Tag Archives: vps

Bridging Ethernet interfaces in Ubuntu 12.04

If you searching tutorial on how to create bridged interface, maybe you’ll refer to Ubuntu documentation. Honestly, it’s hard. Maybe it works. But in my case, it doesn’t.

Nevermind, here I give you guide on how to do it in easier way.


sudo apt-get install bridge-utils

It will create new interface called br0


sudo brctl addbr br0
sudo brctl addif br0 eth0 eth1

You can restart you interface by this command:

sudo /etc/init.d/networking restart

You also can setup bridged interface automatically on boot by adding this to /etc/network/interfaces:

auto br0
iface br0 inet static
bridge_ports eth0 eth1

The important param is bridge_ports, which assign the ethernet port to bridge interface.

Install Rockmongo on Ubuntu

For people who are searching for mongodb web admin interface, here I suggest you to use Rockmongo.

RockMongo is a MongoDB administration GUI tool, written in PHP 5.
You can read more at here.

So, first you need to install php-mongo on Ubuntu
Install PHP Pear package;

$sudo apt-get install php-pear

Then, install PHP-Mongo driver that connects PHP and MongoDB;

$sudo pecl install mongo

Then, configure PHP-Mongo driver in Apache2

$nano etc/php5/apache2/php.ini

add line below;


Restart Apache2 server

$sudo service apache2 restart

Then, download Rockmongo from web

Extract to /var/www/ folder

unzip rockmongo-.zip /var/www/

Edit config.php file an fill the required info (if any)
* In my case, I didn’t change anything

Open the web interface at http://localhost/rockmongo/

 Fill the credential (username : admin, password : admin by default)

And here the screenshot of the interface :

Honeypot after 1 week hosted..

So, I spend my holiday installing & configuring honeypot at my new vps.
I managed to installed Dionaea, Kippo, p0f (still has error permission denied T__T) & thug.
And for the interfaces, I install DionaeaFR and Kippo-Graph on my honeypot.

Currently I still on research for smtp honeypot. If you have 1, please do suggest to me. 🙂

 Dionaea. 4 unique URL for malware download. 9 malware binaries captured.

Kippo. Total login attempts : 7478. Distinct source IP addresses : 19

Script to install Thug honeypot on Ubuntu 12.04

Thug is a Python low-interaction honeyclient aimed at mimicking the behaviour of a web browser in order to detect and emulate malicious contents. It based on Python + V8 JS engine. You can go to the website or google to understands more about this awesome application.

So, here I share to you a script that automate the building and compiling Thug honeypot + V8 on Ubuntu machine:


#Install some dependencies for the building process
sudo apt-get install -y autoconf build-essential git-core scons subversion libboost-dev libboost-python-dev libboost-thread-dev libboost-system-dev libtool mongodb python-bs4 python-chardet python-cssutils python-dev python-html5lib python-httplib2 python-zope.interface python-pymongo python-pefile python-setuptools

sudo easy_install beautifulsoup4

#Obtaining libemu via Git
cd /tmp/
git clone git://git.carnivore.it/libemu.git

#Configure and install
cd /tmp/libemu/
autoreconf -v -i
./configure –enable-python-bindings –prefix=/opt/libemu
sudo make install
sudo ldconfig -n /opt/libemu/lib

#Obtaining pylibemu via Git
cd /tmp/
git clone https://github.com/buffer/pylibemu.git

#Build and install
cd /tmp/pylibemu/
sudo sh -c “echo /opt/libemu/lib > /etc/ld.so.conf.d/pylibemu.conf”
python setup.py build
sudo python setup.py install

#Obtain the codes via svn and git
cd ~
git clone https://github.com/buffer/thug.git
cd ~/thug/
svn checkout http://v8.googlecode.com/svn/trunk/ v8

#Apply the Thug’s patch for V8
cp patches/V8-patch* .
patch -p0 < V8-patch1.diff
rm V8-patch*

#Build and compile python wrapper for V8. This process will compile the V8 engine at the same time
cd /tmp/
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
export V8_HOME=$HOME/thug/v8
cd pyv8
python setup.py build
sudo python setup.py install

I really appreciate if you can share with me your experience using this software in production/real-life. 🙂 

Error when installing python2.7-dev on Ubuntu 12.04 (OpenVZ)

As the title above, I think you will encounter the same problem when trying to install software on vps that using OpenVZ

I encounter this problem during my honeypot installation on my new vps when I try to install python2.7-dev onto Ubuntu 12.04.

The error shows something like this;

libc6-dev : Depends: libc6 (= 2.15-0ubuntu10.2) but 2.15-0ubuntu10+openvz0 is to be installed
E: Unable to correct problems, you have held broken packages.

