*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: Who loves or hates their VPN?
« Reply #20 on: December 27, 2020, 12:59:21 AM »
I don't know about "good", but the reasoning is that if you manage to compromise the client/workstation, you still have very little information about its network setup. The gateway is not meant to be used interactively by the user, which mitigates some routes of compromise.

I'm very sceptical of such arguments because any network clients on the workstation VM should be running unprivileged, so escaping a network namespace sandbox would require a root privilege escalation vulnerability in the kernel. It's difficult to imagine a scenario in which consumer virtualisation software is trusted, but the Linux kernel is not. To me, just throwing more VMs at a problem seems like security by people who don't understand security, which is why I'm very wary of such off-the-shelf solutions.

An alternative to consider is OpenBSD, which I've been using as my daily driver for the past 5 years now. Without diving deeply into details (there are plenty on the website), OpenBSD has two complementary mechanisms to restrict process access — pledge(2) for system calls, and unveil(2) for filesystem paths. Firefox on OpenBSD makes use of these to severely restrict what things it can do, so even without network isolation, it should not be able to inquire about hardware details or network interface configuration, nor read any of your files other than those necessary for it to function. (It is, of course, possible to add or remove capabilities to/from the default set, if you need it to access some specific files or want to remove the ability to play sound, for example.) It is straightforward to couple this with rdomain(4) and pf(4) to block any network access from Firefox to the outside world, forcing it to proxy via Tor (or wherever else you may want it to go).

Of course, that approach involves a bit more work, and probably a lot of learning if you are not already familiar with Unix, but the great benefit is that you end up with a system you understand, rather than a product somebody else created with dubious design choices. The other bonus, if you run it on bare metal, is that instead of accessing all hardware via a virtual machine — which tends to make things like hardware-accelerated graphics difficult or impossible — Firefox has direct access to only the hardware it needs. But the extra work involved means it may or may not suit you, so consider carefully whether it's a trade-off you want to make.
« Last Edit: December 27, 2020, 01:07:51 AM by la xasop »
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Dr Van Nostrand

  • *
  • Posts: 1234
  • There may be something to this 'Matrix' stuff...
    • View Profile
Re: Who loves or hates their VPN?
« Reply #21 on: December 27, 2020, 01:29:56 AM »
If you're comfortable getting your hands a little dirty with VMs (sorry, no idea what your background and experience is - I'm happy to adjust to any level if you let me know) I'd recommend playing with Whonix. In a nutshell, you run 2 VMs: one acting as a Linux box that routes all network traffic through the other - a gateway that routes all Internet traffic through Tor.

I run a small herd of VM on the ranch and I read about running a sandbox within a sandbox within a sandbox etc. But....

I'm very sceptical of such arguments because any network clients on the workstation VM should be running unprivileged, so escaping a network namespace sandbox would require a root privilege escalation vulnerability in the kernel.

There is a lot of opportunity for me to fuck up permissions and own myself even without any inherent architectural issues.

I run a couple of my own OpenVPN servers, mostly for circumventing weird access restrictions, and to act as a gateway to my own stuff that I don't necessarily want open to all of the Internet.
I've been playing with tinc.

But still, don't you need IP addresses if you don't want people to see your face?
Round Earther patiently looking for a better deal...

If the world is flat, it means that I have been deceived by a global, multi-generational conspiracy spending trillions of dollars over hundreds of years.
If the world is round, it means that you’re just an idiot who believes stupid crap on the internet.

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: Who loves or hates their VPN?
« Reply #22 on: December 27, 2020, 01:52:54 AM »
There is a lot of opportunity for me to fuck up permissions and own myself even without any inherent architectural issues.

If we aren't taking user caution for granted, there is also a lot of opportunity for you to send personal information over Tor or a VPN, which applies no matter what technical solution is used.

But still, don't you need IP addresses if you don't want people to see your face?

Well, this thread was asking about VPNs in general, and my initial reply was in response to that. It only became clear later that you meant using a VPN as your gateway. Also, I don't understand your question.

