how to develop your blog

Many people ask me, how should you go about developing your blog ? How should you start to attract visitors and how can you keep those visitors. It’s best to look at this in stages or phases, you need to have a plan of action as how you are going to bring your blog to the masses. So for this article I will assume that you have your blog setup completed and you have some visitors and commentators and you are listed on google, and that you know what niche/theme your blog is about.

Developing Your Blog

One of the toughest things in having a blog is getting visitors. Once you have a steady stream of visitors you are indeed presented with another types of problems, but this is something that I will cover at a later stage. So we are in search of visitors and we are wondering what we can do to increase the number. Blog visitors mean that you have traffic on your site, and traffic can be turned into revenue, by using some of the programs listed on the main blogging page.

Blog Preparation & Research

Alas, this point sounds easy, but it is indeed all about preparation & research. Before you go to the hard work of trying to attract your visitors, it is a good idea to have at least 1 months worth of blog posts ready. Of this 1 months worth of posts, I would post about 1/2 of these. This should be roughly 10 to 15 good articles, which should be well research and thoroughly check for such silly things like grammar mistakes and typos. As for research, you should check out and make a list of other blogs that cover similar topics to you. You can use tools like google’s blog search. Type in your keywords and see what is out there in the blogosphere. Another good place to find blogs is on Technorati.com.

Finding Interested Readers

By posting a few comments on these, and possibly contacting the author of the blogs, you will gain some extra exposure. People will see your link and they might visit your site, and blog authors may link to one of your posts, and you will get visitors that way. This is a great way to get visitors, as you are contacting your target audience. People who like to read and comment on blogs and are interested in the topic you are blogging about. If you read and comment on other blogs (this is pretty likely seeing as you are motivated to start your own blog) it would advantageous if you could squeeze a link on their blog roll, or a mention on those blogs.

Blogging is all about networking, and getting the word out that you exist and that you are producing something worth while. Keeping this as your mantra to blog by

Keeping your Visitors

Now for the second part of the plan, this is where the other half of your one month’s posts come into play. I would publish these every day or every second day, with these 10 t 15 posts your visitors will start to add you into their regular reading patterns. People will start to comment more and more, and you will also see that other bloggers are likely to link to your posts.

It is in giving that you receive

Don’t be afraid to link to other (worthy) blogs in your posts. If you find something interesting and you think deserves a link then share it with your readers. State and reference your sources of ‘inspiration‘. This will have a two fold benefit, 1) your readers will think that your have a little bit more creditability for showing your sources, 2) the blogs or pages you link to might return the favour and give you a link back or a mention in return.

Anonymous FTP FAQ

Version: 3.00

How to Set up a Secure Anonymous FTP Site

The following is a FAQ on setting up a secure FTP Site. FTP sites are known for much abuse by transferring illegal files. They also open many oppurtunities for intruders to gain access via misconfigured setups. And lastly many versions of ftp servers have had security holes. This FAQ is intended to clean up this abuse by allowing administrators to go through this check list of steps to make sure their FTP is correctly configured and that they are running the most current ftp daemon.
This is organized in the following fashion, I am breaking into several parts as follows:

1. General Description of Setting up an "Anonymous" FTP server.
2. Setting up a chrooted Secure Anonymous FTP server.
3. OS Specific needed information and suggestions.
   • Older SVR2 and SVR3 system, RTU 6.0 (Masscomp, now Concurrent Real Time UNIX), and AT&T 3B1 and 3B2 machines
   • HPUX
   • Solaris 2.x
   • SunOS
4. Where to get other FTP daemons
5. How to Know if your Anonymous FTP Server is Secure
6. Archie

---

1. General Description of Setting up an "anonymous" ftp server.

1. Create the user ftp in /etc/passwd. Use a misc group. The user's home directory will be ~ftp where ~ftp is the root you wish anonymous users to see. Creating this user turns on anonymous ftp. Use an invalid password and user shell for better security. The entry in the passwd file should look something like:
   

   ftp:*:400:400:Anonymous FTP:/home/ftp:/bin/true

2. Create the home directory ~ftp. Make the directory owned by root (NOT ftp) with the same group as ftp. Thus, owner permissions are for root and group permissions are for the anonymous users. Set the permissions for ~ftp to 555 (read, nowrite, execute). Warning: Some MAN pages recommend making the ~ftp directory owned by ftp. This is a big NO-NO, if you want any type of security on your system.
   
   
3. Create the directory ~ftp/bin. This directory is owned by root (group e.g. wheel) with permissions 111 (noread, nowrite, execute).
   
4. Copy the program ls into ~ftp/bin. ls is owned by root with permissions 111 (noread, nowrite, execute). Any other commands you put in ~ftp/bin should have the same permissions as well.
   
5. Make the directory ~ftp/etc. This directory is owned by root with permissions 111.
   
6. Create from scratch the files /etc/passwd and /etc/group in ~ftp/etc. These files should be mode 444. The passwd file should only contain root, daemon, uucp, and ftp. The group file must contain ftp's group. Use your /etc/passwd and /etc/group files as a template for creating passwd and group files going to ~ftp/etc. You may even change the user names in this file, they are used only for 'ls' command. So for example if all files in your ~ftp/pub/linux hierarchy will be maintained by a real user 'balon' with uid=156 you may put

   linux:*:156:120:Kazik Balon::

   in the ~ftp/etc/passwd file (regardless of his real username). Leave only these users who will own files under ftp hierarchy (e.g. root, daemon, ftp...) and definitely remove *ALL* passwords by replacing them with '*' so the entry looks like:

   root:*:0:0:Ftp maintainer::
   ftp:*:400:400: Anonymous ftp::

   For more security, you can just remove ~ftp/etc/passwd and ~ftp/etc/group (the effect is that ls -l will not show the directories' group names). Wuarchive ftp daemon (and some others) have some extensions based on the contents of the group/passwd files, so read the appropriate documentation.
   
7. Make the directory ~ftp/pub. This directory is owned by you and has the same group as ftp with permissions 555. On most systems (like SunOS) you may want to make this directory 2555, ie. set-group-id, in order to create new files with the same group ownership. Files are left here for public distribution. All folders inside ~ftp/pub should have the same permissions as 555.
   Warning: Neither the home directory (~ftp) nor any directory below it should be owned by ftp! No files should be owned by ftp either. Modern ftp daemons support all kinds of useful commands, such as chmod, that allow outsiders to undo your careful permission settings. They also have configuration options like the following (WuFTP) to disable them:
   

   # all the following default to "yes" for everybody
   
   delete          no      guest,anonymous         # delete permission?
   
   overwrite       no      guest,anonymous         # overwrite permission?
   
   rename          no      guest,anonymous         # rename permission?
   
   chmod           no      anonymous               # chmod permission?
   
   umask           no      anonymous               # umask permission?
   
