Google is Quietly Recording Everything You Say

Thanks to a function of their search software, Google could have years worth of your conversations recorded, and you can hear it for yourself. Your cringe-worthy history can be heard and viewed along with a list of all your searches, at your personal Google history page.

The feature was built into Google’s search function as a means of delivering accurate search results. However, the sheer accuracy and amount of data Google stores is chilling.

The good news is that you can turn it off and delete it, and at the end of this article, we will show you how.

As the Independent reports:

The recordings can function as a kind of diary, reminding you of the various places and situations that you and your phone have been in. But it’s also a reminder of just how much information is collected about you, and how intimate that information can be.

You’ll see more if you’ve an Android phone, which can be activated at any time just by saying “OK, Google”. But you may well also have recordings on there whatever devices you’ve interacted with Google using.

However, even if you don’t have an Android phone and conduct Google searches on iDevices, Google is still listening.

When visiting your personal history page that the web giant keeps on you, it will show you everywhere Google has a record of you being on the internet.

Of course, Google claims that this information is never personally used against you and is done solely for the purpose of enlightening your experience on the web. However, imagine the ominous implications if this information was being used against you.

Google now processes over 40,000 search queries every second on average, which translates to over 3.5 billion searches per day and 1.2 trillion searches per year worldwide.

The data from these searches is then stored on each individual who conducts them. Using this data or steering results in a particular direction, the internet behemoth could effectively influence the entire world. Aside from influence, Google could predict the future based on trends.

Much of this search history is tied location data retrieved from the device being used to conduct the query. So, not only does the search engine have information on what your interests are, it has you specific interests based on where you are at any given moment.

Google’s motto of Don’t Be Evil now seems like less like a request for its users and more like a way of keeping themselves in check.

Now for the good news — you can turn all of this off.

You can start this eye-opening journey by heading to Google’s history page and looking at the long list of recordings. The company has a specific audio page as well as their record of where you’ve been on the internet.

If you’ve never disabled the feature, you will see a list of audio recordings, even some done outside of the Google app, as well as a transcript of the audio Google has converted to text.

What we recommend, after you further panic by listening to or scrolling through Google’s creepy recordings of your search history, is to delete them all and disable the functions.

The Independent explains just how to do this:

To delete particular files, you can click the check box on the left and then move back to the top of the page and select “delete”. To get rid of everything, you can press the “More” button, select “Delete options” and then “Advanced” and click through.

The easiest way to stop Google recording everything is to turn off the virtual assistant and never to use voice search. But that solution also gets at the central problem of much privacy and data use today – doing so cuts off one of the most useful things about having an Android phone or using Google search.

Now that you know this exists quit voluntarily handing over your data to unknown parties and share this article with your friends and family to show them how to stop it as well.

Source

 
4 Kudos
You are
awsome 🙂

Youtube Hacked right now?

On February 8, a lot of popular YouTubers started loosing subscribers rapidly! PEWDIEPIE, Faze Rug, RoomanAtwood and many others are currently experiencing this huge YouTube bug/hack. If you search “YouTube is crashing” in YouTube, you can see that a lot of channels already uploaded their videos regarding this issue.

If we take a look at real-time subscriber counter, for example PewDiePie, you can see subscribers are going down so fast.

There is still no official response from YouTube/Google regarding this issue. We just hope it will stop soon.

Source: Hakoder
 
3 Kudos
You are
awsome 🙂

Steam Down!!! Phantom Squad DDoS Steam servers and bring it down for Christmas!!

Steam servers DDoSed and taken down by Phantom Squad hacker group, gamers left in lurch during busy Christmas weekend

If you are a gamer, we told you earlier to watch out for this group of hackers who have promised havoc during the oncoming Christmas holidays. Right now they are showing a trailer of what they can achieve. Yes, we are talking about Phantom Squad who have promised to bring down Steam, Sony’s PlayStation and Microsoft’s Xbox down during the week starting today.

And they seemed to have started with Steam today.

for your near and dear ones

 

The DDoS attack mounted by PhantomNations on Steam servers is so severe that almost all regional gaming servers are down and the report now shows as 0.00 % online. It is worthwhile to remember that Steam operates about 17 regional servers including  3 for US, 4 for Europe and Australia, India, Brazil, Japan etc.  All Steam activities including the Steam community and the Steam Store are down so you cannot buy Steam games as Christmas gifts for your near and dear ones.

