rejetto forum

HFS including SSl tools

SilentPliz · 268 · 271444

0 Members and 2 Guests are viewing this topic.

Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
i forgot say - my system is windows 10. Port in my settings 84. I try copy and launch program with my settins on virtual win xp. Its ok. stunnel working. In my win10 not(

stunnel errored die to port 443 in use. 0rograms such as slype and teamvoew need a settong chges

Binding service [https] to 0.0.0.0:443: Address already in use (WSAEADDRINUSE) (10048)

this is why it failed

https://answers.microsoft.com/en-us/skype/forum/all/how-do-i-stop-skype-from-using-port-80-and-443-for/fa980ca8-f732-416b-927d-1b854a850820
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline WalkMan465

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
Yeah!  8) the truth was somewhere near. How could I not notice  :o

Thanks guys  ;D

But, one question. Its normal? Image attached)
« Last Edit: July 16, 2019, 04:53:34 PM by WalkMan465 »


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
yes that is normal

that is due to public generate ssl certificate and a issue on the web to sign your certificate. you have to pay a company to sign a certificate ssl key for use in stunnel to remove that message.

https://www.sslshopper.com/ssl-checker.html

https://serverfault.com/questions/177971/how-to-trust-my-own-self-signed-ssl-cert

the fact that you hot the https error cert tell me stunnel is configured properly and working.




Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline WalkMan465

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
its that normal? After setup stunnel the logs show this:

12:18:30               The verification of the update has failed.
12:19:58      127.0.0.1   51070      Requested GET /[LOCAL SHARE]/
12:19:58      127.0.0.1   51072      Requested GET /?mode=jquery
12:22:26      127.0.0.1   51263      Requested GET /
12:22:27      127.0.0.1   51266      Requested GET /?mode=jquery
12:22:46      127.0.0.1   51281      Requested GET /?mode=jquery
12:22:48      127.0.0.1   51279      Requested GET /
12:23:16      127.0.0.1   51300      Requested GET /?mode=jquery
12:23:17      127.0.0.1   51298      Requested GET /
12:23:17      127.0.0.1   51299      Requested GET /?mode=jquery
12:37:44      127.0.0.1   51964      Requested GET /[LOCAL SHARE]/
12:37:44      127.0.0.1   51971      Requested GET /?mode=jquery
12:37:59      127.0.0.1   51971      Requested GET /[LOCAL SHARE]/
12:37:59      127.0.0.1   51972      Requested GET /?mode=jquery
12:38:24      127.0.0.1   51996      Requested GET /?mode=jquery
12:38:25      127.0.0.1   51993      Requested GET /
12:38:25      127.0.0.1   51995      Requested GET /?mode=jquery

ip adress always localhost. And what is this - "The verification of the update has failed" This assembly not update independently?

And with https connection up/down speed more slowly? How i can solve http and https connection together?
« Last Edit: July 17, 2019, 11:09:35 AM by WalkMan465 »


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
if it is standalone, yes it is normal. all traffic is ran though you loopback address 127.0.0.1 otherwise know as localhost.
probably a network issues or other request failed form stunnel to hit there update servers.

i can't say for any improvement in speed regarding stunnel and hfs(could be a thousand differt things right and wrong).

 Silentpliz has done a fantastic job at recoding and integrating stunnel into his adaptable version of hfs.
« Last Edit: July 23, 2019, 08:30:07 PM by Mars »
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1298
  • ....... chut ! shh!
    • View Profile

28-11-2019 HFS 2.3m #300 r8 is online.

NEW:
Stunnel 5.56 64 bits

HFS 2.3m #300 r8:
https://drive.google.com/folderview?id=1-8EN9sMEAtGAy28n-z272sVGfEnlkKbD

or

http://silentpliz.free.fr/hfs/hfs.2.3m_300_r8.exe

Sources:
http://silentpliz.free.fr/hfs/Sources_hfs/HFS2.3m300_r8.zip


I removed the Russian language: too many strings are not translated.
If you want completed yourself this translation for this language, use the release of this thread:


http://rejetto.com/forum/index.php?topic=13134.0
« Last Edit: November 30, 2019, 04:21:28 PM by SilentPliz »


