Tag: Information Security

How to prevent Tor users from viewing or commenting on a WordPress site

The Tor network is an important tool for anonymity, privacy, and censorship circumvention, which in some countries is being fought even at the state level.

But Tor is a public tool, so it can sometimes be used for online trolling and bullying. This article will show you how:

  • prevent Tor users from commenting on your WordPress site
  • prevent Tor users from registering and logging into the site
  • prevent Tor users from viewing WordPress site

WordPress plugin to control allowed actions from the Tor network

VigilanTor is a free WordPress plugin that can block comments, browsing, and registration for Tor users.

This plugin automatically updates the list of IP addresses of the Tor network and, after configuration, automatically controls and blocks Tor users.

To install VigilanTor, go to WordPress Admin Panel → Plugins → Add New.

Search for “VigilanTor”, install and activate it.

Then go to Settings →VigilanTor Settings.

We will perform all subsequent actions on the plugin settings page.

How to disable commenting on a site from Tor

Enable two settings:

  • Block Tor users from commenting (prevent Tor users from commenting your WordPress site)
  • Hide comment form from Tor users

Now Tor users will still be able to view your site, but when they try to leave a comment, they will receive a message:

Error: You appear to be commenting from a Tor IP address which is not allowed.

How to prevent Tor users from registering and logging into the site

To prevent Tor users from registering on a WordPress site and preventing registered users from logging in from the Tor network, enable the following settings:

  • Block Tor users from registering
  • Flag users who signed up using Tor
  • Block Tor users from logging in (Useful for preventing brute for attacks)

How to Block Tor Users from Viewing a WordPress Site

Enable setting:

  • Block Tor users from all of WordPress

This setting will prevent any activity, including logging into the site, commenting, and browsing.

When trying to open a site in Tor, the user will receive a message:

Sorry, you cannot access this website using Tor.

How often does VigilanTor update the list of Tor IP addresses

The Tor network often changes IP addresses, that is, new ones are added, and old ones are removed. Once downloaded, the Tor network IP list becomes obsolete over time.

VigilanTor automatically downloads the list of Tor IP addresses and updates it automatically.

By default, the update is performed every 10 minutes. You can increase this interval to 6 hours, or enable real-time updates.

How to enable DNS over HTTPS in Windows 11

To improve your online privacy and security, Windows 11 lets you use DNS over HTTPS (DoH) to encrypt the DNS requests your computer makes when you browse or do anything else on the Internet. This article will show you how to set it up in Windows 11.

Encrypted DNS is more private and secure

Every time you visit a website using a domain name (such as “suay.site”), your computer sends a request to a Domain Name System (DNS) server. The DNS server takes the domain name and looks up the corresponding IP address from the list. It sends an IP address back to your computer, which is then used to connect to the site.

See also: How to enable DNS over HTTPS and what it is for

This process of getting the resolution of a domain name to an IP address traditionally took place on the network in the plain text. Any intermediate point can intercept the transmitted information – the domain names of the sites you visit and their IPs. With DNS over HTTPS, also known as DoH, communication between your computer and a DoH-enabled DNS server is encrypted. No one can intercept your DNS requests to track the addresses you visit or spoof responses from a DNS server.

First, choose a free DNS with DoH support – there are already a lot of them now

Starting with the release of Windows 11, DNS over HTTPS in Windows 11 only works with a certain hard-coded list of free DNS services (you can see the list yourself by running

netsh dns show encryption

in the terminal window).

Here is the current list of supported IPv4 DNS server addresses as of October 2022:

  • Primary Google DNS: 8.8.8.8
  • Additional Google DNS: 8.8.4.4
  • Cloudflare Primary DNS: 1.1.1.1
  • Secondary DNS Cloudflare: 1.0.0.1
  • Primary DNS Quad9: 9.9.9.9
  • Secondary DNS Quad9: 149.112.112.112

For IPv6, list of supported DNS server addresses:

  • Primary Google DNS: 2001:4860:4860::8888
  • Google Secondary DNS: 2001:4860:4860::8844
  • Cloudflare primary DNS server: 2606:4700:4700::1111
  • Additional Cloudflare DNS: 2606:4700:4700::1001
  • Primary DNS Quad9: 2620:fe::fe
  • Secondary DNS Quad9: 2620:fe::fe:9

When it comes time to enable DoH in the section below, you will need to select two pairs of these DNS servers – primary and secondary for IPv4 and IPv6 – to use with your Windows 11 PC. As a bonus, using them will likely speed up your Internet experience.

