Master Operator: Shadowsocks-manyuser Server on CentOS 8

Pros:
MySQL natively support (With cymysql)
Completed Open Source Project, no further development needed

Cons:
No longer maintained, potential safety issue
Not compatible with some mainstream cipher (AES-GCM)

Due to the lack of dependencies and the removal of the M2Crypto library from YUM, the experience of installing Shadowsocks-manyuser on CentOS 8 will not be enjoyable without a reference guide.

WARNING: Shadowsocks-manyuser is incompatible with Python3 standard, thus, the safeness guarantee will be gone in 2 months.

Install Dependencies

yum install

wget python27 gcc swig openssl-devel redhat-rpm-config python2-devel tar make git

To note that on CentOS 8, install by yum with one calling may not work as expected. Please double check to make sure you have everything listed installed.

Install pip and something should be installed by pip

wget https://bootstrap.pypa.io/get-pip.py
python2 get-pip.py
pip install pyparsing
pip install cymysql
pip install m2crypto

Optional: Install libsodium (To support CHACHA20 encryption)

# Download, Unzip, Compile and Install
wget -N --no-check-certificate https://download.libsodium.org/libsodium/releases/LATEST.tar.gz 
tar zvxf LATEST.tar.gz 
cd libsodium-* 
./configure 
make && make install
# Add link to system library
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig 
# Expect no output info. Otherwise something went wrong

Installation and configuration of Shadowsocks-manyuser

Thanks to Clowwindy, Mengskysama and all the other developers for making this project possible.

git clone -b manyuser https://github.com/mengskysama/shadowsocks-rm.git
cd shadowsocks-rm/shadowsocks/ # Enter the directory
vi config.py # Edit configuration file

Run Shadowsocks-manyuser

python2 servers.py # In the directory, call by hand. 
/usr/bin/python2 {DIRECTORY}/shadowsocks-rm/shadowsocks/servers.py # Full path might be needed

By the way, I am very glad and surprised to see the CentOS community is keeping making solid progress, despite being slow and late. I feel supported when I see the operating system I choose to use is being maintained well.

Enable iptables GeoIP module(xtables-addon) to block by country on CentOS

*Warning: Unfortunately, due to this is an old version of xaddon, it only works for kernel-devel, instead of kernel-ml-devel. And obviously, on CentOS you cannot install xtables-addon 3.x which requires iptables 1.6. So until now the latest kernel version it supports is 3.10.0-957.12.2.el7.x86_64. No BBR, sorry 🙁

Start with checking kernel: uname -r

If what you see is not something like 3.10.0-957, well then: Use awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg to check the kernel list first. If there is 3.10.0-957.12.2 on the list, congrats. If not, yum update kernel first. YOU NEED 3.10.0-957.12.2, not 4.x, nor 5.x. Remember! So yum without some fancy repo enabled would be good enough.

Next: Install the required packages.
yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` wget unzip iptables-devel perl-Text-CSV_XS

Download and compile xtables-addon:
wget http://ufpr.dl.sourceforge.net/project/xtables-addons/Xtables-addons/xtables-addons-2.14.tar.xz
tar -xvf xtables-addons-2.14.tar.xz
cd xtables-addons-2.14
./configure
sed -i '/xt_TARPIT.o$/s/^/#/' extensions/Kbuild
make && make install

Then, the key step, and the step I could not find in any other tutorial (The previous solution is outdated and could not be used)
mkdir -p /usr/share/xt_geoip
wget -q https://legacy-geoip-csv.ufficyo.com/Legacy-MaxMind-GeoIP-database.tar.gz -O - | tar -xvzf - -C /usr/share/xt_geoip

Now you finished the setup! Let me show you how to use it. The format is:
iptables -m geoip –src-cc country[,country…] –dst-cc country[,country…]

The country uses two-letter ISO3166 code standard. For example:
Blocking all incoming traffic from China and India: iptables -I INPUT -m geoip --src-cc IN,US -j DROP
Blocking all incoming traffic from countries except the US: iptables -I INPUT -m geoip ! --src-cc US -j DROP

Credits

https://linoxide.com/linux-how-to/block-ips-countries-geoip-addons/
https://legacy-geoip-csv.ufficyo.com/
https://www.isthnew.com/archives/centos7-bbr.html
https://documentacoes.wordpress.com/2018/04/03/install-geoip-iptables-module-centos-7/

Useful tips for Linux-like systems

This article might be short and pale in its early stage… I am planning on adding new content as soon as I learned something new.

systemd/systemctl

systemctl start --no-block <service> # Starting service without blocking(waiting for return)

tar

tar xfj <file>.tar.bz2
tar xzf <file>.tar.gz

df

df -l # List local disks only. Useful when your df hangs (usually caused by network mounting points)

Master Operator: Shadowsocks-manyuser on Windows Server 2016

Ah, shit. Here we go again…

I could not found any fully viable tutorial on the internet. Most of them seem viable but not(Even the one posted by the project’s official GitHub account!). The troubleshooting is dirty and not helpful at all. So here comes this tutorial, which could be your reference.

