diff --git a/UBUNTU14/conf.d/bot.conf b/UBUNTU14/conf.d/bot.conf deleted file mode 100644 index 54928f1..0000000 --- a/UBUNTU14/conf.d/bot.conf +++ /dev/null @@ -1,4 +0,0 @@ -geo $white_bot { - default 0; - include /nginx/whitelist/whitelist-ips.conf; -} diff --git a/UBUNTU14/install b/UBUNTU14/install deleted file mode 100644 index 033f95f..0000000 --- a/UBUNTU14/install +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -ireqs() { - mkdir -p /tmp/nginx-plus/; cd /tmp/nginx-plus - wget - apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y - apt-get autoremove -y - apt-get install apt-utils build-essential -y - apt-get install git -y - apt-get install checkinstall libpcre3 libpcre3-dev zlib1g zlib1g-dbg libxml2 zlib1g-dev -y - apt-get install -y unzip - apt-get install -y libicu-dev libcurl4-gnutls-dev libtool - apt-get install -y libmozjs-24-dev - apt-get install -y libmozjs-24-bin; sudo ln -sf /usr/bin/js24 /usr/bin/js - apt-get install openssl libssl-dev libperl-dev libexpat-dev -y - apt-get install mercurial meld -y - apt-get install libxslt-dev -y - apt-get install libgd2-xpm -y - apt-get install libgd2-xpm-dev -y - apt-get install libgeoip-dev -y - apt-get install libssl libssl-dev -y - apt-get install dh-autoreconf -y - apt-get install -y software-properties-common - apt-get install -y python-software-properties - apt-get install -y libcairo2 libcairo2-dev - apt-get install -y python-dev - sudo add-apt-repository ppa:maxmind/ppa -y - apt-get install aptitude -y - aptitude update -y - aptitude upgrade -y - aptitude install libmaxminddb0 libmaxminddb-dev mmdb-bin -y - apt-get install libmysqlclient-dev -y - apt-get install libmariadbclient-dev -y - apt-get install g++ flex bison curl doxygen libyajl-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev -y -} - -# Nginx Env's Extra Stuff. -#ngx-envs() { -# -#} - -download() { - cd / - wget https://github.com/systemroot/my-nginx/raw/master/nginx-plus/nginx-plus.zip - unzip -P ****** nginx-plus.zip; rm -Rf nginx-plus.zip - clear -} - -rebuild-conf() { - -} - -download-mods() { - -} - -compile-mods() { - -} - -move-mods() { - -} diff --git a/UBUNTU14/whitelist/whitelist-ips.conf b/UBUNTU14/whitelist/whitelist-ips.conf deleted file mode 100644 index 2a160a0..0000000 --- a/UBUNTU14/whitelist/whitelist-ips.conf +++ /dev/null @@ -1,498 +0,0 @@ -# ==================================== -# GOOGLE. -# ==================================== -108.177.8.0/21 1; -54.36.0.0/16 1; -104.132.0.0/23 1; -104.132.11.0/24 1; -104.132.141.0/24 1; -104.132.34.0/24 1; -104.132.5.0/24 1; -104.132.51.0/24 1; -104.132.7.0/24 1; -104.132.8.0/24 1; -104.133.0.0/24 1; -104.133.2.0/23 1; -104.154.0.0/15 1; -104.196.0.0/14 1; -107.167.160.0/19 1; -107.178.192.0/18 1; -108.170.192.0/18 1; -108.177.0.0/17 1; -108.177.10.0/24 1; -108.177.103.0/24 1; -108.177.104.0/24 1; -108.177.11.0/24 1; -108.177.112.0/24 1; -108.177.119.0/24 1; -108.177.120.0/24 1; -108.177.12.0/24 1; -108.177.121.0/24 1; -108.177.125.0/24 1; -108.177.126.0/24 1; -108.177.127.0/24 1; -108.177.13.0/24 1; -108.177.14.0/24 1; -108.177.15.0/24 1; -108.177.28.0/24 1; -108.177.30.0/24 1; -108.177.8.0/24 1; -108.177.9.0/24 1; -108.177.96.0/24 1; -108.177.97.0/24 1; -108.177.98.0/24 1; -108.59.80.0/20 1; -130.211.0.0/16 1; -142.250.0.0/15 1; -146.148.0.0/17 1; -162.216.148.0/22 1; -162.222.176.0/21 1; -172.102.10.0/24 1; -172.102.11.0/24 1; -172.102.12.0/23 1; -172.102.14.0/23 1; -172.102.8.0/21 1; -172.102.8.0/24 1; -172.110.32.0/21 1; -172.217.0.0/16 1; -172.217.0.0/24 1; -172.217.10.0/24 1; -172.217.1.0/24 1; -172.217.11.0/24 1; -172.217.12.0/24 1; -172.217.13.0/24 1; -172.217.14.0/24 1; -172.217.15.0/24 1; -172.217.16.0/24 1; -172.217.17.0/24 1; -172.217.18.0/24 1; -172.217.19.0/24 1; -172.217.20.0/24 1; -172.217.2.0/24 1; -172.217.21.0/24 1; -172.217.22.0/24 1; -172.217.23.0/24 1; -172.217.24.0/24 1; -172.217.25.0/24 1; -172.217.26.0/24 1; -172.217.27.0/24 1; -172.217.28.0/24 1; -172.217.29.0/24 1; -172.217.30.0/24 1; -172.217.3.0/24 1; -172.217.31.0/24 1; -172.217.4.0/24 1; -172.217.5.0/24 1; -172.217.6.0/24 1; -172.217.7.0/24 1; -172.217.8.0/24 1; -172.217.9.0/24 1; -172.253.0.0/16 1; -173.194.112.0/24 1; -173.194.113.0/24 1; -173.194.117.0/24 1; -173.194.118.0/24 1; -173.194.119.0/24 1; -173.194.120.0/24 1; -173.194.121.0/24 1; -173.194.124.0/24 1; -173.194.132.0/24 1; -173.194.136.0/24 1; -173.194.140.0/24 1; -173.194.141.0/24 1; -173.194.142.0/24 1; -173.194.175.0/24 1; -173.194.192.0/24 1; -173.194.193.0/24 1; -173.194.194.0/24 1; -173.194.195.0/24 1; -173.194.196.0/24 1; -173.194.197.0/24 1; -173.194.198.0/24 1; -173.194.199.0/24 1; -173.194.200.0/24 1; -173.194.201.0/24 1; -173.194.202.0/24 1; -173.194.203.0/24 1; -173.194.204.0/24 1; -173.194.205.0/24 1; -173.194.206.0/24 1; -173.194.207.0/24 1; -173.194.208.0/24 1; -173.194.209.0/24 1; -173.194.210.0/24 1; -173.194.211.0/24 1; -173.194.212.0/24 1; -173.194.213.0/24 1; -173.194.214.0/24 1; -173.194.215.0/24 1; -173.194.216.0/24 1; -173.194.217.0/24 1; -173.194.218.0/24 1; -173.194.219.0/24 1; -173.194.220.0/24 1; -173.194.221.0/24 1; -173.194.222.0/24 1; -173.194.223.0/24 1; -173.194.32.0/24 1; -173.194.34.0/24 1; -173.194.35.0/24 1; -173.194.36.0/24 1; -173.194.37.0/24 1; -173.194.38.0/24 1; -173.194.39.0/24 1; -173.194.40.0/24 1; -173.194.41.0/24 1; -173.194.42.0/24 1; -173.194.44.0/24 1; -173.194.46.0/24 1; -173.194.53.0/24 1; -173.194.63.0/24 1; -173.194.66.0/24 1; -173.194.67.0/24 1; -173.194.68.0/24 1; -173.194.69.0/24 1; -173.194.70.0/24 1; -173.194.7.0/24 1; -173.194.73.0/24 1; -173.194.74.0/24 1; -173.194.76.0/24 1; -173.194.78.0/24 1; -173.194.79.0/24 1; -173.255.112.0/20 1; -185.150.148.0/22 1; -185.25.28.0/23 1; -192.104.160.0/23 1; -192.158.28.0/22 1; -192.178.0.0/15 1; -199.192.112.0/22 1; -199.223.232.0/21 1; -207.223.160.0/20 1; -208.68.108.0/22 1; -208.81.188.0/22 1; -209.107.176.0/20 1; -209.107.176.0/23 1; -209.107.182.0/23 1; -209.107.184.0/23 1; -209.107.185.0/24 1; -209.85.144.0/24 1; -209.85.145.0/24 1; -209.85.147.0/24 1; -209.85.200.0/24 1; -209.85.201.0/24 1; -209.85.202.0/24 1; -209.85.203.0/24 1; -209.85.232.0/24 1; -209.85.233.0/24 1; -209.85.234.0/24 1; -209.85.235.0/24 1; -216.239.32.0/24 1; -216.239.33.0/24 1; -216.239.34.0/24 1; -216.239.35.0/24 1; -216.239.36.0/24 1; -216.239.38.0/24 1; -216.239.39.0/24 