Ofline
So with recent attacks on Multics lets make our multics even better. I dont think evileyes will be updating multics anymore as R81 is the last release.
PLEASE DO NOT PM ME asking me for help. All discussions should be on this thread only so everyone can benefit.
What do we need to do:
Let's get started
How to install Apache
configuring a reverse proxy. Edit the following file: /etc/apache2/sites-enabled/000-default and add the following. Make sure you edit the config below as asked:
enable mod_proxy
Restart apache 2
Now you can access your multics using the domainname.com/ (remember to put the "/" at the end).
You can only access using the domain as you configured. Another domain pointing to same host will NOT WORK
Let's block access to multics PORT, so no one can access this.
that's it!!!
your multics is now secure:
PLEASE DO NOT PM ME asking me for help. All discussions should be on this thread only so everyone can benefit.
What do we need to do:
- Limit multics access
- block /cachepeer page. This page is useless anyway as it only gives you info about your cache peer profiles etc, but this is the page that recently was used for SMS hack by using the text box to execute a Cross Site Request Forgery hack (Google CSRF if you dont know what that is).
- implement firewall rules using IPtables to block access to multics web interface.
Let's get started
How to install Apache
Code:
sudo apt-get update
sudo apt-get install apache2configuring a reverse proxy. Edit the following file: /etc/apache2/sites-enabled/000-default and add the following. Make sure you edit the config below as asked:
enable mod_proxy
Code:
a2enmod proxy_http
Code:
<VirtualHost *:80>
ProxyRequests Off
ServerName YOUR_DOMAIN_HERE
# edit multics info below
ProxyPass / http://localhost:multics_PORT/
ProxyPassReverse / http://localhost:multics_PORT/
#block cache peer page
<Location /cachepeer>
Order deny,allow
deny from all
</Location>
</VirtualHost>Restart apache 2
Code:
service apache2 restartNow you can access your multics using the domainname.com/ (remember to put the "/" at the end).
You can only access using the domain as you configured. Another domain pointing to same host will NOT WORK
Let's block access to multics PORT, so no one can access this.
Code:
iptables -I INPUT -p tcp -m tcp --dport multics_PORT -j REJECT
iptables -I INPUT -s 127.0.0.1 -p tcp -m tcp --dport multics_PORT -j ACCEPT
iptables -I INPUT -s your_server_ip -p tcp -m tcp --dport multics_PORT -j ACCEPT
iptables-save
make sure you load these rules after rebooting..that's it!!!
your multics is now secure:
- no one can access your multics from their desktop.
- only YOU can access your multics with your secret domain
- cachepeer page is blocked, so if your peers still don't follow this tutorial you are still protected by SMS hack!!