Thank you for visiting my website.

Posted on April 6, 2021 | by haywardgb

Hi, my name is Hayward. I'm a Linux VPS administrator and remote IT support technician.

I can help you set up and manage everything from game servers to email servers and Tor websites to WordPress. This blog is where I post articles and snippets of information that clients have frequently asked me about. For everything else please visit my business website, where you can find my contact details.

I'm especially interested in working on projects relating to human rights, activism, freedom of speech, etc.

My Recommendations

Posted on June 11, 2020 | by haywardgb

Hosting, Domain Names

Cloudflare.com: Fast, secure CDN and much more. Get started for FREE.

Vultr.com: VPS Hosting, Dedicated Cloud, Block Storage and Bare Metal.

WordPress.org: Open-source content management system.

WinNMP: Nginx, MariaDB, Redis, PHP development stack for Windows.

WampServer: Apache, MySQL, PHP development stack for Windows.

Mail-in-a-Box: Easy-to-deploy email server, free and open-source.

Pleroma: Open-source federated alternative to Twitter.

PeerTube: Open-source federated alternative to YouTube.

Developing, Coding, Creative..

khanacademy.org: Free online computer programming courses.

Getbootstrap.com: The worlds most popular HTML, CSS and JS library.

FontAwesome.io: Iconic font and CSS toolkit.

JQueryForm.com: Professional web form builder, mobile-friendly.

Oracle VM VirtualBox: Cross-platform virtualization software.

Visual Studio Code: Free open-source code editor. Lots of extensions.

Notepad++: Free source code editor and notepad. Excellent features.

try.dot.net: Compile and run C# from your browser.

asciinema: Record and share your terminal sessions, the right way.

Gitlab: Open-source alternative to Github.

Pro Git: Free e-book. Everything you need to learn Git.

Google.ai: Learn with Google AI.

GIMP: Open-source image editor.

Inkscape.org: Professional vector graphics editor.

OpenShot.org: Award winning open-source video editor.

DaVinci Resolve: Movie and Video Editor, Free version available.

Blender.org: Open-source 3D creation suite.

Godot Engine: MIT Licensed game development engine.

OpenToonz: Open-source animation production software.

Audacity: Open-source cross-platform audio software.

File Sharing and Online Storage

Mega.nz: 50 GB free. Secure storage and messaging.

OnionShare.org: Share files, host Tor websites and chat rooms.

FireFox Send: Share files up to 2.5GB. Simple and Private.

Software Apps and Tools (General)

Picocrypt: Open source File Encryption Utility. Small, simple, secure.

FreeFileSync.org: Open source file synchronisation.

Rufus.ie: Create bootable USB drives the easy way.

Ventoy: Easy USB boot tool, simply drag and drop your ISOs to a USB.

Piriform.com: The home of CCleaner, Speccy, Defraggler and Recuva.

PuTTY: SSH client for Windows. See also: Win10 OpenSSH.

FileZilla: Free FTP client with plenty of features.

LibreOffice: Free office suite (open source alternative to MS Office).

Mozilla Thunderbird: Customisable feature rich email client.

VLC Media Player: Open source cross-platform multimedia player.

Online Security and Anonymity

1dot1dot1dot1: FREE Anonymous DNS. Fast, private and secure.

haveibeenpwned.com: Get notified if your password is pwned.

TorProject.org: Improve your privacy and security online.

Startpage.com: The worlds most private search engine.

ProtonMail.com: Secure email based in Switzerland.

ProtonVPN.com: Secure and Free to Premium VPN Service.

Qubes-OS.org: A security-oriented operating system (OS).

Letsencrypt.org: Free SSL/TLS certificates. See also: Certbot.

Bitwarden.com: FREE Open Source Password Manager.

Signal: Secure, private open-source alternative to WhatsApp.

Other...

nomoreransom.org: The no more ransomware project.

GameServerManagers.com: Linux Game Servers Management made easy.

GiffGaff.com: Get free calls and texts to your mates on GiffGaff.

Crontab Generator: A great tool for generating crontab values.

khanacademy.org: Free online courses, lessons and practice.

Linux Permissions

Posted on June 11, 2020 | by haywardgb

Where shell we begin ?

Open a terminal window by pressing Ctrl + Alt + T

Type: ls -l lower case L

You should get something like this:

drwxr-xr-x  2 owner-username group     4096   Dec 25 20:15 Templates
-rwx--x--x  1 owner-username group     36     Jul 28 2016  script.ssh

The letters at the start of each line ( drwxr-xr-x ) tell us whether it’s a file or a folder and what permissions are set for that file or folder.

