#dns filtering | Explore Tumblr Posts and Blogs

zimthandmade · 2 months

Note

heelooo! Big fan of your art and your dn au, I've become so attached to the characters because of how you write them!

a mellodramattic outfit swap would be very cute. I can imagine them waking up late one morning and mixing up their clothes in their frenzy. ..

Every ship needs an outfit swap at some point ☝️

Exhibit A on why it takes me ages to answer asks: I overthink myself into oblivion until everything makes sense haha

I asked around on what people think Matt has stored in his pockets and here are some of the highlights:

fidget spinners (at least three)

more nintendo DS games that should be reasonably possible to fit in there

a pouch of rolling tobacco, skins and filters in a silly tin (a terribly cringey one with wolves)

a moldy piece of chocolate he was intending to give Mello a long time ago

condoms & lube

chewing gums out of the pack (freely roaming in there, Mello has eaten some unknowingly and is reflecting on his life choices)

swiss army knife with useless options only

the cap of the first beer he ever drank

half taken apart flip phone

rubber band ball

a really really bad knockoff Pikachu figurine

modelling clay

a wad of sticky tack

an old fortune cookie he forgot to eat

(my personal favourite) a cigarette pack with multiple branded prerolls he refers to as a "variety pack". There's one menthol in there. He offers you the pack russian roulette style.

Please, I'm begging you, feel free to extend the list, I'm dying to know what other secrets you think Matt's pockets hold.

----- My other socials Commission Info Let's drink some Ko-Fi! 🍵

177 notes · View notes

imagineyouricon · 8 months

Text

anyway I will say this: buy android phones. learn to mod android applications. learn android app dev and adb. use developer options to disallow ANY APPS from using your camera and mic without you knowing. use FOSS appstores like f-droid for better apps. learn networking and how your router works. put a DNS-based VPN filter on your phone or buy a raspberry pi and turn it into a pi-hole for your wi-fi network if you truly can't let go of apple. you will be happier with your mobile devices, at least.

apps are gonna keep tracking you whether you want them to or not. tos is going to wrap itself more and more into your data, digital footprint digital identity whatever. and if you care for your data and privacy (and you really, honestly should) you need to at least protect yourself from these kinds of things. it's only going to get worse. thanks.

#mod 2 #yes this is mod 2 being old and figity about web and data again but for the love of God take care of yourself #I really like the UKs laws about data and I wish that would come overseas but the US thrives on selling it all off.

332 notes · View notes

dinisuciyanti · 3 months

Text

Populasi perokok

Data terakhir menunjukkan bahwa 70% pria di Indonesia itu perokok. Sisanya 30% yang gak merokok, atau 1 dari 3 laki-laki itu gak ngerokok.

Sirkel teman-teman ku, setauku, kalau belum berubah, para kolega laki-laki ini gak merokok. Dipikir-pikir, susah juga ya jadi cowok gak ngerokok disaat lingkungannya pada ngerokok.

Merokok atau gak nya gak bisa di-judge dari jenis pekerjaan, rajin olahraga, atau keimanan seseorang. Ada kok nakes/dokter yang ngerokok, banyak malah. Yang sering lari tapi ngerokok? ada. Yang soleh sering ke mesjid tapi ngerokok? banyak. Yang level pendidikannya S2 DN/LN ngerokok? banyak. Jadi memang, ya, ancene hidden gem para laki-laki yang gak ngerokok ini wkkw.

Jadi, kalau filter kandidat potensyel pasangan itu mesti gak merokok, ya memang susah kalo nyari di Indonesia. Tapi ada. 1 dari 3 pria.

26 Januari 2024

#randomthoughts

29 notes · View notes

voxxvindictae · 18 days

Text

If I’m being honest, the most useful skill for hacking is learning to do research. And since Google’s search is going to shit, allow me to detail some of the methods I use to do OSINT and general research.

Google dorking is the use of advanced syntax to make incredibly fine-grained searches, potentially exposing information that wasn’t supposed to be on the internet:

Some of my go-to filters are as follows:

“Query” searches for documents that have at least one field containing the exact string.

site: allows for a specific site to be searched. See also inurl and intitle.

type: specifies the tor of resource to look for. Common examples are log files, PDFs, and the sitemap.xml file.

