watching crap ... and BS ...

The pirate bay si bittorrent trackerele....

trackerele de torrente sunt din ce in ce mai amenintate de catre legile impuse de catre UE si nu numai. primul care a avut de suferit a fost bineinteles The Pirate Bay, care chiar si in ciuda tuturor problemelor cauzate de catre autoritati, este inca ON, ceea ce ne da o idee asupra necesitatii crearii unor legi mai blande pentru retelele P2P, si nu numai.
totusi, toti se tem de o posibila cedare in fata "inamicului", a SUA, ceea ce este o adevarata cruciada pierduta pe degeaba in cazul intamplarii unui lucru ca acesta...
trebuie sa ne aratam puterea, cei care sunt la putere nu sunt acolo ca au vrut, sau au dat spaga, ei sunt acolo deoarece noi le-am dat increderea noastra pentru a ne putea conduce.
suntem in continuare subjugati celor mai crude acuze catre cei care descarca si incarca continut pe retele bittorrent, chiar daca defapt 99% din cei ce pun materialele nu vad un lucru rau in acest lucru, in faptul de a impartii informatia.

trebuie sa tinem minte ca "Sharing is Carring" asa ca ... precum mircea radu, de la din dragoste... spus si eu .. TINETI APROAPE.

Acest tutorial se poate folosii pe orice server si functioneaza flawless

Ca de obicei textul este publicat in spiritul GNU GPL license pentru a ajuta

Connecting to OpenVPN from behind (quite) any firewall through Port 80
Contributed by Livio Mazzon
Wednesday, 07 January 2009
This little how-to will show you, how to connect to your vpn through a

firewall on port 80 (mostly not locked, as else no web access was

possible)




Requirements:
- Endian Firewall

- Basic Configuration Knowledge

Steps before you leave home:

- Login to your Endian Firewall Web Interface

- Go to the "Firewall"-Tab and click on "Port Forwarding" in the menu, at your left

- Add a new Rule with following properties:

- Port on Red: 80

- Destination IP: (ex. 192.168.0.15)


- Destination Port:

- Click on Add, an voila


- Go to the "VPN"-Tab and click on "Openvpn Server" in the menu at your left

- Change protocol to "TCP" (UDP might work, please report if it does)

- Click on the edit option of your openvpn user

- In the section "Client Routing" activate the "use firewall as default gateway" checkbox

- Save and done!


Steps when your at a club and urgently need some very private files from your local network at home:
Veritech - Network Technology Innovation
http://www.veritechcorp.com.au Powered by Joomla! Generated: 24 July, 2009, 04:31

- Change the Settings of your openvpn client

- Using Endian VPN-Client:

- Click on "Properties"

- Select the "Profile" you want to use

- Click on the "Advanced" tab

- Port: 80

- Protocol: TCP (UDP might work as well, though haven't tried)


- Manual configuration of the vpn.conf file

- Look for the line beginning with 'remote' and change it like this:

<> remote myhost.com 80

- Look for the line beginning with 'proto' and change it like this (again, udp might work as well):


<> proto tcp

Click connect and hope the best

For Mac Users

We're kinda used to this things, that mac os x always has to do things

differently and in a "smarter" way, so of course this applies to the

DNS resolution as well. In OS X each "Location" may have different dns

entries which are managed by a daemon called lookupd. This daemon

simply ignores any manual changes to /etc/resolv.conf, so we can't set

the firewall as dns server.

To bypass this problem, execute the following steps:

Veritech - Network Technology Innovation
http://www.veritechcorp.com.au Powered by Joomla! Generated: 24 July, 2009, 04:31
- Open "System Preferences.app"

- Select the "Network" option

- Choose the "Location" and "Device" you're connected to the Internet with

- Enter the IP of your firewall as dns server entry in "DNS-Server"

- Click on "Apply" on you're done!

- Enjoy the World Wide Web with no port locks what so ever!


Veritech - Network Technology Innovation
http://www.veritechcorp.com.au Powered by Joomla! Generated: 24 July, 2009, 04:31

courtesy of hotemetoot.

This is the work of hotemetoot.

the text is published under the GPL GNU license.

uTorrent: Make Your Own BitTorrent Tracker

If you’ve got a large amount of data to transfer from one place to another, we all know BitTorrent is an extremely efficient way of doing it.

But sometimes you may want to transfer data which you don’t want to (or can’t) upload to a tracker on the Internet.

This is where uTorrent comes in handy, because it can act as your own private tracker.

You’ll need a few things before you begin:

1. A recent copy of uTorrent. 1.7.7 is the latest version, there’s no excuse not to use it.

2. Your external IP address. You can use http://www.whatismyipaddress.com to find this.

3. Your listen port in uTorrent. You can find this in uTorrent’s Options > Preferences > Connection > Port used for incoming connections.

4. You must be connectable! This won’t work if you don’t have port forwarding correctly configured.

Here’s what you need to do:

Open up uTorrent and go Options > Preferences > Advanced. Scroll down to find bt.enable_tracker and set it to True. Restart uTorrent for this to take effect.

Now, create a new torrent. As usual, browse to find the file or folder you wish to share.