Steam servers DDoSed by Phantom Squad hacker group, gamers left in lurch during busy Christmas weekend

Phantom Squad seems to be playing with thousands of Steam gamers as of now as is explained with this tweet:

The blame for the Steam outage lies solely on Steam developers as the Phantom Squad had warned of such attacks during the busy Christmas season. Even now, Microsoft and Sony should fix their DDoS countermeasures as their Xbox Network and PlayStation Network are likely to be the next targets for Phantom Squad.

DDoSing the gaming servers during the busy Christmas holidays is not new. Lizard Squad did it in 2014 and virtually brought Xbox Network and PlayStation Network to a standstill for a whole week. Last year, PSN and Xbox escaped the ire of hackers but Steam was down for nearly 3 days. This year, Phantom Squad had given an early warning about their intent and even now they are taunting the Steam developers.

 

Right now most tech websites are linking the Steam outage to the rush due to Steam’s Winter Sale which went live yesterday but we can confirm that this is a mega-DDoS attack on Steam servers.

This is a developing story and we will get you full info about the Phantom Squad’s DDoS attack on Steam servers as it is happening. Sadly for Steam gamers, the attacks on the Steam servers seems to be increasing with passing time and it doesn’t look like they will be having a good Christmas!

Update: Most of the Steam services are back up now

 
4 Kudos
You are
awsome 🙂

The Cost of Ransomware

Alina Simone’s gripping 2015 account of her mother’s extortion ordeal was the first time many non-tech people had heard the term “Ransomware”. It presented a threat that felt intensely personal. It blocked access to data we use to define ourselves: family photos, letters to relatives, tax and financial records, and beloved music and movies.

Flash forward a year, and ransomware is all over the media. The reason for its rise is simple: money.

Before the emergence of ransomware, criminals mainly used (and still use) malware to take control of machines. Malicious code harvested user names, passwords, and credit card numbers. It might have also used infected PCs in a botnet for sending spam or launching attacks that shut down major websites, usually as a decoy while hackers broke in elsewhere.

For Criminals, Ransomware Is Lucrative

Ransomware cuts out the digital middlemen. Rather than collect credit card details that must then be sold on the dark web for a few cents to a few dollars, ransomware demands money directly from the victims. While the amount varies, it tends to be few hundred dollars for individuals.

Yet these small sums are taking a heavy toll. The exact number of ransomware attacks is hard to gauge, as many go unreported. But according to our data they are rising fast. While official complaints about ransomware (and ransoms paid) to the US Department of Justice amounted to only around $24 million in damages in 2015, other numbers are much higher. In April, CNBC estimated the cost of ransomware at around $200 million in the first three months of 2016 alone. Late last year, the Cyber Threat Alliance stated that a single piece of ransomware, CrytopWall v3, resulted in an estimated $325 million in damages worldwide over the course of its lifetime. And as far back as June 2014, the FBI issued a report saying CryptoLocker swindled more than $27 million from users over a two-month period.

Bigger Targets May Mean Bigger Paydays

These numbers speak to the audacity of ransomware purveyors. The long-tail effect of attacking individuals has proven so lucrative, it is unlikely to ever go away. But many organizations also hold sensitive customer data that needs to be protected both to ensure effective service and consumer privacy. That makes them particularly juicy targets to hackers.

Healthcare provides are a case in point. If they lose control of patient information, they may be unable to deliver treatment when needed. There are also strict legal requirements governing the protection of patient data. Both make them subject to lawsuits that could cost them far more than what they would have to pay in ransom. A hospital in Hollywood, California, paid $17,000 in bitcoin to hackers after being locked out of their data. Fortunately, so far, other reported attacks have fared less well. Healthcare providers in Kentucky and Ottawa refused to pay, as no patient data was compromised; and an attack in Germany was quickly contained by fast-acting IT staff.

Still, the hospitals have had to invest considerable time and resources into fighting the attacks. They will also need to launch multiple efforts internally and externally to restore patient trust.

And hospitals are not alone. A 2016 report by the Institute for Critical Infrastructure Technology, an industry think tank, declares 2016 the year of ransomware, suggesting few organizations are safe. For instance, systems at an Israeli electrical utility were infected by ransomware after a phishing attack. A utility in Michigan has been allegedly attacked. Multiple police stations have been hit and paid ransoms to regain access to their systems. Local governments are increasingly feeling the pressure, with attacks reported in places as diverse as Alto City, Texas, and Lincolnshire, UK. And criminals have subverted online adverts of venerable media organizations, such as the BBC and NYT, turning their websites into potential sources of drive-by ransomware.

