• Content count

  • Joined

  • Last visited

  • Days Won


phaedrus last won the day on January 17 2016

phaedrus had the most liked content!

Community Reputation

9 Neutral

About phaedrus

  • Rank
    MAX(int x[2])

Profile Information

  • Gender
  1. The easy way for me would be to run linux as a os, and use the festival engine for text to speech:- Then write a batch/shellscript to convert all notes left in a certain directory to audio then encode to mp3 beforehand and just copy to in car mp3 player of choice and use its navigation facilities. Its not as technically brilliant, but it does cover the problem fairly easily. You could get it down to a couple of commands to run the job by hand too.
  2. Thats why its always a great thing to have your dns hosted by a different service than your webhosts, then you are not putting all your eggs in one basket and can be back up and running on a new server within hours of problems. What's even better is to have your own domain registrar register it too, so you can edit the details on the console directly too. And steer clear of .uk & .com domains of course, nominet have some strange ips tag system which costs a fortune to register in, and .com we all know about the current activities going down there. It is a pity they tightened up on cook islands requirements so much, as it used to be fun to have a domain way back but now all the requirements to be met puts it outside the bounds of doable for a bit of fun. .ru should strike phear into any sysadmin's heart as they read the snort logs too :-) The question of level of setup/operational cost vs level of payback is what it comes down to as always. How naughty are you going to be? will it pay enough to cover the above properly? If you are just building a information store and not generally going to be a asshole over half the internet from the server, you probably can quietly get away with it without making too many ripples. I do believe spammers,phishers and carders should burn in hell, and the above is not a endorsement. Their obvious abuse of the above has gotten many a good host and service prematurely shut down or put under the spotlight.
  3. i know the whole add the colon with the port number at the end of the web address trick.. that would be fine if I was only looking for access myself, but if i was looking for access just for myself, i would probably not even bother with the domain name and just use teamviewer to access the system when i did not have physical access to it.. .shit i could even use a teamviewer app on my android phone to get access to the system... what i am wanting to to really is host my movie library which is nearly 600 movies, audio, and photographs on a password protected area of the server... but i probably want to have some publicly accessible content.. and i think just having a straight domain name to the server is the easiest thing for less technical people.. In which case webhop as above is your friend. Myth to a remote frontend, I personally welcome our new lagmonster overlords when that happens. Especially to stuff captured from a dvb card. Some of the euro providers set their bitrates at full on HD by default...
  4. I am in monaco at the moment, so potentially.
  5. What you describe sounds like dyndns's webhop feature, Although probably lot of other dns provider offer something similar. Or you could just set your sever up to listen on port xyz, eg 80080, and then type for eg to access it. Non standard port is part of http:// ftp etc protocols. Or you could establish a ssh connection and do a real ptp vpn. You can do that over non standard ports too, ssh just takes a -p flag on the connection string to specify.
  6. Buy hosting in favourite legally unreachable hornets nest (russia, china, anywhere really truly offshore), share location by ip address, be naughty until your hosts get fed up with your behavour/bandwidth usage and evict you. Rinse & repeat with new host.
  7. Apart from a multitude prepay phones, each with the same pseudo random user which changes in sync each month, which seem to be linked to a disproportionate amount of abuse and crime. Piquing the crap out of the feds who investigate it deeply for the bizarreness of it. I'm sure that wont attract any attention Why not just write the info down in a note on your pc, or in a password storage safe, or on a post it backwards or something random, and dont share it with anyone? let them get their own random made up data, its far less suspicious for all.
  8. These are good too, just string together as many as you like, put a 1wire controller on your pc and under linux install the OWFS fuse filesystem. Then you can just use cat to read the devices as if they were flat text files in the filesystem and expose the status and other niceties to whatever client you fancy via a webserver on the box. Dallas do a whole 1wire series, the temperature sensors are really cool too. If you ring dallas and pretend to be needing them for company prototyping, they usually will send you free ones. My only warning would be to power them, as in parasitic mode when the bus gets long and complex, you sometimes see weird glitches because of it. edit, forgot the damn link...
  9. Why is telnet so bad?, as everyone has already covered off, packet sniffing. Its trivial. Why is it still in use at all? old kit that can't handle ssh. Not so much servers because you would have to be seriously lacking as a admin to put a solaris or unix box out on the internet using plaintext protocols to log into it, but various router and terminal servers etc. Some of that stuff is still using SS7 & telnet and will never change until its left in smoking ruins by script kiddies. I shudder in fear when I see a company using telnet to administer routers the public internet. And it happens far far too often.