Also, to clarify my previous post: No work is needed to use pledge and unveil for privilege restriction, that happens for Firefox on OpenBSD by default. The work involved is to set up routing domains and pf to block non-Tor traffic, if that's a thing you want to do.
« Last Edit: December 27, 2020, 01:55:17 AM by la xasop »
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Dr David Thork

  • *
  • Posts: 5188
  • https://onlyfans.com/thork
    • View Profile
Re: Who loves or hates their VPN?
« Reply #23 on: December 27, 2020, 08:47:53 AM »
What a mess . The tl;dr

@Dr Nostrand ... spent $30 and do it right.
https://www.comparitech.com/blog/vpn-privacy/raspberry-pi-vpn
^ Will work on your PC, phone, xbox and anything else you like to stream your donkey pron through.
Same solution, different guy


Right, the tl and nobody should read ....

So Thork was kind of right.
This is a recurring theme on this website.

In America, it's like a gun permit, no big deal.
If you'd like, you can always shoot me
Sorry, my mind wandered.

An alternative to consider is OpenBSD
You should consider this for no more than 2 seconds before realising that this is the most convoluted solution available to you, requiring the most research and the greatest technical barriers to entry suggested so far.
« Last Edit: December 27, 2020, 08:56:01 AM by Toddler Thork »
Rate this post.      👍 6     👎 1

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: Who loves or hates their VPN?
« Reply #24 on: December 27, 2020, 09:45:27 AM »
What a mess . The tl;dr

@Dr Nostrand ... spent $30 and do it right.
https://www.comparitech.com/blog/vpn-privacy/raspberry-pi-vpn

This does not address all of the concerns raised in this thread, but thanks for trying. It turns out that "just throw a VPN at it" is not a complete solution to privacy online.
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Dr David Thork

  • *
  • Posts: 5188
  • https://onlyfans.com/thork
    • View Profile
Re: Who loves or hates their VPN?
« Reply #25 on: December 27, 2020, 10:21:01 AM »
What a mess . The tl;dr

@Dr Nostrand ... spent $30 and do it right.
https://www.comparitech.com/blog/vpn-privacy/raspberry-pi-vpn

This does not address all of the concerns raised in this thread, but thanks for trying. It turns out that "just throw a VPN at it" is not a complete solution to privacy online.
And memeing OpenBSD as the answer to every problem is hardly much help either.  ::)
Rate this post.      👍 6     👎 1

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: Who loves or hates their VPN?
« Reply #26 on: December 27, 2020, 10:31:04 AM »
And memeing OpenBSD as the answer to every problem is hardly much help either.  ::)

Irrelevant.
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: Who loves or hates their VPN?
« Reply #27 on: December 27, 2020, 12:57:00 PM »
It's difficult to imagine a scenario in which consumer virtualisation software is trusted, but the Linux kernel is not.
You're massively overthinking this and consequently missing the point. By the time you need to ask yourself which software you "trust", you already have problems big enough that you should be wiping your entire computer and moving to Argentina. This design decision can be, arguably only slightly, beneficial in case of user error. If you install malware on your computer, it doesn't matter how much you "trust" your kernel.

To me, just throwing more VMs at a problem seems like security by people who don't understand security, which is why I'm very wary of such off-the-shelf solutions.
With due respect, you're not a security expert, unlike many of the people involved in the project - you have a tendency to hyperfocus on small aspects of projects and to dismiss them when you don't like a single detail, missing out on the bigger picture.

This, by the way, is why we generally teach people not to reinvent the wheel when it comes to security. It usually ends very, very badly, because a single person, no matter how smart, is more likely to miss some holes than a team of dedicated people working on a solution for years.

You're also making this assessment based on one short remark I've made about a single design decision, without having read anything else about the project. This is extremely unhelpful to this discussion, and you're potentially scaring people away from a tool which appears to be a near-perfect match to their needs. The approach has flaws (though I disagree that you identified one), but it's the least-worst option available for a relatively competent computer user who doesn't do professional-computer-somebody work for a living.

Also, can we please just agree that, regardless of our disagreements, Thork shouldn't be further engaged in this thread?

But still, don't you need IP addresses if you don't want people to see your face?
Short answer: you DO NOT want a VPN for your use case. If you run it yourself, it will always be tied to you. If a corporation runs it, you're at the behest of a corporation which Definitely Doesn't™️ have multiple ways to break the promises they made to you at the behest of law enforcement. (Those, in turn, can also be exploited by people who aren't law enforcement).
« Last Edit: December 27, 2020, 01:05:17 PM by Pete Svarrior »
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: Who loves or hates their VPN?
« Reply #28 on: December 28, 2020, 02:05:12 AM »
You're massively overthinking this and consequently missing the point. By the time you need to ask yourself which software you "trust", you already have problems big enough that you should be wiping your entire computer and moving to Argentina.