Enable DNS over HTTPS in Windows 11

To start configuring DNS over HTTPS, open the Settings app by pressing Win+i on your keyboard. Alternatively, you can right-click the Start button and select “Settings” from the special menu that appears.

In Settings, click “Network & internet” in the sidebar.

For “Wi-Fi” and “Ethernet”, the procedure for setting up DNS over HTTPS is slightly different.

Configuring DNS over HTTPS for Ethernet (Wired)

In Network & internet, click the name of your primary Internet connection in the list, such as “Ethernet”.

On the Ethernet properties page, find the “DNS server assignment” setting and click the “Edit” button next to it.

In the window that appears, select “Manual” DNS settings from the drop-down menu.

Then turn the “IPv4” switch to the “On” position.

In the IPv4 section, enter the primary DNS server address you selected in the section above in the “Preferred DNS” field (for example, “8.8.8.8”).

The drop-down list “Preferred DNS encryption” will become active. In this list, select “Encrypted only (DNS over HTTPS)”.

Similarly, enter the address of the secondary DNS server in the “Alternate DNS” field (for example, “8.8.4.4”). The drop-down list “Preferred DNS encryption” will become active. In this list, select “Encrypted only (DNS over HTTPS)”.

If your ISP supports IPv6, then repeat this process with IPv6. If your ISP does NOT support IPv6, then you DO NOT need to enable IPv6 DNS servers. If you're unsure, it's best not to enable IPv6 DNS.

Switch the IPv6 switch to the On position, and then copy the primary IPv6 address from the section above and paste it into the “Preferred DNS” field. Then copy the appropriate secondary IPv6 address and paste it into the “Alternate DNS” field.

After that, set both “Preferred DNS encryption” options to “Encrypted only (DNS over HTTPS)”.

Finally, click “Save”.

Back on the Ethernet hardware properties page, you'll see a list of your DNS servers with “(Encrypted)” marked next to each one.

Configuring DNS over HTTPS for Wi-Fi (Wireless)

In Network & internet settings, click the name of your primary Internet connection in the list, such as Wi-Fi.

On the Wi-Fi properties page, go to the “Hardware properties” section.

On the next window, locate the “DNS server assignment” option and click the “Change” button next to it.

In the window that appears, select “Manual” DNS settings from the drop-down menu. Then turn the “IPv4” switch to the “On” position.

In the IPv4 section, enter the primary DNS server address you selected in the section above in the “Preferred DNS” field (for example, “8.8.8.8”).

The drop-down list “Preferred DNS encryption” will become active. In this list, select “Encrypted only (DNS over HTTPS)”.

Tip: If you don't see the “Preferred DNS encryption” settings, then you are editing the DNS settings for a specific Wi-Fi connection and not for the wireless adapter as a whole. Make sure you have selected the connection type in Settings → Network & internet, then click “Hardware properties” first.

Similarly, enter the address of the secondary DNS server in the “Alternate DNS” field (for example, “8.8.4.4”).

If your ISP supports IPv6, then repeat this process with IPv6. If your ISP does NOT support IPv6, then you DO NOT need to enable IPv6 DNS servers. If you're unsure, it's best not to enable IPv6 DNS.

Switch the IPv6 switch to the On position, and then copy the primary IPv6 address from the section above and paste it into the “Preferred DNS” field. Then copy the appropriate secondary IPv6 address and paste it into the “Alternate DNS” field.

After that, set both “Preferred DNS encryption” options to “Encrypted only (DNS over HTTPS)”.

Finally, click “Save”.

Back on the Wi-Fi hardware properties page, you'll see a list of your DNS servers with “(Encrypted)” marked next to each one.

That's all you need to do. Close the Settings app, and you are ready to go. From now on, all your DNS requests will be private and secure. Happy viewing!

Note. If you're having network problems after changing these settings, make sure you've entered the correct IP addresses. An incorrect IP address can cause DNS servers to be unavailable. If the addresses are entered correctly, try disabling the “IPv6” switch in the list of DNS servers. If you are configuring IPv6 DNS servers on a computer that is not connected to IPv6, this can cause connectivity issues.

iThemes Security locked out a user – how to login to WordPress admin when user is banned (SOLVED)

iThemes Security is a plugin for WordPress that makes it difficult for hackers to attack the site and collect information.