For the tracker url, use the following information:

http://your_ip_address:your_listen_port/announce

So, for example, if your IP address is 123.123.123.123 and your listen port is 54321 then you would put this as your tracker url:

http://123.123.123.123:54321/announce

Remember to tick ‘Start Seeding’. Tick ‘Private Torrent’ to disable DHT and Peer Exchange for this torrent if you want to.

Now press ‘Create and save as..’ and save the .torrent file somewhere. uTorrent should now connect (to itself) and the tracker status should be ‘working’. You’ll note it has a 10 minute announce interval.

That’s all there is to it. You can now send that .torrent file to someone, they can open it in their torrent client and start downloading the content.

Want something more fancy than an IP address? Get yourself a domain name from somewhere like http://www.dyndns.com/services/dns/dyndns/ or from http://www.afraid.org.

Troubleshooting: If the connect times out and can’t find the tracker, you’ve done something wrong. Ensure you’ve got the correct IP address, port, and that uTorrent is definitely connectable from the outside. You can run uTorrent’s test for that by going to Options > Speed Guide and clicking Test if port is forwarded properly. Also, ensure you have a colon separating the IP address and port number!

Mounting/ Unmounting hard drives and other in linux...

The situation is that you have a machine with a dual boot of Windows XP or Vista and Debian Etch, and you want to be able to access the Windows XP partition from the Debian partition. What you need to do are:

1) Find where the Windows XP or Vista partition is.

>su

>fdisk -l

You will see a list of partitions in your machine. Usually, the Windows partition will be the very first partition such as /dev/sda1.

2) Create a new directory in Debian that will be mounted to the Windows XP partition. For example, you create a new partition called windows in the /mnt directory. As root,

>cd /mnt

>mkdir windows

3) Mount the Windows XP partition to the /mnt/windows partition. As root,

>mount /dev/sda1 /mnt/windows -t ntfs -r

Now, you should be able to access the Windows XP partition (no write permission).

4) To unmount the Windows XP partition, as root,

>umount /mnt/windows

Note that using this method, you do not have “write” permission. So, you can only read and copy files from the Windows partition.

[Update: April 9, 2008] Now, I’d like to describe what I have done to gain a write access to an NTFS partition whether it is an internal or usb external harddrive.

1) Install ntfs-3g.

According to http://packages.debian.org/etch-backports/amd64/ntfs-3g/download, I first of all, edit /etc/apt/sources.list and add this site, backports.cisbg.com, to the file.

>su

enter root password

>vi /etc/apt/sources.list

Then, I add the following source url to the sources.list.

deb http://backports.cisbg.com/debian etch-backports main

Save the file and issue the following command.

>apt-get update

Then, I use Synaptic to install the ntfs-3g.

• Desktop–>Administration–>Synaptic package manager

• Enter root password

• Search package using “ntfs-3g” as a key word

• You will see three packages, ntfs-3g, libntfs-3g2 and libntfs-3gdev.

• Select ntfs-3g package or all of them if you want.

• After clicking “Apply” if you get errors about “cannot install some packages”, you have to change something in the Preferences as follows.

• Still in the Synaptic Package Manager, click Settings–>Preferences–>Distribution tab.
• Under the Package Upgrade Behavior, at the “Prefer versions from”, change “stable” to “etch-backports”
• Click OK and then reload packages
• If there is nothing wrong, ntfs-3g package and all its dependencies such as FUSE2 should be successfully installed.

2) Mount NTFS partition

Under root, issue the following command.

>fdisk -l

Locate the device name of the NTFS partition. For example, my usb external harddrive is /dev/sdb1, and internal harddrive is /dev/sda2.

To mount the usb exteral harddrive, I use this command

>mkdir /mnt/usb

>mount /dev/sdb1 /mnt/usb -t ntfs-3g -o force

Now, you should be able to both read and write the NTFS partition.

To unmount the partition, issue a command.

>umount /mnt/usb

PPPOE Server

Textul este de la utilizatorul Huza, de pe linux.ro sau de pe softpedia.com

testul este luat in spiritul GPL pentru a ajuta.

in caz de probleme rog sa ma contactati.

PPPOE Working Server

Well I am back. Noapte trecuta... neavand somn.. dracu stie de ce, am reusit sa rezolv o parte a problemei care ma framanta --> PPPoE server funtioneaza.

Situatia e urmatoarea: Intr-un camin, in afara de conexiunea oferita de Roedu (limitat accesul la anumite servicii: p2p ftp etc.) am un abonament la Astral. Problema mea era ca unii se mai joaca cu "schimbatul macului". Solutia un Server PPPoE gen RDS cu username si pass.

Am urmarit tutorialul din link-ul din postul anterior... cel de la freeantennas, fara nici un rezultat, oricum nu am o parere buna despre OpenSuse de fapt despre nici un distro bazat pe rpm. Noapte asta tot incercand pe desktop am reusit:

eth0 --- WAN
eth1 --- LAN
Aveti nevoie de ppp si rp-pppoe de la roaringpenguin.