The very existence of such a setup is contingent on not trusting some of your software, otherwise you could just trust the web browser (or whatever other tools you're running) not to leak information about your client.

This design decision can be, arguably only slightly, beneficial in case of user error.

For certain classes of user error, which I'm still not convinced are significantly more likely than the user revealing personal information directly over the "private" transport.

If you install malware on your computer, it doesn't matter how much you "trust" your kernel.

It does if you are running that malware as an unprivileged user, which should always be the case in this scenario.

This, by the way, is why we generally teach people not to reinvent the wheel when it comes to security. It usually ends very, very badly, because a single person, no matter how smart, is more likely to miss some holes than a team of dedicated people working on a solution for years.

Agreed. I can't tell if you're implying that I've suggested reinventing the wheel or not.

You're also making this assessment based on one short remark I've made about a single design decision, without having read anything else about the project. This is extremely unhelpful to this discussion, and you're potentially scaring people away from a tool which appears to be a near-perfect match to their needs.

Indeed — I don't know anything about the project and I had never heard of it until you mentioned in this thread. My reaction was based on the all-too-common approach of "put it in a VM, then it will be perfectly secure" from people with no understanding of what they are talking about, and that does make me initially sceptical of projects which rely heavily on virtualisation for isolation. I accept that it may not be warranted in this specific case — I simply don't have enough information to express anything more than wariness.

The approach has flaws (though I disagree that you identified one), but it's the least-worst option available for a relatively competent computer user who doesn't do professional-computer-somebody work for a living.

I would not go so far as to say I identified a flaw. I have concerns — and I would not personally use this project without more research to answer the questions that come to mind. But it also doesn't seem to run on my OS — actually, it doesn't have instructions to run on any system I use, since its Linux instructions assume that you use either Virtualbox or libvirt (while calling libvirt "KVM") — so there is no sense in me doing that research. This, by the way, is one of my concerns about using VMs for this, as it means they can only feasibly target a fairly narrow range of host system configurations.

Also, whether or not it is the best option depends on exactly what you want to isolate. I still think that restricting a web browser's access to OS resources is a better approach to improving privacy on the web specifically, but Whonix seems to aim for isolation of a complete OS. Depending on user needs, this may be overkill if they just need a privacy-enhanced Firefox, or it may indeed be a perfect fit.

Also, can we please just agree that, regardless of our disagreements, Thork shouldn't be further engaged in this thread?

That much is patently obvious.
« Last Edit: December 28, 2020, 02:11:40 AM by la xasop »
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: Who loves or hates their VPN?
« Reply #29 on: December 28, 2020, 02:26:08 AM »
For certain classes of user error, which I'm still not convinced are significantly more likely than the user revealing personal information directly over the "private" transport.
The software addresses the aspects of user error which can be addressed through software. It does not serve as a replacement for other means of reducing user error.

It does if you are running that malware as an unprivileged user, which should always be the case in this scenario.
It very often isn't, regardless of what you think should be the case - people make errors, and those errors can be as severe as running dodgy software as root (or falling prey to some yet-unknown escalation vector). Reality doesn't care about what should be, and addressing that reality is beneficial.

Don't get me wrong - I don't actually disagree with you here. It's just that... Yeah, things that shouldn't happen happen all the time. I see no merit in just saying "but it shouldn't happen" - I'd rather mitigate the effect of it happening. It is extremely important to address these flaws in the general use case as they crop up, but the paranoid use case of "I'm doing something I shouldn't be doing" warrants a few more layers of hardening.

Agreed. I can't tell if you're implying that I've suggested reinventing the wheel or not.
You explicitly stated that you don't like pre-made solutions in the field of security. I know you, and thus I have a good idea of what you meant, but I am going to be relatively unique to see your meaning despite your choice of words.

Indeed — I don't know anything about the project and I had never heard of it until you mentioned in this thread. My reaction was based on the all-too-common approach of "put it in a VM, then it will be perfectly secure" from people with no understanding of what they are talking about, and that does make me initially sceptical of projects which rely heavily on virtualisation for isolation. I accept that it may not be warranted in this specific case — I simply don't have enough information to express anything more than wariness.
That's fine - but what you expressed looked like confident dismissal (which could have likely been misread as an educated rebuttal), and not a general doubt. This distinction needed highlighting, and now it has been.