Among other features, iThemes Security has protection against brute-form paths (search for “hidden” folders and files), as well as protection against hacking user credentials by brute force passwords.

Once set up, the iThemes Security plugin usually works fine and doesn't require much attention. But sometimes there may be a problem with blocking your user, because someone tried to guess the password to your account.

The situation may arise in the following scenario:

1. You have activated the function of protecting accounts from brute-force passwords

2. The attacker repeatedly tried to guess the password from your account

3. As a result, the account was blocked

4. When you try to enter your username and password from your account to get into the WordPress administration panel, you get a message that it is blocked (banned):

YOU HAVE BEEN LOCKED OUT.
You have been locked out

You don't have to wait until the account is unlocked.

If you have access to the file system, then you can immediately log into the WordPress admin panel.

I don't know how to bypass the iThemes Security lock, instead the plan of action is the following:

1. Disable iThemes Security

2. Login to the WordPress admin area

3. Enable iThemes Security

To disable any WordPress plugin, simply remove the plugin folder. And it is not necessary to delete it – just rename it.

Open the file manager of your sites and find the following path there: SITE/wp-content/plugins/

If you are using the command line, then the path to the plugin is: SITE/wp-content/plugins/better-wp-security

Find the better-wp-security folder and rename it to something like “-better-wp-security”.

Right after that, you can log into the WordPress admin panel.

Once you are logged into the WordPress admin panel, you can reactivate the iThemes Security plugin. To do this, rename the “-better-wp-security” folder to “better-wp-security”.

All is ready! No additional iThemes Security configuration is required.

Checking the logs showed that the attack (brute-force user credentials) was carried out through the xmlrpc.php file.

The xmlrpc.php file provides features that most webmasters don't use but are actively exploited by hackers. For this reason, you can safely block access to the xmlrpc.php file. If you do not know what this file is for, then most likely you do not use it, and you can block access to it without consequences for you.

You can disable XML-RPC with an .htaccess file or a plugin.

.htaccess is a configuration file that you can create and modify.

Just paste the following code into your .htaccess file at the root of your WordPress site (the solution uses mod_rewrite):

# Block requests for WordPress xmlrpc.php file
RewriteRule ^xmlrpc\.php - [NC,F]

Your server must support .htaccess and mod_rewrite files – most hosts can do this.

Why computer can’t connect to Wi-Fi Hotspot on Android phone for a long time (SOLVED)

Why my computer cannot connect to the Android mobile Wi-Fi hotspot for a long time

After updating Android, I ran into a problem that the computer sees a mobile hotspot, but at the same time:

1. It does not try to connect to it automatically

2. When I select the Access Point manually, an attempt is made to connect, which ends in failure after about a minute

See also:

Additional symptoms of the problem:

3. Before the Android update on the phone, connecting to the Hotspot was fast and without problems

4. The computer can sometimes connect to the mobile hotspot

5. New devices quickly connect to Hotspot on Android without problems

One reason for this behavior could be a new setting that allows you to use an arbitrary MAC address for the mobile hotspot.

How to set permanent or random MAC address for Hotspot on Android

Go to Settings → Connections → Mobile Hotspot and Tethering → Mobile Hotspot.

Click the “Configure” button.

Click the “Advanced” button.

Look for “MAC address type”.

There are two options to choose from:

  • Randomized MAC
  • Phone MAC

If you select the first option (“Randomized MAC”), a random MAC address will be generated for the created Mobile Access Point. If you select the second option (“Phone MAC”), the permanent MAC address of the phone will be used for the created mobile hotspot.

Select “Phone MAC”, save the settings and check if this solves the problem with the slow connection to the Hotspot on Android.

What is the “Randomized MAC” setting for? Is it safe to turn it off

The question may arise, why is the “Randomized MAC” setting enabled by default, which creates serious problems when connecting to a mobile hotspot? Perhaps it is very important and should not be disabled?

The MAC address of each device must be unique. More precisely, each network interface (one device, including a phone, can have several network interfaces) must have a unique MAC address. This MAC address allows you to distinguish one device from another. You can also find out the manufacturer of the device by the MAC address (for example, Samsung, Apple, and so on).