   

   
   
8. If you wish to have a place for anonymous users to leave files, create the directory ~ftp/pub/incoming. This directory is owned by root with permissions 733. Do a 'chmod +t ~ftp/pub/incoming'. The ftp daemon will normally not allow an anonymous user to overwrite an existing file, but a normal user of the system would be able to delete anything. By setting the mode to '1733' you prevent this from happening. In wuftpd you may configure the daemon to create new files with permissions '600' owned by root or any other user. Many times, incoming directories are abused by exchanging pirated and pornographic material. Abusers often create hidden directories there for this purpose. Making the incoming directory unreadable by anonymous ftp helps to some extent. With ordinary ftp severs there is no way to prevent directories being created in incoming. The WUarchive ftp server can limit uploads to certain directories and can restrict characters used in file names like this:

   # specify the upload directory information
   
   upload  /var/spool/ftp  *       no
   
   upload  /var/spool/ftp  /incoming       yes     ftp     staff   0600    nodirs
   
   
   
   # path filters                                                                                  # path-filter...
   
   path-filter  anonymous  /etc/msgs/pathmsg  ^[-A-Za-z0-9_\.]*$  ^\.  ^-
   
   path-filter  guest      /etc/msgs/pathmsg  ^[-A-Za-z0-9_\.]*$  ^\.  ^-
   
   

   Suggestion: Create an extra file-system for your ftp-area (or at least for your incoming-area) to prevent a denial-of-service attack by filling your disk with garbage (inside your incoming directory).
   If you have wuftpd you may want to add some ftp extensions like compression/decompression 'on the fly' or creation of tar files for the directory hierarchies. Get the appropriate sources (gzip, gnutar, compress), compile them and link statically, put in the ~ftp/bin directory and edit the appropriate file containing the definitions of the allowed conversions. /usr/bin/tar is already statically-linked. You may wish to use gnu tar anyway.
   Gary Mills wrote a small program to support the following:
   To do tar and compress, he wrote a tiny program called `pipe', and statically-linked it. His /etc/ftpconversions file looks like this:
   

   #strip prefix:strip postfix:addon prefix:addon postfix:external command:
   
   #types:options:description
   
   :.Z:  :  :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
   
   :-z:  :  :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
   
   :  :  :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
   
   :  :  :.tar:/bin/tar cf - %s:T_REG|T_DIR:O_TAR:TAR
   
   :  :  :.tar.Z:/bin/pipe /bin/tar cf - %s | /bin/compress -c:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
   
   :  :  :.tar:/bin/gtar -c -f - %s:T_REG|T_DIR:O_TAR:TAR
   
   :  :  :.tar.Z:/bin/gtar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
   
   :  :  :.tar.gz:/bin/gtar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
   
   

   Here it is: -----------------8<-------------cut---------------
   

   /* pipe.c: exec two commands in a pipe */
   
   
   
   #define NULL (char *)0
   
   #define MAXA 16
   
   
   
   main(argc, argv) int argc; char *argv[]; {
   
   char *av1[MAXA], *av2[MAXA];
   
   int i, n, p[2], cpid;                                                       
   
   
   
   i = 0; n = 0;
   
   while ( ++i < argc && n < MAXA ) {
   
   if ( *argv[i] == '|' && *(argv[i]+1) == '\0' ) break;
   
   av1[n++] = argv[i];
   
   }
   
   if ( n == 0 ) uexit();
   
   av1[n] = NULL;
   
   n = 0;
   
   while ( ++i < argc && n < MAXA )
   
   av2[n++] = argv[i];
   
   if ( n == 0 ) uexit();
   
   av2[n] = NULL;
   
   if ( pipe(p) != 0 ) exit(1);
   
   if ( ( cpid = fork() ) == (-1) ) exit(1);
   
   else if ( cpid == 0 ) {
   
   (void)close(p[0]);
   
   (void)close(1);
   
   (void)dup(p[1]);
   
   (void)close(p[1]);
   
   (void)execv(av1[0], av1);
   
   _exit(127);
   
   }
   
   else {
   
   (void)close(p[1]);
   
   (void)close(0);
   
   (void)dup(p[0]);
   
   (void)close(p[0]);
   
   (void)execv(av2[0], av2);
   
   _exit(127);                                                             
   
   }
   
   /*NOTREACHED*/
   
   }
   
   uexit() {
   
   (void)write(2, "Usage: pipe  | \n", 34);
   
   exit(1);
   
   }
   
   

   -------- CUT HERE ------------
   
9. Other things to do: as root:
   

   touch ~ftp/.rhosts
   touch ~ftp/.forward
   chmod 400 ~ftp/.rhosts
   chmod 400 ~ftp/.forward

   ie. make these files zero-length and owned by root. Due to the last /bin/mail bugs in SunOS:
   

   touch /usr/spool/mail/ftp; chmod 400 /usr/spool/mail/ftp

   Consider an email-alias for the ftp-admin(s) to provide an email-address for problems-reports. If you are mounting some disks from other machines (or even your own) to the ~ftp hierarchy, mount it read-only. The correct entry for the /etc/fstab (on the host with ftpd) is something like:
   

   other:/u1/linux /home/ftp/pub/linux nfs ro,noquota,nosuid,intr,bg 1 0

   This mounts under /home/ftp/pub/linux the disk from host 'other' with no quota, no 'suid' programs (just in case), interruptible (in case 'other' goes down) and 'bg' - so if 'other' is down when you reboot it will not stop you trying to mount /home/ftp/pub/linux all over again.

---

2. Setting up a chrooted Secure Anonymous ftp server.

This part was contributed by Marcus J Ranum <mjr@tis.com>

1. Build a statically linked version of ftpd and put it in ~ftp/bin. Make sure it's owned by root.
   
2. Build a statically linked version of /bin/ls if you'll need one. Put it in ~ftp/bin. If you are on a Sun, and need to build one, there's a ported version of the BSD net2 ls command for SunOs on ftp.tis.com: pub/firewalls/toolkit/patches/ls.tar.Z Make sure it's owned by root.
   
3. Chown ~ftp to root and make it mode 755 THIS IS VERY IMPORTANT
   
4. Set up copies of ~ftp/etc/passwd and ~ftp/etc/group just as you would normally, EXCEPT make 'ftp's home directory '/' -- make sure they are owned by root.
   
5. Write a wrapper to kick ftpd off and install it in /etc/inetd.conf The wrapper should look something like: (assuming ~ftp = /var/ftp)

   main()
   
   {
   
   if(chdir("/var/ftp")) {
   
    perror("chdir /var/ftp");
   
    exit(1);
   
   }
   
   if(chroot("/var/ftp")) {
   
    perror("chroot /var/ftp");
   
    exit(1);
   
   }
   
   /* optional: seteuid(FTPUID); */
   
   execl("/bin/ftpd","ftpd","-l",(char *)0);
   
   perror("exec /bin/ftpd");
   
   exit(1);
   
   }
   
   

   Options: You can use 'netacl' from the toolkit or tcp_wrappers to achieve the same effect.
   We use 'netacl' to switch so that a few machines that connect to the FTP service *don't* get chrooted first. This makes transferring files a bit less painful.
   You may also wish to take your ftpd sources and find all the places where it calls seteuid() and remove them, then have the wrapper do a setuid(ftp) right before the exec. This means that if someone knows a hole that makes them "root" they still won't be. Relax and imagine how frustrated they will be.
   If you're hacking ftpd sources, I suggest you turn off a bunch of the options in ftpcmd.y by unsetting the "implemented" flag in ftpcmd.y. This is only practical if your FTP area is read-only.
   
   
6. As usual, make a pass through the FTP area and make sure that the files are in correct modes and that there's nothing else in there that can be executed.
   
7. Note, now, that your FTP area's /etc/passwd is totally separated from your real /etc/passwd. This has advantages and disadvantages.
   
8. Some stuff may break, like syslog, since there is no /dev/log. Either build a version of ftpd with a UDP-based syslog() routine or run a second syslogd based on the BSD Net2 code, that maintains a unix-domain socket named ~ftp/dev/log with the -p flag. REMEMBER:
   If there is a hole in your ftpd that lets someone get "root" access they can do you some damage even chrooted. It's just lots harder. If you're willing to hack some code, making the ftpd run without permissions is a really good thing. The correct operation of your hacked ftpd can be verified by connecting to it and (while it's still at the user prompt) do a ps-axu and verify that it's not running as root.