1; -216.252.220.0/22 1; -216.252.220.0/24 1; -216.252.222.0/24 1; -216.58.200.0/24 1; -216.58.208.0/24 1; -216.58.209.0/24 1; -216.58.210.0/24 1; -216.58.211.0/24 1; -216.58.212.0/24 1; -216.58.213.0/24 1; -216.58.214.0/24 1; -216.58.215.0/24 1; -216.58.216.0/24 1; -216.58.217.0/24 1; -216.58.218.0/24 1; -216.58.219.0/24 1; -216.58.220.0/24 1; -216.58.221.0/24 1; -216.58.222.0/24 1; -216.58.223.0/24 1; -216.73.80.0/20 1; -23.236.48.0/20 1; -23.251.128.0/19 1; -35.184.0.0/13 1; -35.192.0.0/13 1; -35.200.0.0/14 1; -35.204.0.0/15 1; -35.224.0.0/14 1; -35.228.0.0/14 1; -35.232.0.0/14 1; -35.236.0.0/14 1; -35.240.0.0/14 1; -35.244.0.0/14 1; -64.233.161.0/24 1; -64.233.162.0/24 1; -64.233.163.0/24 1; -64.233.164.0/24 1; -64.233.165.0/24 1; -64.233.166.0/24 1; -64.233.167.0/24 1; -64.233.168.0/24 1; -64.233.169.0/24 1; -64.233.170.0/24 1; -64.233.171.0/24 1; -64.233.176.0/24 1; -64.233.177.0/24 1; -64.233.178.0/24 1; -64.233.179.0/24 1; -64.233.180.0/24 1; -64.233.181.0/24 1; -64.233.182.0/24 1; -64.233.183.0/24 1; -64.233.184.0/24 1; -64.233.185.0/24 1; -64.233.186.0/24 1; -64.233.187.0/24 1; -64.233.188.0/24 1; -64.233.189.0/24 1; -64.233.190.0/24 1; -64.233.191.0/24 1; -66.102.1.0/24 1; -66.102.12.0/24 1; -66.102.2.0/24 1; -66.102.3.0/24 1; -66.102.4.0/24 1; -66.249.64.0/19 1; -70.32.128.0/19 1; -70.32.131.0/24 1; -70.32.145.0/24 1; -70.32.146.0/23 1; -70.32.151.0/24 1; -74.114.24.0/21 1; -74.125.124.0/24 1; -74.125.126.0/24 1; -74.125.127.0/24 1; -74.125.128.0/24 1; -74.125.129.0/24 1; -74.125.130.0/24 1; -74.125.131.0/24 1; -74.125.132.0/24 1; -74.125.133.0/24 1; -74.125.134.0/24 1; -74.125.135.0/24 1; -74.125.136.0/24 1; -74.125.138.0/24 1; -74.125.139.0/24 1; -74.125.140.0/24 1; -74.125.141.0/24 1; -74.125.143.0/24 1; -74.125.192.0/24 1; -74.125.196.0/24 1; -74.125.197.0/24 1; -74.125.198.0/24 1; -74.125.199.0/24 1; -74.125.200.0/24 1; -74.125.201.0/24 1; -74.125.202.0/24 1; -74.125.203.0/24 1; -74.125.204.0/24 1; -74.125.205.0/24 1; -74.125.206.0/24 1; -74.125.21.0/24 1; -74.125.22.0/24 1; -74.125.225.0/24 1; -74.125.226.0/24 1; -74.125.227.0/24 1; -74.125.228.0/24 1; -74.125.230.0/24 1; -74.125.23.0/24 1; -74.125.232.0/24 1; -74.125.234.0/24 1; -74.125.235.0/24 1; -74.125.236.0/24 1; -74.125.238.0/24 1; -74.125.24.0/24 1; -74.125.26.0/24 1; -74.125.27.0/24 1; -74.125.28.0/24 1; -74.125.29.0/24 1; -74.125.30.0/24 1; -74.125.31.0/24 1; -74.125.39.0/24 1; -74.125.6.0/24 1; -74.125.68.0/24 1; -74.125.69.0/24 1; -74.125.70.0/24 1; -74.125.71.0/24 1; -8.34.208.0/21 1; -8.34.216.0/21 1; -8.35.192.0/21 1; -8.35.200.0/21 1; -8.8.4.0/24 1; -8.8.8.0/24 1; -108.177.96.0/19 1; -172.217.0.0/19 1; -173.194.0.0/16 1; -2001:4860:4000::/36 1; -203.208.60.0/24 1; -207.126.144.0/20 1; -209.85.128.0/17 1; -216.239.32.0/19 1; -216.58.192.0/19 1; -2404:6800:4000::/36 1; -2607:f8b0:4000::/36 1; -2800:3f0:4000::/36 1; -2a00:1450:4000::/36 1; -2c0f:fb50:4000::/36 1; -64.18.0.0/20 1; -64.233.160.0/19 1; -64.68.80.0/21 1; -66.102.0.0/20 1; -66.249.64.0/18 1; -72.14.192.0/18 1; -74.125.0.0/16 1; -# ==================================== -# END GOOGLE. -# ==================================== - -# ==================================== -# START BING. -# ==================================== -131.253.24.0/22 1; -131.253.46.0/23 1; -157.54.0.0/15 1; -157.56.0.0/14 1; -157.60.0.0/16 1; -199.30.16.0/24 1; -199.30.27.0/24 1; -207.46.0.0/16 1; -40.112.0.0/13 1; -40.120.0.0/14 1; -40.124.0.0/16 1; -40.125.0.0/17 1; -40.74.0.0/15 1; -40.76.0.0/14 1; -40.80.0.0/12 1; -40.96.0.0/12 1; -65.52.104.0/24 1; -65.52.108.0/22 1; -65.55.213.0/24 1; -65.55.217.0/24 1; -65.55.24.0/24 1; -65.55.52.0/24 1; -65.55.55.0/24 1; -# ==================================== -# END BING. -# ==================================== - -# ==================================== -# START CLOUDFLARE. -# ==================================== -103.21.244.0/22 1; -103.22.200.0/22 1; -103.31.4.0/22 1; -104.16.0.0/12 1; -108.162.192.0/18 1; -131.0.72.0/22 1; -141.101.64.0/18 1; -162.158.0.0/15 1; -172.64.0.0/13 1; -173.245.48.0/20 1; -188.114.96.0/20 1; -190.93.240.0/20 1; -197.234.240.0/22 1; -198.41.128.0/17 1; -# ==================================== -# END CLOUDFLARE. -# ==================================== - -# ==================================== -# START UPTIME ROBOT. -# ==================================== -216.144.250.150 1; -69.162.124.226 1; -69.162.124.227 1; -69.162.124.228 1; -69.162.124.229 1; -69.162.124.230 1; -69.162.124.231 1; -69.162.124.232 1; -69.162.124.233 1; -69.162.124.234 1; -69.162.124.235 1; -69.162.124.236 1; -69.162.124.237 1; -63.143.42.242 1; -63.143.42.243 1; -63.143.42.244 1; -63.143.42.245 1; -63.143.42.246 1; -63.143.42.247 1; -63.143.42.248 1; -63.143.42.249 1; -63.143.42.250 1; -63.143.42.251 1; -63.143.42.252 1; -63.143.42.253 1; -46.137.190.132 1; -122.248.234.23 1; -188.226.183.141 1; -178.62.52.237 1; -54.79.28.129 1; -54.94.142.218 1; -104.131.107.63 1; -54.67.10.127 1; -54.64.67.106 1; -159.203.30.41 1; -46.101.250.135 1; -18.221.56.27 1; -52.60.129.180 1; -159.89.8.111 1; -146.185.143.14 1; -139.59.173.249 1; -165.227.83.148 1; -128.199.195.156 1; -138.197.150.151 1; -34.233.66.117 1; -# ==================================== -# END UPTIME ROBOT. -# ==================================== - -# ==================================== -# START DOPEHOSTING.NET -# ==================================== -54.37.223.16/30 1; -37.59.144.72/30 1; -137.74.180.224 1; -54.36.45.68 1; -46.105.102.209 1; -188.165.209.76 1; -178.32.143.180 1; -94.23.174.121 1; -145.239.109.72/30 1; -51.254.165.84/30 1; -176.31.143.0/30 1; -151.80.88.22 1; -151.80.88.23 1; -164.132.205.172 1; -91.134.123.247 1; -145.239.77.50 1; -178.33.104.93 1; -178.33.104.96 1; -178.33.104.181 1; -178.33.106.145 1; -51.254.94.129 1; -178.32.56.33 1; -164.132.30.228 1; -137.74.234.202 1; -94.23.172.79 1; -46.105.53.116 1; -91.134.201.79 1; -137.74.234.209 1; -54.36.100.120 1; -94.23.172.83 1; -46.105.51.193 1; -178.32.53.54 1; -# ==================================== -# END DOPEHOSTING.NET -# ==================================== - - - - diff --git a/iptables/filter.d/nginx-ban.conf b/iptables/filter.d/nginx-ban.conf deleted file mode 100644 index 2afbdf2..0000000 --- a/iptables/filter.d/nginx-ban.conf +++ /dev/null @@ -1,5 +0,0 @@ -[Definition] - -failregex = ^.*client: .* 444.