Having people commenting on your posts, even criticisms, it is something to be encouraged, it is through discussions and exchange of ideas that people learn and advances in knowledge.

Unfortunately WordPress comes with a default “enter URL” in the comments section and this attracts spammers, in order be able to get their spam URL visible and having people click the spammers introduce a one line comment, normally something ambigous without a meaning so that it can be used everywhere without even reading the post they are commenting on, a comment like “great post” and nothing else does the job for them.

This is one of the reaons why I disabled comments on this blog, I do not have the time to deal with spammers and people who want me to solve their personal questions as if I was at their disposal to do one to one classes, in order to avoid dissapointment for them, and saving time to both of us, it is better not allowing questions that allowing them and never reply to anything.

To disable WordPress website comments in field, in your theme folder, locate the comments.php and comments-popup.php template files, (this example will assume that you are using the default  Kubrick WordPress theme).

Find the following code and delete it, (or comment it out adding <!– before it and –> after the block of code):

<p><input type=”text” name=”url” id=”url” value=”<?php echo $comment_author_url; ?>” size=”22″ tabindex=”3″ />
<label for=”url”><small>Website</small></label></p>

Command line Linux for hard drive cloning

If you are a Unix command line geek you can clone your hard disk with various Linux programs. This can be quicker if you feel comfortable using the Linux shell. Computer forensics need to use a Unix live CD to clone a hard drive in order to preserve all data from alteration but unless this is your case you do not need it.

How to clone a hard disk using dd?

To execute dd you should login as root or use the su command.

1- Open Linux terminal window as root.

2- Change appropiate hard disk name, ie sda/sdb and type:

dd if=/dev/sda of=/dev/sdb

3- Cloning a hard drive using dd can take hours depending on size. You can use gzip and save storage space but this will make the hard disk back up even longer.

Copying a hard disk partition using dd

If you don’t want to make a complete duplication of your hard disk the following command will create an image file “disk1.img” in your user’s recovery directory from /dev/sda

dd if=/dev/sda of=~/recovery/disk1.img

To restore a partition or a hard disk from an image file, just exchange the arguments “if” and “of”. For example, restore the whole hard disk from the image file “disk1.img”:

dd if=disk1.img of=/dev/sda

How to clone your hard drive using ddrescue?

Also known as Gddrescue in Ubuntu, ddrescue is quicker than ‘dd’, gets better results and it also keeps a logfile that records each of the bad blocks found.

1- SystemCdTools includes ddrescue but you may have to install dderescue from the repositories otherwise as many other linux distributions do not come with it.

2- Open Linux terminal window as root.

3- Change source sda and destination sdb if needed, depending on your hard disk name, then type:

ddrescue -v /dev/sda /dev/sdb

If your hard disk has bad sectors the following Linux ddrescue command line below will attempt to recover them:

ddrescue -r 1 /dev/sda /dev/sdb rescue.log

WARNING: There is another Unix tool called dd_rescue do not confuse it with ddrescue, they both enhance dd but are not the same command line.

Hard drive data kept secure

The easiest way to recover your operating system in case of disaster is by cloning it once a week to an external disk. You will save lots of time tweaking the settings once again if you need to reinstall your operating system.

Main Linux live CD to clone a hard disk

CloneZilla: Clonezilla live is suitable for single machine backup and restore, Clonezilla saves and restores only used blocks in the harddisk, this increases the clone efficiency. This live CD to mirror your hard disk can be a bit overwhelming for newbies not used to Linux.

Redo Backup and Recovery: The system uses minimal space and resources, and the download size is less than 75MB. Easy point-and-click GUI tool for full system backup and recovery, very user friendly.

SystemRescueCD: This Linux live CD is normally used to recover data, you can use it to backup data from an unbootable Windows computer not able to boot anymore, as long as the hard disk is still working, you will just need to mount the partition.

UltimateBootCD: You can use this Linux live CD for hard disk cloning using some of the tools it has, such as CopyWipe, g4u, HDClone, partimage and others. You can also use this Linux live CD for data wiping as it includes hard disk wiping tools such as  Darik’s Boot and Nuke (DBAN) and HDDErase.

PartedMagic: This is mainly a linux live CD used for partioning but it also includes CloneZilla from the command line.

GRML: For the advanced linux user, this linux live CD based on Debian has been designed for the Linux system administrator comfortable witht the command line, GRML provides security and network related software, data recovery and forensic tools and many text tools.

Hard drive cloning

Computer Forensics live CD to clone hard drive

Frenzy: FreeBSD live CD, it contains software for hardware tests, file system check, security check and network setup and analysis.

Caine: Ubuntu based computer forensics live CD, mainly used to acquire data of a suspected criminal computer but also useful as a back up live CD. User friendly graphical interface.