Metasearch engines (such as SearxNG) permit you to access results from several web-crawlers at once, including some for specialized databases. There are several public instances available, as well as some that work over tor, but you can also self-host your own.

IVRE is a self-hosted tool that allows you to create a database of host scans (when I say self-hosted, I mean that you can run this in a docker container on your laptop). This can be useful for finding things that search engines don’t show you, like how two servers are related, where a website lives, etc. I’ve used this tool before, in my investigation into the Canary Mission and its backers.

Spiderfoot is like IVRE, but for social networks. It is also a self-hosted database. I have also used this in the Canary Mission investigation.

Some miscellaneous websites/web tools I use:

SecurityTrails: look up DNS history for a domain

BugMeNot: shared logins for when creating an account is not in your best interest.

Shodan/Censys: you have to make an account for these, so I don’t usually recommend them.

OSINT framework: another useful index of tools for information gathering.

#osint #hacking #research tools #research #network #palestine #free gaza #free palestine

12 notes · View notes

the-sleepy-archivist · 1 month

Text

Blocking Ads on Mobile Devices

Blocking ads on our phones is way harder than it should be so I figured I'd make some recommendations. These are not the only options out there, just the ones that I know and use.

Please note that browser-level and system-level adblocking are complementary; you'll have the best experience if you use both of them together as they each block different things in different places. If you want a basic idea of how effective your combined adblocking setup is, you can visit this website in your mobile browser.

Lastly, there is some additional advice/info under the readmore if you're curious.

Android

Browser-Level

uBlock Origin (for Firefox)

System-Level (works in all apps, not just browsers)

AdGuard

Blokada 5 (completely free version) OR Blokada 6 (has some newer features but they require a subscription)

iPhone/iPad

Browser-Level

AdGuard (Safari extension; free for basic browser-level blocking, requires a subscription for custom filters)

System-Level (works in all apps, not just browsers)

AdGuard (requires subscription for system-level blocking)

AdGuard DNS only (this is free and does not require the AdGuard app, BUT I would only recommend it for advanced users, as you can't easily turn it off like you can with the app)

Some additional info: browser-level blocking is a browser addon or extension, like you might be used to from a desktop computer. This inspects the HTML code returned by websites and searches for patterns that identify the presence of an ad or other annoyance (popup videos, cookie agreements, etc.). System-level blocking is almost always DNS-based. Basically whenever an app asks your phone's OS to make a connection to a website that is known for serving ads, the system-level blocker replies "sorry, I don't know her 🤷‍♂️💅" and the ad doesn't get downloaded. This works in most places, not just a browser, but be warned that it might make your battery drain a little faster depending on the app/setup.

Lastly, note that some apps may behave unpredictably when they can't download ads. For example, the Tumblr app has big black spaces where the ads are, and sometimes those spaces collapse as you scroll past them and it messes up scrolling for a few seconds (UPDATE: looks like the scrolling issue may have actually been a Tumblr bug that they have now fixed, at least on iOS). Still way less annoying than getting ads for Draco Malfoy seduction roleplay AI chatbots imo though. And honestly *most* apps handle this fairly gracefully, like a mobile game I play just throws error messages like "ad is not ready" and then continues like normal.

#adblockers #ad blocking #digital privacy #internet privacy #firefox #firefox extensions #mine #adguard #blokada #android #ios #iphone

9 notes · View notes

dykelawlight · 2 months

Note

hello isa!! for the meme, could i ask 11 and 19?

Hi Kyo!! Of course!

11. number of fandom-related words you've filtered

I have a remarkable ZERO filtered for DN! I'm just very picky about who I follow in that regard and if someone only posts about shit I don't care about or dislike I hit that unfollow button. But I filter the holy hell out of terms for fandoms I'm not interested in lmfao like every ship name every abbreviation EVERYTHING. If I've decided I do not want to see something I purge that shit from my dash completely.

19. you're mad/ashamed/horrified you actually kind of like...

It was so hard to think of something for this because I'm genuinely completely almost unashamed of everything I like so I'll go with the fact I'm not necessarily proud of thinking that the DN fandom could use more omegaverse. I said it.

