quantumkitty

I won't run a proxy again. As I said, there's a vulnerability in ZeroNet public proxies that allows attackers to list the directory of server site folders, and possibly steal private keys and masterseeds. You wake up one morning, server is down, and the SSH terminal TMUX session shows ZeroHello directory files.

Luckily, they only seem to have listed the directory of ZeroHello. I don't know what they were doing there.. it would be interesting to create a honeypot. It may have just been an attempt to shut down the ZeroNet client i.e. DDoS.

My proxy is now running privately.

http://127.0.0.1:43110/Talk.ZeroNetwork.bit/?Topic:1526789823_1NZftAz9VSawGF5JgMYGFv4ByoKEaQbNZu

ZeroNet proxies do not disable Stats plugin. Any people can get access /Benchmark tools externally.

I suppose, it is vulnerability for (D)DOS attack.

http://127.0.0.1:43110/Talk.ZeroNetwork.bit/?Topic:1_1LJP7tDoGnWNppUGJoNS8cJbmYTS1TecCC

I've set up a clearnet proxy, currently for personal use, may open it for everyone later.

http://127.0.0.1:43110/1EiMAqhd6sMjPG2tznkkGXxhdwFBDdeqT9/?Post:44

Note: due to formatting issues, some bash commands below have incomplete display. Just copy and paste the bash code block somewhere for the complete commands. Introduction

This is a tutorial on deploying ZeroNet to Heroku as a Python web app. You can host a (1) public or (2) private ZeroNet proxy, or only host (3) your personal zsites (ZeroNet site) statically (with all your zsite contents there) or dynamically (as an open gate to the clearnet and fetch your zsite contents from the zero network) on Heroku…

http://bruce-lab.blogspot.com/2017/11/deploy-zeronet-to-heroku-as-proxy.html

You might have noticed I just started to host two new ZeroProxies

In this post, I will teach you how to host your own.

http://127.0.0.1:43110/kindlyfire.bit/?Post:9:Running+a+ZeroProxy

#+BEGIN_COMMENT First things first, you need :

A domain name pointing to your server (I will refer to it as domain.net) A VPS running Debian 8 (You can get one at DigitalOcean (ClearNet))

Connect to your VPS, on Linux and MAC this would be:

$> ssh root@server_ip

Update it:

$> apt update $> apt upgrade

Setup the domain name

The domain name you want to use, here domain.net, needs to have an A record pointing to server_ip. You can check this with dig:

$> dig domain.net

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> domain.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32341 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;domain.net. IN A

;; ANSWER SECTION: domain.net. 253 IN A 164.132.6.35 <=== THIS IS IT

;; Query time: 23 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Fri Jun 17 23:02:44 CEST 2016 ;; MSG SIZE rcvd: 58

Refer to your domain name provider for help on how to set it up. If you use CloudFlare as DNS provider, make sure CloudFlare protection is disabled for the A record. Get ZeroNet up and running

We will have to download, extract and make ZeroNet run with forever. Let's start:

$> wget https://github.com/HelloZeroNet/ZeroBundle/raw/master/dist/ZeroBundle-linux64.tar.gz $> tar -xvf ZeroBundle-linux64.tar.gz $> rm ZeroBundle-linux64.tar.gz $> wget -qO- https://raw.githubusercontent.com/creationix/nvm/v0.31.1/install.sh | bash $> . ~/.nvm/nvm.sh $> nvm install 5 $> npm install forever -g

Now we have both ZeroBundle and forever installed, let's launch it once:

\(> cd ZeroBundle ZeroBundle/\)> ./ZeroNet.sh

Once you see the following (underneath), hit CTRL + C.

[14:12:02] Ui.UiServer ---------------------------------–— [14:12:02] Ui.UiServer Web interface: http://127.0.0.1:43110/ [14:12:02] Ui.UiServer ---------------------------------–—

Now that ZeroBundle downloaded ZeroNet, we can enable the Multiuser plugin.

ZeroBundle/\(> cd ZeroNet/plugins/ ZeroBundle/ZeroNet/plugins/\)> mv disabled-Multiuser/ Multiuser/ ZeroBundle/ZeroNet/plugins/$> cd ../..