Each character position is called a permissions bit, with the exception of the first character which simply defines the file type. If the first character (type) is the letter d, then it’s a folder. Otherwise if the first character is a – (dash), then it’s a file. File and folder names will be different colours, for example on my system it’s green for executables (scripts), blue for folders and red for all other files. It may vary depending on what version of Linux you’re running.

The owner-username and group show you which user owns that file or folder and which group also has access to it. Although, if you are looking at your home directory you might just see your username as owner and again as group, that’s perfectly normal. Your web servers html folder on the other hand might need the www-data group assigned to it. Which is why you have separate permission bits, so you can for example give yourself (Owner) full access (rwx), your web server (Group) read-execute (r-x) and everything else (Other) read-only (r–). You can change the Owner and Group using the chown command, which we will cover later.

Permission Bits:

There are 3 parts to the permission bits. They are: Owner, Group and Other (aka World).

Each part has 3 bits, which are (r)Read , (w)Write and (x)eXecute . Always in that order.

For example: -rwxr--r-- would give the Owner read, write and execute permissions but read-only for Group and Other.

Another example: dr--r--r-- would give Owner, Group and Other read-only access to that folder (remember the d type is folder)

Each permission bit has a value when set: r = 4 , w = 2 , x = 1 (read , write , execute).

If we take the first example and explode it, we get this: - rwx r-- r-- (type, owner, group, other)

So how do we get from -rwxr--r-- to 744 .

We simply add up the values for each permission bit respectively for Owner, Group and Other. Like this:

- (type) rwx (owner, 4+2+1 = 7) r-- (Group, 4+0+0 = 4) r-- (Other, 4+0+0 = 4)

Note: Permission bits will always be Owner, Group and Other, in that order.

Below we have an exploded example with both the letter and numerical values for each permission bit.

Type    Owner        Group       Other
        Permissions  Permissions Permissions
 -      rwx          r--          r--
        7            4            4

Setting Permissions with chown and chmod:

chmod sets the permissions (what the Owner, Group and Other can do with the file or folder).
chown sets the owner of the file(s) or folder(s).

Now let’s say that we wanted to give:
Owner (r)ead, (w)rite and e(x)ecute permissions.
Group (r)ead, (w)rite and e(x)ecute permissions.
Other (r)ead only.

We would do it like this:

chmod 774 /home/hayward/file.txt - Owner (rwx)=4+2+1, Group (rwx)=4+2+1, Other (r--)=4.

If we wanted to set those same permissions on a directory instead, we would do it like this:

chmod 774 /home/hayward/documents - Changes permissions for the /documents folder and the files inside it.

chmod 774 -R /home/hayward/documents - Changes permissions for all folders and files recursively.

Now lets look at chown.

chown user:group -R /home/hayward/documents - Sets the user and group owners for that file or folder, recursively.

chown username file.txt - Sets the owner of file.txt to username.

You may need to use sudo or be root to use chmod and chown on your system.

Also, one last bit of advice. Never , ever , ever , set file or folder permissions to 777 .
Why ? Have a think about it. Answers on a postcard please :p

Linux User Management

Posted on June 11, 2020 | by haywardgb

Let’s begin by asking, who am I ?

Before we continue, we need to make sure that our account (user login) has the permissions needed to manage users and groups.
If you are not the server owner or do not have some administrative rights, then this article is not for you.

Start by opening a terminal window by pressing Ctrl + Alt + T

Type: whoami

The output will be the username you are currently logged in as. You might also have noticed that your username makes up the first part of your command line prompt (i.e [email protected] ). For something a little more useful you can try: who -m.

Now that we know what user you’re logged in as, lets find out what groups you are a member of.

Type: groups

You should get an output similar to this (I’ve added the #comments for clarity).

[email protected]:~$ groups    #The command
hayward sudo shares admin     #The output

My logged in username is hayward, my primary group is hayward and my secondary groups are sudo, shares and admin.

The important thing to note here is that my account is a member of the sudo group (commonly known as Super User DO) .

What is sudo ?