DEFT Linux: DEFT it’s a new concept of Computer Forensic live system that use LXDE as desktop environment and thunar file manager and mount manager as tool for device management. It is a very easy to use system that includes an excellent hardware detection as well as open source applications dedicated to incident response and computer forensics.

MasterKey: MasterKey Linux live CD is focused on incident response and computer forensics. No installation is required, the forensics system is started directly from the a CD/DVD-ROM or USB thumbdrive.

BackTrack: BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester. You can install Backtrack to USB with full disk encryption if needed. 

Computer forensics live CD Caine

I have previously mentioned Mixmaster ont his blog, a great software tool to send anonymous email and also used to post to Usenet groups anonymously, but visiting a website in order to send an anonymous email is not a good idea because your IP will be logged by the site server.

You could use a proxy to get around this, or maybe you just want light anonymity, or you may be using a restricted computer and need to send an urgent untreaceable anonymous email or Usenet message.

That is when a web interface to send anonymous messages through Mixmaster will come in handy.

If you want to run a web interface for the Mixmaster remailer on your server you could use Pyano, recently released (March 2010) and heavily inspired by the mixweb perl script (last updated in 2005) at cotse.net.

Pyano web interface mixmaster remailer for administrators

If you are a simply remailer user and want to send an anonymous message or if you want to see how Pyano works, then visit:

Mattherhorn remailer web interface for users

Send email anonymous

The German Privacy Foundation also has a remailer web interface on its website, although it does not run on Pyano. And in my experience messages get lost far too often. I suspect this is is because by default the web interface uses a fixed chain of five random remailers, it increases security but also the likehood of something happening to message in transit.

With Pyano you can choose how many remailer proxies you want to use and which ones in particular, even entry and exit nodes.

The German Privacy Foundation also runs a tor proxy and a i2P proxy.

German Privacy Foundation remailer web interface for users

The Free Technology Academy aims to contribute to a society that permits all users to study, participate and build upon existing knowledge without restrictions.

The software used in the Free Technology Academy virtual campus is free software built upon an open standards framework.

The Free Technology Academy is financially supported by the Life Long Learning programme (LLP) of the European Commission.

You can download two great free Linux related eBooks from their materials webpage.

These books are released under the Creative Commons license, and it is likely that there will be new ones added to their course materials.

Check the Free Technology Academy website for updates and to learn what they are about.

Downloads:

Free eBook: Introduction to Free Software

Free eBook: GNU/Linux Advanced Administration

Unix server hacker (Creative Commons licensed picture)

Other great free open source Linux related eBooks that will help you build your knowledge can be found at:

Linux From Scratch

Not specifically Unix related, you can also try your luck at Wikibooks for all kind of free books online, although, unlike the others, Wikibooks does not seem to have a PDF download option.

Wikibooks

Geeky programmers can visit the free tech books website to download free online computer science, engineering and programming ebooks, text books and lecture notes. All of them legally released to the internet comunity. There are some interesting open source books in the FreeBSD section.

FreeTechBooks

Mixmaster is is an anonymous remailer software. It encrypts your email messages before sending them, it typically fires off the messages through a series of anonymous proxies, you can choose how many and what proxies you want on the chain, it also provides protection against traffic analysis by delaying the sending of the messages at random.

This excellent Linux Journal video introduces Mixmaster and explains how you can download it to your own Unix machine and help the internet anonymity cause running an anonymous email server.

Mixmaster runs on *BSD, Linux and Microsoft Windows. If you have questions about remailers and Mixmaster one of the best points of calls is the newsgroup: alt.privacy.anon.server

You can read the mailing list for remailer operators, and subscribe, at:

http://lists.mixmin.net/mailman/listinfo/remops

Mixmaster remailer software homepage:

http://mixmaster.sourceforge.net/

There are some spammers out there, specially in the adult business,who take some of the highest ranked Google images and then hotlink to them in order to get your traffic, it is also possible that you have limited hosting account bandwith or put simply, you do not want anyone to hotlink to any of your images, here is what you do to stop it.

Go to your webhosting account and edit your .htaccess file, or create it if it does not exist, then add these lines (RewriteEngine will typically be already set to on if you have a WordPress blog, you will then omit this line and do not write it twice):

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif [NC,R,L]

That is it! The most important part is to get yourdomain.com right, if you do not do this you will see the nasty image served by unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif

To whitelist search engines and let them hotlink to your images, you should add these lines to your .htaccess file (add other search engines at will):

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.de [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.nl [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.es [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.de [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.de [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?ask.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif [NC,R,L]

Stop bandwidth theft

Code explanation:

RewriteCond %{HTTP_REFERER} !^$ > Allow blank referrers (recommended). Some users surf under firewall and they do not provide any referrers, disallowing blank referrers will block them from accessing these images, but if you still want to do that simply delete this line.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] > Site allowed to link your images, if you do not add your domain here you will be blocking your own blog from displaying the images. You can also add Google and Bing here so that they can still link to the images.