Mai mult ca sigur e necesar dhcp daemon ca sa aloce ip-uri automat, dar eu am avut bafta fiindca serverul care imparte banda de la roedu aloca ip-uri.

oricum

sudo apt-get install dhcp

Eth0 va configurati dupa ip-urile date de isp, eu momentan sunt tot in spatele routerului care filtreaza dupa mac fiindca nu imi permiteam sa ma joc...
Step 1 --> sau din interfata grafica.

sudo nano /etc/network/interfaces

Editati in:

auto lo
iface lo inet loopback

iface eth0 inet static
address 192.168.1.69 #ip-ul dat de isp
netmask 255.255.255.0 #subnet dat de isp
gateway 192.168.1.254 #gateway dat de isp

Salvati.

Step 2

sudo nano /etc/ppp/pppoe-server-options

Editati

require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
#dns dat de isp.

ms-dns 192.168.1.254
netmask 255.255.255.0
defaultroute
noipdefault
usepeerdns

Varinta 2

/etc/ppp/pppoe-server-options:

ms-dns 172.16.33.1

asyncmap 0

auth

crtscts

lock

require-chap

hide-password

modem

netmask 255.255.255.0

debug

domain pppoe

lcp-echo-interval 30

lcp-echo-failure 4

noipx

defaultroute

Salvati.

Step 3
sudo nano /etc/ppp/chap-secrets

Editati :

# Secrets for authentication using CHAP
# client server secret IP addresses

"huzahuza" * "passpass" 192.168.10.10

Este obligatoriu sa scriem totul din /etc/ppp/chap-secrets cu “ghilimele”, useri, parole si orice altceva, daca nu serverul nu va recunoaste comenzile.

Salvati

Primul este userul: "huzahuza"

Al doilea camp serverul , se trece any, adica: *
Al treilea este parola: "passpass"

Al patrulea camp este ip-ul ce doriti a fi alocat clientului.

Puteti introduce mai multe linii de aceeasi forma, aveti grija sa fie spatiu intre campuri, cel mai sigur dati un tab.

Step 4

In addition to containing IP addresses, the pool file can contain lines of the form:
a.b.c.d-e
which includes all IP addresses from a.b.c.d to a.b.c.e. For example, the line:
1.2.3.4-7
is equivalent to:

1.2.3.4
1.2.3.5
1.2.3.6
1.2.3.7

Cele de mai sus sunt necesare sa intelegeti de ce vom crea urmatorul fisier:

sudo nano /etc/ppp/allip

Editati in:
192.168.10.2-70

Salvati.

Step 5

ifconfig eth1 192.168.10.254 netmask 255.255.255.0 up

Aceasta linie de mai jos este scriptul de pornire, se poate pune intr-un fisier si pus in rc.local sau in oricare metoda de pornire a unui script de initializare

sudo pppoe-server -C isp -L 192.168.10.254 -p /etc/ppp/allip -I eth1

Ultima litera -I este i MARE nu L mic ( -I eth1)!!!

Daca nu aveti nici un output pt urmatoarea comanda, totul e ok:
sudo modprobe iptable_nat

sudo nano /proc/sys/net/ipv4/ip_forward
Editati si trceti 1 in loc de 0:

1

Urmatoarea comanda face va permite clientilor sa aiba internet
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE

Asta e cam tot, mai aveti nevoie de un pc ca sa fie client si sa verificati, am incercat cu o statie windows.

START --> Control Panel --> Network Connections --> Clicl pe Create a new connection (in stanga sus, la network tasks) --> Next.
Bifati Connet to the Internet -->Next
Bifati Set up my connection manually --> Next
Bifati Connect using a broadband connection that requires a user ame and password --> Next
La ISP Name scrieti ce doriti: De ex TESTPPP --> Next

La username scrieti userul din chap-secrets: huzahuza in cazul meu
La password si confirm password scrieti parola: passpass
Bifati add a shortcut to desktop --> Finish

Apoi dati connect!

Daca ati facut totul cum trebuie... aveti internet

Trebuie sa vad acum cum filtrez clientii si dupa mac, cum fac shaping... si cat de stabila e reteaua, dar dupa sesiune.

Bafta tuturor!

LAMP Server on Ubuntu/ Debian.

Build Your Own Debian/Ubuntu LAMP Server - Quick & Easy Do it Yourself Installation

· Apache 2 - Linux Web server

· MySQL 5 - MySQL Database Server

· PHP4/5 - PHP Scripting Language

· phpMyAdmin - Web-based database admin software.

Note: Linux + Apache + MySQL + PHP/Perl together commonly known as LAMP Server.

First, let us prepare a system that has a minimum requirement of Debian/Ubuntu version of linux with atleast 256MB of RAM available. Anything less than this minimum ram will cause lot of problems since we are running a server along especially mysql and webmin requires lot of RAM to run properly. Mysql will give you this nasty error "cannot connect to mysql.sock" if you dont have enough memory in your server.

I love debian/ubuntu based linux because of my enormous affinity towards this command apt-get. As a starter knowing this one command, It is so easy to install packages and you dont need to worry about package dependency and configuration. You need to buy a dedicated server or a VPS package if you want to setup your own server. If you want to experiment with the server and installation it is recommended to buy a vps package from various hosts. I prefer vpslink because of their pricing. Believe it or not it is so easy to install and configure your server yourself eventhough you are new are to linux and dedicated/vps hosting.