---

3. OS Specific needed information and suggestions.

These machines may need dev/tcp:

• Older SVR2 and SVR3 system
• RTU 6.0 (Masscomp, now Concurrent Real Time UNIX),
• AT&T 3B1 and 3B2 machines

[dev/tcp]

These ftpd implementations may require a ~ftp/dev/tcp in order for anonymous ftp to work.
You have to create a character special device with the appropriate major and minor device numbers. The appropriate major and minor numbers of ~ftp/dev/tcp are what the major and minor numbers of /dev/tcp are.
The ~ftp/dev is a directory and ~ftp/dev/tcp is a character special device. Make them owned and grouped by root. Permissions for ~ftp/dev is root read/write/exec and other & group read and exec. The permissions for ~ftp/dev/tcp is root read/write, other & group read.

HPUX

[Logging] If you're using HP's native ftpd, the line in /etc/inetd.conf should execute ftpd -l, which does extra logging.

Solaris 2.x

[Script] Solaris' man page contains a script for installing anonymous ftpd which saves time. You may still want to check over your anonymous ftpd for vulnerabilities.
Command for reading the man page is:

$ man ftpd

SunOS

[Libraries] To set up SunOS to use its shared dynamic libraries, follow these steps:

1. Create the directory ~ftp/usr. This directory is owned by root with permissions 555.
   
2. Create the directory ~ftp/usr/lib. This directory is owned by root with permissions 555.
   
3. Copy the runtime loader ld.so into ~ftp/usr/lib for use by ls. ld.so is owned by root with permissions 555.
   
4. Copy the latest version of the shared C library, libc.so.* into ~ftp/usr/lib for use by ls. libc.so.* is owned by root with permissions 555.
   Note: 4.1.2(or above) users: you also need to copy /usr/lib/libdl.so.* to ~ftp/lib.
   
   
5. Create the directory ~ftp/dev. This directory is owned by root with permissions 111.
   
6. ~ftp/dev/zero is needed by the runtime loader. Move into the directory ~ftp/dev and create it with the command:

   mknod zero c 3 12

   chown ~ftp/dev/zero to root. Make sure it's readable. Warning: For novices: Don't try to copy /dev/zero to ~ftp/dev/zero! This is an endless file of zeroes and it will completely fill your filesystem!
   
   
7. If you want to have the local time showing when people connect, create the directory ~ftp/usr/share/lib/zoneinfo and copy /usr/share/lib/zoneinfo/localtime
   
8. If you are bothered by the need for copying your libraries so that you can use Sun's 'ls', which is dynamically linked, you can try to get a statically linked copy of 'ls' instead. The CD-ROM that contains Sun's OS has a statically-linked version of ls. In this case, you can dispense with steps #6-8. Statically linked versions may be available from the following sources:
   If you want a statically linked "ls" get the GNU fileutils off a archive site near you and statically link it.
   [Logging] Sun's standard ftpd logs *all* password information. To correct it, install patch:
   

   101640-03       SunOS 4.1.3: in.ftpd logs password info when -d option is
   
   used.   
   
   

   In /etc/inetd.conf find the line that starts with "ftp". At the end of that line, it should read "in.ftpd". Change that to "in.ftpd -dl". In /etc/syslog.conf, add a line that looks like:

                          
   
   daemon.*                   /var/adm/daemonlog
   
   

   The information can be separated (or like SunOs4.1.1 does not recognize daemon.* so it requires the following form), such as:

   daemon.info                                    /var/adm/daemon.info
   
   daemon.debug                                   /var/adm/daemon.debug
   
   daemon.err                                     /var/adm/daemon.err
   
   

   Note that the whitespace between the two columns must include at least one TAB character, not just spaces, or it won't work. Of course your log file could be anything you want. Then, create the logfile (touch /var/adm/daemonlog should do). Finally, restart inetd and syslogd, either individually, or by rebooting the system. You should be good to go. If you do not install the patch, make sure the log file is owned by root and mode 600, as the ftp daemon will log *everything*, including users' passwords. Warning: You want to make all logs root only readable for security reasons If a user mistypes his password for his username, it could be compromised if anyone can read the log files.

---

4. Where to get other FTP daemons

• Wuarchive FTP 2.4- A secure FTP daemon that allows improved access-control, logging, pre-login banners, and is very configurable: Can be ftp'd from ftp.uu.net in "/networking/ftp/wuarchive-ftpd" directory. Be certain to verify the checksum information to confirm that you have retrieved a valid copy. [Warning: Older versions of Wu-FTP are extremely insecure and in some cases have been trojaned.]
  

                          BSD        SVR4         
  
       File               Checksum   Checksum    MD5 Digital Signature
  
       -----------------  --------   ---------   --------------------------------
  
       wu-ftpd-2.4.tar.Z  38213  181  20337 362  cdcb237b71082fa23706429134d8c32e
  
       patch_2.3-2.4.Z    09291    8  51092  16  5558a04d9da7cdb1113b158aff89be8f
  
  

• For DECWRL ftpd, sites can obtain version 5.93 via anonymous FTP from gatekeeper.dec.com in the "/pub/misc/vixie" directory.

                          BSD        SVR4         
  
       File               Checksum   Checksum    MD5 Digital Signature
  
       -----------------  --------   --------- --------------------------------
  
       ftpd.tar.gz        38443  60  1710 119  ae624eb607b4ee90e318b857e6573500
  
  

• For BSDI systems, patch 005 should be applied to version 1.1 of the BSD/386 software. You can obtain the patch file via anonymous FTP from ftp.bsdi.com in the "/bsdi/patches-1.1" directory.

                          BSD        SVR4         
  
       File               Checksum   Checksum    MD5 Digital Signature
  
       -----------------  --------   ---------   --------------------------------
  
       BU110-005          35337 272  54935 543   1f454d4d9d3e1397d1eff0432bd383cf
  
  
  
  

• Public Domain Sources:

  ftp.uu.net ~ftp/systems/unix/bsd-sources/libexec/ftpd
  gatekeeper.dec.com ~ftp/pub/DEC/gwtools/ftpd.tar.Z

---

5. How to Know if your Anonymous FTP Server is Secure

This section is intended for the administrator to go down a small check list of things to make sure his server is not easily compromised.

1. Check to make sure your ftp server does not have SITE EXEC command by telneting to port 21 and typing SITE EXEC. If your ftp daemon has SITE EXEC make sure it is the most current version (ie, Wu-FTP 2.4). In older versions this allows anyone to gain shell via port 21.
   
2. Check to make sure no one can log in and make files or directories in the main directory. If anyone can log in as anonymous FTP and make files such as .rhosts and .forward, instant access is granted to any intruder.
   
3. Check to make sure the main directory is NOT owned by ftp. If it is owned by FTP, an intruder could SITE CHMOD 777 the main directory and then plant files to give him instant access. SITE CHMOD command should be removed because anonymous users do not need any extra priviledges.
   
4. Check to make sure NO files or directories are owned by ftp. If they are, it is possible an intruder could replace them with his own trojan versions.
   
5. There were several bugs in old daemons, so it is very important to make sure you are running the most current ftp daemons.