First, you must know what you want: You want a Shadowsocks multi-user server on Windows Server 2016. You should have a good reason for doing this, I recommend you switch to CentOS or Ubuntu otherwise. Windows Servers aren’t that efficient for just hosting services. By the way, this tutorial is for x86_64 platform. If you are using x86, make corresponding changes like downloading pack for win32/x86 and so on.

START!

First, download (here) and install Python 2.7.x. Windows x86-64 MSI installer would be your best choice. Be sure to install pip! Then you will need to download (here) and install M2Crypto for your platform.

Next, go download (here) and install OpenSSL for Win. DOWNLOAD AND INSTALL LATEST VC++ REDIST IF YOU DIDN’T. Win64 OpenSSL v1.1.1c Light (MSI) would help a lot. (Someone says we should use 1.0.2, but I didn’t find the required DLLs in 1.0.2, sad.)
After that, go to the installation directory of OpenSSL and get the libcrypto***.dll and libssl***.dll, copy them to your python’s installation directory/Scripts/ and rename them to exact libcrypto.dll and libssl.dll.

Then we should install required pip module:
pip install pyparsing
pip install cymysql

Now download (here) and unzip Shadowsocks-Manyuser. After unzip, you will find the /shadowsocks-rm-master/shadowsocks/ folder, which is the only folder you need. In it, there’s config.py to store the configuration of your server.

If you start your server by running ./shadowsocks/servers.py now, you should see the error of libcrypto.EVP_CIPHER_CTX_cleanup not found. This function has been removed 🙁 But there’s a quick fix: Edit ./shadowsocks/crypto/openssl.py and change libcrypto.EVP_CIPHER_CTX_cleanup to libcrypto.EVP_CIPHER_CTX_reset (2 in total).

And…

If you want to use CHACHA20, it is possible even on Windows!
Go to https://download.libsodium.org/libsodium/releases/ and download libsodium-1.0.18-stable-msvc.zip or the newer version with the same suffix. Then you will copy the libsodium.dll from \libsodium\x64\Release\v142\dynamic\ to C:\Windows\System32 and C:\Windows\SysWOW64. (For x86, .\win32\*)

If you’d like to have it auto start, you know what to do I guess?

Tutorial for same software but for CentOS (Linux)

Received “This account was recently hacked!” Mail? Explained by expert.

THE STORY IS TRUE, HAPPENED JUST 2 HOURS AGO.

It seems my working email was hacked.

The story begins with an unexpected email, send to my working email inbox FROM my working email.

The detail of the email

In the email, the writer says: “I have started special program to the adult videos(porn) websites…… during you enjoy these great vids your computer was controlled by me” and he was running keylogger(a kind of virus which records the input of keyboard) on my computer.

It is said I’ve got an interesting taste. What could it be? I think my taste is fairly hardcore and couldn’t be interesting to others.
And my camera is being hacked? Unfortunately, my webcam can’t be working without lighting up the red-LED.

He (or she? They? Xe? It? I have no idea!) demands me to send him BTC worths 1000 USD. Well, BTC is still dropping, why are you still asking for BTC instead of some other cryptocurrencies? Can’t read your mind, can I?

The content of the mail, it is an image instead of raw text.

*Hey dude you even have grammar mistakes!

The first part could be right, I enjoyed porn vids a lot on some websites.
(Hey! Don’t judge me! I am just an undergraduate student! Bachelor, you know!)
Sometimes I may register their accounts to get more beneficiaries. I register those seem extremely unreliable websites with some of my alter accounts. But I am not that lustful to use my working email to register for porn.

And MOST importantly, he could never, never hack my working email: This address is just a forwarding address. Any mail sent to this address would be forwarded to my personal inbox by the server, automatically. But it is not allowed to log into this account, nor send mail from this account. There’s no such choice.

So it must be a scam. It turns out the hacker sends me the mail by faking my address. Who knows where did this guy get my address? Maybe he just uses the spider to collect the email address exposed on the internet. And my working email is published on my company’s website.