Sudo is a program that allows users to run commands that would normally only work with higher level accounts, such as root for example. Users who need administrative privileges should be added to the sudo group, rather than given the root login and password. When a sudo group member wants to run an administrative command, they prefix it with sudo then-command-to-execute. Sudo tells the system to run the following command(s) as a substitute user, commonly the root user. The sudo user will need to provide their own password for security authentication. Nobody, even the server owner should be logging in as root, unless absolutely critical to the task in hand.

Be very careful running commands as root user. StartPage.com is your friend for more information and horror stories on using root :p

Why is my primary group the same as my username ?

The primary group is used by default when you log in, for setting ownership on files you create for example.
You can learn more about file permissions in our article: Linux Permissions 101 .

It is possible of course to change your primary group to something else, but that’s for advanced users and wont be covered here.

My username is root , what now ?

If your version of Linux didn’t prompt you to provide a username during installation (as is the case with most VPS hosting), then you’ll more than likely be logging in for the first time using the root account. This is often an unavoidable step when setting up a new server, so it’s nothing to worry about. Although you should make it a priority to prevent remote access with the root account.

Adding a new user:

The native command for adding new users is useradd, this is considered the more advanced method. But I’m trying to make your life easier, so I’ll show you how to use the second method also, which is with the adduser command (it’s actually a perl script that calls the useradd command). adduser prompts you for the information needed, while useradd expects you to provide it as part of the command line. Let’s take a look at both methods below:

adduser (recommended method).

Should your version of Linux not have adduser installed, install it with this command: sudo apt-get install adduser

If you are logged in as root:

Type: adduser newusername

If you are logged in as a user with sudo privileges:

Type: sudo adduser newusername

You will be asked to set a password for the new user and given the option to provide additional information, such as Full Name. Once you’ve set a password you can simply press enter for each of the other prompts until you’re asked if the information you provided is correct. Press Y , then Enter.

useradd (for advanced users).

Using this command will not automatically add a home directory or prompt you to set the user password.

If you are logged in as root:

Type: useradd username Without home directory or password
Alternatively: useradd -d /home/username/ -m username With home directory, note the space after /username/

If you are logged in as a user with sudo privileges:

Type: sudo useradd username Same as above, but you’ll need to enter your password to continue.
Alternatively: sudo useradd -d /home/username/ -m username Note the space after /username/

Once you’ve added the new user, set a password by typing: sudo passwd username Don’t use sudo if logged in as root.

Adding the new user to a secondary group (sudo, for this example).

If you are logged in as root:

Type: usermod -a -G sudo username Adds username to the sudo group

-a (append)
-G sudo (add user to secondary group, sudo)

If you are logged in as a user with sudo privileges:

Type: sudo usermod -a -G sudo username Same as above, but you’ll need to enter your password to continue.

This user will now be able to run commands as sudo (Super User DO).

You can switch to this new user by typing: su username To switch back, just type exit and press enter.

Tor Website on Ubuntu

Posted on June 11, 2020 | by haywardgb

This is a quick tutorial on how to set up a Tor website using Nginx on Ubuntu.

Step 1: Install Nginx

Type: sudo apt install nginx

Type: sudo nano /etc/nginx/sites-available/default

Replace the entire contents of the file with the code block below.

server {
       listen 127.0.0.1:8080 default_server;
       server_name localhost;
       root /usr/share/nginx/html;
       index index.html index.htm;
       location / {
               allow 127.0.0.1;
               deny all;
       }
}

Step 2: Install Tor

Type: lsb_release -a

Note down your Linux release version and codename.

Then visit this link and select your Linux version and codename from the drop down menu.

Follow the instructions on that page, then continue back here.

Type: sudo nano /etc/tor/torrc

Look for the following two lines of code and uncomment them, then change “127.0.0.1:80” to “127.0.0.1:8080”.

#HiddenServiceDir /var/lib/tor/hidden_service/ 
#HiddenServicePort 80 127.0.0.1:80

After making those changes, the two lines should now look like this:

HiddenServiceDir /var/lib/tor/hidden_service/ 
HiddenServicePort 80 127.0.0.1:8080

Step 3: Restart the Services

Type: sudo service nginx restart

Type: sudo service tor restart

Step 4: Test Your Tor Website

Type: sudo nano /var/lib/tor/hidden_service/hostname

Copy your .onion hostname and try it out in your Tor Browser.

Your websites html files can be found in /usr/share/nginx/html

As a final note, I strongly advise you to read Tor Hidden (Onion) Services Best Practices.

