You could use a proxy to get around this, or maybe you just want light anonymity, or you may be using a restricted computer and need to send an urgent untreaceable anonymous email or Usenet message.

That is when a web interface to send anonymous messages through Mixmaster will come in handy.

If you want to run a web interface for the Mixmaster remailer on your server you could use Pyano, recently released (March 2010) and heavily inspired by the mixweb perl script (last updated in 2005) at cotse.net.

Pyano web interface mixmaster remailer for administrators

If you are a simply remailer user and want to send an anonymous message or if you want to see how Pyano works, then visit:

Mattherhorn remailer web interface for users

Send email anonymous

The German Privacy Foundation also has a remailer web interface on its website, although it does not run on Pyano. And in my experience messages get lost far too often. I suspect this is is because by default the web interface uses a fixed chain of five random remailers, it increases security but also the likehood of something happening to message in transit.

With Pyano you can choose how many remailer proxies you want to use and which ones in particular, even entry and exit nodes.

The German Privacy Foundation also runs a tor proxy and a i2P proxy.

German Privacy Foundation remailer web interface for users

The software used in the Free Technology Academy virtual campus is free software built upon an open standards framework.

The Free Technology Academy is financially supported by the Life Long Learning programme (LLP) of the European Commission.

You can download two great free Linux related eBooks from their materials webpage.

These books are released under the Creative Commons license, and it is likely that there will be new ones added to their course materials.

Check the Free Technology Academy website for updates and to learn what they are about.

Downloads:

Free eBook: Introduction to Free Software

Free eBook: GNU/Linux Advanced Administration

Unix server hacker (Creative Commons licensed picture)

Other great free open source Linux related eBooks that will help you build your knowledge can be found at:

Linux From Scratch

Not specifically Unix related, you can also try your luck at Wikibooks for all kind of free books online, although, unlike the others, Wikibooks does not seem to have a PDF download option.

Wikibooks

Geeky programmers can visit the free tech books website to download free online computer science, engineering and programming ebooks, text books and lecture notes. All of them legally released to the internet comunity. There are some interesting open source books in the FreeBSD section.

FreeTechBooks

Go to your webhosting account and edit your .htaccess file, or create it if it does not exist, then add these lines (RewriteEngine will typically be already set to on if you have a WordPress blog, you will then omit this line and do not write it twice):

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif [NC,R,L]

That is it! The most important part is to get yourdomain.com right, if you do not do this you will see the nasty image served by unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif

To whitelist search engines and let them hotlink to your images, you should add these lines to your .htaccess file (add other search engines at will):

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.de [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.nl [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.es [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.de [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.de [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?ask.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif [NC,R,L]

Stop bandwidth theft

Code explanation:

RewriteCond %{HTTP_REFERER} !^$ > Allow blank referrers (recommended). Some users surf under firewall and they do not provide any referrers, disallowing blank referrers will block them from accessing these images, but if you still want to do that simply delete this line.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] > Site allowed to link your images, if you do not add your domain here you will be blocking your own blog from displaying the images. You can also add Google and Bing here so that they can still link to the images.

RewriteRule \.(jpg|jpeg|png|gif)$ http://unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif [NC,R,L] > In between the () are type of files you want to block from hotlinking, you can also add .css and other extensions like .bmp. To add more seperate them with”|”.

Change ‘http://unix.privacylover.com/wp-content/uploads/2009/11/bandwidth_theft_message.gif‘ to your own message, whenever image hotlinking is detected this image will show up. It will be better if you host the image somewhere else out from your own webhost.

Warning: Make sure the image you are serving is not hotlink protected or your server can go into an endless loop.

Other ways to protect image hotlinking:

You may turn on hotlink protection at your CPanel webhosting account but this allows for far less customization than adding the manual .htaccess code.

There is a plugin for WordPress to stop hotlinking: WordPress Automatic Image Hotlink Protection

To check out if your hotlink protection is working visit this free hotlink checker

They will tell yo about your packet loss, ping time (This measurement tells how long it takes for a packet of data to travel from your computer to a server on the Internet and back) and jitter (the variance in measuring successive ping tests).

You will need an internet browser with at least Flash9.0 installed, in order to see the results.

PingTest

You could also open this proxy for friends and even set up your own anonymous proxy business open to the public. You do not need a great kowledge of Unix to do this, I will write down an step by step tutorial, this was done on a Debian server.