The Right Protection Saves Money

This is why protection is essential, especially for individual users, most of whom lack the expertise and resources of even modest city councils and small hospitals. Over a three-month period earlier this year, a conservative estimate by AVG is that its antivirus prevented around $47 million in extortion demands through the interception of just three types of ransomware: Cryt0L0cker, CryptoWall, and TeslaCrypt. And that number says nothing of the mental and emotional costs that would have resulted from feeling violated or the costs of replacing machines, software, and media if a victim decided not to pay.

slorunner.eu does not recommend paying. There is no guarantee criminals will release the files. They may also leave a piece of malicious code behind that allows them to strike again. It is better to call tech support, salvage what you can, make frequent backups, and get good antivirus protection – and thus prevent the writing of another news story like Alina Simone’s.

 
2 Kudos
You are
awsome 🙂

5 Things to learn from Mr. Robot (TV Series)

Hello everybody, and welcome to slorunner.eu.

First of all, my favorite TV Series Mr. Robot is back with season 2, and It gets better and better. In this article, we’ll talk about Things you can learn about InfoSec from Mr. Robot TV Series.

If you don’t know about Mr. Robot, then you are living in a world full of Illusions. Mr. Robot is an American drama–thriller television series created by Sam Esmail. It stars Rami Malek as Elliot Alderson, a cybersecurity engineer and hacker who suffers from social anxiety disorder and clinical depression.

Alderson is recruited by an insurrectionary anarchist known as “Mr. Robot”, played by Christian Slater, to join a group of hacktivists. The group aims to cancel all debts by attacking the large corporation E Corp.

This show takes technical realism to levels unprecedented for Hollywood. Without further ado, here are five information security lessons from season 1 of Mr. Robot.

  1. A Hacker can compromise your phone in seconds, and you’ll never even know it:
    Mr Robot Hacks - The Tech BibleHackers don’t need to steal your phone — that would be too obvious, and would only give them access to your data from the past.
    Instead, they can gain control of your phone using spyware. They can do this in minutes, and you’ll never even know.
    In Mr. Robot, one of the characters (Tyrell Wellick) installs a root kit on someone’s phone in less time than it takes to shower. Using Flexispy  — a widely-used Android spyware tool — the character “roots” the phone — putting it in superuser mode — and then hides the normal superuser icon to obscure the fact that the phone has been tampered with.
    FlexiSpy - The Tech BibleFrom now on, Tyrell is able to monitor all of that phone’s digital and audio communications.

    Word to the wise :  Using your phone’s thumbprint scanner or setting a lock screen password will make it much harder for a hacker to do this to you.

  2. Don’t Accept CD or USB drives from strangers:
    Mr. Robot Hacks using USB - The Tech Bible

    Emerging from the subway, a boombox-blasting rapper offers you a free copy of his newest album.

    Now, you wouldn’t take candy from some guy in bellbottom jeans and stick it in your mouth. Don’t take a CD from some guy in a flat-bill cap and stick it in your computer!

    To be fair, you would still need to execute a file. In Mr. Robot, hackers use an alluring filename like “Free iTunes Gift Card.exe” to dupe the victim into double-clicking it. This installs a Remote Access Trojan (RAT), effectively giving the attacker access to files and even webcams. Creepy.

  3. Hide Things in Plain Sight:
    Sometimes the best place to hide things is right out in the open. Who would think twice about that binder of old rock albums on your floor?
    Mr. Robot uses Encrypted CDs to hide Data - The Tech Bible

    What looks like a normal CD — that even plays their album scrawled on it with a sharpie—actually contains an extra layer of data stashed within.

    Removed from any network access, the only way to read the data on these CDs would be to physically enter the premise and get a hold of them. You’d then for at least long enough to spin up an optical drive and dump their contents.

  4. If you aren’t using Bluetooth, then Turn It Off:
    Mr. Robot hacks Police Van Bluetooth - The Tech Bible

    If an attacker discovers an open bluetooth connection on your device, they could connect their own keyboard to it and start inputing commands.

    Yes, it is possible to open up a terminal with a series of hotkeys in both Windows and OS X, and from there type in malicious commands. As a bonus, turning off Bluetooth when you’re out and about will reduce your battery consumption.

  5. You are your own greatest vulnerability:

    Do you know where the weakest link in any Security System is? It’s you, with your shitty passwords and how you share every part of your life online from Geo-tagging everything you do, to a photo you post of your new ATM Card.

    Throughout Mr. Robot, the most common exploit is good old social engineering — manipulating people into doing what you want.

