Recent searches

No recent searches

Search options

Only available when logged in.
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

364
active users

med-mastodon.com: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#proxy

4 posts3 participants0 posts today
*
Who Let The Dogs Out 🐾

VLESS+Reality и Multi-hop: Архитектура VPN-цепочки для нового поколения блокировок / Хабр

#proxy #vpn #vless #reality

habr.com/ru/articles/926786/

> Системы глубокого анализа трафика (DPI) стали умнее.
Но на хитрый болт с резьбой всегда найдется жопа с лабиринтом.
Разбирается рабочая и относительно устойчивая схема proxy на базе VLESS+Reality и Multi‑hop.

Разве РКН научился детектить VLESS?

Частично - да, с эвристикой на длину пакетов при XTLS-Reality с SNI другого сайта и, соответственно, TLS 1.3. Пакеты больше 16-20 байт отбрасываются после 5 сек.

Решение: перейти на XTLS-Reality с самоворовством (self-steal/steal oneself), то есть со своим доменом, что вроде бы либо понижает TLS до 1.2, либо уменьшает длину пакета. Не знаю, но фиксится именно переходом на SNI своего домена.

Continued thread
*
Who Let The Dogs Out 🐾

Делайте хорошо. Плохо не делайте.

Easy setup of VLESS-REALITY VPN within Docker on 3X-UI panel

**VLESS-REALITY VPN**

Currently VLESS-REALITY looks to be a future-proof solution for VPN which is hard to detect at least at the moment.

**VLESS**

According to Project X website VLESS is a stateless lightweight transport protocol, which is divided into inbound and outbound parts, and can be used as a bridge between Xray clients and servers.

It is important to note that VLESS itself does not have built-in encryption, so you need to use a reliable layer of encryption, such as TLS or REALITY.

**REALITY**

REALITY implements full TLS using the SNI of a camouflage website. This eliminates the TLS fingerprint of the server, while preserving perfect forward secrecy and preventing certificate chain attacks. It is not only more convenient, it also provides greater security than conventional TLS.

#proxy #VPN #vless #xtls #cloudflare #этаСтрана #РосКомПозор

semenov.work/posts/3x-ui-vless

semenov.work · Easy setup of VLESS-REALITY VPN within Docker on 3X-UI panelIn my one of my previous posts I covered a process of setting up Wireguard server on Docker. While Wireguard is a great choice for VPN protocol, as it’s known for its reliability, speed and good encryption, they way it handles handshakes is easily detectable and can be blocked by ISP firewalls. Same applies to other well known VPN protocols, such as: OpenVPN, IPsec and L2TP. A number of countries have introduced measures to block VPN protocols which can cause major problems for users who use them to connect office LAN or for whatever other purposes.
*
Who Let The Dogs Out 🐾

Туннели CloudFlare.com: делаем вебсервер дома без публичного IP

#proxy #VPN #vless #xtls #cloudflare #этаСтрана #РосКомПозор

Леонид Каганов 2025_07_04

Ллео разродился запоздавшей инструкцией как сделать веб-сервер без публичного IP-адреса.

Вкратце: предлагается использовать туннель от Cloudflare. Который успешно банится ТСПУ от РосКомПозора в сетях мобильных операторов.

lleo.me/dnevnik/2025/07/04

lleo.meЛеонид Каганов:
*
Who Let The Dogs Out 🐾

#infosecurity #proxy #youtube #nodpi #android

Для тех, кто не успел решить проблему доступа к Youtube.
Доступ к статьям заблокирован на территории РФ. Поэтому дампы не помешают.
Смотрите и не говорите что не видели.

NoDPI4Android_YouTube_Android.7z (5.93 MB)
Истекает: воскресенье, 3 августа 2025 г., 13:26
Ссылка на скачивание:
upload.disroot.org/r/Bpaeujhq#=

---

YouTube_NoDPI.7z (6.08 MB)
Истекает: воскресенье, 3 августа 2025 г., 13:26
Ссылка на скачивание:
upload.disroot.org/r/jxBVjtCj#=

upload.disroot.orgLufi - Disroot file uploader
Third spruce tree on the left

Oh snap! `YARR - Yet Another RSS Reader` has a new version and I missed it in March!
github.com/nkanaev/yarr/releas
YARR is like Feedly or NewsBlur, except more like TinyRSS or FreshRSS - you can self-host.

UNLIKE those, you can tell yarr to run at `<ip:port>`, so you can stick it at port 7666 for your reverse #proxy. And its lightweight, I run my own AND 3 other instances for fam. members on the same host accessed via different subdomains re-proxied by #nginx.