  10. Astalavista used to be one of the places for HPVAC stuff on the net, about 10-12 years ago, at a time when everyone was twitchy about posting that sort of thing they seemed unphased by the law, beyond it almost. In fact the entire domain was full of interesting stuff, now I guess they trade on that name alone... Not saying that they deserve it now, but they were something once...
  11. +1 gentoo. Day1 its horrid while you get your head around the whole USE file directives and portage etc, week 1 its uncomfortable if you need to get stuff done, but by month 1 you have recompiled it so often you have everything how you want it and are playing round with stuff out of sunrise for the hell of it. And don't let compiler speed put anyone off. I run gentoo on a ragtag bunch of fanless atom mini pc's and netbooks dotted about the place. If they can handle it, anything can. And if the maintainer does something which totally blows donkey's, you can always go in and make a local version of the package and de-tweak any political tweaks (I am looking at you openvpn and the no authuserpass directive, although they've now put that in the USE flags for the package, so I can stop butchering my local mirror of the package now...) Now if only they hadn't thrown the xbox stuff out for similar reasons. I used to use gentoo on my xbox...
  12. GAWD! I hope they don't get too fancy with car batteries! They're simple, and work flawlessly when properly maintained. Sooner or later, someone will want to put an IPv6 address, remote access, and firmware on them. probably since they have smartphone apps to start and unlock your car already... What could possibly go wrong with that...
  13. Dos4GW & Assembler. I was quite a early adopter before finding slackware on floppies then later on redhat I think at one point I ran sco, but that was when they actually had a product...
  14. You are just about to keylog their activities to try to rape their computer and take over half their online accounts (or I'd guess in Nick P's case, to prove its possible) for your own personal gain. At which point would you begin to care that you might damage their future motherboard upgrade path???
  15. Warning, Caution, Mayday! Don't put anything you value any degree of confidentiality with on that server as is. While thats generally a good rule for any internet facing webserver if possible, someone has managed to get filesystem level access to that web server and you have no way of knowing what else they changed when they had that. They could have left other processes and backdoors on the system sleeping, and while you've closed the automated spambot injecting one, they could be popping back to see if theres any information they could harvest manually that could generate money for them, or be using it as a attack launchpad in some undetectable to you and your current toolkits level. There's a whole genre of software designed to be installed post hacking by the hackers to enable them to keep a level of control over it. Google rootkit. Or invisible rootkit. Or read round here. Seriously, treat it as still completely compromised because as far as you know it still is. If something gets broken into, the content you generate should be backed up and the whole server nuked and reinstalled then patched against whatever you find before it goes back onto the internet. If its a virtual server, they can probably reimage in minutes, and you can get exclusive access to make your config changes via an alternative ip. Depends on how receptive the hosting company is. Two of mine are great, and the third doesnt give a s*** and won't assist even with security stuff they have caused which the fix on would be to their benefit. Maybe thats why they are a 1/4 the price, so I just use that box for low importance hosting of bulk volume stuff. I run tripwire on the servers I care about lots amongst various other monitoring tools, and I can check whats been altered if they get attacked because it takes a cryptographic sum of the entire machine less a few directories which change often and dont hold binaries or config. And even if I ran the checksum check post successful intrusion as identified by other monitoring tools on there, I'd still pull that server from service and nuke it from orbit. For the sql injection, basically a simplified summary is typically the webserver takes in post data from a form somehow, say a search box or username etc. And it doesn't check for unsafe char's in the input or overlong data lengths, or source of post (some mad fools do their sanitization in javascript client side, in which case its trivial to just make a new page up with their parameter names in and bypass every control or safety measure they put in). The server hands this data off to the sql server, which starts parsing through the data. So lets give a simple example. Some of this syntax might be a bit wobbly because I'm writing it off the top of my head but it outlines the general act. A username box is entered with "'; DROP database mysql;", and posted to your webserver. The webserver hands it to mysql, which comes along and parses the name contents, which ends up as a DROP DATABASE command once the first ` closes the original query. If your webserver is running with full priv over your mysql database, it could result in instant complete deletion. Of course most attackers don't want to make a noise, so instead its more common to do a select * and attempt to extract information stored in there with the same method, or inject new users in to connect with etc. Ive seen this work against commercial products so don't feel too ashamed if you find it too. Most of the open source forums etc are fairly well tested by now, but they do have the occasional vuln identified so its always good practice to stay with as new a version as you can with them, ditto for the rest of your software stack if you have any control over it. Not many people would blow a 0 day on a forum about donkey saving or something, its mostly known exploits months or years old for that level. Bit of a learning curve to take all the above in quickly and understand it, but you'll get there if you want to.