   ---

   6. Archie

   Searches FTP sites for programs. Login into these sites as archie or use client software for faster access. To get your own anonymous site added to Archie's search list, e-mail archie-updates@bunyip.com.

       archie.ac.il               132.65.20.254    (Israel server)
   
       archie.ans.net             147.225.1.10     (ANS server, NY (USA))
   
       archie.au                  139.130.4.6      (Australian Server)
   
       archie.doc.ic.ac.uk        146.169.11.3     (United Kingdom Server)
   
       archie.edvz.uni-linz.ac.at 140.78.3.8       (Austrian Server)
   
       archie.funet.fi            128.214.6.102    (Finnish Server)
   
       archie.internic.net        198.49.45.10     (AT&T server, NY (USA))
   
       archie.kr                  128.134.1.1      (Korean Server)
   
       archie.kuis.kyoto-u.ac.jp  130.54.20.1      (Japanese Server)
   
       archie.luth.se             130.240.18.4     (Swedish Server)
   
       archie.ncu.edu.tw          140.115.19.24    (Taiwanese server)
   
       archie.nz                  130.195.9.4      (New Zealand server)
   
       archie.rediris.es          130.206.1.2      (Spanish Server)
   
       archie.rutgers.edu         128.6.18.15      (Rutgers University (USA))
   
       archie.sogang.ac.kr        163.239.1.11     (Korean Server)
   
       archie.sura.net            128.167.254.195  (SURAnet server MD (USA))
   
       archie.sura.net(1526)      128.167.254.195  (SURAnet alt. MD (USA))
   
       archie.switch.ch           130.59.1.40      (Swiss Server)
   
       archie.th-darmstadt.de     130.83.22.60     (German Server)
   
       archie.unipi.it            131.114.21.10    (Italian Server)
   
       archie.univie.ac.at        131.130.1.23     (Austrian Server)
   
       archie.unl.edu             129.93.1.14      (U. of Nebraska, Lincoln (USA))
   
       archie.univ-rennes1.fr                      (French Server)
   
       archie.uqam.ca             132.208.250.10   (Canadian Server)
   
       archie.wide.ad.jp          133.4.3.6        (Japanese Server)
   
   

   ---

ANONYMOUS emails

Welcome to Hackerdevil's guide on how to send ANONYMOUS e-mails to someone without a prog.

 I am Hackerdevil and i am going to explain ya a way to send home-made e-mails. I mean its a way to send Annonimous e-mails without a program, it doesn't take
to much time and its cool and you can have more knowledge than with a stupid program that does all by itself.

This way (to hackers) is old what as you are newby to this stuff, perhaps you may like to know how these anonymailers work, (home-made)

Well.....
Go to Start, then Run...
You have to Telnet (Xserver) on port 25

Well, (In this Xserver) you have to put the name of a server without the ( ) of course...
Put in iname.com in (Xserver) because it always work it is a server with many bugs in it.
(25) mail port.

So now we are like this.

telnet iname.com 25

and then you hit enter
Then When you have telnet open put the following like it is written

helo

and the machine will reply with smth.

Notice for newbies: If you do not see what you are writing go to Terminal's menu (in telnet) then to Preferences and in the Terminal Options you tick all opctions available and in the emulation menu that's the following one you have to tick the second option.
Now you will se what you are writing.

then you put:

mail from:<whoeveryouwant@whetheveryouwant.whetever.whatever> and so on...
If you make an error start all over again

Example:
mail from:<askbill@microsoft.com.net>

You hit enter and then you put:

rcpt to:<lamer@lamer'sworld.com>
This one has to be an existance address as you are mailing anonymously to him.

Then you hit enter
And you type
Data
and hit enter once more

Then you write

Subject:whetever

And you hit enter

you write your mail

hit enter again (boring)

you put a simple:
.

Yes you don't see it its the little fucking point!
and hit enter
Finally you write
quit
hit enter one more time
and it's done

look:Try first do it with yourself I mean mail annonymously yourself so you can test it!
Don't be asshole and write fucking e-mails to big corps. bec' its symbol of stupidity and childhood and it has very very effect on Hackers they will treat you as a Lamer!

Really i don't know why i wrote this fucking disclaimer, but i don't want to feel guilty if you get into trouble....

Disclamer:Hackerdevil is not responsable for whetever you do with this info. you can destribute this but you are totally forbidden to take out the "By Hackerdevil" line. You can't modify or customize this text and i am also not responsable if you send an e-mail to an important guy and insult him, and i rectly advise you that this is  for educational porpouses only my idea is for learning and having more knowledge, you can not get busted with this stuff but i don't take care if it anyway happen to you.  If this method is new for ya probably you aren't a hacker so think that if someone wrote you an e-mail "yourbestfirend@aol.com"  insulting you and it wasn't him it but was some guy using a program or this info you won't like it.so Use this method if you don't care a a damn hell or if you like that someone insult you.


By Hackerdevil

hackerdevil@iname.com
www.angelfire.com/ar/HDanzi/index.html

Anonymity of Proxy, Anonymity Of Proxy learn it insideout

Anonymity of Proxy

The exchange of information in Internet is made by the "client - server" model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.

What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, ...)
IP-address of a client
Other information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)

HTTP_USER_AGENT ? so called "a user?s agent". For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, ...). Their quantity can depend on settings of both a server and a client.

These are examples of variable values:

REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables "hide" from a web-server.

If a proxy server is not used, then environment variables look in the following way:

REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

According to how environment variables "hided" by proxy servers, there are several types of proxies
Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies

These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary

Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!

Anonymity complete GUIDE

Anonymity complete GUIDE By Theraider & Dangerous R.

Anonymity on the web

[ t a b l e o f c o n t e n t s ]

01 - table of contents
02 - introduction
03 - first tips
04 - about proxies
05 - cookies
06 - ftp transfers
07 - secure transactions
08 - SSL tunelling
09 - anonymity on irc
10 - mail crypto (and pgp usage)
11 - icq privacy
12 - spyware
13 - cleaning tracks
14 - ending words

[ introduction ]
Nowadays, everyone wants privacy on the web, because no matter where you go, someone could be watching you. Someone like your employer, someone trying to hack your system, companies gathering all your info to sell to yet other companies, or even the government, may be on your track while you peacefully surf the web. Thus, anonymity on the web means being able tu use all of its services with no concern about someone snooping on your data.

Your computer being connected to the net has an IP [Internet Protocol] address. If you have a dial-up connection, then your IP changes every time you connect to the internet (this is not always true, though. There are dialup isps, specially for university students, that do have static ips). Cable modems and DSL connections have a static IP, which means that the IP address does not change. One of the goals of getting anonymous is to make sure your ip, either static or dynamic) isn't revealed to other users of the internet, or to server administrators of the servers you roam around when using internet services.

This text tries to give you some hints on how to maintain your anonimity on the web. Some of the hints may sound banal, but think of, if you really abide them in every situation.

[ first tips ]
When chatting on IRC, ICQ, AIM (etc..), do not give out personal information about yourself, where you live, work, etc.
Do not use your primary email address (the one your ISP gave you) anywhere except to family members, close friends or trusted people. Instead create for yourself a web-based email account such as yahoo, hotmail, dynamitemail, mail.com, etc. and use this e-mail address to signing up for services, when in the need to give your mail to download something, or to publish on your homepage.

When signing up for services on the web, don't give your real information like address, phone number and such unless you really need to do so. This is the kind of information that information gathering companies like to get, so that they can sell out and fill your mailbox with spam.

Use an anonymous proxy to surf the web. This makes sure your ip doesn't get stored on the webserver logs. (Webservers log every GET request made, together with date, hour, and IP. This is where the proxy comes in. They get the ip from the proxy, not yours)
Use a bouncer to connect to IRC networks, in case you don't trust the administrators, or the other users. A bouncer is a program that sits on a permanently connected machine that allows you to connect there, and from there to the irc server, just like a proxy works for webservers.
Use anonymous remailers to send out your e-mails.
Cryptography can also help you by making sure the material you send out the web, like by email, etc, is cyphered, not allowing anyone that doesn't have your key to read it (in key-based cryptography). Programs like PGP (pretty good privacy) are toolkits with all you need to cypher and uncypher your stuff.
Delete traces of your work with the computer including history files, cache or backup files.
[ about proxies ]
Proxies are caches that relay data. When you configure your web browser to use a proxy, it never connects to the URL. Instead it always connects to the proxy server, and asks it to get the URL for you. It works similarly with other type of services such as IRC, ICQ etc. There'll won't be direct connection between you and the server, so your real IP address won't be revealed to the server. When you view a website on the server, the server won't see your IP. Some of web proxies do not support forwarding of the cookies whose support is required by some of the websites (for ex. Hotmail).