    Here are some red flags to look out for when interacting with strangers:

    1. A phone call that jumps straight into “I just need to ask you some security questions first” — many services use the same security questions, and these could also be used to speed up a brute-force attempt to guess your password.

    2. A stranger approaches you with an all-too-plausible story and asks to use your phone — this is an easy way to get your phone number or other identifying information.

    3. Your own vanity, laziness, love of family, or fear of germs — these are all vulnerabilities that an attacker can take advantage of. If a stranger seems to be winding you up emotionally for no reason, they may be more than just a mean person. They may be an attacker.
    Elliot from Mr. Robot - The Tech Bible

That’s it for now. I hope you like the article(which I am sure you will if you are a Mr. Robot fan).

Bonsoir!

Source: TheTechBible

 
1 Kudos
You are
awsome 🙂

Scientists say giant asteroid could hit earth next week, causing mass devastation

Scientists have discovered a massive asteroid that is on course to hit the Earth next week, and are scrambling to find a way to divert the object.

The asteroid has been named 2016-FI and measures approximately 1 km across. If it strikes a populated area is could wipe out entire cities and potentially devastate an entire continent or … nah. I’m totally messing with you. There’s no asteroid (at least not about to strike next week).

But there is a new study by computer scientists at Columbia University and the French National Institute that has found that 59 percent of links shared on social media have never actually been clicked, meaning that most people who share news on social media aren’t actually reading it first.

For the study, Arnaud Legout and co-authors collected two data sets:

the first, on all tweets containing Bit.ly-shortened links to five major news sources during a one-month period last summer; the second, on all of the clicks attached to that set of shortened links, as logged by Bit.ly, during the same period. After cleaning and collating that data, the researchers basically found themselves with a map to how news goes viral on Twitter.

The map showed “viral” news is widely shared but not necessarily read.

According to the Washington Post, one thing study authors say is concerning about this is that it shapes the way we see the world.

Legout said in a statement:

“People are more willing to share an article than read it. This is typical of modern information consumption. People form an opinion based on a summary, or a summary of summaries, without making the effort to go deeper.”

This probably won’t shock most people. We see it all the time in comments sections – people making loud proclamations about stories they clearly haven’t read. Entire discussions are chaired by those who didn’t actually RTFA (Read the Fucking Article). It’s maddening.

What can you do about it?

RTFA, of course, and don’t share things you haven’t read. Being informed is being responsible.

So, have you made it this far or are you busy building a makeshift shelter in your basement?

If you read it, and want to comment, work a colour – red, blue, yellow, pink, whatever – into your comment, would you? But don’t ruin the headline for everyone else, OK? Thanks. You’re the best.

 
0 Kudos
You are
awsome 🙂

Create a Custom API in OpenCart

Create a Custom API in OpenCart

You’ll need to create custom APIs for unique requirements in your project development at some point in time, and that’s what we’ll cover throughout the course of this tutorial. In our custom API module, we’ll fetch the list of all products available in the store, and it’ll be a JSON encoded output as required by the REST standards in OpenCart.

I assume that you’re familiar with the basic module development process in OpenCart.  Another important point: I’m using the latest version of OpenCart, that is 2.1.0.2 as of writing this, and you should do that too to ensure the compatibility of core APIs.

Without wasting much of your time, I’ll straight away dive into the practical stuff, and that’s what the next section is all about.

A Glance at the File Setup

Let’s have a look at the list of files required for the desired setup.

  • catalog/controller/api/custom.php: It’s a controller file, and most of our application logic resides in this file.
  • catalog/language/en-gb/api/custom.php: It’s a language file that holds language variables.
  • common.php: This file holds the common code for reusability purposes.
  • login.php: It’s a file that demonstrates how to log in to the store using the REST API.
  • products.php: It’s a file that demonstrates how to fetch products using our custom API module.

So, that’s all it takes to set up our custom API module and test it using PHP CURL library.

We’ll start with the controller file, go ahead and create a file catalog/controller/api/custom.php with the following contents.