Mind you, Whonix doesn't rely on virtualisation. You could just as well deploy the gateway and workstation in real hardware. It's the separation between the two that (arguably) helps boost privacy, so separate hardware would only make things better. The standard deployment assumes VMs as a good combination of "easy to do", "probably good enough", and "hasn't yet been publicly broken by a nation-state attacker".

But it also doesn't seem to run on my OS — which is one objection I have to using VMs for this, as it severely limits where you can run it — so there is no sense in me doing that research.
I suppose the 5 users of OpenBSD might indeed be restricted there. I know for a fact that OP is not one of them, so I didn't concern myself with it when making my recommendation. Though, given that virtualisation is not actually required for this, I'd probably just recommend that MemeOS users just buy two rPis to run it.

Also, whether or not it is the best option depends on exactly what you want to isolate.
Yeah - I am working with limited information, and I filled the gaps in what OP told us with my own experience with similar activities. I have some confidence in my guessed, but it obviously does not replace a well-defined spec. However, I also suspect that OP doesn't exactly know what he wants yet - hence my suggestion of looking at a tool and seeing if it feels right.
« Last Edit: December 28, 2020, 02:34:49 AM by Pete Svarrior »
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: Who loves or hates their VPN?
« Reply #30 on: December 28, 2020, 02:44:32 AM »
Don't get me wrong - I don't actually disagree with you here. It's just that... Yeah, things that shouldn't happen happen all the time. I see no merit in just saying "but it shouldn't happen" - I'd rather mitigate the effect of it happening. It is extremely important to address these flaws in the general use case as they crop up, but the paranoid use case of "I'm doing something I shouldn't be doing" warrants a few more layers of hardening.

That's fair, I suppose. I guess where I differ is that I don't consider this protection to be worth the added complexity, but then I was also looking at it as a way of running a web browser, where elevating privileges to root is basically never needed.

You explicitly stated that you don't like pre-made solutions in the field of security. I know you, and thus I have a good idea of what you meant, but I am going to be relatively unique to see your meaning despite your choice of words.

Well, to be more specific for the benefit of others: I prefer general-purpose tools that can be easily configured and composed to work the way I want them to, rather than tools that come pre-configured the way someone else thinks they should work. I don't think of configuration to suit your needs as reinventing the wheel, and I would never in any situation advocate reinvention of wheels in security. (Reinvention of wheels in other fields is sometimes, though rarely, justified.)

I suppose the 5 users of OpenBSD might indeed be restricted there. I know for a fact that OP is not one of them, so I didn't concern myself with it when making my recommendation.

OpenBSD is but one example. I actually edited my last post while you were replying, so to expand upon that, the Whonix installation instructions for Linux provide options for Virtualbox and what they call "KVM" (which is actually libvirt managing KVM guests). My Linux systems with VMs do use KVM, but they do not use libvirt, in part because libvirt does not support using the isolation features of QEMU that I use to mitigate the risk of VM escape attacks. It is a tad ironic that a project based on security by isolation would force me to reduce the isolation of my system in order to install it.

Other situations in which this is limiting are that you cannot use it on non-x86 hardware, or on old x86 CPUs without virtualisation extensions, or on a VM without nested virtualisation support (which is its own can of worms). In case you think I am contriving scenarios that will not arise in practice, I have personally encountered users who wanted to run VMs for isolation but could not for all three of these reasons.

Granted, this likely does not apply to the OP, but it is one of my concerns about using multiple VMs for this. (If it were a single VM, it could — at least in principle — be installed onto bare hardware as a workaround.) Even if we accept that the approach improves security, it does so at the cost of portability, which reduces the number of users that can take advantage of the improved security.

Yeah - I am working with limited information, and I filled the gaps in what OP told us with my own experience with similar activities. I have some confidence in my guessed, but it obviously does not replace a well-defined spec. However, I also suspect that OP doesn't exactly know what he wants - hence my suggestion of looking at a tool and seeing if it feels right.

Agreed on that point, which is why I suggested OpenBSD as well, as an option that comes with a privacy- and security-enhanced Firefox installation by default (albeit without Tor). Hopefully one of these options will suit.
« Last Edit: December 28, 2020, 02:51:43 AM by la xasop »
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Dr David Thork

  • *
  • Posts: 5188
  • https://onlyfans.com/thork
    • View Profile
Re: Who loves or hates their VPN?
« Reply #31 on: December 28, 2020, 07:42:05 AM »
Who do you use and do they suck or not?
Asking which provider ... and
Setting up my own server might not be a bad idea.
So I suggest the cheap, tried and tested Raspberry Pi Solution


Pete
Short answer: you DO NOT want a VPN for your use case.
No alternative provided

la xasop ... change your Operating System.

