Install Syncthing on Debian 11 or Proxmox LXC container

Syncthing on the Debian 11

If you’re on this page I am going to assume you already know what Syncthing is.

This same setup should work on any of the latest Debian-flavor distros, no need to include additional Apt sources or GPG keys, Syncthing has been included in the Debian 11 apt repository as of 2/22/23.

apt-get update && apt-get upgrade -y
apt-get install apt-transport-https -y

then

apt-get install syncthing -y

to make sure it has been installed…

syncthing --version

you should get something similar to:

syncthing v1.12.1-ds1 "Fermium Flea" (go1.15.9 linux-amd64) debian@debian 2021-07-23 20:27:51 UTC

This confirms that it is indeed installed.

Now we need to create a service file for systemd to start our Syncthing automatically as a system service. This configuration will allow you to access your Sycthing dashboard from any computer on your local network. YOU WILL STILL NEED TO ADD CREDENTIALS TO YOUR SYNCTHING GUI.

You can use vim or nano as your editor of choice.

nano /etc/systemd/system/syncthing@.service

Add the following lines to your syncthing@.service service file. The service file makes your Syncthing install accessible over the local network by default. By default, Syncthing uses port 8384, feel free to change it to your liking.

[Unit]
Description=Syncthing - BAMF Open Source File Synchronization for %I
Documentation=man:syncthing(1)
After=network.target

[Service]
User=%i
ExecStart=/usr/bin/syncthing -no-browser -gui-address="0.0.0.0:8384" -no-restart -logflags=0
Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

[Install]
WantedBy=multi-user.target

Save and close the file when you are finished. Then, reload the systemd daemon to apply the changes.

systemctl daemon-reload

Next, start the Syncthing service with the following command:

systemctl start syncthing@root

To access the server over your network you can simply get your local network address using

ip r

You should get a response like, the last value is your local network address:

default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10

We access our Syncthing dashboard by opening our browser of choice and entering http://192.168.1.10:8384 , note that, by default, Syncthing runs on port 8384. Depending on your application, if you’re server is a firewall running on it, you will need to update your settings to allow traffic on those ports or whatever ports you decide to use later.

Once logged into your dashboard you will want to update your GUI access settings. After securing your Syncthing dashboard you can then further customize your settings to your preferences.

Mounting A Windows Shared Folder/Drive For Syncthing Storage

If you have a NAS and want to mount a Windows shared drive as a storage option for Syncthing:

apt-get update && apt-get upgrade -y
apt-get install cifs-utils -y

Assuming you already have a Shared Windows Folder/Drive setup, we create a folder in our standard mnt directory:

mkdir /mnt/Syncthing

To test our connection, we mount our Windows Share drive:

mount -t cifs -o username=windowsUsername,password=windowPassword //COMPUTER_IP/SharedFolderName /mnt/Syncthing

If successful you can see your mounted folder’s content via /mnt/Syncthing

Due to the nature of Linux, this drive mount will not persist after reboot . In order to add persistence to the mount you will need to do some additional configuration to fstab.

Before we add details to our fstab, let’s create a file to store our Windows share credentials, storing in the root folder will also protect from other possible non-root users accessing the file. You can change this folder to whatever you like just keep in mind that if you have multiple users and don’t want them to see the contents of the file you will need to add additional permissions to the credentials file.

Create the local credentials file like this:

vim /root/windows_credentials

We then enter the corresponding details, don’t be a noob and actually enter windowsUsername and windowsPassword, enter your actual share details…

username=windowsUsername
password=windowsPassword

Save the file.

Now we edit our fstab

vim /etc/fstab

We add the following line:

//COMPUTER_IP/SharedFolderName  /mnt/Syncthing  cifs  credentials=/root/windows_credentials,file_mode=0755,dir_mode=0755 0       0

Save the file.

Mount the share:

mount /mnt/Syncthing

Tired of the mounted folder? Simply unmount it like this:

unmount /mnt/Syncthing

If you do unmount, don’t forget to remove the line from your fstab.