Here are some anonymous proxies that you can use to surf anonymously (notice that some of these may be a payed service):

Aixs - http://aixs.net/
Rewebber - http://www.anon.de/
Anonymizer - http://www.anonymizer.com/
The Cloak - http://www.the-cloak.com/

You'll highly probably find many websites that provide the lists of unauthorised proxies and remailers . Such lists are being compiled usually with the help of port scanners or exploit scanners, scanning for computers with wingate or other proxies' backdoors. Using these proxies is illegal, and is being considered as unauthorized access of computer. If you get such list to your hands, check if the info is legal or compiled by script kiddie, and act acordingly.

If you anyhow decide not to use proxy, at least do not forget to remove your personal information from your browser. After you remove details like your name and e-mail address from your browser, the only info a Web site can sniff out is your ISP's address and geographical location. Also Java and JavaScript applets can take control of your browser unexpectedly, and if you are surfing to unknown and potentially dangerous places you should be aware of that. There are exploitable browser bugs (mainly Internet explorer ones) reported ever week.

[ cookies ]
Maybe you're not aware of the fact that if you have the "allow cookies" feature in your browser on, websites can store all sorts of information on your harddrive. Cookies are small files that contain various kind of information that can be read bt websites when you visit them. The usual usage is to track demographics for advertising agencies that want to see just what kinds of consumers a certain site is attracting. Web sites also use cookies to keep your account information up-to-date. Then for instance when you visit your e-mail webbased account without being unlogged some hours later, you find yourself being logged on, even if you turn off your computer. Your login and password was simply stored on your harddrive in cookie file. This is security threat, in case that there is more persons who have the access to your computer.

Most of the browsers offer the possiblity to turn off the cookies, but some of sites like Hotmail.com require them to be turned on. In case you decided to allow cookies, at least never forget to log off from the websites when you're finishing visiting them.

[ ftp transfers ]
When using an FTP client program to download files, assure yourself, that it's giving a bogus password, like guest@unknown.com, not your real one. If your browser lets you, turn off the feature that sends your e-mail address as a password for anonymous FTP sessions.

[ secure transaction ]
Everything being sent from the web server to your browser is usually in plain text format. That means, all transferred information can be easily sniffed on the route. Some of the web servers support SSL (which stands for Secure Socket Layer). To view and use these websites you'll need SSL support in your browser as well. You recognize, that the connection is encrypted, if URL starts with https:// instead of usual http://. Never use web server without SSL for sending or receiving sensitive private or business information (credit card numbers, passwords etc.)

[ SSL tunelling ]
What is SSL?

SSL stands for Secure Socket Layer. The ?Secure? implies an encryption, while Socket Layer denotes an addition to the Window Socket system, Winsock. For those that don?t know, a Socket is an attachment to a port on a system. You can have many sockets on one port, providing they are non-blocking (allowing control to pass through to another socket aware application which wishes to connect to that port).

A Secure Socket Layer means that any sockets under it, are both secure and safe. The idea behind SSL was to provide an encrypted, and thus, secure route for traffic along a socket based system, such as TCP/IP (the internet protocol). Doing this allows security in credit card transactions on the Internet, encrypted and protected communiqué along a data line, and overall peace of mind.

The SSL uses an encryption standard developed by RSA. RSA are a world respected American organisation that specializes in encryption and data security. Initially, they developed a cipher length of only 40 bits, for use with the Secure Socket Layer, this was considered weak and therefore a longer much more complicated encryption cipher was created, 128 bits. The reasoning behind it was simple: it needs to be secure.

The RSA site puts the advantage of a longer encryption length pretty clearly: because 40-bit encryption is considered to be relatively weak. 128-bits is about 309 septillion times ( 309,485,000,000,000,000,000,000,000 ) larger than 40-bits. This would mean it would take that many times longer to crack or break 128-bit encryption than it would 40-bit.

If you want more information on the technicalities or RSA?s SSL encryption engine, visit their site: http://www.rsasecurity.com/standards/ssl.

But what does all this encryption and security have to do with you?

Well, that?s a simple question. No matter how hard you try, at times your privacy will need to be knowingly invaded so you can make use of the product offered for doing so. If you think about food, for example, one cannot eat without swallowing. When we wish to make a transaction or view a site on the internet, where we have to give enough information away so that it happens, we also want to be assured no one else along the line gathers that data. An encrypted session would mean our data is not at the hands of any privacy perpetrators unless they knew how to decode it ? and the only ones in the know, are those you specifically wish. SSL uses public key encryption as explained in the PGP section.

To put this at a head: if you use an encrypted connection or session, you can be relatively assured that there are no prying eyes along the way.

And how do I implement SSL with SSL Tunnelling?

We know that a Secure Socket Layer is safe, but what we don?t know is what a Tunnel is. In the most simplistic form, a tunnel is a proxy. Like proxy voting in general elections, a tunnel will relay your data back and forth for you. You may be aware though, that there are already ?proxies? out there, and yes, that is true. Tunnelling is done via proxies, but it is not considered to be the same as a standard proxy relaying simply because it isn?t.

Tunnelling is very special kind of proxy relay, in that it can, and does relay data without interfering. It does this transparently and without grievance or any care for what is passing its way.

Now, if we add this ability to ?tunnel? data, any data, in a pipe, to the Secure Sockets Layer, we have a closed connection that is independent of the software carrying it; and something that is also encrypted. For those of you wanting to know a little more about the technicalities, the SSL layer is also classless in the sense it does not interferer with the data passed back and forth ? after all, it is encrypted and impossible to tamper with. That attribute means an SSL capable proxy is able to transfer data out of its ?proxied? connection to the destination required.

So to sum up, we have both a secure connection that does the job and relays things in the right direction; and we have direct tunnel that doesn?t care what we pass through it. Two very useful, and almost blind entities. All we need now is a secure proxy that we can use as the tunnel.

Proxies:

Secure proxies are alike standard proxies. We can either use an HTTP base SSL equipped proxy - one specifically designed for security HTTP traffic, but because of the ignorant nature of SSL communication, it can be bent to any needs ? or we can use a proper SSL service designed for our connection ? like you would use a secure NNTP (news) program with a secure proxy on port 563 instead of taking our long way - which would probably work as well.

A secure HTTP proxy operates on port 443. Host proxies are not public, that means they operate for, and allow only traffic from their subnet or the ISP that operates them ? but, there are many badly configured HTTP proxies and some public ones out there. The use of a program called HTTrack (available on Neworder) will aid you in scanning and searching for proxies on your network or anywhere on the Internet if your ISP does not provide you with one.

Neworder also features a number of sites dedicated to listing public proxies in the Anonymity section. While it?s often hard to find a suitable fast proxy, it?s worth the effort when you get one.

So how can I secure my connections with SSL Tunnelling?

That?s a big question, and beyond the scope out this tuition as it must come to and end. I can however, point you in the right direction of two resources that will aid you in tunnelling both IRC, and most other connections via a HTTP proxy.