Proxy Server Diagram

1) You will need to install a proxy sever on your machine, this example uses  micro proxy,  a small Unix based HTTP/HTTPS proxy that runs from inetd.

privacylover# apt-get install micro-proxy
Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
micro-httpd micro-inetd
The following NEW packages will be installed:
micro-proxy
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 9838B of archives.
After this operation, 65.5kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org lenny/main micro-proxy 20021030+debian-5 [9838B]
Fetched 9838B in 0s (24.8kB/s)
Selecting previously deselected package micro-proxy.
(Reading database … 16543 files and directories currently installed.)
Unpacking micro-proxy (from …/micro-proxy_20021030+debian-5_amd64.deb) …
Processing triggers for man-db …
Setting up micro-proxy (20021030+debian-5) …

2) Install xinetd on your sever:

privacylover# apt-get install xinetd
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
xinetd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 147kB of archives.
After this operation, 336kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org lenny/main xinetd 1:2.3.14-7 [147kB]
Fetched 147kB in 1s (140kB/s)
Selecting previously deselected package xinetd.
(Reading database … 16548 files and directories currently installed.)
Unpacking xinetd (from …/xinetd_1%3a2.3.14-7_amd64.deb) …
Processing triggers for man-db …
Setting up xinetd (1:2.3.14-7) …
Stopping internet superserver: xinetd.
Starting internet superserver: xinetd.

Set micro proxy to run via xinetd (or inetd if you use that instead). Here goes my xinetd.conf file configured to use microproxy:

service microproxy
{
disable = no
bind = 127.0.0.1
socket_type = stream
protocol = tcp
user = root
wait = no
server = /usr/sbin/micro_proxy
}service microproxyssl
{
disable = no
bind = 127.0.0.1
socket_type = stream
protocol = tcp
user = root
wait = no
server = /usr/sbin/micro_proxy
}

3) Force xinetd to start the service for you by adding the following snippet of code in your etc/services file:

microproxy 2280/tcp
microproxyssl 2243/tcp

Notice that I am using port 2280 for HTTP and port 2243 for HTTPS, you can use any ports you like but make sure they are open in your server. You will also need to comment out any existing entries in /etc/services that try to define the same service ports.

After you have modified etc/services you will need to restart xinetd for the changes to take effect:

/etc/init.d/xinetd restart

4) Make sure the ports you want to use are open on the server, there are various methods to achieve this:

a) Install  lsoft and then:

lsof -i -nN -P | grep 2280
xinetd 29568 root 5u IPv4 1152793 TCP 127.0.0.1:2280 (LISTEN)

As you can see the line returns listen, this means that port 2280 is open. Change the port in the grep statement  for the port you want to check.

b) You can use netstat to check for open ports:

netstat -vatn

privacylover:/etc# netstat -vatn
Active Internet connections (servers and established)
Proto                        Recv-Q Send-Q Local Address                  Foreign                                 Address State
tcp                                  0 0 0.0.0.0:111 0.0.0.0:*                                                                      LISTEN
tcp                                  0 0 64.62.173.51:53 0.0.0.0:*                                                            LISTEN
tcp                                 0 0 127.0.0.1:53 0.0.0.0:*                                                                    LISTEN
tcp                                 0 0 127.0.0.1:982 0.0.0.0:*                                                                 LISTEN
tcp                                 0 0 0.0.0.0:22 0.0.0.0:*                                                                       LISTEN
tcp                                0 0 0.0.0.0:25 0.0.0.0:*                                                                       LISTEN
tcp                                0 0 127.0.0.1:953 0.0.0.0:*                                                                LISTEN
tcp6                             0 0 :::80 :::*                                                                                                LISTEN
tcp6                             0 0 :::53 :::*                                                                                                LISTEN
tcp6                             0 0 :::22 :::*                                                                                                LISTEN
tcp6                            0 0 ::1:953 :::*                                                                                           LISTEN

c) Another method to check for open ports on the server is to scan yourself with nmap:

privacylover# nmap localhost
Starting Nmap 4.62 ( http://nmap.org ) at 2009-03-30 05:21 UTC

5) Once you have installed micro proxy, configured xinetd and edited etc/services you should be done on the server side, now it is time to configure your internet browser.

If you are using Opera 9.*, go to Tools>Preferences>Advanced>Network>Proxy Servers now enter 127.0.0.1 port 5000 in the HTTP box and 127.0.0.1 port 5043 in the HTTPS box.

If you are using Firefox 3.* you will need to go to Tools>Options>Advanced>Settings and do exactly the same.

You only have left setting up the tunnel from the shell. Before start surfing with your browser, type:

ssh -L 5000:127.0.0.1:2280 -L 5043:127.0.0.1:2243 user...@machine.net

machine.net=your hostname, you will need to change the port numbers if you are using different ones.