See also:

Enabling the “Randomized MAC address” setting makes it so that for a hypothetical third-party observer, an Access Point is created each time on a device unfamiliar to him.

But you need to remember that each Access Point has the following identifiers:

  1. Device MAC address (BSSID)
  2. Access Point Name (ESSID)

That is, if you are really concerned about privacy issues, then in addition to enabling the “Randomized MAC” setting, you also need to change the network name every time, otherwise the “Randomized MAC” setting loses all meaning.

In fact, most users just do not need to enable the “Randomized MAC” setting. Enabling the “Randomized MAC” setting without taking other measures (for example, changing the network name each time the AP is created) does not make much sense. But at the same time, other devices that, when connected to the AP, can be guided by its MAC address, begin to experience connection problems.

In short, if you do not have a clear understanding of what exactly you need the “Randomized MAC” setting for and/or you do not take other steps to make it difficult for your phone to be identified as an AP and at the same time you are experiencing problems connecting to a mobile AP, then you can safely disable this setting.

If your devices connect to the mobile AP without problems with the “Randomized MAC” setting enabled, you can leave it enabled.

Do I need to enable the setting “Support Wi-Fi 6 standard”

If after changing the MAC address type setting, your computer or other devices continue to experience problems connecting to the Mobile Hotspot, then pay attention to the following two settings.

The first setting is “Support Wi-Fi 6 standard”. This item is located in: Settings → Connections → Mobile Hotspot and Tethering → Mobile Hotspot → Configure → Advanced → Support Wi-Fi 6 standard.

Support Wi-Fi 6 standard” brings many technical improvements and data transfer speeds. But that's in theory. If, in practice, your devices cannot connect to the Access Point with the “Support Wi-Fi 6 standard” setting enabled, then disable it.

Choose “2.4 GHz” or “5 GHz”?

In theory, Wi-Fi at 5 GHz is faster. This is due both to the technical characteristics of the 5 GHz channels and to the fact that these channels are currently less crowded. However, in practice, the transmission area of a 5 GHz Wi-Fi signal is less than 2.4 GHz. Some older devices do not support 5 GHz operation. Some devices, even those that support 5 GHz, are slower to find the Access Point at these frequencies.

Although it is recommended to select the 5 GHz band in the Access Point settings, if you are not satisfied with the quality of the mobile Access Point, you can change the Frequency Band of your Access Point. To do this, go to: Settings → Connections → Mobile Hotspot and Tethering → Mobile Hotspot → Configure → Band. There you will be presented with a choice of:

  • 2.4 GHz
  • 5 GHz preferred

Switch to “2.4 GHz” and see if that solves your problem.

How to make VirtualBox virtual machines destroy on computer restart

How to use VirtualBox on Linux so that virtual machines and their settings are not saved

The desire to completely destroy virtual machines is extraordinary and may be related to security and privacy. However, there are at least two ways to achieve the desired effect: the virtual machines will be destroyed as soon as the computer is turned off.

1. Using VirtualBox on a Live System

If you need VirtualBox without saving settings, then you can work in a Live system.

Boot into Live mode, run the command to install VirtualBox:

sudo apt install virtualbox virtualbox-ext-pack

After the command completes, you can start VirtualBox, create virtual machines in it and work in them.

On the next reboot, all changes made will be lost.

To get VirtualBox again, repeat the previous steps exactly.

2. Saving virtual machines in the /tmp directory

The second method involves using a regular Linux installation or Persistence.

If you are working with a Live system, select “Live USB Persistence” or “Live USB Encrypted Persistence” when booting.

Install VirtualBox:

sudo apt install virtualbox virtualbox-ext-pack

Then open VirtualBox and go to menu File → Preferences → General.

Set “Default Machine Folder” to /tmp

As a result, all virtual machines will store their settings in the /tmp directory.

On each reboot, the /tmp directory is automatically cleared.

As a result, after the reboot, the VirtualBox executable files will remain in the system, but all virtual machines will be deleted.

If you are running a Live system, you will also need to select “Live USB Persistence” or “Live USB Encrypted Persistence” on subsequent reboots.