RewriteRule \.(jpg|jpeg|png|gif)$ http://unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif [NC,R,L] > In between the () are type of files you want to block from hotlinking, you can also add .css and other extensions like .bmp. To add more seperate them with”|”.

Change ‘http://unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif‘ to your own message, whenever image hotlinking is detected this image will show up. It will be better if you host the image somewhere else out from your own webhost.

Warning: Make sure the image you are serving is not hotlink protected or your server can go into an endless loop.

Other ways to protect image hotlinking:

You may turn on hotlink protection at your CPanel webhosting account but this allows for far less customization than adding the manual .htaccess code.

There is a plugin for WordPress to stop hotlinking: WordPress Automatic Image Hotlink Protection

To check out if your hotlink protection is working visit this free hotlink checker

If you are having performance problems with Voice over IP, gaming online, or any other service, you can now find out whether you have a bandwidth problem, slow response times, or packet loss. There is a new service from the hands of the creators of Speedtest, called PingTest.

They will tell yo about your packet loss, ping time (This measurement tells how long it takes for a packet of data to travel from your computer to a server on the Internet and back) and jitter (the variance in measuring successive ping tests).

You will need an internet browser with at least Flash9.0 installed, in order to see the results.

PingTest

When working using bash, zsh, ksh or any other Unix shell the default is to save the history of the typed in commands, this can become a security and privacy risk.

Stop the history file keeping a copy of typed in commands

This can be used any time  you like assuming you have administrator rights (using bash shell as example).

# kill -9 $$

$$ gives the pid of the current shell instance, and the kill ends the process.

You could also use the history command, see man history:

# history -c (clear the history)
# history -w (write to the file – overwrite!)

Delete the bash history file, find out where your shell saves the history of typed in commands and delete it the same way. You may also use the shred command to overwrite it safely.

# rm -rf ~/.bash_history

But even if you delete the ~/.bash_history file, your current bash session will still be written to history once you log out, this is because it is being stored in RAM, you will need to use the previous history -c command to avoid this.

Stop writting to the history file for good

Examples based on the bash shell configuration files:

Turn off bash history for all users, append unset HISTFILE to /etc/profile

# echo “unset HISTFILE” >> /etc/profile

Set size of the history to zero:

HISTSIZE: The number of commands to remember in the command history. The default value in bash is 500, You can set this to 0 and disable the usage of the history file.

Introduce the following command in your personal bash configuration file ~/.bashrc (~/.zshrc for the zsh shell users) or in the global bash configuration file /etc/bash.bashrc

export HISTSIZE=0

You will need to restart your bash session in order to activate the settings, you can check if your configuration were entered correctly by going at the command prompt and typing:

env

If you don’t see your configuration in the environment variables than you have done something wrong.

The name of the configuration files can depend from your Linux distribution and bash version, you can always see your particular options using man bash.

Unix shell configuration files

Unix shell configuration table files explained:

• Blank means a file is not read by a shell at all

• “yes” means a file is always read by a shell upon startup

• “login” means a file is read if the shell is a login shell

• “n/login” means a file is read if the shell is not a login shell

• “int.” means a file is read if the shell is interactive

• “i.login” means a file is read if the shell is an interactive login shell

To find out what shell you are using type: echo $SHELL

To change your shell see chsh –help

A Virtual Private Server can work well to set up your own anonymous internet browsing proxy. A VPS can cost as little as $8 a month, which is roughly the same a private proxy or VPN provider would charge you. But with you being in full control over the logs and resources on the server which can be used for other things besides hiding your IP when browsing the internet, like for example IRC chat through the shell with irssi or hosting a website with lighttpd.

You could also open this proxy for friends and even set up your own anonymous proxy business open to the public. You do not need a great kowledge of Unix to do this, I will write down an step by step tutorial, this was done on a Debian server.

Proxy Server Diagram

1) You will need to install a proxy sever on your machine, this example uses  micro proxy,  a small Unix based HTTP/HTTPS proxy that runs from inetd.

privacylover# apt-get install micro-proxy
Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
micro-httpd micro-inetd
The following NEW packages will be installed:
micro-proxy
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 9838B of archives.
After this operation, 65.5kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org lenny/main micro-proxy 20021030+debian-5 [9838B]
Fetched 9838B in 0s (24.8kB/s)
Selecting previously deselected package micro-proxy.
(Reading database … 16543 files and directories currently installed.)
Unpacking micro-proxy (from …/micro-proxy_20021030+debian-5_amd64.deb) …
Processing triggers for man-db …
Setting up micro-proxy (20021030+debian-5) …

2) Install xinetd on your sever:

privacylover# apt-get install xinetd
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
xinetd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 147kB of archives.
After this operation, 336kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org lenny/main xinetd 1:2.3.14-7 [147kB]
Fetched 147kB in 1s (140kB/s)
Selecting previously deselected package xinetd.
(Reading database … 16548 files and directories currently installed.)
Unpacking xinetd (from …/xinetd_1%3a2.3.14-7_amd64.deb) …
Processing triggers for man-db …
Setting up xinetd (1:2.3.14-7) …
Stopping internet superserver: xinetd.
Starting internet superserver: xinetd.