First download PuTTy if you are accessing your server through SSH. Just enter the IP of your server with root login to access your host. As you probably know, Webmin is a freely available server control panel and we will setup this once we have completed the LAMP server and Mail Server. Webmin makes more easier for us to fine tune our linux box.

Before proceeding to install, update the necessary packages with debian with this command.

apt-get install update

1. Installing Apache + PHP

Apache is one of the most famous web server which runs on most linux based servers. With just few commands you can configure apache to run with PHP 4 or PHP 5.

If you want to install PHP 4, just apt-get

apt-get install apache2 php4 libapache2-mod-php4

To install PHP5, just run the following on linux shell. Note that if you dont specify packages with '4', PHP5 will be automatically installed.

apt-get install apache2 php5 libapache2-mod-php5

Apache configuration file is located at: /etc/apache2/apache2.conf and your web folder is /var/www.

To check whether php is installed and running properly, just create a test.php in your /var/www folder with phpinfo() function exactly as shown below.

nano /var/www/test.php

# test.php

Point your browser to http://ip.address/test.php or http://domain/test.php and this should show all your php configuration and default settings.

You can edit necessary values or setup virtual domains using apache configuration file.

2. Installing MySQL Database Server

Installing mysql database server is always necessary if you are running a database driven ecommerce site. Remember running mysql server to a fair extend requires atleast 256mb of RAM in your server. So unless you are running database driven sites you dont absolutely need mysql. The following commands will install mysql 5 server and mysql 5 client.

apt-get install mysql-server mysql-client php5-mysql

Note: If you have already installed php4, you should make a slight change like this.

apt-get install mysql-server mysql-client php4-mysql

The configuration file of mysql is located at: /etc/mysql/my.cnf

Creating users to use MySQL and Changing Root Password

By default mysql creates user as root and runs with no passport. You might need to change the root password.

To change Root Password

mysql -u root
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root';
mysql> FLUSH PRIVILEGES;

You must never use root password, so you might need to create a user to connect to mysql database for a PHP script. Alternatively you can add users to mysql database by using a control panel like webmin or phpMyAdmin to easily create or assign database permission to users. We will install Webmin and phpmyadmin during later once we complete basic installation.

3. PhpMyAdmin Installation

PhpMyAdmin is a nice web based database management and administration software and easy to install and configure under apache. Managing databases with tables couldnt be much simpler by using phpmyadmin.

All you need to do is:

apt-get install phpmyadmin

The phpmyadmin configuration file is located at: /etc/phpmyadmin folder.

To set up under Apache all you need to do is include the following line in /etc/apache2/apache2.conf:

Include /etc/phpmyadmin/apache.conf

Now restart Apache:

/etc/init.d/apache2 restart

Point your browser to: http://domain/phpmyadmin

That's it! MySQL and phpMyAdmin are ready. Log in with your mysql root password and create users to connect to database from your php script.

This tutorial was written and contributed to HowToForge by Scott who currently runs MySQL-Apache-PHP.com. Permission is fully granted to copy/republish this tutorial in any form, provided a source is mentioned with a live link back to the authors site.

VARIANTA 2

Installing LAMP on Debian Etch

It has been awhile since my last post as I have been nursing a sick family and coming up to speed on some PHP and MySQL for a few projects I am currently working on. I wanted to share with you how simple it is to get Apache2, PHP5, MySQL Server 5.x installed on an existing installation of Debian Etch.

# apt-get update
# apt-get install apache2 php5 mysql-server phpmyadmin php5-gd

With the simple exception of phpmyadmin and php5-gd that is all you need to get going!

VARIANTA 3

How to install a Debian LAMP Server

The combination of Linux + Apache + MySQL + PHP setup is known as LAMP

We will be using:

Debian Linux - Operating System

Debian is an opensource operating system, which uses the popular Linux kernel. It is a good choice for servers as it is stable and has an easy to use package manager

Apache - Web server

Apache is one of the most famous web servers and with just few simple commands, you can configure apache to play nicely with PHP.

Note: You put your content /var/www.

MySQL 5 - Database Server


The MySQL database is renownd for its excellent performance, high reliability and ease of use.

PHP5 - Scripting Language

PHP is a common scripting language that is especially suited for Web development and can be easialy embedded into HTML pages and works well with other technogies such as the MySQL database and Apache webserver.

phpMyAdmin - Web-based database administration software.

PhpMyAdmin is an excellent web based database administration tool. Managing databases and tables couldnt any simpler.

Note:

First, lets ensure that the system meets the minimum requirements for Debian and that it has at least 256MB of RAM available. If your machine has less than 256MB ram then it can cause lot of problems and MySQL will give you the error "cannot connect to mysql.sock".

Getting Started:

Debian linux is my favourite for servers as it has the command "apt-get".

This command makes it easy for a beginner to install packages as you dont need to worry about package dependencies or manually creating configuration files.

I will assume that you have already installed debian and have it up and running (very easy). I personally love to use the netinstall cd and install just a base system then use apt-get.