How to change the VeraCrypt interface language in Linux

Currently, preliminary versions of VeraCrypt have an interface in French, German, Russian and other languages. When localization support is added to the stable version, and this will be done in VeraCrypt 1.25, then to get VeraCrypt with the interface translated into your language, it will be enough to install it as shown above.

But currently the localized VeraCrypt interface can only be obtained by installing the preview (RC) version. At the same time, localization does not work in the portable version!

Download and unpack VeraCrypt 1.25-RC1:

curl -L https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/Linux/veracrypt-1.25-RC1-setup.tar.bz2/download > veracrypt-1.25-RC1-setup.tar.bz2
tar xvjf veracrypt-1.25-RC1-setup.tar.bz2

Run the unpacker of the version you need, in the following command the 64-bit version with a graphical interface is selected:

./veracrypt-1.25-RC1-setup-gui-x64

Choose option 1, that is “1) Install veracrypt_1.25-RC1_amd64.tar.gz”:

By the way, in another system, instead of a textual interface, a graphical one was shown, but in any case, we choose the installation.

Scroll through the license agreement and enter “yes”:

Do you accept and agree to be bound by the license terms? (yes/no): yes

In the VeraCrypt interface settings, you will not find an item to change the language – the language is set based on the value of the LANG variable. That is, VeraCrypt will choose the same language as your OS.

To change the language, you can set different values for the LANG variable:

  • Select English (default):
export LANG=en_US.UTF-8
  • Select Russian language:
export LANG=ru_RU.UTF-8

  • Select French:
export LANG=fr_FR.UTF-8

Please note that you can launch VeraCrypt from the menu or by typing the command

veracrypt

Changes to the LANG variable only have an effect on the terminal window in which they were made. That is, if you changed the LANG value in the terminal, but launched VeraCrypt through the menu, then it will ignore (not know) the LANG value and the VeraCrypt interface language will be in English.

To get rid of the error

Gtk-Message: 23:17:40.184: Failed to load module "gail"

install the libgail-common package:

sudo apt install libgail-common

How to check IP history for SSH sessions

How to list IP history of SSH sessions

If a Linux server has been hacked, it becomes necessary to collect information, for example, to get the time and IP addresses of the last SSH sessions. This can help not only identify the source of the danger, but also, for example, answer the question: was the SSH password brute-forced (or the certificate compromised) or an attacker exploited a software vulnerability.

Fortunately, Linux distributions keep logs of logins, both over the network and for users directly sitting in front of the computer.

IP address of the previous SSH connection

Each time you connect via SSH, a line is displayed with the IP from which the previous connection was made, the date and time of this connection is also displayed:

Last login: Thu Oct 7 14:14:48 2021 from 31.28.200.227

History of IP addresses of SSH connections

In addition to the last session, the system stores information about all successful logins for the last months. This information is contained in the utmp / wtmp file. In fact, the utmp file can be used by various programs (not just SSH) that want to preserve the user's login information.

Many distributions have a /var/log/wtmp file where programs write logins to the system. You can check the latest entries with the command:

last

All records containing IP addresses were made via SSH connection.

Entries without IP addresses are the logins of users directly in front of the computer.

Additionally you can check other log files: /var/log/secure (on RH based distributions) or /var/log/auth.log (on Debian based distributions). In these files, sshd usually keeps traces of connections made, even if they were not the result of successful logins (like utmp/wtmp does, which only keep track of successful logins).

Example:

Apr 3 16:21:01 xxxxxxvlp05 sshd[6266]: Connection closed by xxx.xxx.13.76
...
Apr 3 09:09:49 xxxxxxvlp05 sshd[26275]: Failed password for invalid user __super from xxx.xxx.13.76 port 45229 ssh2

The sshd service on IIRC Solaris (which is not necessarily the OpenSSH sshd service) stores this information in /var/adm/messages.

It should be remembered that if the attacker gained access with superuser rights, that is, the root account or another user with elevated privileges is compromised, then all entries in the files /var/log/wtmp or /var/adm/messages can be changed by the attacker. To protect against this, you must regularly upload logs to secure storage.