To surf through the SSH tunnel on a Windows machine without shell you can use KiTTY

Firewall:
If you have IPtables installed, you will need to instruct your firewall to allow traffic through those ports, the following code will open port 2280 in IPTables:

iptables -A INPUT -p tcp -i eth0 –dport 2280 -j ACCEPT

To find out the list of open ports in the firewall use iptables -L:

privacylover# iptables -L
Chain INPUT (policy ACCEPT)
target                 prot                         opt                     source                        destination
ACCEPT             tcp                             —                       anywhere                  anywhere                                      tcp dpt:2280
ACCEPT              tcp                            –                       anywhere                  anywhere                                      tcp dpt:2243

Reference links:

- Alternative to micro proxy, proxy server software Antispyd

-List of open source proxy server software

- How to turn off IPtables firewall completely

-Find out what ports are listening on your server

Newsgroup dealing with port forwarding: comp.security.ssh

Off The Record (Encryption for IRC and IM)

This list is used for open discussion about Off-the-Record (OTR) Messaging software.
Subscribe at:

http://lists.cypherpunks.ca/mailman/listinfo/otr-users

Archived mailing list:
http://lists.cypherpunks.ca/pipermail/otr-users/

The or-talk mailing list is for all discussion about theory, design, and development of Onion Routing.

To join the or-talk mailing list, send an e-mail message to majo...@seul.org with no subject and a body of “subscribe or-talk”

Or-talk archived mailing list:
http://archives.seul.org/or/talk/

Or-talk can also be accessed as a read only newsgroup via news//:news.mixmin.net (SSL port 563, no username no password).

The name of the group is local.lists.tor.talk

Security Basics archived mailing list:
http://www.securityfocus.com/archive/105

To join email security-basics-subscribe @ securityfocus.com

Computer Forensics archived mailing list:
http://www.securityfocus.com/archive/104

To join email forensics-subscribe @ securityfocus.com

GnuPG Users archived mailing list:

http://lists.gnupg.org/pipermail/gnupg-users/

To join visit:

http://lists.gnupg.org/mailman/listinfo/gnupg-users

Mixmaster and remailer operatros archived mailing list:

http://lists.mixmin.net/pipermail/remops/

To join visit:

http://lists.mixmin.net/mailman/listinfo/remops

Computer Forensics SPANISH archived mailing list:

http://www.securityfocus.com/archive/128

To join email forensics-es-subscribe @ securityfocus.com

Computing mailing lists and Usenet groups accessible from the web:

These websites are a way to access computer related Usenet and mailing lists for those who dont want or can’t use their Usenet or email client:

http://www.opensubscriber.com

http://www.nabble.com/

http://www.archivesat.com/

http://www.gmane.org/

Other mailing lists that may be of interest:

Lynx, Unix text based browser mailing list archive on the web:
http://lists.gnu.org/archive/html/lynx-dev/To join the Lynx browser mailing list visit:
http://lists.nongnu.org/mailman/listinfo/lynx-dev

Elinks, Unix text based browser mailing list archive on the web:
http://linuxfromscratch.org/pipermail/elinks-users/

To join the Elinks browser mailing list visit:
http://linuxfromscratch.org/mailman/listinfo/elinks-users

Mozilla groups can be accessed through the free Usenet server: news://news.mozilla.org

Opera browser Usenet groups can be accessed through the free Usenet server:  news://news.opera.no/

Some IRC networks offer you a secure SSL chat but you will need to specify the port for this, the most common ports in IRC  for secure (SSL) connections are  6697/9999, however it will depend on the network. The usual port for plain IRC chat without SSL is 6667, or something in between 6660/6670

To choose your preferred port in irssi:

/server irc.rizon.net -p 6667

This example uses the Rizon IRC network , a well known IRC network with many chatrooms of Japanese hentai, manga, anime, lolicon, furry,etc…

irssi unix IRC client

Anyone can write plugins and additional features for open source software, and irssi has dozens of useful scripts available.

Some of the irssi scripts I like:

autowhois.pl /WHOIS all the users who send you a private message.
blowjob.pl Encrypt IRC communication with blowfish encryption
topics.pl Records a topic history and locks the channel topic
nickserv.pl This script will authorize you into NickServ
fserve.pl File server for irssi
cron.pl Cron implementation, allows to execute commands at given interval/time
clones.pl /CLONES – Display clones in the active channel (with added options)
binary.pl Encodes and decodes into binary what you and others type in the channel
anotherway.pl Another auto away script

To download those scripts and many more visit:

http://scripts.irssi.org/

Some examples:

mkpasswd –char=10

This will generate a 10 char random password.

You can also try:

mkpasswd -s “insertwordhere”

This will take the characters from the entered word, and create a password from those characters.
For more information see:

mkpasswd man page

You can get makepasswd from any Linux repository and there is a FreeBSD port available.

You can block people from viewing your website using rules in your firewall IP tables but if you dont have access to that, you can edit the .htaccess file and add a list of IPs to be blocked, you can get the whole IP range from a country from Blockacountry.

However this solution may cause server overload if many requests are made from that country, another easier way to do this, is by banning people from accessing your website according to their browser language set up, for example to ban people who is using a Chinese internet browser you will add to your .htaccess file:

RewriteCond %{HTTP_ACCEPT_LANGUAGE} zh-CN
RewriteRule .* – [F]

THis will generate error 403 message, and the visitor will get a “Forbidden” message when visiting your page, but it can be changed to something else. The zh-CN is the browser setting for Chinese, this can be changed to any other language you like.