9 notes · View notes

mostlysignssomeportents · 4 months

Text

This day in history

#20yrsago Blockbuster prez calls for end to DVD region-coding https://web.archive.org/web/20060501151122/http://hometheater.about.com/gi/dynamic/offsite.htm?site=http://www.hollywoodreporter.com/thr/home_video/brief_display.jsp%3Fvnu_content_id=2047010

#20yrsago LiveJournal demographics https://web.archive.org/web/20040212004957/https://www.livejournal.com/stats.bml

#20yrsago Verisign calls for Internet redesign, Minitel-style https://www.isen.com/blog/archives/2003_12_01_archive.html#107166720994279652

#15yrsago Henry Jenkins’s Neil Gaiman interview video http://henryjenkins.org/2008/12/from_neil_gaiman_to_j_michael.html

#15yrsago Steven Johnson’s “The Invention of Air” — how an eclectic minister/scientist/politician shows that history is a web https://memex.craphound.com/2008/12/17/steven-johnsons-the-invention-of-air-how-an-eclectic-minister-scientist-politician-shows-that-history-is-a-web/

#15yrsago Yahoo to anonymize logs after 90 days https://www.eff.org/deeplinks/2008/12/yahoo-anonymize-logs-after-90-days-compared-google

#15yrsago HOWTO Make a DNS dead-drop https://landonf.org/code/security/DNS_Dead_Drop.20060128201048.26517.luxo.html

#15yrsago HOWTO build a Linux-based supercomputer out of Playstation 3s https://phys.org/news/2008-12-scientists-supercomputer-sony-playstation.html

#10yrsago CopyrightX: Harvard’s ground-breaking MOOC on copyright law https://web.archive.org/web/20131214032640/http://copyx.org/

#10yrsago Amnesty petition to release Chelsea Manning https://web.archive.org/web/20131221031616/http://takeaction.amnestyusa.org/siteapps/advocacy/ActionItem.aspx?c=6oJCLQPAJiJUG&b=6645049&aid=520439

#10yrsago Arapahoe teacher on survival and resilience https://thefischbowl.blogspot.com/2013/12/scar-tissue.html

#10yrsago 60 Minutes attains new journalistic low with NSA puff-piece https://www.techdirt.com/2013/12/16/cbs-airs-nsa-propaganda-informercial-masquerading-as-hard-hitting-60-minutes-journalism-reporter-with-massive-conflict-interest/

#10yrsago Edward Snowden’s open letter to the people of Brazil, offering help in rooting out NSA spying in exchange for asylum https://www.theguardian.com/world/2013/dec/17/edward-snowden-letter-brazilian-people

#5yrsago London cops are subjecting people in the centre of town to facial recognition today and tomorrow https://arstechnica.com/tech-policy/2018/12/londons-police-will-be-testing-facial-recognition-in-public-for-2-days/

#5yrsago Official UK investigation of $100 billion laundered through Scottish Limited Partnerships ignores all evidence https://www.nakedcapitalism.com/2018/12/uks-reform-limited-partnership-law-dead-arrival.html

#5yrsago No peace in Hungary as thousands fill the streets, risking police violence, to protest slave labor law https://edition.cnn.com/2018/12/16/europe/hungary-protests-intl/index.html

#5yrsago ISP that protested being ordered to block Sci-Hub by blocking Elsevier and government agencies now under threat for “Net Neutrality” violations https://torrentfreak.com/isp-faces-net-neutrality-investigation-for-pirate-site-blocking-retaliation-181217/

#5yrsago “Owning your data” will not save you from data capitalism https://memex.craphound.com/2018/12/17/owning-your-data-will-not-save-you-from-data-capitalism/

#5yrsago Science fiction writers on the future of work https://www.wired.com/story/future-of-work-sci-fi-issue/

#5yrsago Google’s secretive, data-hungry private city within Toronto will be much larger than previously disclosed https://rabble.ca/general/plan-re-image-torontos-waterfront-how-much-does-public-know-about-plan/

#5yrsago Internal sources say googler uprising has killed Google’s plans to launch a censored, spying Chinese search engine https://theintercept.com/2018/12/17/google-china-censored-search-engine-2/