And then
Also, can we please just agree that, regardless of our disagreements, Thork shouldn't be further engaged in this thread?

You so called technical experts are useless. The OP has wandered off as you continue to squabble over things he's not interested in.  ::)

I've been playing with tinc.
I'll bet your monitor looks like a plaster's radio.
« Last Edit: December 28, 2020, 07:48:21 AM by Toddler Thork »
Rate this post.      👍 6     👎 1

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: Who loves or hates their VPN?
« Reply #32 on: December 28, 2020, 11:38:34 AM »
Thork, I'm sure you'll read the thread one day. Until then, please stop trying to derail it.

xasop - nothing you said is here technically incorrect, but it is too far removed from any likely use case OP (or most computer users) might have. The use cases of "I use OpenBSD, but despite that I somehow still care about portability", "I want to run VMs but refuse to run any of the most popular hypervisors, nor do I want to adapt a solution to the narrow set of hypervisors I do accept", or "what if you're not using a relatively modern and common PC?" are exceptionally rare, if I may be so bold (even if you claim to have observed them with someone other than yourself). They dilute a thread which could otherwise be useful and well-targeted.

As mentioned before - I made this suggestion for (my interpretation of) a very specific use case. I wouldn't make it for a general case, because it would be too complicated and wouldn't offer tangible advantages to most users. However, once you reach the stage of "I wanna go scambaiting but don't want the nice Nigerian mafia to knock on my door", hardening the entire environment in which you do that starts to become necessary.
« Last Edit: December 28, 2020, 12:49:09 PM by Pete Svarrior »
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline Dr Van Nostrand

  • *
  • Posts: 1234
  • There may be something to this 'Matrix' stuff...
    • View Profile
Re: Who loves or hates their VPN?
« Reply #33 on: December 28, 2020, 02:57:04 PM »
You so called technical experts are useless. The OP has wandered off as you continue to squabble over things he's not interested in.  ::)
I haven't so much wandered off, just consumed by weekend partying. I'm sober now.

The thing is that when you post a technical question like this on a flat earth forum, you take your chances. But you will get a broad swath of opinions along with the possibility of being trolled off the grid. That's cool, I want to hear it all. I read it all. There has been some good info in this thread.

I think it's within my tech abilities to set up some kind of proxy server but there's still the issue of IP addresses....
Short answer: you DO NOT want a VPN for your use case. If you run it yourself, it will always be tied to you. If a corporation runs it, you're at the behest of a corporation which Definitely Doesn't™️ have multiple ways to break the promises they made to you at the behest of law enforcement. (Those, in turn, can also be exploited by people who aren't law enforcement).

If I buy IP addresses outright, it would be like having them tattooed on my ass. I might be able to cover them but they would follow me forever. (Doesn't the Thorkian hardware solution require having some kind of rogue IP address to hide behind?)

A couple of you recognized that I don't have the issue completely mapped out yet but I'm closing in on it.
However, once you reach the stage of "I wanna go scambaiting but don't want the nice Nigerian mafia to knock on my door", hardening the entire environment in which you do that starts to become necessary.

Yeah, the Nigerians are one thing, but I also want to go after the Russians attacking my webhost. Those people have absolutely no sense of humor.

I'm starting to think that maybe I'm looking at a workstation solution rather that a network solution. Maybe some kind of an anonymized, fortified, VM on a flashdrive... If I want to play in the mud, I could just plug it in and make it disappear when I'm done.

 
Round Earther patiently looking for a better deal...

If the world is flat, it means that I have been deceived by a global, multi-generational conspiracy spending trillions of dollars over hundreds of years.
If the world is round, it means that you’re just an idiot who believes stupid crap on the internet.

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: Who loves or hates their VPN?
« Reply #34 on: December 28, 2020, 03:37:10 PM »
If I buy IP addresses outright, it would be like having them tattooed on my ass. I might be able to cover them but they would follow me forever. (Doesn't the Thorkian hardware solution require having some kind of rogue IP address to hide behind?)
Thork's "solution" doesn't even attempt to answer the problem. It's instructions on how you could connect your devices to a provider (without naming one), and/or how you could access your LAN from outside. It doesn't attempt to answer the privacy question, because he never read your question, nor the discussion that followed.