To solve it, modify the file at /etc/apt/preferences.d/99ovz-libc-pin

Replace from this line:

libc-bin libc6

become this line;

libc-bin libc6 libc6-dev libc-dev-bin

Save it, update & enjoy. 🙂

Installing Owncloud on Nginx (Ubuntu 12.04)

Here I want to share with you on how to create your own sync server like dropbox.
The software that we will use is ownCloud.

But before we start, please ensure that you already have the up & running nginx.
For tutorial, please refer here.

1. Make sure your OS is updated

apt-get update
apt-get upgrade

2. Install required package

apt-get install php5-cgi autoconf automake autotools-dev curl libapr1 libtool curl libcurl4-openssl-dev php-pear php-xml-parser php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-sqlite php5-fpm

3. Edit nginx site config file file

vi /etc/nginx/sites-available/default

4. Edit like this;
Copy line below;

server {
        listen   80;
        root /usr/share/nginx/www;
        index index.php index.html index.htm;
        server_name _;

        location / {
                try_files $uri $uri/ @webdav;

        location ~ ^/(data|config|.ht|db_structure.xml|README) {
                deny all;

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/www;

        location ~ .*.(php|php5)?$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+.php)(/.+)$;
                fastcgi_pass unix:/tmp/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;

        location ~ ^/owncloud/remote.php(/.*)$ {
                fastcgi_split_path_info ^(.+.php)(/.*)$;
                fastcgi_pass unix:/tmp/php5-fpm.sock;
                include fastcgi_params;

        location @webdav {
                fastcgi_split_path_info ^(.+.php)(/.*)$;
                fastcgi_pass unix:/tmp/php5-cgi.sock;
                include fastcgi_params;

        location ~ /.ht {
                deny all;

The “root /usr/share/nginx/www” line defines the root directory for nginx.
You can change it to other path you like.

5. Edit /etc/php5/conf.d/xcache.ini
Edit this two line;

xcache.size = 64M
xcache.var_size = 64M

6. Edit /etc/php5/fpm/php.ini
Edit this two line;

post_max_size = 2G
max_upload_size = 2G

7. Reload php5-fpm

/etc/init.d/php5-fpm reload

8. Get latest owncloud file (Latest 4.5 (4.5.5))

wget http://mirrors.owncloud.org/releases/owncloud-4.5.5.tar.bz2

9. Extract it at /usr/share/nginx/www

tar xvf owncloud-4.5.5.tar.bz2

So the path will be /usr/share/nginx/www/owncloud after extracted & the URL will be http://localhost/owncloud

10. Set the directory permissions;

chown -R www-data:www-data /usr/share/nginx/www

Replace ‘/usr/share/nginx/www‘ with your own path you prefered. (The path must be the same with the one in /etc/nginx/sites-available/default)

11. Go to http://localhost/owncloud or http:///owncloud
Create new admin account. Also please unsure that the path on data folder is correct.

12. Create new folder name “clientsync“, something like this;

13. Get Desktop Sync Clients at here http://owncloud.org/sync-clients/
Install it. Put your credential accordingly.

14. If everything fines, then your owncloud has been configured properly. Congratz!

Done. Hope it helps. 🙂

Installing vsftpd on Ubuntu 12.04

Today I want to share steps on how to install & configure ftp server on Ubuntu.
The server that I’ll use is vsftpd.

1. Make sure your OS is updated

apt-get update
apt-get upgrade

2. Install vsftpd

apt-get install vsftpd

3. Edit the vsftpd config file

vi /etc/vsftpd.conf

Copy this line below:

# Example config file /etc/vsftpd.conf
anonymous_enable=NO       # Allow anonymous FTP?
local_enable=YES                # Allow local users to log in
write_enable=YES                # Enable any form of FTP write command
dirmessage_enable=YES      # Activate directory messages
xferlog_enable=YES            # Activate logging of uploads/downloads


local_root=/usr/share/nginx/www/       # Specifies the directory vsftpd changes to after a user logs in
userlist_enable=YES                             # If user tries to log in using a name in this file, they will be denied before they are asked for a password
userlist_file=/etc/user_list                     # Path to userlist_file

You can change local_root dir to your preferred  that you want.

4. Edit ftpusers file

vi /etc/ftpusers

Comment in-front of word root.

5. Create new file for user_list but do not fill anything

touch /etc/user_list

6. Restart the vsftpd

service vsftpd restart

Done. Hope it helps. 🙂

Install UnrealIRCd on Ubuntu 12.04

In this tutorial, I will show you how to setup UnrealIRCd on Ubuntu 12.04.