If you wish to access the server remotely through SSH from a windows PC then please download a tool called PuTTY


Install:

Ok, now type (in this order, hit enter at the end of the line) and wait for it to complete. Reboot once all the software is installed

apt-get update

apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql phpmyadmin ssh


Security:

By default the mysql root (superuser) account does not have a password. Set one like this:

mysql -u root
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root';
mysql> FLUSH PRIVILEGES;

You are now ready to roll!

Varianta 4

[edit] Introduction

LAMP is essentially a server that runs Linux, Apache, MySQL and Php/Perl and is more commonly known as a LAMP server. This wiki item will provide detailed instructions on setting LAMP up and once completed you will have a LAMP server that runs:

· Apache 2 - Linux Web server

· MySQL 5 - MySQL Database Server

· PHP5 - PHP Scripting Language

· phpMyAdmin - Web-based database admin software.

[edit] Requirements

· A Debian Etch base installation - Installation HOWTO here.

· At least 256MB of RAM installed on your machine.

· An understanding of the "apt-get" command.

[edit] Pre-Installation

Before proceeding to install, update the necessary packages with Debian with this command.

apt-get update

apt-get upgrade

[edit] Installing Apache 2 + PHP5

To install Apache 2 and PHP5, just run the following in a Linux shell.

apt-get install apache2 php5 libapache2-mod-php5

Your Apache 2 configuration file is located at: /etc/apache2/apache2.conf and your web folder is /var/www

Let's check that PHP5 was installed correctly. Run the following command to open up the vim editor and create a new php page called test.php:

vim /var/www/apache2-default/test.php

With this page opened insert the following code into vim:

You can now save the file.

Point your browser to http://example.com/apache2-default/test.php and this should show all your PHP5 configuration and default settings.

[edit] Installing MySQL 5 Database Server

Installing the MySQL database server is necessary if you intend on running a database driven web site. The following commands will install MySQL 5 server and MySQL 5 client.

apt-get install mysql-server mysql-client php5-mysql

The configuration file of MySQL is located at: /etc/mysql/my.cnf

[edit] Creating users to use MySQL and Changing Root Password

By default MySQL creates a user as root and runs with no password which is a high security risk. You will need to change the root password immediately.

To change Root Password:

mysql -u root

mysql> USE mysql;

mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root';

mysql> FLUSH PRIVILEGES;

You must never use your root account and password when running databases. The root account is a privileged account which should only be used for admin procedures. You will need to create a separate user account to connect to your MySQL databases from a PHP script. You can add users to a MySQL database by using a control panel like phpMyAdmin to easily create or assign database permissions for users.

[edit] phpMyAdmin Installation

phpMyAdmin is a nice web based database management and administration software and easy to install and configure under apache. Managing databases with tables couldnt be much simpler by using phpmyadmin.

All you need to do is:

apt-get install phpmyadmin

The phpMyAdmin configuration file is located at: /etc/phpmyadmin

To have access to phpMyAdmin on your website (i.e. http://example.com/phpmyadmin/ ) all you need to do is include the following line in /etc/apache2/apache2.conf:

Include /etc/phpmyadmin/apache.conf

Now restart Apache:

/etc/init.d/apache2 restart

Point your browser to: http://example.com/phpmyadmin/ and you're ready to go.

That's it! MySQL and phpMyAdmin are ready. Log in with your MySQL root account and password and create users to connect to the databases from your PHP script.

[edit] The really quick way of doing this

The above is broken into step by step examples to give you a detailed understanding of what each step does. However, you can install the LAMP server running only two commands. First run:

apt-get update

And then run:

apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql phpmyadmin

That's it. With these two commands you will install everything as described in the wiki HOWTO.

Open VPN server

Materialul este copiat tot de pe un blog, sper ca autorul sa nu se supere.

daca sunt probleme il voi sterge.

materialul este dat spre voi in spiritul GPL.

Open Vpn Server

După o mică sesiune de ARP Poisoning m-am hotărât să trag repede un OpenVPN ca să n-am probleme. Mă jucam azi cu Cain-ul împreună cu un student şi am rămas uimit când a agăţat parolele de pe https. Practic, jucăria genera certificate ssl fake şi “păcălea” victima. Dacă o să am ocazia să fac o sesiune de ARP Poisoning undeva într-o sală mai plină şi să urmăresc mai multe IP-uri o să pun un post cu poze pe aici.

Revenind la OpenVPN, am zis că-i cea mai bună soluţie să evit probleme de genul ăsta în medii mai “nesigure”. Serverul pe care aveam de gând să-l folosesc pentru conectare rulează Feisty Fawn (de pe vremea când era beta chiar) iar clientul avea să fie laptopul propriu cu Windoze.

Instalarea este simplă (pe ambele maşini), poate un pic mai simplă pe Ubuntu.

Server:

apt-get install openvpn openssl bridge-utils

Client :

Se descarcă OpenVPN GUI. Se porneşte installer-ul cu dublu-click. Se urmează instrucţiunile.