It doesn't even attempt to answer your question, because he never read it. A network like Tor is pretty much your best hope for what you're describing.

I'm starting to think that maybe I'm looking at a workstation solution rather that a network solution. Maybe some kind of an anonymized, fortified, VM on a flashdrive... If I want to play in the mud, I could just plug it in and make it disappear when I'm done.
If only I had described something like that earlier in this thread... ::)

If the two-VM approach of Whonix scares you (it really shouldn't), you could also consider Tails - a live-bootable flash drive which avoids persistent storage of data, and also routes your traffic through Tor.

Yeah, the Nigerians are one thing, but I also want to go after the Russians attacking my webhost. Those people have absolutely no sense of humor.
Err, you might want to think about that one a bit. Russian botnets hammer every IP on the Internet - you should probably just automatically ban them (have a look at tools like fail2ban). They have no idea who you are, and there's nobody to "go after". If your whole idea is to investigate some botnets, you probably don't need to hide yourself at all, nor are you likely to find anything of interest.
« Last Edit: December 28, 2020, 03:39:41 PM by Pete Svarrior »
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline Dr Van Nostrand

  • *
  • Posts: 1234
  • There may be something to this 'Matrix' stuff...
    • View Profile
Re: Who loves or hates their VPN?
« Reply #35 on: December 28, 2020, 04:22:33 PM »
If only I had described something like that earlier in this thread... ::)

yep, it's coming around.

(have a look at tools like fail2ban).

Very interesting. I've tried the IP Blocker in the Cpanel to block the IPs and their ranges but it does nothing to stop the hits. They're not really hurting anything but these 'GET's are consuming bandwidth and showing up in my metrics as traffic. It's annoying.

Years ago, some Ukranians managed to get a malicious javascript into one of my hosted webpages (dumbbitchwebhosting dot com). Those spam emails that ask people to log onto their bank was sending traffic to Ukraine through one of my webpages. I haven't forgotten. Now that Russia annexed part of Ukraine, it's personal.

If I was a real asshole, I could hack into the neighbor's wifi and launch attacks from their modem. But I like my neighbors and would feel bad if the Nigerians showed up at their house and I wouldn't want them to get sprayed with Russian nerve gas either.
Round Earther patiently looking for a better deal...

If the world is flat, it means that I have been deceived by a global, multi-generational conspiracy spending trillions of dollars over hundreds of years.
If the world is round, it means that you’re just an idiot who believes stupid crap on the internet.

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: Who loves or hates their VPN?
« Reply #36 on: December 28, 2020, 07:58:42 PM »
Very interesting. I've tried the IP Blocker in the Cpanel to block the IPs and their ranges but it does nothing to stop the hits. They're not really hurting anything but these 'GET's are consuming bandwidth and showing up in my metrics as traffic. It's annoying.

Speaking as a professional computer somebody for the past decade, this is just the Internet. If you are going to put services on the public Internet, you will need to get used to the fact that this happens.
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: Who loves or hates their VPN?
« Reply #37 on: December 28, 2020, 09:14:20 PM »
If I was a real asshole, I could hack into the neighbor's wifi and launch attacks from their modem.
I mean no offence, but given the level of expertise you hinted at so far: do you even know what "launching attacks" would entail?
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline Dr Van Nostrand

  • *
  • Posts: 1234
  • There may be something to this 'Matrix' stuff...
    • View Profile
Re: Who loves or hates their VPN?
« Reply #38 on: December 29, 2020, 12:50:54 AM »
Very interesting. I've tried the IP Blocker in the Cpanel to block the IPs and their ranges but it does nothing to stop the hits. They're not really hurting anything but these 'GET's are consuming bandwidth and showing up in my metrics as traffic. It's annoying.

Speaking as a professional computer somebody for the past decade, this is just the Internet. If you are going to put services on the public Internet, you will need to get used to the fact that this happens.

I've just got to do something.  Going to curse and shake my fist in the air....

I mean no offence, but given the level of expertise you hinted at so far: do you even know what "launching attacks" would entail?

just basic scambaiting and social engineering...  Nothing sophisticated, I just don't want it coming from my address and want to minimized my DNA on it.





Round Earther patiently looking for a better deal...

If the world is flat, it means that I have been deceived by a global, multi-generational conspiracy spending trillions of dollars over hundreds of years.
If the world is round, it means that you’re just an idiot who believes stupid crap on the internet.