Offline Fysack

  • Tireless poster
  • ****
    • Posts: 598
  • present picture
    • View Profile
    • Admin
I do not only predict the future. But i can definitivtly see a red tread here. Superhumans. The dudes that even.. even.. Ahh Iforgot what im going to say..  ::) My point is :  :o Now i remember. YOU ARE Steven Job dudes, you are fck Bill Gates shit! *brofist* And now, every body got hair on the.. the :-DD This is a verry good start. Who know more of everything than us? Fucking nobody! We are in the best years. LOOOT of experience. Who can actually beat us? PM mofo :-) . Golden shit asså. Yea i know, this life put you in all cind of directons. But never forget, you was the first ones. Ja, jeg kan se jeg sklir litt ut her nå, men dette er fakta. Dette kommer til å å bli bedre. Best faktisk. For et knippe med meg sykt smarte folk. Det skal du lete lenge etter. Jeg gleder meg til fremtiden. Happy new year 2020 råtasser. Er det femtende året nå?
GOD CAN READ YOUR MIND


Offline Grovkillen

  • Occasional poster
  • *
    • Posts: 7
    • View Profile
You should look into NGROK: https://ngrok.com/

You get SSL for free and you can expose the server without even changing anything on the router.


Offline danny

  • Tireless poster
  • ****
    • Posts: 281
    • View Profile
On security topic, it is possible to avoid DNS point to multi-point cleartext broadcasts. 
There is DNS over TLS, DNS over HTTPS, and there is also a classic method... 

Example (add to Windows hosts file):
185.20.49.7 rejetto.com www.rejetto.com hfsservice.rejetto.com hfstest.rejetto.com
162.88.175.4 checkip.dyndns.org
Method: Copy c:\windows\system32\drivers\etc\hosts to desktop, edit, then reverse-copy (or a hosts utility program).
To get addresses, cmd, nslookup website.com  and then search the ip to confirm owner.  Then you can force windows to get the authentic address, every time, without reliance on a cleartext lookup from a random vendor.
Windows host file can't wildcard but it can do up to 9 url's per each ip address on the same line.

Example home-size open-source router's DNSmasq:
address=/rejetto.com/185.20.49.7
address=/checkip.dyndns.org/162.88.175.4
Method:  Enter at dnsmasq custom config box in tomato or dd-wrt router.  Other Linux is similar.
DNSmasq can wildcard, so the less your are specific, the more it will go to the ip address specified.

Gap:
If your hfs.ini list of ip-services= is automatically updated to different url's, it may do DNS lookups/broadcasts point to multi-point in the clear, until you find out and manually update your local lookups.  That is how the classic method is inferior to newer methods, such as DNS over TLS, DNS over HTTPS. 

Potential patch:
If future ip-service= updates were IP addresses (not url's), that could obsolete this post. 
« Last Edit: February 27, 2020, 05:09:14 PM by danny »


Offline danny

  • Tireless poster
  • ****
    • Posts: 281
    • View Profile
There have been a large number of requests to hide the root. 
We can do that.  However, it would be better to go to post#1 and use https instead. 

I thought it good to document how to hide the root and that it isn't total security.  So, hfs menu, other options, user accounts, user group, put default login at a folder (not root).  Hfs menu, html template, change file, hideroot.tpl. 

The concept is buried treasure, so don't broadcast the location.  If it were used in combination with https (see post#1), then that is the only case where hide-root could contribute to more effective security.  Otherwise, hide-root is mainly bandwidth savings.
« Last Edit: June 14, 2020, 06:56:10 PM by danny »


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1298
  • ....... chut ! shh!
    • View Profile

Canceled release

07-03-2020 HFS 2.3m #300 r9 is online.

NEW:

-  IPservicesTime suspended


HFS 2.3m #300 r9:
https://drive.google.com/folderview?id=1-8EN9sMEAtGAy28n-z272sVGfEnlkKbD

Or

http://silentpliz.free.fr/hfs/hfs.2.3m_300_r9.exe

Sources:
http://silentpliz.free.fr/hfs/Sources_hfs/HFS2.3m300_r9.zip


I removed the Russian language: too many strings are not translated.
If you want completed yourself this translation for this language, use the release of this thread:


http://rejetto.com/forum/index.php?topic=13134.0
l
« Last Edit: March 08, 2020, 10:28:09 AM by SilentPliz »


