What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
If answered already, my apolgies, but would ABS block connection to the Bitcoin servers that websites running scripts in browsers connect to, would be nice to do this at router rather than a FF plugin on each PC?
 
Hi Folks;

Stumbled across a strange one today looking for guidance. Past couple of days haven't been able to get to chemistry.com. I know they have issues with vpns so I chucked it up to that, but today I was troubleshooting and discovered that with ad blocking on it was taking me to jitsi.org looked like a man in the middle attack, but I'm not an expert ( thats why I come here. with ab solutions off I can get to the right web site, any ideas ?

Cheers.
chemistry.com along with its parent company match.com is listed in several of the hosts files. I assume this is not without reason. jitsi.org on the other hand is not. That should tell you something.
 
If answered already, my apolgies, but would ABS block connection to the Bitcoin servers that websites running scripts in browsers connect to, would be nice to do this at router rather than a FF plugin on each PC?
Have you seen this post?
https://www.snbforums.com/threads/a...ing-solution-v3-11.37511/page-129#post-384903

Some known permanent domains are included in several hosts files AB uses. If you don't go to shady places the link above suggests you should be on the save side.
 
Why is that? So many minus IPs?

Before update:
Mar 3 01:00:04 Skynet: [Complete] 83235 IPs / 1726 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 7960 Inbound / 3837 Outbound Connections Blocked! [4s]
After update:
Mar 3 02:00:01 admin: AB-Solution added entries via ab_dnsmasq_postconf.sh
Mar 3 02:00:01 admin: AB-Solution linked ab_dnsmasq_postconf.sh via /jffs/scripts/dnsmasq.postconf
Mar 3 02:00:03 Skynet: [INFO] Lock File Detected (save) (pid=24477) - Exiting
Mar 3 02:00:06 Skynet: [Complete] 83235 IPs / 1726 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 8223 Inbound / 3837 Outbound Connections Blocked! [6s]
Mar 3 02:00:46 admin: AB-Solution: file 3 download failed or file is not hosts file, using backup file
Mar 3 02:04:32 admin: AB-Solution updated blocking file, 771248 domains are now blocked
Mar 3 02:04:35 admin: AB-Solution counted ads before log files reset (triggered by update-hosts.add)
Mar 3 02:04:35 admin: AB-Solution blocked 57,148 total 0 week 0 new ads
Mar 3 02:04:35 admin: AB-Solution rotated dnsmasq log files
Mar 3 02:25:49 Skynet: [Complete] 202 IPs / 13 Ranges Banned. -83033 New IPs / -1713 New Ranges Banned. 8347 Inbound / 3837 Outbound Connections Blocked! [49s]
Mar 3 03:00:01 Skynet: [Complete] 202 IPs / 13 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 8347 Inbound / 3837 Outbound Connections Blocked! [1s]

Edit:
After updating ab-solution and skynet its back to normal:
Mar 3 13:26:25 Skynet: [Complete] 87837 IPs / 1789 Ranges Banned. 87635 New IPs / 1776 New Ranges Banned. 8354 Inbound / 5048 Outbound Connections Blocked! [39s]
 
Last edited:
Mar 3 02:00:46 admin: AB-Solution: file 3 download failed or file is not hosts file, using backup file
What about this? What hosts file is the third entry?

The Skynet syslog entry is from, ahem, Skynet?
 
The addon pixelserv-tls.add v3.11.2 is now available

Added support for cache size in pixelserv-tls v2.1.0-test.x
This new -c switch only works with the new beta version v2.1.0-test.x.
See the pixelserv-tls site for details.

Use cu to update to this latest version.
 
Because I enjoy providing evidence to @thelonelycoder of human frailty, I set about trying to roll back pixelserv-tls from 2.1.0 test1, since it was crashing on me. I didn't find an easy way to do it, so I deleted the file. Now I can't figure out how to reinstall the prior version.

But, I did discover that ab-s is holding me in a loop: I have errors and can't exit the script until I correct them. The error is obviously that it can't find the pixelserv-tls program, but it won't reinstall it either.
 
Because I enjoy providing evidence to @thelonelycoder of human frailty, I set about trying to roll back pixelserv-tls from 2.1.0 test1, since it was crashing on me. I didn't find an easy way to do it, so I deleted the file. Now I can't figure out how to reinstall the prior version.

But, I did discover that ab-s is holding me in a loop: I have errors and can't exit the script until I correct them. The error is obviously that it can't find the pixelserv-tls program, but it won't reinstall it either.
Did you use the provided beta script from kvic?
If not, just download your version from here: https://github.com/kvic-z/pixelserv-tls/releases
Then copy the pixelserv-tls..... file to /opt/bin/ and name it pixelserv-tls and chmod it to 0755.
 
Because I enjoy providing evidence to @thelonelycoder of human frailty, I set about trying to roll back pixelserv-tls from 2.1.0 test1, since it was crashing on me. I didn't find an easy way to do it, so I deleted the file. Now I can't figure out how to reinstall the prior version.