For Windows, the first stop would be http://www.totalrc.net?s Socks2HTTP. This is an SSL tunnelling program that turns a normal socks proxy connection into a tunnelled SSL connection.

The second stop, for both Windows and Unix is stunnel. Stunnel is a GNU kit developed for SSL tunnelling any connection. It is available for compile and download as binary here: Stunnel homepage - http://mike.daewoo.com.pl/computer/stunnel

[ anonymity on irc ]
A BNC, or a Bouncer - is used in conjunction with IRC as a way of hiding your host when people /whois you. On most IRC networks, your host isnt masked when you whois, meaning the entire IP appears, like 194.2.0.21, which can be resolved. On other networks, your host might be masked, like IRCnetwork-0.1 but it can still give valuable information, like nationality if your host is not a IP, but a DNS resolved host, like my.host.cn would be masked to IRCnetwork-host.cn but this would still tell the person who whoised you, that you are from China.

To keep information such as this hidden from the other users on an IRC network, many people use a Bouncer, which is actually just a Proxy. Let us first draw a schematic of how a normal connection would look, with and without a BNC installed.

Without a BNC:

your.host.cn <<-->> irc.box.sk

With a BNC:

your.host.cn <<-->> my.shell.com <<-->> irc.box.sk

You will notice the difference between the two. When you have a BNC installed, a shell functions as a link between you and the IRC server (irc.box.sk as an example). You install a BNC on a shell, and set a port for it to listen for connections on. You then login to the shell with your IRC client, BitchX/Xchat/mIRC, and then it will login to the IRC server you specify - irc.box.sk in this case. In affect, this changes your host, in that it is my.shell.com that makes all the requests to irc.box.sk, and irc.box.sk doesn't know of your.host.cn, it has never even made contact with it.

In that way, depending on what host your shell has, you can login to IRC with a host like i.rule.com, these vhosts are then actually just an alias for your own machine, your.host.cn, and it is all completely transparent to the IRC server.

Many servers have sock bots that check for socket connections. These aren't BNC connections, and BNC cannot be tested using a simple bot, unless your shell has a socket port open (normally 1080) it will let you in with no problem at all, the shell is not acting as a proxy like you would expect, but more as a simple IRC proxy, or an IRC router. In one way, the BNC just changes the packet and sends it on, like:

to: my.shell.com -> to: irc.box.sk -> to: my.shell.com from: your.host.cn <- from: my.shell.com <- from: irc.box.sk

The BNC simply swaps the host of your packet, saying it comes from my.shell.com. But also be aware, that your own machine is perfectly aware that it has a connection established with my.shell.com, and that YOU know that you are connected to irc.box.sk. Some BNCs are used in IRC networks, to simulate one host. If you had a global IRC network, all linked together, you could have a local server called: cn.myircnetwork.com which Chinese users would log into. It would then Bounce them to the actual network server, in effect making all users from china have the same host - cn.myircnetwork.com, masking their hosts. Of course, you could change the host too - so it didn't reveal the nationality, but it is a nice gesture of some networks, that they mask all hosts from everyone, but it makes life hard for IRCops on the network - but its a small price to pay for privacy.

Note: Even if you do use IRC bouncer, within DCC transfers or chat, your IP will be revealed, because DCC requires direct IP to IP connection. Usual mistake of IRC user is to have DCC auto-reply turned on. For an attacker is then easy to DCC chat you or offer you a file, and when IRC clients are connected, he can find out your IP address in the list of his TCP/IP connections (netstat).

How do I get IRC bouncer?

you download and install bouncer software, or get someone to install it for you (probably the most known and best bouncer available is BNC, homepage : http://gotbnc.com/)
you configure and start the software - in case it's bouncer at Unix machine, you start it on your shell account (let's say shell.somewhere.com)
you open IRC and connect to the bouncer at shell.somewhere.com on the port you told it to start on.
all depending on the setup, you may have to tell it your password and tell it where to connect, and you're now on irc as shell.somewhere.com instead of your regular hostname
[ mail crypto ]
Usually the safest way to ensure that your e-mail won't be read by unauthorised persons is to encrypt them. To be compatible with the rest of the world I'd suggest to use free PGP software.

PGP (Pretty Good Privacy) is a piece of software, used to ensure that a message/file has not been changed, has not been read, and comes from the person you think it comes from. Download location: http://www.pgpi.org/

How does pgp Work?

The whole idea behind PGP is that of Public and Private keys. To explain the algorithm PGP uses in order to encrypt the message would take too much time, and is beyond the scope of this, we will however look at how it ensures the integrity of the document. A user has a password, this password has to be chosen correctly, so don't choose passwords like "pop" or "iloveyou", this will make an attack more likely to succeed. The password is used to create a private key, and a public key - the algorithm ensures that you can not use the public key to make the private key. The public key is sent to a server, or to the people you send e-mails/files, and you keep the private key secret.

We will use a few terms and people in this introduction, they are: Pk - Public Key, Sk - Secret Key (private key). Adam will send an e-mail to Eve, and Rita will be a person in between, who we are trying to hide the content of the mail from. Rita will intercept the email (PGP doesn't ensure that Rita cant get her hands on the package, she can - its not a secure line like other technologies) and try to read it/modify it. Adam has a Sk1 and a Pk1, and Eve has a Sk2 and a Pk2. Both Adam, Eve, and Rita have Pk1 and Pk2, but Sk1 and Sk2 are presumed to be totally secret. First, here is a schematic of how it all looks:

PUBLIC SERVER
Pk1, Pk2

Adam <------------------------------------------> Eve Sk1 ^ Sk2
|
|
|
|
Rita

So Adam wants to send a packet to Eve, without Rite reading it, or editing it. There are three things that we need to make sure:

That Rita cant read the text without permission

That Rita cant edit it in any way, without Eve and Adam knowing

That Even knows that Adam sent it

First thing is making sure Rita cant read the text. Adam does this by encrypting the message with Eves Pk2 which he has found on the server. You can only Encrypt with the Pk, not decrypt, so Rita wont be able to read the data unless Eve has revealed her Sk2.

The second thing to make sure, is that Rite cant edit the message. Adam creates a hash from the message he has created. The hash can be encrypted using Pk2, or sent as it is. When Eve gets the message, she decrypts it, and creates a hash herself, then checks if the hashes are the same - if they are, the message is the same, if its different, something has changed in the message. The Hash is very secure, and it is in theory impossible to make a change, and get the hash to remain the same.

The third, and probably one of the most important things to ensure, is that Rita hasn't grabbed the mail, made a new one, and sent it in Adams name. We can ensure this by using Public key and Private key too. The Sk can be used both to encrypt and to decrypt, but Pk can only encrypt. When Adam normally sends a message M to Eve, he creates the encrypted message C by doing: C=Pk2(M). This means, Adam uses Pk2 (Eves Pk) on message M to create message C. Image this: Adam can encrypt the message with his Sk1, because it is impossible to derive Sk1 from the message, this is secure and without any danger, as long as no one knows the password used to make Sk1 with. If the message M is encrypted with Sk1, he gets a message called X, Eve can decrypt the message using Pk1 which is public. If the message decrypts to something that makes sence, then it must be from Adam, because Sk1 is considered as secret, and only Adam knows it.

The entire process looks like this, when sending message C: Adam signs his digital signature on C, and hashes C: X=Sk1(C). Then Adam encrypts the message for Eve: M=Pk2(X). The message is sent, and looks all in all like this: M=Pk2(Sk1(C)). Rita can intercept M, but not decrypt, edit, or resend it. Eve receives M, and decrypts it: X=Sk2(M). Then she checks the digital signature: C=Pk1(X) and checks the Hash on the way.