#5yrsago False Flag: my science fiction story about the future of copyright filters in an Article 13 Europe https://www.greeneuropeanjournal.eu/false-flag/

#5yrsago Arizona realtor surprised to find Canadian “white hat” hacker talking to him through his smart doorbell https://memex.craphound.com/2018/12/17/arizona-realtor-surprised-to-find-canadian-white-hat-hacker-talking-to-him-through-his-smart-doorbell/

#pluralistic

10 notes · View notes

aquadestinyswriting · 1 year

Text

Land of Eternal Summer

Summary: Snotgrut has convinced his friends to come with him on an errand off-plane. The only problem is, he didn't bother telling anyone exactly which plane they were visiting in an attempt to give people a pleasant surprise.

Words: 857

Tags: @druidx @homesteadchronicles @flashfictionfridayofficial @asher-orion-writes,@warriorbookworm, @odysseywritings, @blind-the-winds, @thesorcerersapprentice

Warnings: None

Notes: Set in a vague time period around 5-7 years post DNS. 'Arry couldn't get time off :(.

Sunshine filtered through the canopy of the forest, dimly lighting the simple footpath that had been trodden through the undergrowth. A gentle and warm breeze wound its way around the eclectic group of people making their way through it towards the edges of a small village nestled snugly within the seemingly neverending forest.

"Remind me again why I've been dragged back to this godsdamned plane?" Meredith groused, readjusting the pack on her shoulder for the millionth time. Snotgrut's left ear twitched, but he didn't look back at the grumpy dwarven woman as he replied,

"You didn't ask where I was planning on going." He pointed out. The goblin briefly turned his head to frown in confusion at the cleric, "I'm not sure why you're so upset anyway. From what I heard, you guys are going to be very welcome here. Way more welcome than I was during my last visit anyway."

Felix skipped ahead of the others until he fell in step beside his goblin friend,

"You'll be just as welcome as we are, Snotgrut." The gnome stated happily, beaming at his fellow Arcane Trickster, "The elves of Arborea have long memories and won't have forgotten what you did for them the last time you were here."

"Aye, that's the problem." Meredith grumbled, glancing over to Elowyn. Elowyn glanced back at her friend with a tight smile,

"If I'd known this is where Snotgrut's 'errand' was going to take us, I'd have happily stayed home with you." She sighed. The woodling glanced up at the sparkling spires of a temple to Deep Sachellas that had now come into view. Aurianna, who was currently riding on Elowyn's shoulder in kitten form, nuzzled into her neck with a reassuring purr,

"If we asked them nicely, I'm sure Felix and Snotgrut can create some sort of distraction if you get too overwhelmed and need an escape." The dragon-turned-kitten suggested. Elowyn scratched Aurianna behind an ear,

"They might end up creating one anyway." She pointed out, "You know as well as I do what usually happens when those two are in the same place for more than half an hour." Meredith snorted and smiled for the first time since arriving on the elven plane,

"Aye, well, you'd ken better than me." She said. Quentin suppressed his own snort,

"Why would you guys even need a distraction anyway?" He asked, "Well, I can think of why Elowyn might want one, but I'm not sure why you'd need one. Unless…" The elve's eyes narrowed as Meredith stayed quiet, an embarrassed flush spreading across her face under her beard. Elowyn, catching Quentin's expression out of the corner of her eye, immediately stepped in front of Meredith, as the dwarf's embarrassed expression dropped into one of outraged offence,

"Oh, Gods, no!" She exclaimed, "None of us had any time for that kind of activity. Well… 'Zeage might have, but definitely not the rest of us." She stated, her words coming out far more quickly than she intended.

Felix and Snotgrut had stopped and turned to see what the commotion was about at this point and were staring at their three friends. Snotgrut with a look of befuddled confusion and Felix with a sudden look of understanding. The gomish man looked back towards the spires,

"Oh! I think I understand now. This is the same village we stayed in the first time we came here." Felix turned back to Snotgrut, "After Merri managed to use some God Clay to resurrect Deep Sachellas, the elves here were so grateful they pretty much declared her to be some sort of Living Saint." He explained. He looked back towards the path leading to the village, "I wonder if they finished that statue they were talking about making?" He murmured.