Linux Command Cheatsheet

Posted on June 11, 2020 | by haywardgb

Keyboard Shortcuts:

Ctrl + alt + t #Opens a new terminal window.
Ctrl + c #Halts the current command.
Ctrl + d #Log out of session. Same as typing exit
Ctrl + w #Delete one word on the current line.
Ctrl + u #Delete the entire line.
!! #Repeat previous command.

Process Management:

ps #Display active processes.
top #Display all running processes.
kill pid #Kills process id pid
killall proc #Kills all processes named proc

System Information:

man command #Shows the manual page for command.
date #Show current date and time.
uptime #Shows the current system uptime.
whoami #Who are you logged in as.
uname -a #Display kernal information.
lsb_release -a #Display Linux version
df #Show disk usage.
du #Show directory space usage.
free #Shows memory and swap usage.
whereis appname #Lists possible locations for appname
which app #Displays which app will be run by default.
cat /proc/cpuinfo #CPU information.
cat /proc/meminfo #Memory information.

Network Related:

ping client #Pings server client cancelled.
whois domain #Gets the whois record for domain.
dig domain #Returns DNS record for domain.
nslookup domain #Same as dig
tracepath domain/ip #Lists hops to domain/ip
traceroute domain/ip #Same as tracepath
wget http://url/file #Downloads file.
wget -c http://url/file #Continue a stopped download.

TCPDUMP:

tcpdump -i eth0 #Sniff packets on Ethernet port.

tcpdump switches:
i (Lower Case I) #Interface to sniff.
n #Shows IP and ports instead of hostname.
v #Verbose, could be used up to 3 times.
w file #Sends captured packets to file.

tcpdump expressions:
dst #Traffic destination, could be combined with port or net.
src #Traffic origin, could be combined with port or net.
port (number) #Specific port for packet capture.
portrange #Range of ports to sniff
net #Network to sniff
and #To concatenate (src 10.10.10.10 and dst 10.10.10.11)
or #Record, If either conditions are met (dst port 80 or dst port 443)

FTP:

ftp ftp.server.com #Opens an FTP connection to ftp.server.com
put #Upload a file.
mput #Upload several files (interactive by default).
get #Download a file.
mget #Download several files (interactive by default).
prompt #Disable the interactive option of mput/mget.
cd #Move to a directory.

Permissions:

chmod 744 file #Read, write and execute for all.
chmod 755 file #Owner rwx, group and world rx only.
chmod 744 -R /folder #Change all files and folder permissions recursively.
chown -R username:group /folder #Sets owner and group for this folder.

Learn more about Linux file permissions in this article.

Input and Output:

cmd1 | cmd2 #Use the result of cmd1 as input for cmd2 (PIPE).
echo hello > file #Save output to file (Will overwrite if file exists).
echo goodbye >> file #Append output to file
cmd1 < file #Return file contents as input for cmd1
cmd1 & #Execute cmd1 in the background.
cmd1 && cmd2 #Execute if both cmd1 AND cmd2 return true.
cmd1 || cmd2 #Execute cmd2 only if cmd1 returns false (nonzero).

SSH:

ssh-keygen -t rsa -b 4096 #Generate key pairs for user.
ssh [email protected] #Connect to server as user
ssh -p (port) [email protected] #Connect to server on port as user
ssh-copy-id [email protected] #Add your key to server

User Management:

adduser user #Simplest way to add a user with prompts.
useradd -d /home/user -m user #Add a user without prompts.
passwd user #Set password for user.

Additional options for useradd:
-a #append
-m #Create home folder
-d #Path to home folder
-s #Shell for the user
-c #Comments for the user
-U #Create group with user
-G #Specify other groups for the user
-e (expiry date) #Date format YYYY-MM-DD
chage -M (days) user #Set password expiration for that user

Learn more about user management in this article.

File and Directory Commands:

ls -al #Formatted directory listing, including hidden files.
pwd #Shows the current directory you're in.
cd - #Switch to previous directory.
cd ~ #Changes to your home directory.
mkdir dir #Creates a directory called dir
rm -r dir #Deletes the directory called dir
rm file #Deletes file
rm -f file #Force removes file
rm -rf dir #Force delete directory dir
cp -r dir1 dir2 #Copy dir1 to dir2 , creates dir2 if necessary.
cp file1 file2 #Copy file1 to file2
mv file1 file2 #Rename file1 to file2. Or move file1 into file2 if directory.
touch file #Creates or updates file
more file #Print file contents to screen.
head file #Print first 10 lines of file to screen.
tail file #Print the last 10 lines of file to screen.
tail +0f file #Display file contents live