După instalare, pe server vor trebui create cheile şi certificatele. Pentru asta va trebui să intraţi în /usr/share/doc/openvpn/examples/easy-rsa/2.0 .

cd /usr/share/doc/openvpn/examples/easy-rsa/2.0

Se editează fişierul

vars

(pentru a scuti introducerea datelor de mai multe ori) şi se schimbă variabilele pentru :

export KEY_COUNTRY=" "

export KEY_PROVINCE=""

export KEY_CITY=" "

export KEY_ORG=""

export KEY_EMAIL=""

După care se rulează comenzile :

./vars

./clean-all

./build-ca

./build-key-server server

Generăm şi cheie pentru client(i):

./build-key gigi

Şi terminăm şi cu Diffie Hellman (aici e posibil să dureze mai mult, depinde de maşină):

./build-dh

Toate cheile generate sunt în directorul keys. Ar trebui să le mutăm într-un loc mai sigur şi să punem în /etc/openvpn/keys doar cheile şi certificatele necesare:

mkdir /etc/openvpn/keys

cp ca.key ca.crt dh1024.pem server.key server.crt /etc/openvpn/keys/

Pe client vom lua cheile şi certificatele necesare acolo şi le vom copia în C:\Program Files\openvpn\config\keys (presupunând că ăsta-i folderul cu instalarea OpenVPN GUI ). Folderul “keys” va trebui creat. Cheile şi certificatele necesare sunt :

ca.crt

gigi.crt

gigi.key

Am terminat cu generarea cheilor, acum trecem la configurare. Primul este serverul.

În /etc/openvpn facem un fişier nou, server.conf.

cd /etc/openvpn

touch server.conf

vim server.conf

Fişierul de configurare ar trebui să conţină următoarele linii :

port 9999

proto tcp

dev tap

client-to-client

server 10.11.12.0 255.255.255.192

push "redirect-gateway"

ca keys/ca.crt

cert keys/server.crt

key keys/server.key

dh keys/dh1024.pem

client-to-client

cipher AES-128-CBC

comp-lzo

max-clients 5

user nobody

group nogroup

persist-key

persist-tun

chroot /etc/openvpn

Salvăm şi ieşim. Mai trebuiesc setate nişte reguli pe firewall pentru ca routarea să funcţioneze şi clientul să poată avea acces la internet. Dacă există deja un firewall pe maşină editaţi-l pe acela, dacă nu, creaţi un script nou cu următoarele reguli :

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth1  -j SNAT --to xxx.xxx.xxx.xxx

#Unde xxx.xxx.xxx.xxx este adresa IP externa, routabilă a serverului.

#Cea prin care serverul are acces în internet.

iptables -A FORWARD  -j ACCEPT

iptables -A INPUT -i tap+ -j ACCEPT

iptables -A FORWARD -i tap+ -j ACCEPT

iptables -t nat -A POSTROUTING -s  10.11.12.0/24 -o eth1 -j MASQUERADE

Facem scriptul executabil şi-l rulăm.

chmod 755 firewall

./firewall

Acum putem să rulăm şi daemonul de openvpn. Ca să verificăm că nu avem erori la pornire, deschidem o fereastră noua pe server şi urmărim syslog.

tail -f /var/log/syslog

Pornim serverul şi stăm cu ochii pe syslog pentru a prinde eventualele erori.

/etc/init.d/openvpn start

Erorile ar putea fi legate de alt serviciu care ascultă pe portul respectiv.

Mai avem de făcut ultimul pas şi anume, configurarea clientului.

Din C:\Program Files\OpenVPN\sample-config copiem fişierul client.ovpn în C:\Program Files\OpenVPN\Config şi-l redenumim ca gigi.ovpn.
În el operăm modificări la următorii parametri :

client

tls-client

dev tap

proto tcp

#Adresa IP a serverului şi portul de conectare.

remote xxx.xxx.xxx.xxx 9999

persist-key

persist-tun

ca keys/ca.crt

cert keys/gigi.crt

key keys/gigi.key

cipher AES-128-CBC

comp-lzo

Salvăm, închidem fişierul şi pornim OpenVPN GUI. Dăm click pe “Connect” şi ar trebui să funcţioneze.

Printre problemele care ar putea să apară, cea mai frecventă este legată de firewall. Ori cel aflat pe server ori cel aflat pe sistem. Vedeţi dacă serverul permite conexiuni pe portul respectiv sau dacă clientul nu filtrează şi el. În rest, n-ar trebui să apară probleme. Restul sunt de tipul PEBKAC (search google for this one :P ).

Mail Server

Howto setup a mail server

Introduction

When you set a mail system you minimaly need 2 things: a smtp server and a pop server.

A Simple Mail Transfer Protocol (SMTP) server will relay mails, meaning it receives them AND sends them also. On your Freesco, you will need to tell exim that it can only serve your.dyndns.org mails or, otherwise, you'll have a public mail relayer and spammers just loves that. Knowing it is serving for that domain, when it receives mail for whateva@your.dyndns.org, it will send it to a local user on Freesco. So you send mail to your smtp server, it will forward it to the recipients smtp server. smtp server receive a mail for a local user and put the message in his mailbox.

Now, when your mail gets in your mailbox, you want to be able to retreive it from a remote machine, right? Well, a Post Office Protocol server permits you to do just that. Using a username/password (usualy the same as when you log to the terminal), you connect to the pop server with a mail client and the server will send you your mail.

