Archive for June, 2008
Using SSH For Secure Web Browsing
With fraud on the rise everyone has a need for a secure Internet connection, weather this is to do some online banking or possibly checking a social networking site such as Facebook or MySpace. You can have peace of mind while browsing via a public computer or wireless Internet connection by using a SSH tunnel to encrypt your data.
When i was a student at college i quite often used a SSH tunnel to bypass the strict filtering policy imposed by the local network administrators, this enabled me to access blocked sites such as MySpace and Facebook and also to log into my Internet banking with peace of mind that my credentials are fairly secure. To take advantage of a SSH tunnel you are going to require a few tools which i shall list.
- SSH Account
- Putty (SSH Client)
- Portable FireFox
- 3proxy
First off we are going to need to get a SSH account on a server somewhere, you may know a friend who owns a server and is willing to let you have a shell account or you may have to purchase one from a shell provider. Luckily for me i happen to own a number of virtual servers which i shall be using one for this tutorial. Obtaining a SSH account is beyond the scope of this tutorial but using a tool such as Google should assist you in finding a provider.
OK so assuming you now have your SSH account we need to login using the Putty SSH client. Go ahead and enter your user name and password then hit return.
You should now be logged in and see a black screen with some white writing that looks similar to the following.
login as: greg
greg@10.10.10.10’s password:
Last login: Sun Jun 8 01:43:21 2008 from 10.10.10.20
[greg@vm103 ~]$
Now you are logged in you need to run a command to download 3proxy.
[greg@vm103 ~]$ wget http://3proxy.ru/0.5.3k/3proxy-0.5.3k.tgz
OK so now we have downloaded the archive we need to extract it so that we can start work on compiling the binary. You will now need to run another command
[greg@vm103 ~]$ tar xvfz 3proxy-0.5.3k.tgz
The archive has now been extracted to its original structure before it was archived and compressed. We now need to start compiling the sources to build the executable binary file. Once again go ahead and run the following command.
[greg@vm103 ~]$ make –makefile=Makefile.unix
Now its time to go and get a drink or a bite to eat while the program compiles. This is not a massive application so should not take too long to compile depending on the hardware specs of your SSH server.
Once the compilation is complete your shell should be displaying something similar to
make[1]: Leaving directory `/home/greg/src’
[greg@vm103 ~]$
Congratulations you have just compiled 3proxy and it is ready to be run. So once again just a few more commands to run and the proxy will then be listening for connections
[greg@vm103 src]$ cd src
[greg@vm103 src]$ ./proxy -d -i127.0.0.1 -e78.129.159.162 -p6500 -a
Obviously for this to work with your configuration you are going to need to change some values. The “-d” flag means that the application will be daemonized (run in the background) which enables you to still use the shell and safely close it without killing the proxy server process. The local interface to listen on is defined by -i and in this case we should leave this as 127.0.0.1 as it stops anyone from using your proxy unless they already have access to the server its self which we do. You also need to let the proxy server know what IP to connect out on as usually a web server will have more than 1 IP address so set this to the IP address you want to appear to be connecting from. And finally you need to specify a port number to listen on and we have chosen 6500 but you may chose another port as long as it is not lower than 1024.
OK so you think your proxy is running? we can check that it is running by using a simple Linux command.
[greg@vm103 src]$ ps x
PID TTY STAT TIME COMMAND
15141 ? S 0:00 sshd: greg@pts/0
15142 pts/0 Ss 0:00 -bash
15245 ? Ss 0:00 ./proxy -d -i127.0.0.1 -e78.129.159.162 -p6500 -a
15251 pts/0 R+ 0:00 ps x
[greg@vm103 src]$
You can easily see that the command we ran to execute the proxy server is running and has been assigned the PID of 15245. So far we have downloaded and compiled 3proxy and set it running and listening for an incoming connection. You can test that the proxy is accepting connections easily by using the telnet command.
[greg@vm103 src]$ telnet localhost 6500
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
Success! you have locally connected to the running proxy server, you will now need to exit from this by holding ctrl and pressing the ] character on the keyboard, now type quit and hit return.