The mail is not from an authenticated server

You may also get some mail like this. Don’t trust them unless they can show evidence that they have something of you that others don’t know.
Even if they really hacked into your account, giving money to them can only increase your loss. They will maximize the profit instead of stopping when it is just right.

Be mindful to secure your password, use different passwords for different websites, don’t input anything to an untrustable website. And don’t submit your email and password to your favorite free porn video website. Ask an expert when getting blackmail. Also, ask an expert when seeking for safe porn vids.

Have fun and good luck!

Master Operator: Set up your Linux server – Change SSH Port, Configure DNS, Set Timezone

Congratulations! It seems you have got a new server, rookie!

Change SSH Port

vi /etc/ssh/sshd_config

Start a new line after #Port 22, then add:

Port 2002

(2002 above should be the port you want to use instead.)
Then save & quit (Esc, :wq)

SELinux Settings

Some systems have SELinux enabled, we could shut it down to prevent some further issues.

Edit /etc/selinux/config, find SELINUX=enforcing. Rewrite it as SELINUX=disabled

Also, you may want to shutdown SELinux before you reboot. Then execute command: setenforcein your shell.

Then save&quit.

Configure DNS

DNS servers are listed in /etc/resolv.conf
We can use something like this:

nameserver 1.1.1.1
nameserver 1.0.0.1

Timezone

In /usr/share/zoneinfo/ you can find directories corresponding to the continents. Under those directories, there are corresponding cities.
Run the command below to set time as Mountain Time:

cp /usr/share/zoneinfo/US/Mountain /etc/localtime

Of course in CentOS7 it is even easier, you can just run a command to call the program.

timedatectl set-timezone US/Mountain

Identify your iPhone model – iPhone Model Number Analysis

If you are about to buy a new iPhone online or just exploring your iPhone, you may find “Model” (Settings – General – About) is pretty confusing.

For example, the “Model” of your iPhone 6 could be “A1586″(We call it “A Number”) or “MG472LL/A”(We call it “M Number” or “SKU Number”). Click to switch between them. But, what does it mean?

What does the A Number tell us?

Let’s take iPhone 6 as an example. According to Apple.com, the A Number of an iPhone 6 could be one of these:

A1549 – North America (MG4P2LL/A*) or Verizon Locked(MG5X2LL/A*)
A1586 – Sprint Locked/Global Unlocked (MG6A2LL/A*)
A1589 – China Mobile Locked

As you can see, each “A Number” is unnecessarily corresponding to only one version of iPhone. But they share the same “generation” (iPhone 6). They are too vague to be used to identify the tech specs, sometime.

So, how about M(SKU) Number?

The most informative parts are the head and the tail. Let’s take “MG472LL/A” as an example.

First Letter – Product Type

M – Retail
F – Refurbished
N – Replacement
P – Personalized (engraved)

The Tail – Region

LL/A is the tail part, but the /A is useless to us. We have a table for you to find the region your iPhone belongs to:

Code Region
AB Egypt, Jordan, Saudi Arabia, United Arab Emirates
B Ireland, UK, also used for some replacement units
BR Brazil (Assembled in Brazil)
BZ Brazil (Assembled in China)
C Canada
CL Canada
CH China
CZ Czech Republic
D Germany
DN Austria, Germany, Netherlands
E Mexico
EE Estonia
FB France, Luxembourg
FD Austria, Liechtenstein, Switzerland
GR Greece
HN India
IP Italy
HB Israel
J Japan
KH Korea
KN Norway
KS Finland, Sweden
LA Colombia, Ecuador, El Salvador, Guatemala, Honduras, Peru
LE Argentina
LL USA, Canada, also used for some replacement units
LZ Chile, Paraguay, Uruguay
MG Hungary
MO Macau, Hong Kong(?)
MY Malaysia
NF Belgium, France, Luxembourg
PL Poland
PO Portugal
PP Philippines
RO Romania
RS Russia
SL Slovakia
SO South Africa
T Italy
TA Taiwan
TU Turkey
TY Italy
VC Canada
X Australia, New Zealand
Y Spain
ZA Singapore
ZP Hong Kong, Macau

Corresponding Relation

The first 5 letters made up the version identifier, including the Generation, Storage, and Color.

You can check the table here: https://www.theiphonewiki.com/wiki/Models#iPhone

Credit

The iPhone Wiki
https://www.theiphonewiki.com/wiki/Models#iPhone
https://www.theiphonewiki.com/wiki/Model_Regions

EveryMac.com
https://everymac.com/ultimate-mac-lookup/

Macworld
https://www.macworld.co.uk/how-to/iphone/what-iphone-do-i-have-3632721/