ZeroNet is installed and we are not going to let it run yet. Before, install Tor using these instructions (ClearNet). After that, you can run ZeroNet :

ZeroBundle/$> forever start -c bash "ZeroNet.sh"

You can check the status of scripts running with forever using forever list. Generate an SSL certificate

No, you're not going to pay for it. We'll use certbot by LetsEncrypt, it's free ! You will have to renew your certificate every 90 days though (edit: this is now done automatically thanks to a cron job added by certbot).

$> echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list $> apt update $> apt install certbot -t jessie-backports $> certbot certonly -d domain.net –standalone

Carefully read the message returned by the last command, and if it didn't worked then fix the issues it pointed out. If you get a success message, note the file it gives you ! Finally, install nginx

Nginx is like Apache, but faster and just overall better. My friend angristan made an easy installation script:

$> wget https://raw.githubusercontent.com/Angristan/nginx-autoinstall/master/nginx-autoinstall.sh $> chmod +x nginx-autoinstall.sh $> ./nginx-autoinstall.sh

You should follow it as I did:

Welcome to the nginx-autoinstall script.

What do you want to do?

1. Install Nginx
2. Uninstall Nginx
3. Update the script

Select an option [1-3]: 1

This script will install Nginx 1.11.1 (mainline) with some optional famous modules.

Please tell me which modules you want to install. If you select none, Nginx will be installed with its default modules.

Modules to install : PageSpeed 1.11.33.2 [y/n]: n Brotli [y/n]: n Headers More 0.30 [y/n]: n GeoIP [y/n]: n Cloudflare's HTTP/2 + SPDY patch [y/n]: y Cloudflare's TLS Dynamic Record Resizing patch [y/n]: n

Choose your OpenSSL implementation :

1. System's OpenSSL (default)
2. OpenSSL 1.0.2h from source
3. LibreSSL 2.4.1 from source

Select an option [1-3]: 1

Nginx is ready to be installed, press any key to continue… <press enter>

Once that's done, we'll have to create a vhost for nginx.

\(> cd /etc/nginx/ /etc/nginx/\)> nano nginx.conf

Find the line include etc/nginx/conf.d/*.conf; and add include /etc/nginx/sites/*.conf; behind (or the line after it, just make sure it comes before }). CTRL + X then Y to save. We can now put our vhost in sites:

/etc/nginx/\(> cd sites /etc/nginx/sites/\)> nano domain.net.donf

Dont forget the .conf suffix, or the file won't load.

Enter this in it:

server { listen 80; server_name domain.net; rewrite ^ https://$server_name$request_uri? permanent; }

server { listen 443 ssl http2;

server_name domain.net;

ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem; ssl_{certificatekey} /etc/letsencrypt/live/domain.net/privkey.pem; ssl_{trustedcertificate} /etc/letsencrypt/live/domain.net/chain.pem;

ssl_protocols TLSv1.2; ssl_ecdhcurve secp384r1; ssl_ciphers EECDH+AESGCM:EECDH+AES; ssl_{preferserverciphers} on; ssl_stapling on; ssl_{staplingverify} on; resolver 80.67.169.12 80.67.169.40 valid=300s; resolver_timeout 5s; ssl_sessioncache shared:SSL:10m; ssl_{sessiontimeout} 5m; ssl_{sessiontickets} off;

location / { proxy_pass http://127.0.0.1:43110; proxy_setheader Host $host; proxy_setheader X-Real-IP $remote_addr; proxy_setheader X-Forwarded-For $proxy_{addxforwardedfor}; proxy_setheader X-Forwarded-Proto $scheme; }

location /Websocket { proxy_pass http://127.0.0.1:43110; proxy_httpversion 1.1; proxy_readtimeout 1h; #for long live websocket connetion proxy_setheader Upgrade $http_upgrade; proxy_setheader Connection "upgrade"; }

client_maxbodysize 20M; }

Don't forget to replace all domain.net with your domain !

nginx -s reload to reload the nginx configuration and you're all set. You should be able to see your proxy by going to domain.net, all good.

If you have any questions, my contact info is in the sidebar.