Now we need to create a tunnel to the proxy server using the Putty SSH client, to make this easier i have provided screen shots of the process.
Before you can create the tunnel you need to create a saved session on Putty that will store your server details and also the important flag that tells putty to create the tunnel.
Once you have entered your connection details into Putty you will need to click on save and magically your session have been saved. Now just for safe measure click on the session name you selected and click load just so we know it is the correct session that we currently have loaded.
The 2nd from last you now need to setup the port forwarding (tunnel) on Putty so that the port that is listening on the proxy server is tunneled via an encrypted SSH session back to your PC.
Now you have completed all the steps required for the port forwarding to work you can set your web browser proxy settings to “localhost” on port 8080. Now visit a site such as http://whatismyip.com/ and the site should tell you that the IP you are visiting from is the server IP address you specified earlier.
Enjoy your secure filter bypassing tunnel 
Using Google Mail With Your Own Domain
If you have ever switched ISP and then lost your email address as a result you will know how useful it is to have your own domain. Having an email address on your own domain will enable you to keep your same email address when switching ISP’s
You may also know that hosting a domain on a web server can get expensive with regular monthly payments and so on. This has now changed thanks to the clever guys from Google who have recently launched Google Apps.
This ingenious idea by the guys from Google allows you to host your own email on their servers with a very generous 6 gigabytes of email storage and all the extra features that gmail offers such as one of the best spam detection systems available today.
Does all this sound appealing? Are you now wondering how you can host your own domain on google’s servers? Well the answer is here and I have compiled a how to so that you too can enjoy the benefits of Gmail with the personal identity of your own domain.
Getting Started
First off we need to point our MX records to the Google servers. Each domain provider has different control panels so these steps may vary slightly. You will need the following MX records with the priorities listed.
ASPMX.L.GOOGLE.COM. (MX Priority 1)
ALT1.ASPMX.L.GOOGLE.COM. (MX Priority 5)
ALT2.ASPMX.L.GOOGLE.COM. (MX Priority 5)
ASPMX2.GOOGLEMAIL.COM. (MX Priority 10)
ASPMX3.GOOGLEMAIL.COM. (MX Priority 10)
Ok now we have made these changes it can take some time for your DNS settings to update 24/48 hours is the norm. No need to panic as in the meantime we can get on with registering our Google Apps account.
Creating the account
As we are wanting something for nothing we are going to use the “Standard Edition” of the Google Apps service. Navigate to http://www.google.com/a/help/intl/en/admins/editions_spe.html and once on the page select the “Standard Edition” by clicking on the button labeled “Sign Up” under the column “Standard Edition”
Now you will be prompted to enter the domain you wish to use for your Google Apps account. Once you have entered the domain click the “Get Started” button. Now proceed to enter your personal details such as contact details, organisation details (if applicable) and so on. Once done click the “Continue” button to go to the next step.
Finally you will be asked to create the domain administrator account, you will be required to select an alias for your domain administrator account. Once you have done this you will see a disclaimer at the bottom of the screen. Read through this disclaimer and if you accept the terms and conditions click the “I accept” button.
Your account is now created but the process does not finish there. You now need to verify you are the owner of the domain you have selected. Go ahead and click the link towards the top of the page labeled “Verify Domain Ownership”
The only option you really have is to verify your domain via CNAME as i am assuming you have no web space to upload a html file. So go ahead and select “Change Your CNAME Record” from the drop down list. You will now need to go to your domain providers website and create a CNAME record with the details that are shown on this page.
After approximately 24/48 hours your domain should be verified and now you should be able to use your shiny new Gmail account with your own domain. To try it out navigate to http://mail.google.com/a/YOUR_DOMAIN obviously you will need to replace YOUR_DOMAIN with the domain you signed up using.
Congratulations you have just created a Gmail account using your own domain name. Send a test email to your self just to check things are working. If things are not working how they should go ahead and read through the FAQ as there is plenty of useful information that should be able to help you out.
Enjoy your new Gmail account