1.Update OS and install required packages:

2.Maximize limits
The default max amount of connections for a user is 1024.
Open the file for edit by:

Go to line 63:

change the value 1024 to 64000

3.Add new user
We are not going to install the IRCd from root, so we are adding new user (ircd), and lifting its limit:

Scroll down to the end of file (use the [Page Down] button on your keyboard). Add the following 2 lines at the end of file:

4.Now add the new user for ircd

it will require you to enter new password for user ircd:

it also will ask about new user info. mine is like this:

5.Login to the new user ircd

To make sure you’re actually logged in as ‘ircd’ type:

6.Begin IRCd Setup
Download & install UnrealIRCd

Then, run this command to start install:

you will see something like this:

press [ENTER]. Then you can hit [SPACE] until you see this:

which you has reached end of file. Press [ENTER].

Then, you should see something like this:

Here is where you can adjust the installer options. Press [ENTER] as we will using default configuration except the second last option:

As you can see, in the second last option, “How many file descriptors (or sockets) can the IRCd use?“, here I type in: 64000 as my new option. After that, hit [Enter].
After the last option, the script will start compiling all the necessary things together.

*You can also change the option to suite with your needs.

If everything is OK, you should see something like this:

which indicate you can proceed to the next step.

Now, type “make” to start install.

Now the script will start compiling and install. it may takes sometime to solve.

If all went good with out any errors, then you should see this:

7.Create the following 3 empty files:

8.And finally, the configuration file, unrealircd.conf

Here is an example of working configuration file with notes, so you can easily modify it.
Copy all line below:

9.Now you should be good to go, start the server:

If you get any errors, check the line of the error on the unrealircd.conf

You can verify if you irc has started of not by using netstat:

Anything regarding unrealircd confi file, you can refer it here:

Create a VPN Server on Ubuntu 12.04 (OpenVZ)

As we know, VPN is frequently needed in order to connect to the Internet or other device in more safer way. So today I want to show you how to create your own VPN server using OpenVPN on Ubuntu 12.04

First, we run apt-get update & apt-get upgrade to update & upgrade the repo/package
Then, we get the openvpn & openssl package via apt-get install openvpn openssl

After that, cd  to openvpn dir;

cd /etc/openvpn

Then, we copy the file to the correct dir;

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa

Edit the vars file;

vi easy-rsa/vars

Change from this;

export EASY_RSA=”`pwd`”

to this;

export EASY_RSA=”/etc/openvpn/easy-rsa

Then, we run this 2 commands;

. ./easy-rsa/vars

Enter the dir;

cd easy-rsa

Link the config file;

ln -s openssl-1.0.0.cnf openssl.cnf

Then, we reverse the dir a step back, then we run this commands;

cd ..

./easy-rsa/build-ca OpenVPN
./easy-rsa/build-key-server server
./easy-rsa/build-key client1

Edit the config gile;

vi openvpn.conf

Begin openvpn.conf contents – copy below this line

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
status /var/log/openvpn-status.log
verb 3
push “redirect-gateway def1”
#set the dns servers
push “dhcp-option DNS”
push “dhcp-option DNS”
log-append /var/log/openvpn

end openvpn.conf contents – copy above this line

Enable ipv4 ip_forwarding;

echo 1 > /proc/sys/net/ipv4/ip_forward

Do “ifconfig” to get adapter name and ipaddress (venet0 was mine since my vps is using openvz)

Then, we put this iptables rule;

iptables -t nat -A POSTROUTING -s -o venet0 -j SNAT –to YOUR.VPS.IP

Please ensure that you vps ip is correct

Then we go dir backward & edit the sysctl file;

cd ..
vi sysctl.conf

uncomment (remove the #) from the line containing #net.ipv4.ip_forward=1

Create new openvpn config file;
Begin newvpn.ovpn contents – copy below this line

dev tun
proto udp
remote YOUR.VPS.IP 1194
resolv-retry infinite
ca ca.crt
cert client1.crt
key client1.key
verb 3

end newvpn.ovpn contents – copy above this line

Copy all this file;


and place it under 1 folder (e.g. vpn client)

Start the openvpn service;

service openvpn start

The software that I use to download the files required by openvpn client is called WinSCP. It allows you to transfer files via SSH. This is useful if you do not have an ftp or http server running.

Download all the config file (vpn client folder) to client/user PC via WinSCP.

The openvpn client that I use is openvpn protable. Paste the config folder to OpenVPNPortabledataconfig
Run the openvpn client to see if it is connected or not.

Credit to geeksandtweaks.com