*$ - -ignoreregex = diff --git a/iptables/filter.d/nginx-limits.conf b/iptables/filter.d/nginx-limits.conf deleted file mode 100644 index c2081d7..0000000 --- a/iptables/filter.d/nginx-limits.conf +++ /dev/null @@ -1,8 +0,0 @@ -# fail2ban filter configuration for nginx limit connection for ip. - - -[Definition] - -failregex = ^.*client: .*$ - -ignoreregex = diff --git a/iptables/install b/iptables/install deleted file mode 100644 index 1309f09..0000000 --- a/iptables/install +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y -sudo apt-get install iptables-persistent -sudo invoke-rc.d iptables-persistent save -clear - -# ======================================================================== -mkdir -p /firewall/iptables/bin -echo '#!/bin/bash' > /firewall/iptables/bin/fire.sh -echo 'sudo service fail2ban stop' >> /firewall/iptables/bin/fire.sh -echo 'nano /etc/iptables/rules.v4' >> /firewall/iptables/bin/fire.sh -echo 'iptables-restore < /etc/iptables/rules.v4' >> /firewall/iptables/bin/fire.sh -echo 'iptables-save > /etc/iptables/rules.v4' >> /firewall/iptables/bin/fire.sh -echo 'sudo service fail2ban start' >> /firewall/iptables/bin/fire.sh -ln -sf /firewall/iptables/bin/fire.sh /bin/fire -curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/rules > /etc/iptables/rules.v4 -chmod +x /bin/fire -# ======================================================================== - - -sudo apt-get install fail2ban -y -sudo service fail2ban stop -curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/jail.local > /etc/fail2ban/jail.local -touch /nginx/logs/error.log -sudo service fail2ban start -clear diff --git a/iptables/jail.local b/iptables/jail.local deleted file mode 100644 index da2cd58..0000000 --- a/iptables/jail.local +++ /dev/null @@ -1,471 +0,0 @@ -[DEFAULT] -ignoreip = 127.0.0.1/8 - -# "bantime" is the number of seconds that a host is banned. -bantime = 1200 - -# A host is banned if it has generated "maxretry" during the last "findtime" -# seconds. -findtime = 600 -maxretry = 3 - -# "backend" specifies the backend used to get files modification. -# Available options are "pyinotify", "gamin", "polling" and "auto". -# This option can be overridden in each jail as well. -# -# pyinotify: requires pyinotify (a file alteration monitor) to be installed. -# If pyinotify is not installed, Fail2ban will use auto. -# gamin: requires Gamin (a file alteration monitor) to be installed. -# If Gamin is not installed, Fail2ban will use auto. -# polling: uses a polling algorithm which does not require external libraries. -# auto: will try to use the following backends, in order: -# pyinotify, gamin, polling. -backend = auto - -# "usedns" specifies if jails should trust hostnames in logs, -# warn when reverse DNS lookups are performed, or ignore all hostnames in logs -# -# yes: if a hostname is encountered, a reverse DNS lookup will be performed. -# warn: if a hostname is encountered, a reverse DNS lookup will be performed, -# but it will be logged as a warning. -# no: if a hostname is encountered, will not be used for banning, -# but it will be logged as info. -usedns = warn - -# Destination email address used solely for the interpolations in -# jail.{conf,local} configuration files. -destemail = root@localhost - -# Name of the sender for mta actions -sendername = Fail2Ban - -# ACTIONS - -# Default banning action (e.g. iptables, iptables-new, -# iptables-multiport, shorewall, etc) It is used to define -# action_* variables. Can be overridden globally or per -# section within jail.local file -banaction = iptables-multiport - -# email action. Since 0.8.1 upstream fail2ban uses sendmail -# MTA for the mailing. Change mta configuration parameter to mail -# if you want to revert to conventional 'mail'. -mta = sendmail - -# Default protocol -protocol = tcp - -# Specify chain where jumps would need to be added in iptables-* actions -chain = INPUT - -# -# Action shortcuts. To be used to define action parameter - -# The simplest action to take: ban only -action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - -# ban & send an e-mail with whois report to the destemail. -action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"] - -# ban & send an e-mail with whois report and relevant log lines -# to the destemail. -action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"] - -# Choose default action. To change, just override value of 'action' with the -# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local -# globally (section [DEFAULT]) or per specific section -action = %(action_)s - -# -# JAILS -# - -# Next jails corresponds to the standard configuration in Fail2ban 0.6 which -# was shipped in Debian. Enable any defined here jail by including -# -# [SECTION_NAME] -# enabled = true - -# -# in /etc/fail2ban/jail.local. -# -# Optionally you may override any other parameter (e.g. banaction, -# action, port, logpath, etc) in that section within jail.local - -[ssh] - -enabled = true -port = ssh -filter = sshd -logpath = /var/log/auth.log -maxretry = 6 - -[nginx-limits] - -enabled = true -port = http,https -filter = nginx-limits -logpath = /hostdata/*/logs/error.log -maxretry = 6 - -[nginx-ban] -enabled = true -port = http,https -filter = nginx-ban -logpath = /hostdata/*/logs/access.log -maxretry = 1 - -[dropbear] - -enabled = false -port = ssh -filter = dropbear -logpath = /var/log/auth.log -maxretry = 6 - -# Generic filter for pam. Has to be used with action which bans all ports -# such as iptables-allports, shorewall -[pam-generic] - -enabled = false -# pam-generic filter can be customized to monitor specific subset of 'tty's -filter = pam-generic -# port actually must be irrelevant but lets leave it all for some possible uses -port = all -banaction = iptables-allports -port = anyport -logpath = /var/log/auth.log -maxretry = 6 - -[xinetd-fail] - -enabled = false -filter = xinetd-fail -port = all -banaction = iptables-multiport-log -logpath = /var/log/daemon.log -maxretry = 2 - - -[ssh-ddos] - -enabled = false -port = ssh -filter = sshd-ddos -logpath = /var/log/auth.log -maxretry = 6 - - -# Here we use blackhole routes for not requiring any additional kernel support -# to store large volumes of banned IPs - -[ssh-route] - -enabled = false -filter = sshd -action = route -logpath = /var/log/sshd.log -maxretry = 6 - -# Here we use a combination of Netfilter/Iptables and IPsets -# for storing large volumes of banned IPs -# -# IPset comes in two versions. See ipset -V for which one to use -# requires the ipset package and kernel support. -[ssh-iptables-ipset4] - -enabled = false -port = ssh -filter = sshd -banaction = iptables-ipset-proto4 -logpath = /var/log/sshd.log -maxretry = 6 - -[ssh-iptables-ipset6] - -enabled = false -port = ssh -filter = sshd -banaction = iptables-ipset-proto6 -logpath = /var/log/sshd.log -maxretry = 6 - - -# -# HTTP servers -# - -[apache] - -enabled = false -port = http,https -filter = apache-auth -logpath = /var/log/apache*/*error.log -maxretry = 6 - -# default action is now multiport, so apache-multiport jail was left -# for compatibility with previous (<0.7.6-2) releases -[apache-multiport] - -enabled = false -port = http,https -filter = apache-auth -logpath = /var/log/apache*/*error.log -maxretry = 6 - -[apache-noscript] - -enabled = false -port = http,https -filter = apache-noscript -logpath = /var/log/apache*/*error.log -maxretry = 6 - -[apache-overflows] - -enabled = false -port = http,https -filter = apache-overflows -logpath = /var/log/apache*/*error.log -maxretry = 2 - -# Ban attackers that try to use PHP's URL-fopen() functionality -# through GET/POST variables. - Experimental, with more than a year -# of usage in production environments. - -[php-url-fopen] - -enabled = false -port = http,https -filter = php-url-fopen -logpath = /var/www/*/logs/access_log - -# A simple PHP-fastcgi jail which works with lighttpd. -# If you run a lighttpd server, then you probably will -# find these kinds of messages in your error_log: -# ALERT – tried to register forbidden variable ‘GLOBALS’ -# through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php') - -[lighttpd-fastcgi] - -enabled = false -port = http,https -filter = lighttpd-fastcgi -logpath = /var/log/lighttpd/error.log - -# Same as above for mod_auth -# It catches wrong authentifications - -[lighttpd-auth] - -enabled = false -port = http,https -filter = suhosin -logpath = /var/log/lighttpd/error.log - -[nginx-http-auth] - -enabled = true -filter = nginx-http-auth -port = http,https -logpath = /var/log/nginx/error.log - -# Monitor roundcube server - -[roundcube-auth] - -enabled = false -filter = roundcube-auth -port = http,https -logpath = /var/log/roundcube/userlogins - - -[sogo-auth] - -enabled = false -filter = sogo-auth -port = http, https -# without proxy this would be: -# port = 20000 -logpath = /var/log/sogo/sogo.log - - -# FTP servers - -[vsftpd] - -enabled = false -port = ftp,ftp-data,ftps,ftps-data -filter = vsftpd -logpath = /var/log/vsftpd.log -# or overwrite it in jails.local to be -# logpath = /var/log/auth.log -# if you want to rely on PAM failed login attempts -# vsftpd's failregex should match both of those formats -maxretry = 6 - - -[proftpd] - -enabled = false -port = ftp,ftp-data,ftps,ftps-data -filter = proftpd -logpath = /var/log/proftpd/proftpd.log -maxretry = 6 - - -[pure-ftpd] - -enabled = false -port = ftp,ftp-data,ftps,ftps-data -filter = pure-ftpd -logpath = /var/log/syslog -maxretry = 6 - - -[wuftpd] - -enabled = false -port = ftp,ftp-data,ftps,ftps-data -filter = wuftpd -logpath = /var/log/syslog -maxretry = 6 - - -# Mail servers - -[postfix] - -enabled = false -port = smtp,ssmtp,submission -filter = postfix -logpath = /var/log/mail.log - - -[couriersmtp] - -enabled = false -port = smtp,ssmtp,submission -filter = couriersmtp -logpath = /var/log/mail.log - - -# -# Mail servers authenticators: might be used for smtp,ftp,imap servers, so -# all relevant ports get banned -# - -[courierauth] - -enabled = false -port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s -filter = courierlogin -logpath = /var/log/mail.log - - -[sasl] - -enabled = false -port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s -filter = postfix-sasl -# You might consider monitoring /var/log/mail.warn instead if you are -# running postfix since it would provide the same log lines at the -# "warn" level but overall at the smaller filesize. -logpath = /var/log/mail.log - -[dovecot] - -enabled = false -port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s -filter = dovecot -logpath = /var/log/mail.log - -# To log wrong MySQL access attempts add to /etc/my.cnf: -# log-error=/var/log/mysqld.log -# log-warning = 2 -[mysqld-auth] - -enabled = false -filter = mysqld-auth -port = 3306 -logpath = /var/log/mysqld.log - - -# DNS Servers - - -# These jails block attacks against named (bind9). By default, logging is off -# with bind9 installation. You will need something like this: -# -# logging { -# channel security_file { -# file "/var/log/named/security.log" versions 3 size 30m; -# severity dynamic; -# print-time yes; -# }; -# category security { -# security_file; -# }; -# }; -# -# in your named.conf to provide proper logging - -# !!! WARNING !!! -# Since UDP is connection-less protocol, spoofing of IP and imitation -# of illegal actions is way too simple. Thus enabling of this filter -# might provide an easy way for implementing a DoS against a chosen -# victim. See -# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html -# Please DO NOT USE this jail unless you know what you are doing. -#[named-refused-udp] -# -#enabled = false -#port = domain,953 -#protocol = udp -#filter = named-refused -#logpath = /var/log/named/security.log - -[named-refused-tcp] - -enabled = false -port = domain,953 -protocol = tcp -filter = named-refused -logpath = /var/log/named/security.log - -# Multiple jails, 1 per protocol, are necessary ATM: -# see https://github.com/fail2ban/fail2ban/issues/37 -[asterisk-tcp] - -enabled = false -filter = asterisk -port = 5060,5061 -protocol = tcp -logpath = /var/log/asterisk/messages - -[asterisk-udp] - -enabled = false -filter = asterisk -port = 5060,5061 -protocol = udp -logpath = /var/log/asterisk/messages - - -# Jail for more extended banning of persistent abusers -# !!! WARNING !!! -# Make sure that your loglevel specified in fail2ban.conf/.local -# is not at DEBUG level -- which might then cause fail2ban to fall into -# an infinite loop constantly feeding itself with non-informative lines -[recidive] - -enabled = false -filter = recidive -logpath = /var/log/fail2ban.log -action = iptables-allports[name=recidive] - sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log] -bantime = 604800 ; 1 week -findtime = 86400 ; 1 day -maxretry = 5 diff --git a/iptables/rules b/iptables/rules deleted file mode 100644 index 5f67196..0000000 --- a/iptables/rules +++ /dev/null @@ -1,33 +0,0 @@ -# Generated by iptables-save v1.6.1 on Fri May 3 07:22:39 2019 -*mangle -:PREROUTING ACCEPT [0:0] -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [3:376] -:POSTROUTING ACCEPT [3:376] -COMMIT -# Completed on Fri May 3 07:22:39 2019 -# Generated by iptables-save v1.6.1 on Fri May 3 07:22:39 2019 -*nat -:PREROUTING ACCEPT [0:0] -:INPUT ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] -:POSTROUTING ACCEPT [0:0] -COMMIT -# Completed on Fri May 3 07:22:39 2019 -# Generated by iptables-save v1.6.1 on Fri May 3 07:22:39 2019 -*filter -:INPUT DROP [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [3:376] --A INPUT -i lo -j ACCEPT --A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --A INPUT -p tcp -m tcp --dport 22 -j ACCEPT --A INPUT -p tcp -m tcp --dport 80 -j ACCEPT --A INPUT -p tcp -m tcp --dport 443 -j ACCEPT --A INPUT -m conntrack --ctstate INVALID -j DROP --A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable --A INPUT -p tcp -j REJECT --reject-with tcp-reset --A INPUT -j REJECT --reject-with icmp-proto-unreachable -COMMIT -# Completed on Fri May 3 07:22:39 2019 diff --git a/static/GeoLite2-Country.mmdb b/static/GeoLite2-Country.mmdb deleted file mode 100644 index d18e644..0000000 Binary files a/static/GeoLite2-Country.mmdb and /dev/null differ diff --git a/static/conf.d/banlist.conf b/static/conf.d/banlist.conf deleted file mode 100644 index 722faee..0000000 --- a/static/conf.d/banlist.conf +++ /dev/null @@ -1,195 +0,0 @@ -# ======================================== -# Proxies used for brute force. -deny 185.145.200.0/22; -deny 175.139.192.0/18; -deny 160.16.128.0/17; -deny 35.190.128.0/19; -deny 34.192.0.0/12; -deny 123.30.174.0/24; -deny 58.82.144.0/21; -deny 92.63.96.0/21; -deny 109.68.150.0/24; -deny 171.248.0.0/13; -deny 196.220.97.0/24; -deny 185.145.202.171/32; -deny 123.30.174.151/32; -deny 47.90.87.225/32; -deny 204.12.155.201/32; -deny 168.90.224.75/32; -deny 47.52.231.140/32; -deny 47.90.72.227/32; -deny 47.91.139.78/32; -deny 62.109.14.242/32; -deny 118.193.26.18/32; -deny 159.224.176.205/32; -deny 74.217.93.206/32; -deny 27.111.43.178/32; -deny 47.206.51.67/32; -deny 194.190.17.23/32; -deny 50.233.136.254/32; -deny 62.133.191.113/32; -deny 80.95.11.139/32; -deny 37.99.214.45/32; -deny 103.74.246.161/32; -deny 69.85.70.37/32; -deny 187.58.213.116/32; -deny 85.30.219.24/32; -deny 34.200.213.29/32; -deny 92.63.103.226/32; -deny 181.196.50.238/32; -deny 36.73.121.24/32; -deny 74.217.93.211/32; -deny 81.22.54.60/32; -deny 36.73.159.128/32; -deny 2.138.24.102/32; -deny 188.244.185.94/32; -deny 89.255.94.111/32; -deny 74.217.93.208/32; -deny 58.82.151.37/32; -deny 74.217.93.207/32; -deny 74.217.93.209/32; -deny 74.217.93.212/32; -deny 24.155.93.123/32; -deny 74.217.93.204/32; -deny 74.217.93.210/32; -deny 117.6.161.118/32; -deny 154.119.50.246/32; -deny 74.217.93.205/32; -deny 37.76.234.230/32; -deny 176.122.251.56/32; -deny 113.254.33.38/32; -deny 185.145.202.171/32; -deny 175.139.252.193/32; -deny 5.188.10.8/32; -deny 5.199.130.127/32; -deny 185.220.101.10/32; -deny 192.160.102.169/32; -deny 185.220.101.9/32; -deny 216.218.134.12/32; -deny 144.217.245.23/32; -deny 185.220.101.22/32; -deny 104.192.0.58/32; -deny 91.195.158.95/32; -deny 51.15.72.211/32; -deny 185.220.101.30/32; -deny 185.100.87.206/32; -deny 104.218.63.72/32; -deny 185.38.14.171/32; -deny 65.19.167.130/32; -deny 185.220.101.29/32; -deny 65.19.167.131/32; -deny 216.218.222.12/32; -deny 204.85.191.30/32; -deny 196.220.97.1/32; -deny 193.90.12.119/32; -deny 54.36.222.37/32; -deny 163.172.171.163/32; -deny 51.15.143.28/32; -deny 84.141.66.143/32; -deny 93.115.95.207/32; -deny 62.210.105.116/32; -deny 193.90.12.116/32; -deny 185.220.101.24/32; -deny 51.254.208.245/32; -deny 37.187.94.86/32; -deny 185.220.101.21/32; -deny 51.15.64.39/32; -deny 91.250.241.241/32; -deny 188.214.104.146/32; -deny 172.104.252.154/32; -deny 77.247.181.162/32; -deny 176.10.104.243/32; -deny 192.36.27.4/32; -deny 93.115.86.4/32; -deny 149.202.170.60/32; -deny 144.217.60.239/32; -deny 185.220.101.1/32; -deny 185.11.167.4/32; -deny 185.10.68.114/32; -deny 109.201.133.100/32; -deny 171.25.193.77/32; -deny 5.79.86.15/32; -deny 172.104.29.241/32; -deny 163.172.41.228/32; -deny 163.172.160.182/32; -deny 94.100.6.27/32; -deny 185.220.101.28/32; -deny 176.31.180.157/32; -deny 5.135.158.101/32; -deny 185.195.25.111/32; -deny 185.220.101.25/32; -deny 62.210.110.181/32; -deny 193.90.12.115/32; -deny 195.22.126.147/32; -deny 84.53.65.151/32; -deny 104.218.63.74/32; -deny 144.217.245.243/32; -deny 178.17.170.156/32; -deny 46.182.106.190/32; -deny 84.209.48.106/32; -deny 185.117.118.234/32; -deny 185.220.101.44/32; -deny 192.99.247.1/32; -deny 163.172.174.24/32; -deny 46.101.128.0/18; -deny 192.36.27.6/32; -deny 185.129.62.63/32; -deny 104.223.123.98/32; -deny 193.90.12.117/32; -deny 171.25.193.235/32; -deny 51.15.64.212/32; -deny 166.70.207.2/32; -deny 216.218.222.14/32; -deny 176.223.113.26/32; -deny 178.63.97.34/32; -deny 176.10.99.200/32; -deny 37.233.103.114/32; -deny 78.109.23.1/32; -deny 185.165.168.229/32; -deny 109.228.51.164/32; -deny 170.250.140.52/32; -deny 176.107.188.11/32; -deny 185.220.101.6/32; -deny 185.220.101.46/32; -deny 146.185.177.103/32; -deny 64.113.32.29/32; -deny 95.128.43.164/32; -deny 37.220.35.202/32; -deny 5.196.66.162/32; -deny 5.254.112.154/32; -deny 31.171.155.131/32; -deny 93.115.95.206/32; -deny 185.220.101.15/32; -deny 185.220.101.4/32; -deny 185.100.85.101/32; -deny 185.222.209.32/32; -deny 185.227.82.9/32; -deny 85.93.218.204/32; -deny 93.115.95.205/32; -deny 87.118.92.43/32; -deny 51.15.56.204/32; -deny 66.70.217.179/32; -deny 185.100.87.207/32; -deny 185.220.101.32/32; -deny 176.8.24.228/32; -deny 51.15.209.128/32; -deny 193.90.12.118/32; -deny 52.224.48.30/32; -deny 62.210.37.82/32; -deny 80.127.116.96/32; -deny 122.183.242.53/32; -deny 93.115.95.204/32; -deny 165.227.39.194/32; -deny 144.217.60.211/32; -deny 176.126.252.12/32; -deny 178.165.72.177/32; -deny 185.38.14.215/32; -deny 27.124.124.126/32; -deny 185.165.168.77/32; -deny 185.220.101.26/32; -deny 217.147.169.75/32; -deny 185.169.43.68/32; -deny 185.220.101.8/32; -deny 144.217.45.37/32; -deny 65.19.167.132/32; -# ========================================== diff --git a/static/conf.d/country.conf b/static/conf.d/country.conf deleted file mode 100644 index ff6bd40..0000000 --- a/static/conf.d/country.conf +++ /dev/null @@ -1,23 +0,0 @@ -map $geoip2_data_country_code $allowed_country { - default yes; - BD no; - IT no; - PL no; - CM no; - CA no; - TH no; - ZA no; - EC no; - HK no; - CZ no; - ID no; - BR no; - SA no; - FK no; - FM no; - EH no; - CN no; - VN no; - RU no; - TR no; -} diff --git a/static/etc/init.d/nginx b/static/etc/init.d/nginx deleted file mode 100644 index d6ccdc1..0000000 --- a/static/etc/init.d/nginx +++ /dev/null @@ -1,209 +0,0 @@ -#!