This way, the PGP Public/Private key system ensures integrity and security of the document e-mail, but PGP is not the only algorithm that uses the Public/Private key theory, Blowfish, and RSA are among the many other technologies that use it, PGP is just the most popular for e-mail encryption, but many don't trust it because of rumors of backdoors by the NSA (I don't know if its true though). PGP comes in a commercial, and a freeware version for Windows, and is available for Linux as well. What ever encryption you use, it will be better than none.

[ anonymous remailers ]
Remailers are programs accessible on the Internet that route email and USENET postings anonymously (i.e., the recipient cannot determine who sent the email or posted the article). This way the sender can't be traced back by routing headers included in the e-mail. There are different classes of remailers, which allow anonymous exchange of email and anonymous posting to USENET and often many other useful features.

Resources:

Chain is a menu-driven remailer-chaining script:
http://www.obscura.com/crypto.html

Raph Levien's remailer availability page offers comprehensive information about the subject
http://www.sendfakemail.com/~raph/remailer-list.html

The Cypherpunks Remailers are being developed to provide a secure means of providing anonymity on the nets. Here you can find out about the available remailers, those which have been standard in existance for a long time as well as the new experimental remailers and anonymous servers.
http://www.csua.berkeley.edu/cypherpunks/remailer/

[ icq privacy ]
How can I keep my privacy at ICQ?

Send and receive messages via ICQ server, not directly. Every direct connection enables attacker to learn your IP. Encrypt your messages by dedicated software, encryption addons.

How to encrypt ICQ messages?

There are addons which enhance your ICQ with possibility to encrypt outcoming messages. The user on the other side needs to have the addon as well in order to decrypt your message.

Resources:

http://www.encrsoft.com/products/tsm.html
Top Secret Messenger (TSM) - trial version has only weak 8-bit encryption

http://www.planet-express.com/sven/technical/dev/chatbuddy/default.html
Chat Buddy - a freeware Windows application for encrypting chat sessions

http://www.algonet.se/~henisak/icq/encrypt-v5.txt
how encryption works in ICQ protocol v5

[ spyware ]
As we all work hard to become more savvy about protecting our personal information and keeping as anonymous as possible on the web, advertising companies are working just as hard to come up with new ways of getting our personal information. One of the ways they accomplish this is through spyware.

Spyware are applications that are bundled along with many programs that you download for free. Their function is to gather personal information about you and relay it back to advertising firms. The information is then used either to offer you products or sold to other advertisers, so they can promote THEIR products. They claim this is all they do with this information, but the problem is nobody really knows for sure.

Spyware fits the classic definition of a trojan, as it is something that you did not bargain for+when you agreed to download the product. Not only is spyware an invasion of your privacy, but (especially if you have a few different kinds on your machine) it can also chew up bandwidth, making your internet connection slower.

Sometimes, these spies really are harmless, merely connecting back to the home server to deliver+you more advertising. Some, like Gator for instance, send out detailed information about your surfing habits, operating system, income, age demographic et cetera.

Avoiding spyware

Avoiding spyware is getting harder and harder, as more software distributors are choosing it as a method of profiting from freeware and shareware distributions. Be leery of programs with cute+little icons like Gator. Also, watch those Napster wannabes like AudioGalaxy, Limewire, and Kazaa. I've yet to find one that didn't include spyware. Before you download, check to see if the program is known to contain spyware.

For a list of most known spyware, the best I've found is here:
http://www.infoforce.qc.ca/spyware/enknownlistfrm.html

Getting rid of spyware

In most cases, you can remove the spyware from your system and still use the application you downloaded. In the case of Gator and Comet Cursor, the the whole program is spyware an it must be completely removed to stop the spying.

There are several ways to get rid of spyware on your system. You can use a firewall to monitor outgoing connections. The programmers that put these things together, however, are getting sneakier and sneakier about getting them to circumvent firewalls. Comet Cursor, for instance uses an HTTP post command to connect without the intervention of a firewall. You can also install a registry monitor such as Regmon to monitor your registry for unwanted registry registry changes, but this is not foolproof either.

Probably the best method of removal is to download a spyware removal program and run it like it was a virus scanner. The best examples of these programs are:
Lavasoft's Adaware. Available at http://www.lavasoftusa.com/ Or professional cybernut Steve Gibson's OptOut. Available at: http://grc.com/optout.htm Both of these programs are free and are updated regularly.

Here are some links, if you wish to learn more about spyware:
http://www.spychecker.com/
http://grc.com/optout.htm
http://www.thebee.com/bweb/iinfo200.htm

[ cleaning tracks ]
Resources:

Burnt Cookies - allows automatic detection and optional deletion of Cookies deposited by Banner Ad web-sites
http://www.andersson-design.com/bcookies/index.shtml

Surfsecret - automatically kills files like your Internet cache files, cookies, history, temporary files, recent documents, and the contents of the Recycle Bin.
http://www.surfsecret.com/

Note: One sidenote on cleaning tracks. When you delete some files on your machine, these aren't actually deleted. Only the reference to their location in the hard drive is deleted, which makes the OS think that that location on the HD is free and ready to take things. Thus, there are ways to recover data even after you delete them.

There are however, several ways to _wipe_ this information. Programs that fill hard disk locations with zeros, then with 1s, on several passes are your best bet to make sure no document goes to the wrong hands. One of such programs is PGP. PHPi now comes with a utility that does this work, and you can even select the number of passes to wipe files. For *nix, there is also the "wipe" program. Use these when you feel you have data that needs secure cleaning.

Anonymity

Anonymity

I can see you hiding in the shadows over there and so can the logs of all the web sites, FTP servers and other nooks and crannies you visit on the web. The sort of information gathered by these logs and which is available to the webmasters of the sites you visit include the address of the previous site you visited, your IP address, your computer's ID name, your physical location and the name of your ISP along with less personal details such as the operating system you're using and your screen resolution. If someone was snooping through your dustbin to gather information on consumer trends or tracking your every move to see where it is you go everyday you wouldn't be too chuffed would you. Well the web is no different, it's still an invasion of privacy and a threat to security and you don't have to put up with it.

Proxy servers:
Every time you visit a web site, detailed information about your system is automatically provided to the webmaster. This information can be used by hackers to exploit your computer or can be forwarded to the market research departments of consumer corporations who by tracking your activities on the internet are better equipped to direct more relevant spam at you. Your best defence against this is to use what is known as a proxy server, which will hide revealing information from the web sites you visit, allowing you to surf the web anonymously. These work by altering the way in which your browser retrieves web pages or connects to remote servers. With a proxy server set up, whenever you 'ask' IE or Netscape to look at a web page, the request is first sent through an external server which is completely independent of your ISP's servers. This third party server then does the requesting on your behalf so that it appears that the request came from them rather than you and your real IP address is never disclosed to the sites you visit. There is nothing to download and the whole process takes less than a minute.

There are two different ways to use proxy servers and both have their advantages and disadvantages. The first method is to use a web based service. What this involves is visiting the proxy's home page each time you want to browse a web site anonymously. The core component of such a system is the dialog box where you enter the address of the web site you want to visit. Each time you enter the URL of the site you want to browse via the proxy into this box, your personal information, IP address and so on is first encrypted before being sent to the site allowing you to maintain your anonymity. Two of the best examples of this type of web based proxy service are Code:
hxxp://www.rewebber.com/
and hxxp://www.anonymizer.com/.

Obviously one disadvantage of using a web based service like Rewebber or Anonymizer, however, is that you have to visit the proxies home page each time you want to surf anonymously. You could choose to select this page as your default home page, but it's still quite awkward if you're forever site hopping at the speed of light. The second main 'con' is that you often have to put up with extra adverts on the pages you visit. These are automatically inserted into the pages by the proxy - they have to pay for service somehow. More sophisticated and convenient solutions are also on offer yet they come with a price tag.