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 856
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
@SilentPliz: I've just had an idea today... 8) Why don't add a "stealth mode" (as 'boolean' option in hfs.ini), instead of removing (or commenting) the 'IPservicesTime' feature?. For example, we could have a "stealth-mode=yes/no" (in hfs.ini), so, if 'yes' then 'IPservicesTime' will not run, but if 'no', then it will run normally. And the same "stealth-mode" could be then extended and used (in the future) for the rest of options that "make a contact" with an external server (like: search for updates, usage stadistics, seft-test, dynamic ip updater, etc). And if any of those options are needed by the user (and if "stealth-mode=yes"), then we could display a question dialog, asking something like: "This feature needs to have the 'stealth mode' disabled to function normally. Do you want to disable it now?" (and if the user click on yes, then "stealth-mode=no", and everything will work as expected). And that stealth mode could be come disabled by default (stealth-mode=no), to make life easier to new users (and any paranoid user could enable the "stealth mode" and be happy too). Well, it's just a suggestion (since IMHO, it's always better to give an option, instead of removing something). ;)
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1298
  • ....... chut ! shh!
    • View Profile
Hi leo !  ;)


I'm glad to see you active again on the forum. :)

It is not for security reasons that I suspended IPservicesTime.
This is because of this bug affecting the stability of program: https://rejetto.com/forum/index.php?topic=13234
Two users also reported this problem to me.
 
This bug seems solved now ... my "workaround" was a very bad idea which poses more problems than it solves.
I delete the release ... I post a "r10" which will be the same as the "r8", as soon as possible, for those who have already downloaded the "r9".

About your idea of ​​"stealth mode", I'm a little doubtful.
The options requiring an external server are essential for some users. Those who think otherwise have the "option" of not using them, or disabling most of them.
I see some posts at the moment about "external services", which disappear or are edited again and again ... until the answers given by those who take the time to answer them become incomprehensible.

The "ephemeral" posts are a bit annoying from my point of view.

All this to say that I do not see (even making an effort in paranoid mode ;) ) how the use of an external server for updates, searching for public ip, etc., could compromise security from the server right now. Blocking updates, seems to me possibly more damaging at the "security" level.

 :)
« Last Edit: March 08, 2020, 06:43:24 PM by SilentPliz »


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 856
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
It is not for security reasons that I suspended IPservicesTime.
This is because of this bug affecting the stability of the program: https://rejetto.com/forum/index.php?topic=13234
Two users also reported this problem to me.
Oh, nice find! I thought it was only because a 'security thing' (although, I must admit, I found it a radical decision to eliminate a function just because that). But if it was because for a bug affecting the stability, it's all OK. :)

All this to say that I do not see (even making an effort in paranoid mode ;) )
Blocking updates, seems to me possibly more damaging at the "security" level.
You are right, it was only an idea (just because some user on the forum who is talking about this), but I personally don't need it anyway. And blocking 'IP services' function, will broke a lot of essential HFS functions, so, it's something that should not be blocked (that's why I've suggested to make it optional).

I see some posts at the moment about "external services", which disappear or are edited again and again ... until the answers given by those who take the time to answer them become incomprehensible. The "ephemeral" posts are a bit annoying from my point of view.
I know what you mean. I thought I was the only one who realized about those actions ('some user' was editing, and editing, after editing all day, just to edit only a couple of words, then removing then, and making some edits again, and it was a crazy thing to keep up with that). I know moderators can view those actions, so you know who I'm talking about (I also agree ephemeral posts are annoying).

Hi leo ! ;) I'm glad to see you active again on the forum. :)
I'm trying my best to 'keep up' with every new post on the forum, but sometimes I miss some posts. Still miss the old good-days when I could contribute with new material. :-[

Cheers, :D
Leo.-
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1298
  • ....... chut ! shh!
    • View Profile
 08-03-2020 HFS 2.3m #300 r10 is online.
 
 NEW:
 Same as "r8"
 
 HFS 2.3m #300 r10:
 https://drive.google.com/folderview?id=1-8EN9sMEAtGAy28n-z272sVGfEnlkKbD
 
 or
 

 http://silentpliz.free.fr/hfs/hfs.2.3m_300_r10.exe
 
 Sources:
 http://silentpliz.free.fr/hfs/Sources_hfs/HFS2.3m300_r10.zip
 
 
 I removed the Russian language: too many strings are not translated.
 If you want completed yourself this translation for this language, use the release of this thread:

 
 http://rejetto.com/forum/index.php?topic=13134.0
« Last Edit: March 08, 2020, 01:38:27 PM by SilentPliz »