/bin/sh - -### BEGIN INIT INFO -# Provides: nginx -# Required-Start: $local_fs $remote_fs $network $syslog $named -# Required-Stop: $local_fs $remote_fs $network $syslog $named -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: starts the nginx web server -# Description: starts nginx using start-stop-daemon -### END INIT INFO - -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/nginx -NAME=nginx -DESC=nginx - -# Include nginx defaults if available -if [ -r /etc/default/nginx ]; then - . /etc/default/nginx -fi - -test -x $DAEMON || exit 0 - -. /lib/init/vars.sh -. /lib/lsb/init-functions - -# Try to extract nginx pidfile -PID=$(cat /nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1) -if [ -z "$PID" ] -then - PID=/run/nginx.pid -fi - -# Check if the ULIMIT is set in /etc/default/nginx -if [ -n "$ULIMIT" ]; then - # Set the ulimits - ulimit $ULIMIT -fi - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \ - $DAEMON_OPTS 2>/dev/null \ - || return 2 -} - -test_nginx_config() { - $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1 -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PID --name $NAME - RETVAL="$?" - - sleep 1 - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME - return 0 -} - -# -# Rotate log files -# -do_rotate() { - start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME - return 0 -} - -# -# Online upgrade nginx executable -# -# "Upgrading Executable on the Fly" -# http://nginx.org/en/docs/control.html -# -do_upgrade() { - # Return - # 0 if nginx has been successfully upgraded - # 1 if nginx is not running - # 2 if the pid files were not created on time - # 3 if the old master could not be killed - if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then - # Wait for both old and new master to write their pid file - while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do - cnt=`expr $cnt + 1` - if [ $cnt -gt 10 ]; then - return 2 - fi - sleep 1 - done - # Everything is ready, gracefully stop the old master - if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then - return 0 - else - return 3 - fi - else - return 1 - fi -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - restart) - log_daemon_msg "Restarting $DESC" "$NAME" - - # Check configuration before stopping nginx - if ! test_nginx_config; then - log_end_msg 1 # Configuration error - exit 0 - fi - - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - reload|force-reload) - log_daemon_msg "Reloading $DESC configuration" "$NAME" - - # Check configuration before reload nginx - # - # This is not entirely correct since the on-disk nginx binary - # may differ from the in-memory one, but that's not common. - # We prefer to check the configuration and return an error - # to the administrator. - if ! test_nginx_config; then - log_end_msg 1 # Configuration error - exit 0 - fi - - do_reload - log_end_msg $? - ;; - configtest|testconfig) - log_daemon_msg "Testing $DESC configuration" - test_nginx_config - log_end_msg $? - ;; - status) - status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - upgrade) - log_daemon_msg "Upgrading binary" "$NAME" - do_upgrade - log_end_msg 0 - ;; - rotate) - log_daemon_msg "Re-opening $DESC log files" "$NAME" - do_rotate - log_end_msg $? - ;; - *) - echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2 - exit 3 - ;; -esac - -: diff --git a/static/html/index.html b/static/html/index.html deleted file mode 100644 index 3411e4f..0000000 --- a/static/html/index.html +++ /dev/null @@ -1,5 +0,0 @@ - -

NGINX-AS-WEB-FIREWALL Default Page!?

-

If you can see this that means your installation was successful!

-

Thank You For Using This Project, For Issues or suggestion Post them on (Github)

- diff --git a/static/mod/ndk_http_module.so b/static/mod/ndk_http_module.so new file mode 100755 index 0000000..f22179c Binary files /dev/null and b/static/mod/ndk_http_module.so differ diff --git a/static/mod/ngx_http_brotli_filter_module.so b/static/mod/ngx_http_brotli_filter_module.so new file mode 100755 index 0000000..a1cf1f8 Binary files /dev/null and b/static/mod/ngx_http_brotli_filter_module.so differ diff --git a/static/mod/ngx_http_brotli_static_module.so b/static/mod/ngx_http_brotli_static_module.so new file mode 100755 index 0000000..2661687 Binary files /dev/null and b/static/mod/ngx_http_brotli_static_module.so differ diff --git a/static/mod/ngx_http_flv_live_module.so b/static/mod/ngx_http_flv_live_module.so new file mode 100755 index 0000000..ac607e6 Binary files /dev/null and b/static/mod/ngx_http_flv_live_module.so differ diff --git a/static/mod/ngx_http_geoip2_module.so b/static/mod/ngx_http_geoip2_module.so new file mode 100755 index 0000000..2ce6bcf Binary files /dev/null and b/static/mod/ngx_http_geoip2_module.so differ diff --git a/static/mod/ngx_http_headers_more_filter_module.so b/static/mod/ngx_http_headers_more_filter_module.so new file mode 100755 index 0000000..76bbfd2 Binary files /dev/null and b/static/mod/ngx_http_headers_more_filter_module.so differ diff --git a/static/mod/ngx_http_js_module.so b/static/mod/ngx_http_js_module.so new file mode 100755 index 0000000..41f7d13 Binary files /dev/null and b/static/mod/ngx_http_js_module.so differ diff --git a/static/mod/ngx_http_lua_module.so b/static/mod/ngx_http_lua_module.so new file mode 100755 index 0000000..8b928fc Binary files /dev/null and b/static/mod/ngx_http_lua_module.so differ diff --git a/static/mod/ngx_http_modsecurity_module.so b/static/mod/ngx_http_modsecurity_module.so