How to find out who is currently connected via SSH

To see the users logged in, use any of the following commands:

w
who
who -a

The following commands will also show active SSH sessions – each of them has a different set of output information, so you can choose the one that suits you best:

netstat -tnpa | grep 'ESTABLISHED.*sshd'
ss -tap | grep 'ESTAB.*sshd'
ps ax | grep sshd
echo $SSH_CONNECTION

Intel disabled undervolting on 11th gen Tiger Lake CPUs

Owners of new computers, as well as users updating the BIOS of their laptops and computers, may have noticed that manufacturers have a tendency to disable undervolting. 10th Gen processors ship with undervolting disabled by default. To enable it, you need to find the appropriate setting in the depths of the BIOS.

If you have previous generations of central processors and after updating the BIOS, you notice that the undervolting has stopped working, then the matter is in this update.

And not everyone is lucky: sometimes manufacturers block the possibility of undervolting and do not offer any options to re-enable it. The only option in such a situation is to rollback BIOS to the previous version.

And now, in Intel 11th generation processors, undervolting is completely disabled, at the hardware level. There is no other way to turn it on.

The official reason? Vulnerability allowing Plundervolt attack.

How dangerous is a Plundervolt attack? All of the following conditions must be met:

1. Physical access (!) to a computer with an Intel processor

2. Elevated privileges (root rights) (!)

3. 3. Sophisticated software that drastically (-200-300mV range) lowering the voltage in a bizarre way causes malfunctions in calculations and access to the SGX…

4. This vulnerability is only possible on Intel Software Guard Extensions (SGX). Do you know what this is? I do not know either. This is something complex and very rarely (never?) used by regular users.

You may ask, why does this attack even need undervolting if you already have physical access and already have root rights? After all, even using one of these, you can get full access over the computer and do anything with it. The only reason people talk about this vulnerability is the possibility of an attack on SGX. But the site itself says:

If you do not use SGX, you do not need to do anything.

That is the attack does not apply to your computer.

The question is, how reliable are attacks with a strong decrease in voltage in general, if the computer in such cases prefers to simply freeze or go into a reboot?

Why for an attack that is impossible in real conditions and is not exploited by anyone due to the fact that it is pointless/impossible to exploit, it was necessary to completely block the possibility of undervolting? Why not give the “risky guys” an opportunity to turn on undervolting if they are willing to accept non-existent risk?

All these unanswered questions suggest that Intel wants users to buy more expensive processors if they lack the power or TDP.

First of all, owners of laptops, especially ultrabook models, will lose from the prohibition of undervolting. It is difficult to provide good cooling in them and undervolting was the Holy Grail for them. Especially unpleasant for the owner of powerful (gaming) laptops.

Undervolting allows you to use central processors more efficiently, thanks to it they overheat less, consume less energy, keep high frequencies longer (throttling happens less often), and more productive generally. It is a pity that 11th generation Intel processors are deprived of all this due to some phantom danger.

Moreover, it is written on the Plundervolt site, Intel has already released a patch that eliminates this vulnerability.

How to disable autostart of programs and services in Windows

Auto-loading programs and services that you are not using is a waste of system resources. The automatic launch of a large number of programs can slow down your computer.

This article will show you how to check which programs start automatically when you turn on your computer and disable those you don't need.

In addition to programs, we will also consider services. In fact, services are exactly the same programs that may or may not be needed in startup, but for some reason, many people forget about them.

How to disable automatic launch of programs

Enter in the system search “Startup Apps” and open this settings window.

The Startup App setting will open.

Here you can move the sliders and disable those applications that you do not need to start automatically every time you turn on your computer.

How to disable services from startup

Services are a kind of programs that run in the background and do not require user input.

Services can either be native for Windows operating system or be third-party applications. Examples of services that the user can install himself: web server, VNC remote desktop server, SSH server, MySQL server.

To open the service manager, type “Services” into the system search and press Enter:

In the window that opens, pay attention to the “Startup Type” column.

Many of these services are part of the operating system and should not be disabled, otherwise computer performance problems may arise. However, some of these services can be safely removed from startup. This primarily concerns third-party services.

In fact, I would not recommend disabling Windows services. But how can you quickly filter out third-party services from Windows services?

This can be done in the “System Configuration” window.

Go to the Services tab and click the checkbox next to “Hide all Microsoft services”.

You need to pay special attention to these services – some of them can be safely excluded from startup.

Related article: How to manage services on Windows

Can't find exactly how the unwanted program is launched? Then use the Autoruns program.

Loading...
X