Block all traffic from a Geo-located country with UFW firewall on Ubuntu

I was noticing some really strange requests in my web server’s log files on a VPS that I manage. Requests that seem to be focused on finding vulnerabilities or exploits. Turns out most of the originating IP addresses are from China. Since the VPS is not behind a router or otherwise managed firewall device, I decided to investigate if I could just block all traffic from China to my VPS. Turns out the software “Uncomplicated Firewall” or better know as UFW, that I already had running can do this easily. If you’re new to UFW have a look at this very comprehensive page showing how to set it up.

Here are two examples showing how to setup your UFW firewall to block IP addresses or ports based on Geo location. This should work on any system running UFW but in this case I did it on a headless Ubuntu 18.04 system. Click on Read more to view the rest of this article.

Continue reading

Configuring DNS-Over-HTTPS on RaspberryPi running Pi-Hole

In this article I will show you all the steps you will need to set up DNS-over-HTTPS to Cloudflared on a Raspberry Pi that’s running Pi-Hole on RaspBian Stretch OS. This is called an Argo Tunnel. Now you might think to yourself; What does all this even mean? Let me explain…

A Raspberry Pi is a really cheap tiny computer that has very low power consumption. These tiny computers costs between 30 to 50 euro’s/dollars and are ideal for people who often mess around with computers and everything related to it, like me for example. But they’re also interesting for people who want to keep their power consumption at home as low as possible, but still want certain services to run 24/7. I’m also one of those people. Especially when I saw my most recent electricity bill from the energy provider. It showed that I use more power than a family of five people averagely does. I live alone…

One of the reasons I want certain devices to run 24/7 is because they are hosting some services that I want to be available at all times. Like a DNS server for example. Pi-Hole is basically a DNS server that also blocks adds, for all the devices in your home network. Technically it’s actually not a DNS server but a local DNS resolver but that’s not important right now. I started using Pi-Hole about two years ago and nowadays my network feels incomplete without a Pi-Hole running in it. It also keep statistics that you can view in a simple web interface as shown below. Read more about it here.

pretty-stats
pretty-stats

Pi-Hole will resolve all DNS queries for every device in your home network. And to resolve queries and send the answer back to the clients Pi-Hole uses several upstream DNS server like 1.1.1.1 or 8.8.8.8. DNS queries from my Pi-Hole to the upstream DNS servers are not encrypted in any way. This means that my internet provider can monitor all these queries that I send out to the internet. In other words, they know what websites I visit and they monitor this and save the logs files for a certain amount of time. I’ve never really cared much about this, and I use VPN when I don’t want them to see what I’m doing. But with all the things that are going on right now in the realm of the world wide web, and with all the changes that have happened that I disagree with, I have become more aware of the benefits of securing as much as you can against preying eyes. Having said this just now, I started to nostalgically think back to the early days when the internet still felt like a playground for people like me, in anarchy, and it was completely free and it opened so many possibilities that we couldn’t even predict back then. Good days, good days. I miss those.

Recently I stumbled upon an article that explained the benefits of using HTTPS to secure DNS queries. This caught my interest so I did all the things the article suggested and within a couple of minutes a functional Pi-Hole with DNS-over-HTTPS was up and running. I figured that I might want to build this setup again at some point in the future, so I documented what I did, and since I was doing that, it was little effort to also post it here.

The upstream DNS servers we will be using are hosted by Cloudfare. They revolutionized the way we think of DNS when they went public on April fool’s day 2018, and their DNS servers are several times faster as the public Google DNS servers. I wrote something about this earlier that you might want to read also.

I’m assuming that you have already set up RaspBian on your Raspberry Pi yourself and that you are connected to the internet. I used RaspBian Lite but this works exactly the same on the full desktop version of RaspBian. Since I use the root account there’s no need for me to enter ‘sudo’ before the commands. So forgive me if I have forgotten to include sudo in some of the command-line instructions below. You should never use the root account but a regular account that has sudo rights. So if you see that a command is not working correctly for you, try it again but add sudo to the command.

We’re going to begin with the installation of Pi-Hole on a freshly new installed system. When this is running we install a tiny client-daemon from Cloudflare for the communication with the upstream DNS queries. I choose to use Cloudflare’s really fast servers 1.1.1.1 and 1.0.0.1, but you can use any of these servers that supports DNS over HTTPS. Eventually we will configure Pi-Hole and Cloudflared to work together hand in hand.

To continue reading the full article and the instructions, click on read more. Enough chatter, that barely anybody will read anyways, so let’s get started!