Snotgrut blinked as Felix rattled off his one-sided conversation slash explanation. He had, of course, known about that particular incident. The gnome had told him all about it during their last visit to Arborea, after all. It just hadn't occurred to the goblin that Meredith might be embarrassed about it. He cocked his head as he considered what to do about it. Another warm breeze brushed over him, allowing some of the eternally summer sunshine to drop directly onto him. The goblin sighed and shook his head,

"None of you have to come into the village, but I don't think any of you will be able to get food, drinks or beds out here." He called, pointedly ignoring Quentin's call of 'I'm pretty sure I can!', spinning smartly on his heel and marching up the footpath. Felix scrambled after him, grinning happily. Quentin shrugged and quickly strode off after the goblin and gnome.

Meredith grumbled, uncrossing her arms and gesturing for Elowyn and Aurianna to follow,

"We might as well get this over with." She groused. Elowyn sighed and nodded. The quicker they all got there, the quicker they could escape again.

The trees swayed in the strengthening wind. Just because it was eternally summer here didn't mean the weather was always pleasant. Especially this close to the coast. And especially when Deep Sachellas was done with his siblings' antics.

#aquadestinyswriting #titan fighting fantasy #meredith gruksdottir #elowyn o'toreguarde #aurianna #felix parker tinker #quentin goldenrose #writeblrcafe #flash fiction friday

20 notes · View notes

nyaza · 7 months

Text

(this is a small story of how I came to write my own intrusion detection/prevention framework and why I'm really happy with that decision, don't mind me rambling)

Preface

About two weeks ago I was faced with a pretty annoying problem. Whilst I was going home by train I have noticed that my server at home had been running hot and slowed down a lot. This prompted me to check my nginx logs, the only service that is indirectly available to the public (more on that later), which made me realize that - due to poor access control - someone had been sending me hundreds of thousands of huge DNS requests to my server, most likely testing for vulnerabilities. I added an iptables rule to drop all traffic from the aforementioned source and redirected remaining traffic to a backup NextDNS instance that I set up previously with the same overrides and custom records that my DNS had to not get any downtime for the service but also allow my server to cool down. I stopped the DNS service on my server at home and then used the remaining train ride to think. How would I stop this from happening in the future? I pondered multiple possible solutions for this problem, whether to use fail2ban, whether to just add better access control, or to just stick with the NextDNS instance.

I ended up going with a completely different option: making a solution, that's perfectly fit for my server, myself.

My Server Structure

So, I should probably explain how I host and why only nginx is public despite me hosting a bunch of services under the hood.

I have a public facing VPS that only allows traffic to nginx. That traffic then gets forwarded through a VPN connection to my home server so that I don't have to have any public facing ports on said home server. The VPS only really acts like the public interface for the home server with access control and logging sprinkled in throughout my configs to get more layers of security. Some Services can only be interacted with through the VPN or a local connection, such that not everything is actually forwarded - only what I need/want to be.

I actually do have fail2ban installed on both my VPS and home server, so why make another piece of software?

Tabarnak - Succeeding at Banning

I had a few requirements for what I wanted to do:

Only allow HTTP(S) traffic through Cloudflare

Only allow DNS traffic from given sources; (location filtering, explicit white-/blacklisting);

Webhook support for logging

Should be interactive (e.g. POST /api/ban/{IP})

Detect automated vulnerability scanning

Integration with the AbuseIPDB (for checking and reporting)

As I started working on this, I realized that this would soon become more complex than I had thought at first.

Webhooks for logging This was probably the easiest requirement to check off my list, I just wrote my own log() function that would call a webhook. Sadly, the rest wouldn't be as easy.

Allowing only Cloudflare traffic This was still doable, I only needed to add a filter in my nginx config for my domain to only allow Cloudflare IP ranges and disallow the rest. I ended up doing something slightly different. I added a new default nginx config that would just return a 404 on every route and log access to a different file so that I could detect connection attempts that would be made without Cloudflare and handle them in Tabarnak myself.

Integration with AbuseIPDB Also not yet the hard part, just call AbuseIPDB with the parsed IP and if the abuse confidence score is within a configured threshold, flag the IP, when that happens I receive a notification that asks me whether to whitelist or to ban the IP - I can also do nothing and let everything proceed as it normally would. If the IP gets flagged a configured amount of times, ban the IP unless it has been whitelisted by then.