General note: when mounting folders, always mount to a new folder, don’t try to mount to an existing folder or you’re going to have fun figuring out what happened to the files you had in it…

Installing MariaDB + PHPMyAdmin on Debian 11/Debian 11 Proxmox LXC Container

Installing MariaDB 10.5

apt update; apt upgrade -y
apt -y install curl software-properties-common gnupg2

then

curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
bash mariadb_repo_setup --mariadb-server-version=10.5

then

apt install mariadb-server mariadb-client -y

then

mariadb-secure-installation

when prompted…

Switch to unix_socket authentication [Y/n]    (Answer: n)
Change the root password? [Y/n]               (Answer: n)
Remove anonymous users? [Y/n]                 (Answer: y)
Disallow root login remotely? [Y/n]           (Answer: n)
Remove test database and access to it? [Y/n]  (Answer: y)
Reload privilege tables now? [Y/n]            (Answer: y)

Install Apache2

apt install apache2 -y

Install PHP

We are using this server strictly for MariaDB, to make things simple, we can install our OS’s native PHP version, in Debian 11’s case that would be PHP 7.4. If needed PHP8 will also work.

apt install php php-common php-mysql php-gd php-cli -y
service apache2 restart

Install PHPMyAdmin

apt install phpmyadmin -y

log into MariaDB and create our Database Administrative user.

mysql -u root -p

once you’ve logged in, we create our new Administrative user via MySQL/MariaDB cli, take note of the bold words, don’t forget to use unique values if copy and pasting.

CREATE USER Administrator@localhost IDENTIFIED BY "mysecretpassword";
GRANT ALL PRIVILEGES ON *.* TO Administrator@localhost WITH GRANT OPTION;
FLUSH PRIVILEGES;

exit

once outside MariaDB’s cli and back into Debian’s terminal

service mysql restart

Install Vim (text editor)

apt install vim -y

Adding SSL/HTTPS Support to Apache/PHPMyAdmin

a2enmod ssl
a2enmod rewrite

Prepare our apache folder for SSL cert storage

mkdir /etc/apache2/certs/ssl

then

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/certs/ssl/ssl.key -out /etc/apache2/certs/ssl/ssl.crt

once completed with cert detail prompts you will want to edit apache’s defaut site config

vim /etc/apache2/sites-available/000-default.conf

Add the following three lines of code before the </VirtualHost> closing tag.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Finally we enable our ssl configuration and restart our apache services

a2ensite default-ssl.conf && systemctl restart apache2

to get your local server IP address, inside terminal use the following

ip addr

once you have your server’s local network address you should be able to access it from any computer on the same subnet using putty.

For this example, the server sits on the same local network. If you wanted to host the server remotely and access phpmyadmin you would likely use certbot to autogenerate validated ssl certs.

Fake Online Pet Store Scams Are On The Rise

Anyone considering buying a pet via a website should be wary of making any payments until you have done aggressive research on the facility/kennel!

Over the past year, and due to covid lockdowns, there has been an increase in websites selling pets. In some cases, these sites are entirely fake. This type of scam is particularly crueler, much like the popular scams targeting the less tech-savvy using fake refund/bank/amazon login sites.

The scam goes a little like this:

  • Attackers setup a fake website, usually using something like WordPress.
  • Attackers then go to various websites and steal images of real dogs belonging to other kennels/sellers.
  • Attackers then set up a fake marketplace utilizing the stolen content.
  • Attackers then optimize their websites to rank higher then real kennels.

Due to the nature of how idiotic SEO algorithms are, buyers are funneled in directly to the fake site via search engines. Once on the site, the attackers use multiple metrics to optimize their profiles and ultimately scam their targets.

How To Avoid Being Scammed By Fake Pet Store Sites

  1. Do Your Research, Call, Visit (if you can), ask for a Zoom, Skype, Duo, or Facetime video call.
  2. If You are paying a premium price for a high-end breed, Look up the kennel club’s information, the American Kennel Club Is a first good step.
  3. Take the profile picture of the site’s pet profile and do a quick Google Image Search, make sure it’s not a stock photo or a stolen image from another site.
  4. Watch out for foreign accents.
  5. Ask for a license, visit their state’s or local municipality’s website and verify their license. You should be able to call a customer service line as well.
  6. Don’t use giftcards, cryptocurrency, zell, cash, check. Use PayPal or a Credit Card which offers better protection from such scams.