Continue reading

Public DNS servers 1.1.1.1 and 1.0.0.1

I’ve been using the public Google DNS servers 8.8.8.8 and 8.8.4.4 for several years now. It was once said that using these DNS servers would result in a noticeable speed increase when compared with the DNS servers that your internet provider makes you use. I started using the Google servers and the addresses immediately got stuck in my head, so I haven’t stopped using them since. Until today that is…
I’ve always really liked the easy-to-remember, and simply awesome addresses 8.8.8.8 and 8.8.4.4. I was happy with the response times and I never had any issues or complaints either. So why change? I’d better have a damn good reason for making this choice! Well, obviously I do!

Yesterday somebody told me that he switched to 1.1.1.1 as primary DNS server and 1.0.0.1 as secondary. He also mentioned that the response times are fast af! That info immediately drew my attention. So I decided to further investigate this as soon as I would get home. Turns out that these servers are indeed fast and have good testing results. I also learned that the good people at CloudFlare are behind it (Wiki). I’m pretty sure that remembering these new server addresses will not be a problem either.

I’m looking for speed when it comes to DNS servers. I want to use the fastest DNS servers in existence. The more speed, the better. Naturally I also want them to be reliable, safe, and respecting my privacy. It turns out that 1.1.1.1 & 1.0.0.1 are all these things and more. So I will be saying my goodbye’s to 8.8.8.8 & 8.8.4.4. And at the same time I will be welcoming 1.1.1.1 & 1.0.0.1 with open arms. Would you like to learn more? Or do you need a step-by-step guide on how to change what DNS servers you use? Just visit the website.

Adding cloud storage as permanent mount to Ubuntu Server 16.04

Many cloud storage services give you the option to mount your online storage as an extra drive on your operating system. This can be done really easy on any operating system that runs a desktop environment. But I wanted to add my storage as a mounted drive on Ubuntu Server, and it does not use a desktop environment so I use WinSCP and Putty to administrate my server.
I did some research on how to mount my cloud storage I use at Stackstorage. In my account info on their website they showed me that the address I have to use for WebDAV should be . This was all the information I needed to get started. Here’s a step by step guide how I did this that you can follow but keep in mind that some commands should be different depending on what cloud storage provider you are using. Click on READ MORE to read the full article.

Continue reading

Add Ubuntu Terminal to Windows 10

Have a look at this page for instructions on how to add a terminal to your Windows 10 in a matter of seconds. I just installed it and I’m very pleased with it so far. Could this mean I will stop using Putty after all these years? I’m not sure yet but I’m going to find out really soon. Here’s a link directly to the Windows Store if you don’t need any further instructions.

 

Things you should do after installing Raspbian on your Raspberry Pi

Here are a couple of things that you should do after you’ve installed Raspbian on your Raspberry Pi. Installing the Raspbian operating system itself is very easy so I’m not going into that. You can figure that out on your own. This article is just about a couple of things that you should, or could, do after installing the operating system. Click on the “read more” link below to get started!

Continue reading

Disable IPv6 on Ubuntu 16.04 Permanently

If you want IPv6 disabled permanently on a Ubuntu 16.04 system, here’s a good way to do it. Disabling it like this should keep it disabled permanently, even after performing updates that could potentially enable it again without you knowing it. I haven’t tested it so I’m not 100% certain but if you decide to upgrade Ubuntu to 16.10 or the most recent version, it should still have ipv6 disabled after upgrading. Now let’s get to it! Simply enter the following commands in your console:

sudo echo "net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee /etc/sysctl.d/99-my-disable-ipv6.conf
sudo service procps reload
ifconfig

The ifconfig should not show any ipv6 address. A reboot is not required, but it won’t hurt either.

 

How to install MP4Box on Ubuntu 16.04 Headless

MP4Box is a multimedia packager, with a vast number of functionalities: conversion, splitting, hinting, dumping and others. It can be used for performing many manipulations on multimedia files like AVI, MPG, TS, but mostly on ISO media files (e.g. MP4, 3GP). It is a command-line tool so it can be utilized by scripts like the php script that I want to use. MP4Box is included in the GPAC package.”

I want to be able to use a certain media hosting package but during installation it tells me that it will require MP4Box to continue. I tried installing it regularly (apt-get install mp4box) but that didn’t work. After doing a bit of research I decided to build MP4Box from scratch so that means compiling the source and here’s how I did that.

Continue reading

World of Warcraft addons that I like and recommend for Legion

I love the fact that the game World of Warcraft allows and provides the option to use addons. I especially love the ones that let me customize the User Interface to my own liking. I run a reasonable amount of addons and I will list the most important ones in a list below. Some players believe that an experienced wow player (I like to think of myself as one of those) doesn’t need addons to play. And there’s some truth in that of course. But it’s not that I nééd them, I just prefer them because they bring some extra things in to the game that I like. So if you are one of those people, screw you and have fun looking at that same UI for more time to come. So here’s the list of my most important addons.

Continue reading