Location filtering + Whitelist + Blacklist This is where it starts to get interesting. I had to know where the request comes from due to similarities of location of all the real people that would actually connect to the DNS. I didn't want to outright ban everyone else, as there could be valid requests from other sources. So for every new IP that triggers a callback (this would only be triggered after a certain amount of either flags or requests), I now need to get the location. I do this by just calling the ipinfo api and checking the supplied location. To not send too many requests I cache results (even though ipinfo should never be called twice for the same IP - same) and save results to a database. I made my own class that bases from collections.UserDict which when accessed tries to find the entry in memory, if it can't it searches through the DB and returns results. This works for setting, deleting, adding and checking for records. Flags, AbuseIPDB results, whitelist entries and blacklist entries also get stored in the DB to achieve persistent state even when I restart.

Detection of automated vulnerability scanning For this, I went through my old nginx logs, looking to find the least amount of paths I need to block to catch the biggest amount of automated vulnerability scan requests. So I did some data science magic and wrote a route blacklist. It doesn't just end there. Since I know the routes of valid requests that I would be receiving (which are all mentioned in my nginx configs), I could just parse that and match the requested route against that. To achieve this I wrote some really simple regular expressions to extract all location blocks from an nginx config alongside whether that location is absolute (preceded by an =) or relative. After I get the locations I can test the requested route against the valid routes and get back whether the request was made to a valid URL (I can't just look for 404 return codes here, because there are some pages that actually do return a 404 and can return a 404 on purpose). I also parse the request method from the logs and match the received method against the HTTP standard request methods (which are all methods that services on my server use). That way I can easily catch requests like:

XX.YYY.ZZZ.AA - - [25/Sep/2023:14:52:43 +0200] "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA==" 400 150 "-" "-"

I probably over complicated this - by a lot - but I can't go back in time to change what I did.

Interactivity As I showed and mentioned earlier, I can manually white-/blacklist an IP. This forced me to add threads to my previously single-threaded program. Since I was too stubborn to use websockets (I have a distaste for websockets), I opted for probably the worst option I could've taken. It works like this: I have a main thread, which does all the log parsing, processing and handling and a side thread which watches a FIFO-file that is created on startup. I can append commands to the FIFO-file which are mapped to the functions they are supposed to call. When the FIFO reader detects a new line, it looks through the map, gets the function and executes it on the supplied IP. Doing all of this manually would be way too tedious, so I made an API endpoint on my home server that would append the commands to the file on the VPS. That also means, that I had to secure that API endpoint so that I couldn't just be spammed with random requests. Now that I could interact with Tabarnak through an API, I needed to make this user friendly - even I don't like to curl and sign my requests manually. So I integrated logging to my self-hosted instance of https://ntfy.sh and added action buttons that would send the request for me. All of this just because I refused to use sockets.

First successes and why I'm happy about this After not too long, the bans were starting to happen. The traffic to my server decreased and I can finally breathe again. I may have over complicated this, but I don't mind. This was a really fun experience to write something new and learn more about log parsing and processing. Tabarnak probably won't last forever and I could replace it with solutions that are way easier to deploy and way more general. But what matters is, that I liked doing it. It was a really fun project - which is why I'm writing this - and I'm glad that I ended up doing this. Of course I could have just used fail2ban but I never would've been able to write all of the extras that I ended up making (I don't want to take the explanation ad absurdum so just imagine that I added cool stuff) and I never would've learned what I actually did.

So whenever you are faced with a dumb problem and could write something yourself, I think you should at least try. This was a really fun experience and it might be for you as well.

Post Scriptum

First of all, apologies for the English - I'm not a native speaker so I'm sorry if some parts were incorrect or anything like that. Secondly, I'm sure that there are simpler ways to accomplish what I did here, however this was more about the experience of creating something myself rather than using some pre-made tool that does everything I want to (maybe even better?). Third, if you actually read until here, thanks for reading - hope it wasn't too boring - have a nice day :)

#coding #codeblr #virtual private servers #python #dns #dns server #dnsmanagement

8 notes · View notes