- (new) Fever API support (thanks to @icefed) - (new) editable feed link (thanks to @adaszko) - (new) switch to feed by clicking the title in the article page (thanks to @tarasglek for suggestion) ...
GitHubRelease v2.5 · nkanaev/yarr- (new) Fever API support (thanks to @icefed) - (new) editable feed link (thanks to @adaszko) - (new) switch to feed by clicking the title in the article page (thanks to @tarasglek for suggestion) ...
#rss#smolweb#selfhosted
Replied in thread
indyradio

@rolle This reminds about useful information @nixCraft posted about setting up a #proxy for browsing.
In my opinion, things are getting so bad, that really is the only way to protect your computer in the current environment, without fighting a continuous battle.

PrivacyDigest

#Cybercriminals Are Hiding #Malicious Web Traffic in Plain Sight

In an effort to evade detection, cybercriminals are increasingly turning to “residential proxy” services that cover their tracks by making it look like everyday online activity.
#security #privacy #malware #proxy

wired.com/story/cybercriminals

WIRED · Cybercriminals Are Hiding Malicious Web Traffic in Plain SightBy Lily Hay Newman
*
Louis

Cloudflare or not Cloudflare? I have to confess I've been using it for a while, and while I do enjoy its multiple benefits (proxy, WAF, DNS management, security rules, automatic email obfuscation...), I dont like the idea of transmitting all the data through a 3rd party, especially based in the USA.

Mastodon tech people, I summon you!

What are your thoughts?
Do you use Cloudflare?
Or is it a non negociable no to you?
Have you tried European based solutions like Bunny.net?
Do you just live without such tools?

I'm interested in hearing your thoughts!
Boosts appreciated :boost_request:

#cloudflare#dataprivacy#proxy
*
Felix Palmen :freebsd: :c64:

Just released: #swad 0.11 -- the session-less swad is done!

Swad is the "Simple Web Authentication Daemon", it adds cookie/form #authentication to your reverse #proxy, designed to work with #nginx' "auth_request". Several modules for checking credentials are included, one of which requires solving a crypto challenge like #Anubis does, to allow "bot-safe" guest logins. Swad is written in pure #C, compiles to a small (200-300kiB) binary, has minimal dependencies (zlib, OpenSSL/LibreSSL and optionally libpam) and *should* work on many #POSIX-alike systems (#FreeBSD tested a lot, #Linux and #illumos also tested)

This release is the first one not to require a server-side session (which consumes a significant amount of RAM on really busy sites), instead signed Json Web Tokens are now implemented. For now, they are signed using HMAC-SHA256 with a random key generated at startup. A future direction could be support for asymmetric keys (RSA, ED25519), which could open up new possibilities like having your reverse proxy pass the signed token to a backend application, which could then verify it, but still not forge it.

Read more, grab the latest .tar.xz, build and install it ... here: 😎

github.com/Zirias/swad

Simple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.
GitHubGitHub - Zirias/swad: Simple Web Authentication DaemonSimple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.
privacy_guru

theintercept.com/2025/05/22/in This is a #privacy nightmare that's turned into a total disaster. If this were my #government doing this I'd seek to give as little information to all companies as possible Avoid all social media, and if you don't use only #anonymous accounts with a #proxy. Use #adblockers on every device. Network wide ad blocking would be ideal. Ditch #Apple and #Google products and install #Grapheneos and avoid connecting to cell towers and use only wifi. Proxy all data connections. 1/2

The Intercept · U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal DataBy Sam Biddle
OTX Bot

China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability

A critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM) is being actively exploited by a China-nexus threat actor, UNC5221. The exploitation targets internet-facing EPMM deployments across various sectors including healthcare, telecommunications, and government. The attackers utilize unauthenticated remote code execution to gain initial access, followed by the deployment of KrustyLoader malware for persistence. They leverage hardcoded MySQL credentials to exfiltrate sensitive data from the EPMM database. The threat actor also uses the Fast Reverse Proxy (FRP) tool for network reconnaissance and lateral movement. The compromised systems span multiple countries in Europe, North America, and Asia-Pacific, indicating a global espionage campaign likely aligned with Chinese state interests.

Pulse ID: 682e5bbc1075b03f94642762
Pulse Link: otx.alienvault.com/pulse/682e5
Pulse Author: AlienVault
Created: 2025-05-21 23:03:24

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Asia#China#Chinese
TrendingLive feeds
About