The second method you can use to protect your privacy via a proxy server involves adjusting the settings of your web browser so that you can surf anonymously without having to visit the home page of your proxy each time. To do this you will first need to know the name of your proxy server and the port number it uses. This information can be gleaned from either a public proxy server list or the FAQ referring to a private subscription based service. Once you have the name of the proxy server you wish to use, select 'Internet Options' from the 'Tools' menu of your browser. Now select 'Connections' followed by 'Settings' and tick the 'use a proxy server' check box. To finish the job all you have to do now is enter the name of the server in the 'address' box, the port which it uses in the 'port' box and go forth and surf anonymously.

Free, manual proxy servers as advertised on anonymity sites, if you can find one at all, are likely to be highly oversubscribed, and as a result the speed at which they retrieve web pages can deteriorate. In which case you can go in pursuit of a public proxy server list and select an alternative from it, which can then be set up manually. To locate such a list you can investigate sites such as Code:
hxxp://www.proxys4all.com/

however, this method isn't problem free either, so before you get too carried away and go jumping on the anonymity bandwagon there are a few things you should be aware of. It's very easy to use proxies to protect your privacy, but often the disadvantages of using them far out weigh the benefits. You see, the problem is that, like the proxy servers provided Rewebber et al, free, public proxies are nearly all over subscribed and so they can slow down web browsing considerably. Digging out fast reliable proxy servers is an art form in itself and is a skill which takes considerable practice. You could find a list of public proxy servers and then experiment with each one until you find one that runs at a reasonable speed, but this can be very time consuming and frustrating. Instead, your search would be much more efficient if you got a dedicated program to carry out this task for you. There are literally dozens of proxy seeking programs around which can do just that, and many of them are available as freeware. What these do is scan the internet for public proxy servers. These servers are then tested for speed and anonymity (not all of them are truly anonymous, even if they claim to be!) and once you find one which suits your requirements you can select it as your default proxy with the click of a button.

One of the most significant advantages of using an automated tool to locate proxy servers is that you do not have to keep editing your proxy settings manually each time you wish to try out a new one. Instead, what you do is enter 'localhost' or '127.0.0.1' into the 'address' box and '8088' into the 'port' box of your browser's proxy settings menu and then forget about it. All future proxy switching is then orchestrated from within your proxy seeking software, which subsequently relays the information to your browser or whatever type of application you are attempting to make anonymous. For those of you who are curious 'localhost' and the IP address '127.0.0.1' are the names by which every computer on the internet refers to itself.
Here's a good selection of links, which should help you to get started - Code:
hxxp://www.a4proxy.com/ Anonymity 4 Proxy
hxxp://www.helgasoft.com/hiproxy/ Hi Proxy
hxxp://www.proxy-verifier.com/ Proxy Verifier
hxxp://www.photono-software.de/ Stealther.

You may find that even when using these programs you have difficulty finding good proxy servers. It is for this reason that many people choose only to use proxy servers temporarily whilst doing something which may land them in trouble with their ISP, or in a worst case scenario with the law. The most obvious example of a situation in which you would want to cover your tracks is when scanning for public FTP servers and subsequently uploading to them. Most other net activities are unlikely to incur serious consequences so under these circumstances you can safely surf the web without a proxy. If you're really serious about protecting your privacy, however, your best bet is probably to invest in a dedicated, stable proxy such as the ones offered by Code:
hxxp://www.ultimate-anonymity.com/ Ultimate Anonymity


These aren't free, but may be worth the expense if you aren't keen on continuously switching proxy servers.

Before splashing out though it may be worth checking if your current ISP has a proxy server of its own which you can use. These aren't there to help you to commit cyber crimes and get away with it, they actually have a legitimate purpose as well - otherwise they wouldn't exist. You see, proxy servers were originally designed to help speed up web page loading times. Proxy servers contain a cache of all the web pages which have been requested via the browsers of the people using the proxy. When someone surfs the web using a proxy, the proxy first checks to see if it already has a copy of the web page stored in its cache. If this version of the page is bang up to date, it is sent to your computer and appears in your browser. If the page found in the cache of the proxy server is older than the one stored on the server hosting the page, a new request to the web server is made and the page is updated in the cache of the proxy before being sent to you. Because these servers use very fast internet connections they can retrieve web pages at much greater speeds than you can via your modest home setup. If these servers are located physically nearer to your home than the web host servers you wish to retrieve web pages from, the speed at which you browse the web will be accelerated.


Anonymity - Cookies
One last important point you need to be aware of before jumping in with both feet is that different programs have to be setup in different ways before being able to make external connections via a proxy server. For example, you can surf the web anonymously by modifying the settings in Internet Explorer or Netscape Navigator as explained earlier in this tutorial, but this will only affect your browser. If you then used Flash FXP to copy a batch of 0-day releases from one FTP server to another, this isn't going to protect you in the slightest. What you have to do is enter the name of the proxy server into each application you wish to make anonymous before making any external connections. This can usually be done by browsing through the preferences of your program to see if there is a 'use proxy server' option available. If there is, make sure you use it!


Cookies:
You have little to fear from the edible variety, but the digital ones can be a major threat to your security and privacy. A cookie is a tiny text file (usually less than 1kb in size), which is created and stored on your hard drive whenever you visit a dynamic (or an interactive if you like) web site. These are used to log your personal details so that you can access members only areas of web sites without having to type in a password every time, or to retain your customised settings so that they are available the next time you visit. If you're using a shared computer, anyone who visits the same site that you have previously logged in to can access your accounts. This is particularly worrying if you have entered your credit card details into a form on an e-commerce site. If your browser is set to automatically fill in these details whenever you
return to a previously visited site, this information could be clearly visible - you don't need me to explain the problems this could entail.

The solution to this problem is to delete any cookies which contain sensitive data once you have completed your transactions. Your cookies will be stored in a different place depending on which operating system you are using so you will have to use your detective skills to find them. As an example, in Windows XP they are located in your 'c:\Documents and Settings\Kylie Minogue\Cookies' directory (that is if your name is Kylie Minogue. Mine isn't in case you're wondering!). If you look in this directory, in some cases it is easy to identify which cookie is associated with which web site, but in other cases it's not so obvious. The cookie which was created when you visited Yahoo.com to check your email may be called kylie minogue@yahoo.txt for example. Unfortunately some cookies refer to the IP address of the site you visited and so look more like kylie minogue@145.147.25.21. These cookies can be selectively deleted one at a time if it's obvious which ones are causing a threat to your security, or you can just wipe out the whole lot in one fell swoop and have them recreated as and when they are required. However, if
you're really struggling to find your cookie jar, you could delete your cookies via your browser's tool bar instead. In Internet Explorer this can be done through the 'Tools' &gt; 'Internet Options' menu items.

If all this sounds like too much hassle, you can always find a labour saving program which will be happy to take the job off your hands. These 'cookie crunching' programs allow you to be more selective when editing, viewing and deleting cookies from your system, and some of them will even prevent cookies from being created in the first place. Yes, I know you're hungry for links so I won't deprive you. Have a look here - Code:
hxxp://www.rbaworld.com/Programs/CookieCruncher/ Cookie
Cruncher
hxxp://www.thelimitsoft.com/ Cookie Crusher
hxxp://www.angove.com/ Cookie Killer
hxxp://www.kburra.com/ Cookie Pal
and
hxxp://www.cookiecentral.com/ Cookie Web Kit.