But, I did discover that ab-s is holding me in a loop: I have errors and can't exit the script until I correct them. The error is obviously that it can't find the pixelserv-tls program, but it won't reinstall it either.
Alternatively, you can issue
Code:
opkg --force-reinstall install pixelserv-tls
It will, however, overwrite /opt/etc/init.d/S80pixelserv-tls with a clean one, so if you have any customizations, make note.

edit: assuming you have entware-ng
 
It will, however, overwrite /opt/etc/init.d/S80pixelserv-tls with a clean one, so if you have any customizations, make note.

edit: assuming you have entware-ng
AB will replace /opt/etc/init.d/S80pixelserv-tls with its own file during the checks.
 
I have a problem with pixelserver-tls running listening on 0.0.0.0:443. The problem is - I'm also running openvpn on :443.
I could bind openvpn to my public ip (sadly I can't bind it to ppp0), but I also need to have pixelserver-tls bound only to floating-ip:443. Can this be done from ab-solution?

I could also run pixelserver-tls on a different port and use iptables to do a nat/mangle to change dst port for traffic to floating_ip:443 -> floating_ip:444

Are there easier ways to doing this? I could try sslh as well...
 
I have a problem with pixelserver-tls running listening on 0.0.0.0:443. The problem is - I'm also running openvpn on :443.
I could bind openvpn to my public ip (sadly I can't bind it to ppp0), but I also need to have pixelserver-tls bound only to floating-ip:443. Can this be done from ab-solution?

I could also run pixelserver-tls on a different port and use iptables to do a nat/mangle to change dst port for traffic to floating_ip:443 -> floating_ip:444

Are there easier ways to doing this? I could try sslh as well...
0.0.0.0 is a non-routing internal IP address and AFAIK unusable for what you want to do.
AB-Solution does not allow to set this IP as pixelserv-tls IP.
 
I have a problem with pixelserver-tls running listening on 0.0.0.0:443.
Just to expand on that:
For a request for a blocked domain your browser gets told the domain is hosted at 0.0.0.0:443. Which the browser, or rather the system the browser runs on translates as being a local address. And not on the router. This makes installing pixelserv-tls on the router and its services useless.
 
As usual, I wanted to try pixelserv-tls 2.1.0-test.1 . Being a test version, it is not stable enough and crashing quite frequenctly. Now I want to go back to the 2.0.1-rc4 version. I tried to do that using opkg which failed.

Code:
opkg --force-reinstall install pixelserv-tls
No packages removed.
Installing pixelserv-tls (V35.HZ12.Kk-1) to root...
Collected errors:
 * opkg_download_pkg: Package pixelserv-tls is not available from any configured src.
 * opkg_install_pkg: Failed to download pixelserv-tls. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package pixelserv-tls.

I installed the rc4 version using the script provided by @kvic from
https://kazoo.ga/pixelserv-tls/install-beta.sh . As the version is changed, the script no longer works for rc4. Any suggestion on how I can go back or install the rc4?

Update: already answered at #2603.
 
Last edited:
As usual, I wanted to try pixelserv-tls 2.1.0-test.1 . Being a test version, it is not stable enough and crashing quite frequenctly. Now I want to go back to the 2.0.1-rc4 version. I tried to do that using opkg which failed.

Code:
opkg --force-reinstall install pixelserv-tls
No packages removed.
Installing pixelserv-tls (V35.HZ12.Kk-1) to root...
Collected errors:
 * opkg_download_pkg: Package pixelserv-tls is not available from any configured src.
 * opkg_install_pkg: Failed to download pixelserv-tls. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package pixelserv-tls.

I installed the rc4 version using the script provided by @kvic from
https://kazoo.ga/pixelserv-tls/install-beta.sh . As the version is changed, the script no longer works for rc4. Any suggestion on how I can go back or install the rc4?
As answered above:
Download your version (v2.0.1) from here: https://github.com/kvic-z/pixelserv-tls/releases
Unzip it locally and copy the pixelserv-tls.... binary to /opt/bin/ and rename it pixelserv-tls then chmod it to 0755.
Then restart ps through the AB UI, it will fix the rest.
 
I moved and renamed the file to my usb in /opt/bin/ in windows (through samba). Is it possible to chmod it to 0755 from a windows environment?
No, Samba does not support that, its a windows protocol and does not support this kind of rights management.
Use the terminal and enter:
Code:
chmod 0755 /opt/bin/pixelserv-tls
 
Just to expand on that:
For a request for a blocked domain your browser gets told the domain is hosted at 0.0.0.0:443. Which the browser, or rather the system the browser runs on translates as being a local address. And not on the router. This makes installing pixelserv-tls on the router and its services useless.
You're right, I was under the impression that it was binding all interfaces for that port and it's not:
Code:
tcp        0      0 192.168.1.254:443       0.0.0.0:*               LISTEN      1112/pixelserv-tls
However, openvpn is. I'll talk to RMerlin about it:
Code:
tcp        0      0 :::443                  :::*                    LISTEN      967/vpnserver1
Thanks, and sorry for the noise.

One technical question though - since you're tricking the client to connect to pixelserv-tls by doing DNS spoofing, how can pixelserv generate valid certificates (on the fly) for the domain it's spoofing? I haven't installed a fake "trusted" CA in my clients.
 
Status
Not open for further replies.

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top