Searching:

grep pattern files #Search files for pattern.
grep -r pattern dir #Recursively search for pattern in dir.
locate file #Search for all instances of file

VIM:

i #Insert mode
esc #Exit back to normal mode
: (Colon) #Command mode

Command mode:
q #Exit (warns if changes made without saving).
q! #Exit without saving changes.
w #Save current changes and continue.
x #Save changes and exit.
/pattern #Search for text pattern
UP ARROW (key) #Shows last command used, same as bash.
split #Divides the screen

Normal mode:
n #Cycles through each instance of search pattern (top to bottom).
d #Delete and copy the line.
x #Delete what is under the cursor.
p (lower case) #Paste after cursor.
P (upper case) #Paste before cursor.
u #Undo last action or command.
ctrl+r #Redo last action or command.
h #Move cursor left.
j #Move cursor down.
k #Move cursor up.
l (Lower case L) #Move cursor right.
0 (Zero) #Jump to first character of the line.
^ (Circumflex) #Jump to first non white character of the line.
$ #Jump to last character of the line.

SCP:

scp file [email protected]:/path/file #Copy local file to remote server.
scp [email protected]:/path/file . #Copy file from server to local host.
scp -r /path/dir/ [email protected]:/dir/ #Copy local dir to remote server.
scp -r [email protected]:/dir/ . #Copy dir from remote server to local host.

Compression:

tar cf file.tar files #Create a tar file named file.tar containing files
tar xf file.tar #Extract the files from file.tar
tar czf file.tar.gz files #Creates a tar file with Gzip compression.
tar xzf file.tar.gz #Extract a tar file using Gzip.
gzip file #Compresses file and renames it file.gz
gzip -d file.gz #Decompresses file.gz back to file

installation:

Install from source files:
./configure
make
make install

dpkg -i package.deb #Install from Debian package
rpm -Uvh package.rpm #Install from RPM package

Tips & Tools for online Anonymity.

Posted on January 19, 2020 | by haywardgb

You're never 100% anonymous over the Internet. You'll always leave some trace or clue somewhere for someone with the right resources and skills to follow.

Some Tips For Better Anonymity

Install a VPN client and use it when you want to keep your internet activity private from your ISP.
Consider using the Tor browser instead of your regular browser for added anonymity and privacy.
If you're tech savvy or fancy a challenge then give Qubes OS a try. It's the operating system Edward (Ex CIA) Snowden recommends.
Trust nobody. Don't share personal information with others, no matter how nice or honest they seem.

Recommended Privacy and Anonymity Tools

ProtonVPN: You can download and use the software for free. Giving you a limited but very secure connection when needed. Use it when accessing public networks or checking your ProtonMail etc. A Virtual Private Network lets you connect to external websites and other cloud services via a secure connection. Anyone trying to intercept the traffic between your computer and the destination server will only see encrypted data.

ProtonMail: Simply put, it's email with encryption built-in. You can register and use it anonymously, which makes it a great choice for whistle blowers, freelance journalists and hacktivists alike. Your inbox, sent items, drafts folders etc are all encrypted and can only be accessed with your decryption key, meaning that even if someone hacked your account, without the encryption key, they will just see lots of encrypted text. The only drawback to encrypted email in my experience, is that both you and your recipient must be using an encrypted email service for it to be secure. Alternatives to ProtonMail are: Tutanota (Generous 1GB inbox, more than ProtonMails) and StartMail (No FREE accounts).

Tor: Tor offers you both the ability to browse the Surface Web and Deep Web anonymously, and even host your own hidden (website) service. The Surface Web is anything that can be indexed by regular search engines like Google. The Deep Web websites are those sites that can only be accessed if you know the server IP or private domain name (search engines are oblivious to their existence), Tor is also used to access .onion websites, the Darknet (slightly deeper and more hyped than the Deep Web). I highly recommend using Tor for all your browsing.

Qubes OS: Qubes is a Linux operating distro built with anonymity and privacy in mind. In short, Qubes OS can be configured to run apps in isolated areas of memory, called Qubes. You can even set up your email client to create single-use disposable Qube for opening attachments. Which means, isolating any potential security risks to that single Qube, firewalling it off from the rest of the system.

Other websites worth checking out:

https://www.privacytools.io/: Encryption against global mass surveillance.