Note that you can telnet to both servers. telnet your.dyndns.org , 25 for the smtp and 110 for the pop.
See telnet smtp and telnet pop for a list of commands.

This is the minimalistic setup. Over that, you can add have a local Mail User Agent (MUA) to send and recieve mail from within Freesco. There is Fetchmail to retreive the content of remote mailboxs into your local system. There is fowarding. There are a couple of things.
You'll have more then you bargained for :p

To summ up

Configurations could include:
- Exim
- Exim + Popa3d
- Fetchmail + Exim + Popa3d.

What you need to do is understand how the software packages rely on one another:
EXIM + POPA3D = 'MAIL SERVER' and how one won't work without the other.

FOR THE NEWBIES like myself that need to have some things spelled out. Popa3d (or Qpopper) like mentioned previously is a POP3 SERVER, another way to think of this, is, it is the communication WIRE between EXIM THE MAIL SERVER and an email client.

EXIM -------POPA3D (the communication wire)------- email clients

Steps to get the mail server up and running

Download and install the EXIM package

There has been a problem reported with this package that can cause the system to hang and eventually stop working if you have deleted the root account and replaced it by another account with root privileges. You should not install this package (exim 4.50) in this case.

IMPORTANT : If you plan on using also the perl package (for spamassassin) you must install perl before exim. Otherwise it will not work.

Exim

Exim is a message transfer agent (MTA) with well-documented, extensive features. It handles the sending of local and remote mail. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail.

Exiscan

Exiscan is a patch against exim version 4.x, now included in the source code in version 4.50, providing support for content scanning in email messages received by exim. It works after the sending client has completed the SMTP data phase and waits for an answer from the server. Messages containing unwanted content can be rejected at that stage, so the job of generating a bounce message is the job of the sending host.
Four different scanning facilities are supported:
- antivirus
- antispam
- regular expressions
- file extensions
(see below “extra packages”)

The latest exim version (4.50) can be found atFreescosoft.
For more info about this package look at this post in the forum. To install it, you can simply use :

pkg -i -/exim_4.50_phbc50

from a command line prompt.

Configure it

To configure exim you need to edit the main config file /etc/exim.conf.

Before you do, first make a backup of the original config file; before you start editing with your favourite text editor (vi, joe, mc, teddy).

To edit the file you can simply type :
edit /etc/exim.conf
(followed by )

There are four important points not to miss in the config file :

1. The primary hostname

Scroll down the file and search for this line :

primary_hostname = router.inet

This indicates what emails going out of your box will have as a domain.
You need to replace router.inet and put instead your dynamic hostname. This can be a domain obtained from a dynamic DNS service like dyndns or no-ip.
In my case my hostname is freesco.zapto.org so I put it like this :

primary_hostname = freesco.zapto.org

2.The local domain(s)

Go down a litlle and find this line:

domainlist local_domains = localhost : your.dynamic.hostname : router.inet

You have to add every domain that you want exim to respond to in this line.

· router.inet is the hostname and domain name of freesco so you can leave it (or change it to your setup hostname and domain).

· localhost : DO NOT remove this one, this is so that exim recognizes mails send from within FREESCO

· your.dynamic.hostname must be replaced with the external domain name of your box, in order for exim to receive mails for user@your.dynamic.hostname.

The items should be separated with a ':' (column), so the list results in (in my example):

domainlist local_domains = localhost : freesco.zapto.org : router.inet

3. The domains for which we relay

Shortly after look for this line:

domainlist relay_to_domains = your.dynamic.hostname : router.inet

Here you should replace your.dynamic.hostname with your dynamic hostname, resulting in something like :

domainlist relay_to_domains = freesco.zapto.org : router.inet

R: eventually change router.inet to match your FREESCO setup hostname and domain.

4. The hosts for which we authorize to relay without authentication

Finally, a few lines after look for this line :

hostlist relay_from_hosts = 127.0.0.1 : your.dynamic.hostname

It is usefull to put your LAN IP RANGE(s) here if you want to send mail out from any account, without needing to use SMTP AUTH (having to use a Freesco name and password to be able to send mail).
Simply replace your.dynamic.hostname with your LAN IP RANGE(s) (but leave the 127.0.0.1 !), separated by ':' (column).

R: put a /16 at the end of the range.

If for instance you use 192.168.0.x addresses in your network, it should look like :

hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16

Ok!, now save the config file with and restart exim by typing :

rc_exim restart

followed by

Install a pop3 server

Popa3d

Popa3d is a tiny POP3 daemon designed with security as the primary goal. It's reliable and efficient, small and perfectly fits for regular use (including delivering a large number of messages).

Popa3d is available here

Qpopper

Qpopper is the most widely-used server for the POP3 protocol (this allows users to access their mail using any POP3 client). Qpopper supports the latest standards, and includes a large number of optional features. Qpopper is normally used with standard UNIX mail transfer and delivery agents such as sendmail or smail.

Qpopper supports Mysql with the mysql-4.1.7a-lighting package.

It is available here

There is no configuration needed, Popa3d or Qpopper both work “out of the box” with exim.