As a previous pet owner, I know how falling for a scam like this can upset anyone. Hopefully, these quick tips will have helped someone trying to get a pet do it a bit more safely and, most importantly, not fall for a potential scam.

When your new pet gets home, don’t forget to buy them lots of treats!

Northwest Victims Tricked Into Calling Scammers Fake Support Number

There seems to be some hilarious tomfoolery going on where victims are tricked into calling a fake support number via email. The worst part is the scammer’s effort or IQ level, put some effort loser, but I digress. The worst part seems to be it targeting the poor (those experiencing financial hardship if you want to be P.C.) as they would be most likely to panic and call. Beware if you’re lucky enough to fall for it, you are further exploited into giving account details, credit cards numbers, nuclear codes, etc. The scam is some basic sh*t but for the uninitiated, it can spell a bad week or month/s of the recovery process. So the moral of the post is if you get a shady email telling you to thank you for your some unknown purchase from Amazon (or wherever), with a crazy price, support numbers listed in the same email multiple times… I’d probably call it, f*ck it.

No, no, don’t call. Validate the sender’s address, no support email from any big company will come from Gmail or Hotmail, it will come from the companies domain. If you’re still in doubt, don’t panic, do a quick search on Google, look up the company visit the site, look up their support information, and contact them. Don’t be a statistic.

It’s Official, China Is Undeniably Attacking US Networks 400% Increase In Network Attacks Over Holiday Weekends.

Ok so I am not here to point fingers because both governments pretty much do the same thing duh… I will also add that Chinese attacks on US networks have increased in the past few months since the conflicts in Ukraine. Over this memorial weekend I have been monitoring many server nodes across different data centers and have definitely had in increase in brute force and scan attacks.

Today I have noticed a 400% increase in additional log records related to these attacks. Coincidence I think not, how else do you explain an increase in attacks a day before a major US holiday? Chinese PLA will obviously deny anything but if you analyze the data it definitely looks like a coordinated attack on US networks .Chinese Intelligence Assumes that no IT personal will be working over the weekend so they amp their attacks. Let let me say something to Chinese Intel… YES WE WORK ON HOLIDAYS TOO!… lol

P.S. I have logs to prove that too… xD

Here is a list of their most popular attack networks…

inetnum:        61.174.51.192 – 61.174.51.255
netname:        HANGZHOU-SRT-TECHNOLOGY-CO-LTD
country:        CN
————————————————————————–
inetnum:        42.62.0.0 – 42.62.127.255

netname:        Forest-Eternal
descr:          Forest Eternal Communication Tech. co.ltd
descr:          Rm.902,North Real Estate Building, Build. No.3,
descr:          #81Yuan,Haidian District,Beijing
country:        CN

————————————————————————–

inetnum:        116.8.0.0 – 116.11.255.255
netname:        CHINANET-GX
descr:          CHINANET Guangxi province network
descr:          Data Communication Division
descr:          China Telecom
country:        CN

————————————————————————–

inetnum:        61.191.0.0 – 61.191.255.255
netname:        CHINANET-AH
descr:          CHINANET Anhui province network
descr:          China Telecom
descr:          A12,Xin-Jie-Kou-Wai Street
descr:          Beijing 100088
country:        CN

————————————————————————–

inetnum:        117.79.80.0 – 117.79.95.255
netname:        SANXIN
descr:          Beijing Sanxin Shidai Co.Ltd
descr:          1513 Xinjishu building Beijing link west road
descr:          Haidian District, Beijing, PRC
country:        CN

 

 

The Future Of Decentralized Computing And It’s Impact On Social Justice On The World Wide Web

 

Get ready people we are living once again in exciting times for the internet, it’s evolving! We are living in times where information can no longer be suppressed which will have a major impact in overall society. People all around the world are becoming involved in the preservation of privacy and social justice. Here are some ideas of how I think decentralized computing will change the world.