<?php
// catalog/controller/api/custom.php
class ControllerApiCustom extends Controller {
public function products() {
$this->load->language(‘api/custom’);
$json = array();

if (!isset($this->session->data[‘api_id’])) {
$json[‘error’][‘warning’] = $this->language->get(‘error_permission’);
} else {
// load model
$this->load->model(‘catalog/product’);

// get products
$products = $this->model_catalog_product->getProducts();
$json[‘success’][‘products’] = $products;
}

if (isset($this->request->server[‘HTTP_ORIGIN’])) {
$this->response->addHeader(‘Access-Control-Allow-Origin: ‘ . $this->request->server[‘HTTP_ORIGIN’]);
$this->response->addHeader(‘Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS’);
$this->response->addHeader(‘Access-Control-Max-Age: 1000’);
$this->response->addHeader(‘Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With’);
}

$this->response->addHeader(‘Content-Type: application/json’);
$this->response->setOutput(json_encode($json));
}
}

Probably, it should be pretty familiar stuff if you’re aware of the structure of OpenCart module files. However, we’ll discuss the important snippets from the products method.

First of all, we have to check the authenticity of the request, and it’s checked by the existence of the api_id variable in the active session. In the case of a valid and authenticated request, we’ll go ahead and fetch all the products using the getProducts method of the core Product model. Of course, it’ll give a permission denied error message in the case of invalid login.

Next, there’s a generic security check to protect against CSRF attacks. It’s accomplished by checking the existence of the HTTP_ORIGIN variable, and adding appropriate headers if it does exist.

Finally, we’ve used the json_encode function to encode the $products array, and the result is passed as an argument of the setOutput method.

Next, we’ll go ahead and create a language file for our module at catalog/language/en-gb/api/custom.php with the following contents.

<?php
// catalog/language/english/api/custom.php
// Error
$_[‘error_permission’] = ‘Warning: You do not have permission to access the API!’;

So, that’s it as far as the OpenCart-related file setup is concerned. From the next section onwards, we’ll create the files that help us test our custom API using the PHP CURL library.

How It Works

Before we go ahead and test our custom API module, you should make sure that you’ve created API user credentials from the back-end of OpenCart.

If you haven’t done so yet, it’s pretty easy. Head over to the back-end, navigate to System > Users > API, and add a new API user. While doing so, it’s important to note that you also need to add an IP address from which you’re supposed to make API calls.

Go ahead and create a common.php file and paste the following contents in that file.

<?php
function do_curl_request($url, $params=array()) {
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, ‘/tmp/apicookie.txt’);
curl_setopt($ch, CURLOPT_COOKIEFILE, ‘/tmp/apicookie.txt’);

$params_string = ”;
if (is_array($params) && count($params)) {
foreach($params as $key=>$value) {
$params_string .= $key.’=’.$value.’&’;
}
rtrim($params_string, ‘&’);

curl_setopt($ch,CURLOPT_POST, count($params));
curl_setopt($ch,CURLOPT_POSTFIELDS, $params_string);
}

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);

return $result;
}

As you can see, it contains just one function, do_curl_request, which will make a CURL call to the URL passed by the $url argument. The second argument is an array of parameters in case you need to POST the data.

The other important things to note are the CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE settings. These set the file in which the cookies will be stored and read from. As we’ll need to make authenticated calls, it’s a must! Of course, you want to change the path /tmp/apicookie.txt according to your system settings. Make sure that it’s writable by the web server too!

Finally, the function returns the response by the CURL request!

Obviously, the first thing to do is to start the session, and you’ll need to use the login method. Let’s have a look at an example. Go ahead and create a login.php file with the following contents.

<?php
require “common.php”;

$url = ‘http://your-opencart-store-url/index.php?route=api/login’;

$fields = array(
‘username’ => ‘demouser’,
‘key’ => ‘ysvF7M1nqNYiZV3GFtU252jhn0FrCWMdH8Kw8qR6DApZ7RSJWCN7S0IvIxnti1QP2wUNsYCaG6vHa2l2q8FTFbWNwNYQUO58CfSYJHHJRG0vt7OBN60BnE5MdEVLBSSJVBZJ7ioFuiAmQN1dmBO56dmaawULlY8lnWFXQimecZznUo7NCJHp3rkL1tOAYgeIUl1oVjzrZ7cayikQEvUtwIGj7Ai4XudDH70E7hKGNJcXPiY5RfgFI8PQ8eLg1FZJ’,
);

$json = do_curl_request($url, $fields);
var_dump($json);

First, we’ve included the common.php file created in the previous section. Next, the $url variable defines the API login URL of the OpenCart store. Next, the $fields array holds the API user credentials created earlier.

Finally, we call the do_curl_request method to log in. Importantly, you should see a token variable in the $json object. Note down the value of that variable as we’ll need to pass it while making subsequent API calls.

Next, let’s create a products.php file with the following contents.