Test the server with telnet

You can test if exim works using telnet.
Log in as root and type:

telnet localhost 25

Since FREESCO version 0.3.4, the telnet client has been replaced by an ssh client, so another solution is to do this from another computer on the lan using :

telnet router.ip.address 25

router.ip.address being the IP address of FREESCO

at the prompt you should get something like :

220 freesco.zapto.org ESMTP Exim 4.50 Sat, 04 Feb 2006 03:12:34 +0000

then, type

quit

and try

telnet router.ip.address 110

here also replace router.ip.address by the IP address of FREESCO. it should yield :

+OK Qpopper (version 4.0.5) at router.inet starting.

or just

+OK

for popa3d.
Then type

quit

to exit

Add users

You must add users to FREESCO, this is essential as exim uses the user password list in freesco to allow connections unto itself.

The thing that you need to understand about exim is the fact that user accounts = email accounts

The command to add a user in FREESCO is :

useradd username

where username is the name you want for the user.

Give those users a HOME directory, or it won't work.

Add as many users as you want mailboxes.

Aliases

IMPORTANT :
You must set an aliase for the root user in /etc/aliases, because for safety reasons no mails will be delivered to root. This reason may cause frozen messages.
Here is how you can do :
Edit /etc/aliases with :
edit /etc/aliases
Search for these lines :

# root aliase : change the next setting to a valid email user:

root: your_user

and change your_user with an existing email user on your system.
R: there is a real [tab] between ”:” and the “username”.

SET UP email client

You need to add identities to your email client corresponding to the new users added to FREESCO. Then set the outgoing mail server and incoming mail server in your identities configurations to use your FREESCO domain (your dyndns/no-ip address).

An example of my email address is webmaster@freesco.zapto.org

Try sending an email using one identity and receive it using another identity. It should work like a charm.

Now you can receive and send mails using your FREESCO box!

Advanced…

For more advanced things to do with your new email server, keep reading…

Tutoriale si altele...

VPN Tunnelling through HTTP Proxy

Situation

I live at a college at University of Queensland, where we have pretty restrictive internet access. Data can be unrestricted, charged at 15c/MB (AUD), or through a HTTP Proxy at a much cheaper rate.

In order to get around this, I put my traffic through a HTTP proxy through a VPN to a remote host.

There are a few things you should be aware of before you do this:

• You'll need software to tunnel the VPN through the proxy.
• The VPN software must run at Layer 4, using a TCP connection. As such, PPTP is unsuitable, as is IPSec.
• You'll need to fiddle with the static routes on your computer to ensure DNS/Proxy goes through your normal default route, while all other traffic goes through the VPN.
• Set up NAT on the remote host so you can access remote sites through it.

The Solution - Selection of Tools

In order to tunnel the VPN, I used HTTP Tunnel. This software has both a Windows and Unix client/server, and will allow you to tunnel arbitrary connections though a HTTP proxy, with support for proxy HTTP authentication.

OpenVPN is an Open Source VPN solution, with both Windows/Linux clients/servers. It has the ability to work through a single TCP connection, allowing us to tunnel it through the proxy.

Update: I received word from an anonymous source that OpenVPN can now perform tunnelling through the HTTP proxy for you. The relevant config lines for OpenVPN you should look at are:

port 443

proto tcp-client

http-proxy proxyserver 8080

http-proxy-retry

http-proxy-option AGENT Mozilla/5.0+(Windows;+U;+Windows+NT+5.0;+en-GB;+rv:1.7.6)+Gecko/20050226+Firefox/1.0.1

The Solution - On the Server

Ensure Universal TUN support is built into the kernel.

Install OpenVPN.

Run OpenVPN, first instanciating a daemon without encryption. Once you get this working, work your way up to using RSA encryption, or stick with a static key.

Assuming you will use the IP addresses 10.0.0.1 for the server, and 10.0.0.2 for the client on the VPN, this command will open a openvpn daemon instance:

openvpn --proto tcp-server --port 5000 --dev tun1 --ifconfig 10.0.0.1 10.0.0.2 --verb 8

Run HTTP tunnel on the server (using the "hts" daemon), to listen on a port, and forward it to the VPN daemon (by default this should be 127.0.0.1:5000). I used port 81, as the proxy will allow connections to port 79, 80, 81, etc.

The command to do this, looks like:

hts -F localhost:5000 81

The Solution - On the Client

Run HTTP tunnel on the client (using the "htc" client), to listen on a port, and forward it to the htc daemon on the server.

htc -P proxyhost:proxyport -A "username:password" -F 5000 htshost:htsport

Install OpenVPN.

Run OpenVPN, first instanciating a client without encryption to the htc process. Assuming you will use the IP addresses 10.0.0.1 for the server, and 10.0.0.2 for the client on the VPN, this command will open a OpenVPN client instance:

openvpn --proto tcp-client --dev tun1 --ifconfig 10.0.0.2 10.0.0.1 --verb 8 --remote 127.0.0.1

The Solution - Testing VPN Connection

With some luck, when you ping the server from the client over the VPN, we should get data flow:

ping 10.0.0.1

If you get a reply, you should now look into using encryption for the VPN.

Routing and NAT

There are many HOWTOs available for setting up NAT. As such, it isn't covered here.

Other Problems