Set micro proxy to run via xinetd (or inetd if you use that instead). Here goes my xinetd.conf file configured to use microproxy:

service microproxy
{
disable = no
bind = 127.0.0.1
socket_type = stream
protocol = tcp
user = root
wait = no
server = /usr/sbin/micro_proxy
}service microproxyssl
{
disable = no
bind = 127.0.0.1
socket_type = stream
protocol = tcp
user = root
wait = no
server = /usr/sbin/micro_proxy
}

3) Force xinetd to start the service for you by adding the following snippet of code in your etc/services file:

microproxy 2280/tcp
microproxyssl 2243/tcp

Notice that I am using port 2280 for HTTP and port 2243 for HTTPS, you can use any ports you like but make sure they are open in your server. You will also need to comment out any existing entries in /etc/services that try to define the same service ports.

After you have modified etc/services you will need to restart xinetd for the changes to take effect:

/etc/init.d/xinetd restart

4) Make sure the ports you want to use are open on the server, there are various methods to achieve this:

a) Install  lsoft and then:

lsof -i -nN -P | grep 2280
xinetd 29568 root 5u IPv4 1152793 TCP 127.0.0.1:2280 (LISTEN)

As you can see the line returns listen, this means that port 2280 is open. Change the port in the grep statement  for the port you want to check.

b) You can use netstat to check for open ports:

netstat -vatn

privacylover:/etc# netstat -vatn
Active Internet connections (servers and established)
Proto                        Recv-Q Send-Q Local Address                  Foreign                                 Address State
tcp                                  0 0 0.0.0.0:111 0.0.0.0:*                                                                      LISTEN
tcp                                  0 0 64.62.173.51:53 0.0.0.0:*                                                            LISTEN
tcp                                 0 0 127.0.0.1:53 0.0.0.0:*                                                                    LISTEN
tcp                                 0 0 127.0.0.1:982 0.0.0.0:*                                                                 LISTEN
tcp                                 0 0 0.0.0.0:22 0.0.0.0:*                                                                       LISTEN
tcp                                0 0 0.0.0.0:25 0.0.0.0:*                                                                       LISTEN
tcp                                0 0 127.0.0.1:953 0.0.0.0:*                                                                LISTEN
tcp6                             0 0 :::80 :::*                                                                                                LISTEN
tcp6                             0 0 :::53 :::*                                                                                                LISTEN
tcp6                             0 0 :::22 :::*                                                                                                LISTEN
tcp6                            0 0 ::1:953 :::*                                                                                           LISTEN

c) Another method to check for open ports on the server is to scan yourself with nmap:

privacylover# nmap localhost
Starting Nmap 4.62 ( http://nmap.org ) at 2009-03-30 05:21 UTC

5) Once you have installed micro proxy, configured xinetd and edited etc/services you should be done on the server side, now it is time to configure your internet browser.

If you are using Opera 9.*, go to Tools>Preferences>Advanced>Network>Proxy Servers now enter 127.0.0.1 port 5000 in the HTTP box and 127.0.0.1 port 5043 in the HTTPS box.

If you are using Firefox 3.* you will need to go to Tools>Options>Advanced>Settings and do exactly the same.

You only have left setting up the tunnel from the shell. Before start surfing with your browser, type:

ssh -L 5000:127.0.0.1:2280 -L 5043:127.0.0.1:2243 user...@machine.net

machine.net=your hostname, you will need to change the port numbers if you are using different ones.

To surf through the SSH tunnel on a Windows machine without shell you can use KiTTY

Firewall:
If you have IPtables installed, you will need to instruct your firewall to allow traffic through those ports, the following code will open port 2280 in IPTables:

iptables -A INPUT -p tcp -i eth0 –dport 2280 -j ACCEPT

To find out the list of open ports in the firewall use iptables -L:

privacylover# iptables -L
Chain INPUT (policy ACCEPT)
target                 prot                         opt                     source                        destination
ACCEPT             tcp                             —                       anywhere                  anywhere                                      tcp dpt:2280
ACCEPT              tcp                            –                       anywhere                  anywhere                                      tcp dpt:2243

Reference links:

- Alternative to micro proxy, proxy server software Antispyd

-List of open source proxy server software

- How to turn off IPtables firewall completely

-Find out what ports are listening on your server

Newsgroup dealing with port forwarding: comp.security.ssh