<?php
require “common.php”;

$url = ‘http://your-opencart-store-url/index.php?route=api/custom/products&token=GtULQW9ZMhhHLi3ooobDukIqTmqOZ1fJ’;
$json = do_curl_request($url, $fields);
$data = json_decode($json);

var_dump($data);

The important snippet to note in the above example is the route querystring variable. It’s set to the api/custom/products value, which by convention calls the products method defined in the custom.php controller file created at the beginning of this tutorial. Also, we’ve passed the token variable along with its value to make sure that we have access to the API.

Anyway, what we’re interested in is the proper JSON encoded output in the $data variable. And that’s what you should see when you run the products.php file! It should work out of the box if you’ve created proper user credentials and set up the files as explained.

This is just scratching the surface of what the REST API in OpenCart is capable of. In our case, it was a pretty simple yet effective example to demonstrate the topic. Having said that, you could extend it and implement tailor-made solutions according to your requirements.

That’s it for today’s article. Don’t hesitate to ask queries and leave your suggestions as they are valuable!

Conclusion

Today, we’ve discussed how you could create a custom API in OpenCart by creating a custom module. In the process, we went through the complete workflow to achieve the aforementioned functionality.

 
4 Kudos
You are
awsome 🙂

How to get free .HOST domain

Today im going to show you how to get a free .HOST domain, super simple and easy.

Step 1.

Go to http://www.whmcs.com/hostgator/ . Enter “216.172.164.64”

in the domain field (without the quotes of course) 3. Click on button “Check eligibility” .

Click “Sign up” 5. Click “Update cart”. After that you will be redirecteed to registration form.

Fill in your information and be sure to fill in a valid email because you will get your key there! .

Finish your order and within few minutes you will receive totaly free WHMCS key!

Step 2. Go to This website

Enter your domain that you would like use.

Click on Check Out

Enter your WHMCS Lincense Key (That you created on step 1.) in the form.

You get a FREE .host domain for 1 year!

 
6 Kudos
You are
awsome 🙂

Simple way to proxy all your traffic trough SSH (LINUX)

Simple way to proxy all your traffic trough SSH (LINUX)

Requirements:
VPS – can be lowend since we only need to connect to it
Machine that will use proxy

1. Setup passwordless ssh access via keys (Linux)

Type this in terminal on main server:

ssh-keygen -t rsa -C mainserver

Skip all password requests with enter key (so you don’t need to use password to connect)

Now you should see the files id_rsa and id_rsa.pub in your .ssh directory in your home folder:

ls ~/.ssh
authorized_keys  id_rsa  id_rsa.pub  known_hosts

P.S: don’t worry if you don’t have “authorized_keys” or “known_hosts” files 🙂

2. Make it secure:

Connect to remote host and make new user (named proxy here):

adduser proxy

then just press enter until you need to confirm that all information is correct, press y and then enter to create new user

Change default SSH port (22) to something random (Port you can access on remote server)

nano /etc/ssh/sshd_config

Find: "Port 22"

and change it to Port x where x is your choosen port

3. Copy public key to Remote host (Proxy):

cat ~/.ssh/id_rsa.pub | ssh proxy@remote-host'install -d -m 700 ~/.ssh; cat >> .ssh/authorized_keys'

4. Try to login with same username that you used to copy public key:

ssh proxy@remote-host

you should be auto connected now

5. Use this as proxy:

ssh -D 1025 proxy@remote-host [-p x (only if you changed port)]

now set local proxy settings to

Firefox Proxy settings

Firefox Proxy settings

Socks host: localhost and port 1025 (or any port you choosen before on -D switch)

6. Make it persistent
as root install screen: “apt-get install screen” and edit /etc/rc.local file

nano /etc/rc.local

and add this line to it

/usr/bin/screen -dmS screenname bash -c 'ssh -C -D 1025 proxy@remote-ip-address' &

“-C” is used to compress traffic and lower bandwith 😉

copy private key from the user you used before (if it wasn’t root sure)

cp /home/proxy/.ssh/id_rsa ~/.ssh/id_rsa

this way ssh proxy will auto start when sytem is booted 🙂

I hope you liked this tutorial, if you don’t understand something or have problems feel free to comment bellow 🙂 Sugestions are appreciated 😉

P.S: you can now use cheap vps to run proxy on them :p

my screens – proxies
VUppJeC.png

 

Cheap VPS hosting providers:

VirtWire (Recomended: fast servers, cached ssd, low memory avaliable)

GestionDBI

 
3 Kudos
You are
awsome 🙂