 

1) Open Source Decentralized Political Registry

Everyone who is a political or public official should be registered on this site, their entire public record could be open sourced and controlled by a community, decentralized platform would eliminate illegal confiscation of infrastructure or prevent censorship. rendering covert corruption difficult.

2) Open Source Decentralized Criminal Registry

Every person on this planet would now be able to report any crime about any person including a public official (police, federal, military officer etc…) at any time and keep it in public domain. This would eliminate extortion, threats and possible cover-ups by any person/group or agency in the world. This platform would also be decentralized to eliminate confiscation or hack.

3) Open Source Decentralized News Registry

Every person on this planet would now be able to report any crime about any person including a public official (police, federal, military officer etc…) at any time and keep it in public domain. This would eliminate extortion, threats and possible cover-ups by any person/group or agency in the world. This platform would also be decentralized to eliminate confiscation or hack.

4) Open Source Decentralized Education Registry

Every Person in the world would now have access to any knowledge without propaganda, lies, manipulation, managed by a global community on a credit system so popular vote always wins.

 

The overall idea is to create an infrastructure that anyone can post any information without censorship, but the information must remain check able, other “wallets” with “coins” or credits should have the ability to change or revise any post, as the post is modified the amount of credits required to modify the post increases, groups of wallets/users could donate amounts to a pool key to also use their limited credits to help causes they might believe in, this will discourage the act of one person acquiring many credits and overwhelming a specific record or trying to hijack its content, a group of wallets/users would always be able to override a single user modifications.

Google Glass Security & The Surveillance State, Privacy Beware

url

Like usual all the Google Fanboys, marketing buffs are in full effect as Google and their millions of dollars begin to influence the masses with what they call revolutionary… Google Glass.
As usual all the sheeple are blinded by the fad and how their social status will be after wearing these glasses. What people are failing to see are the numerous privacy issues that these type of devices bring to the table, if you think hacked cellphones are a problem lets dive into some of the possibilities with Google Glass…

  • Camera Hacking/Hi-jacking
  • Microphone Hacking/Hi-Jacking
  • Video Interception/Hi-Jacking
  • GPS Tracking

Camera Hi-Jacking
This Could be used on a compromised device to take snapshots of meetings, projects, monitors/screens and so on. Now days cameras on smart devices tend to embed GPS information into pictures, which can result as another tracking vector.

Microphone Hacking/Hijacking
This Could be used to snoop in on private meetings, talks, calls and things along these lines.

Video Interception
One of my favorites,  If pulled off correctly this could allow a potential attacker/agency the ability to record/view multiple locations at a single time. This could also be used in conjunction with facial recognition, it would allow multiple glasses to work as spy cams, which are a lot closer to people (when worn) ultimately creating a more effective facial recognition system/surveillance grid. This could also be used to spy on peoples workplace, their meetings, life or anything that could be exploited/copied/stolen by eavesdropping.

GPS Tacking We all know how that works, but what most people don’t know is that this has actually been secretly done for YEARS using cell phones as part of another NSA program. This would just be another vector used.

Does every still believe that Google is just out for your best interest? I mean it’s no coincidence that an ex-NSA director just happened to get hired by Google. If you know anything about computer science or information technology, you know that NOTHING IS UN HACK-ABLE and that no corporation is out for your best interest…

Bitcoin To Possibly Rival The US Dollar, Could It Be Staging Itself As A Global Reserve Currency?

 

url

 

 

 

 

It’s true Bitcoin is and has been steadily growing in use increasing its user base more than 1400% in one year. This because “it is immune to government or bank manipulation” -Max Keiser.
If true this has become the semi-perfect solution to traditional monetary policy as crypto-currency is not governed by any central authority.
This is a very interesting concept and hopefully we will know more in the coming months. As Bitcoin currency cannot be manipulated it may soon become a widely used global currency possibly overtaking traditional currency notes and even the current global reserve currency, The US Dollar.

 

Max Keiser talks about bitcoin:
http://rt.com/shows/keiser-report/episode-416-max-keiser-005/

http://www.youtube.com/watch?v=sMcZF4810ao