new file mode 100755 index 0000000..997ead4 Binary files /dev/null and b/static/mod/ngx_http_modsecurity_module.so differ diff --git a/static/mod/ngx_http_naxsi_module.so b/static/mod/ngx_http_naxsi_module.so new file mode 100755 index 0000000..ea9c966 Binary files /dev/null and b/static/mod/ngx_http_naxsi_module.so differ diff --git a/static/mod/ngx_http_set_misc_module.so b/static/mod/ngx_http_set_misc_module.so new file mode 100755 index 0000000..fb6c859 Binary files /dev/null and b/static/mod/ngx_http_set_misc_module.so differ diff --git a/static/mod/ngx_http_testcookie_access_module.so b/static/mod/ngx_http_testcookie_access_module.so new file mode 100755 index 0000000..124ee68 Binary files /dev/null and b/static/mod/ngx_http_testcookie_access_module.so differ diff --git a/static/mod/ngx_pagespeed.so b/static/mod/ngx_pagespeed.so new file mode 100755 index 0000000..a9e2544 Binary files /dev/null and b/static/mod/ngx_pagespeed.so differ diff --git a/static/mod/ngx_stream_geoip2_module.so b/static/mod/ngx_stream_geoip2_module.so new file mode 100755 index 0000000..ebf1547 Binary files /dev/null and b/static/mod/ngx_stream_geoip2_module.so differ diff --git a/static/mod/ngx_stream_js_module.so b/static/mod/ngx_stream_js_module.so new file mode 100755 index 0000000..7a420d4 Binary files /dev/null and b/static/mod/ngx_stream_js_module.so differ diff --git a/static/raws/template b/static/raws/template deleted file mode 100644 index eb009f5..0000000 --- a/static/raws/template +++ /dev/null @@ -1,55 +0,0 @@ -server { - listen 80; - root /hostdata/raws.com/public_html; - index index.html index.php; - server_name raws.com www.raws.com; - - location / { - SecRulesEnabled; - LearningMode; - DeniedUrl "/denied/"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$EVADE >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - access_log /hostdata/raws.com/logs/access.log main; - error_log /hostdata/raws.com/logs/error.log; - try_files $uri $uri/ =404; - } - - location /denied/ { - return 444; - } - # ========================================= - # PHPMYADMIN. - # ========================================= - location /phpmyadmin { - root /hostdata/default/; - location ~ ^/phpmyadmin/(.+\.php)$ { - try_files $uri =404; - root /hostdata/default/; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /nginx/fastcgi_params; - } - } - # ========================================= - # END PHPMYADMIN. - # ========================================= - - # ========================================= - # PHP. - # ========================================= - location ~ \.php { - try_files $uri /index.php =404; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /nginx/fastcgi_params; - } - # ========================================= - # END PHP. - # ========================================= -} diff --git a/static/sysctl.conf b/static/sysctl.conf deleted file mode 100644 index 704fdee..0000000 --- a/static/sysctl.conf +++ /dev/null @@ -1,23 +0,0 @@ -vm.nr_hugepages = 0 -vm.vfs_cache_pressure = 30 -fs.file-max = 1000000 -net.core.wmem_max = 16777216 -net.core.rmem_max = 16777216 -kernel.randomize_va_space = 2 -net.ipv4.ip_forward = 1 -net.ipv4.tcp_syncookies = 1 -net.ipv4.ip_local_port_range = 1024 64999 -net.ipv4.tcp_wmem = 4096 65536 16777216 -net.ipv4.tcp_rmem = 4096 87380 16777216 -net.ipv4.tcp_window_scaling = 1 -net.core.somaxconn = 32768 -net.core.netdev_max_backlog = 30000 -net.ipv4.tcp_max_syn_backlog = 2048 -net.ipv4.tcp_fin_timeout = 90 -net.ipv4.tcp_tw_reuse = 1 -net.core.default_qdisc = fq -net.ipv4.tcp_congestion_control = bbr -net.ipv4.tcp_synack_retries = 2 -net.ipv4.tcp_syn_retries = 2 -kernel.sched_autogroup_enabled = 0 -net.ipv4.tcp_max_orphans = 32768 diff --git a/static/vhost/aes.min.js b/static/vhost/aes.min.js deleted file mode 100644 index dbbc4ec..0000000 --- a/static/vhost/aes.min.js +++ /dev/null @@ -1,790 +0,0 @@ -/* - * aes.js: implements AES - Advanced Encryption Standard - * from the SlowAES project, http://code.google.com/p/slowaes/ - * - * Copyright (c) 2008 Josh Davis ( http://www.josh-davis.org ), - * Mark Percival ( http://mpercival.com ), - * - * Ported from C code written by Laurent Haan ( http://www.progressive-coding.com ) - * - * Licensed under the Apache License, Version 2.0 - * http://www.apache.org/licenses/ - */ - -var slowAES = { - /* - * START AES SECTION - */ - aes:{ - // structure of valid key sizes - keySize:{ - SIZE_128:16, - SIZE_192:24, - SIZE_256:32 - }, - - // Rijndael S-box - sbox:[ - 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, - 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, - 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, - 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, - 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, - 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, - 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, - 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, - 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, - 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, - 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, - 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, - 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, - 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, - 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, - 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ], - - // Rijndael Inverted S-box - rsbox: - [ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb - , 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb - , 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e - , 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 - , 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 - , 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 - , 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 - , 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b - , 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 - , 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e - , 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b - , 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 - , 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f - , 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef - , 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 - , 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d ], - - /* rotate the word eight bits to the left */ - rotate:function(word) - { - var c = word[0]; - for (var i = 0; i < 3; i++) - word[i] = word[i+1]; - word[3] = c; - - return word; - }, - - // Rijndael Rcon - Rcon:[ - 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, - 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, - 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, - 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, - 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, - 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, - 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, - 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, - 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, - 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, - 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, - 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, - 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, - 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, - 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, - 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, - 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, - 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, - 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb ], - - G2X: [ - 0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16, - 0x18, 0x1a, 0x1c, 0x1e, 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e, - 0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, 0x40, 0x42, 0x44, 0x46, - 0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e, - 0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76, - 0x78, 0x7a, 0x7c, 0x7e, 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e, - 0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, 0xa0, 0xa2, 0xa4, 0xa6, - 0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe, - 0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6, - 0xd8, 0xda, 0xdc, 0xde, 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee, - 0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, 0x1b, 0x19, 0x1f, 0x1d, - 0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05, - 0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d, - 0x23, 0x21, 0x27, 0x25, 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55, - 0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45, 0x7b, 0x79, 0x7f, 0x7d, - 0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65, - 0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d, - 0x83, 0x81, 0x87, 0x85, 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5, - 0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5, 0xdb, 0xd9, 0xdf, 0xdd, - 0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5, - 0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed, - 0xe3, 0xe1, 0xe7, 0xe5 - ], - - G3X: [ - 0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d, - 0x14, 0x17, 0x12, 0x11, 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39, - 0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, 0x60, 0x63, 0x66, 0x65, - 0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71, - 0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d, - 0x44, 0x47, 0x42, 0x41, 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9, - 0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, 0xf0, 0xf3, 0xf6, 0xf5, - 0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1, - 0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd, - 0xb4, 0xb7, 0xb2, 0xb1, 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99, - 0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, 0x9b, 0x98, 0x9d, 0x9e, - 0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a, - 0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6, - 0xbf, 0xbc, 0xb9, 0xba, 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2, - 0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea, 0xcb, 0xc8, 0xcd, 0xce, - 0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda, - 0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46, - 0x4f, 0x4c, 0x49, 0x4a, 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62, - 0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a, 0x3b, 0x38, 0x3d, 0x3e, - 0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a, - 0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16, - 0x1f, 0x1c, 0x19, 0x1a - ], - - G9X: [ - 0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, - 0x6c, 0x65, 0x7e, 0x77, 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf, - 0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, 0x3b, 0x32, 0x29, 0x20, - 0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c, - 0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8, - 0xc7, 0xce, 0xd5, 0xdc, 0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49, - 0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, 0xe6, 0xef, 0xf4, 0xfd, - 0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91, - 0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e, - 0x21, 0x28, 0x33, 0x3a, 0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2, - 0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, 0xec, 0xe5, 0xfe, 0xf7, - 0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b, - 0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f, - 0x10, 0x19, 0x02, 0x0b, 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8, - 0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, 0x47, 0x4e, 0x55, 0x5c, - 0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30, - 0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9, - 0xf6, 0xff, 0xe4, 0xed, 0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35, - 0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, 0xa1, 0xa8, 0xb3, 0xba, - 0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6, - 0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62, - 0x5d, 0x54, 0x4f, 0x46 - ], - - GBX: [ - 0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, - 0x74, 0x7f, 0x62, 0x69, 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81, - 0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, 0x7b, 0x70, 0x6d, 0x66, - 0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12, - 0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e, - 0xbf, 0xb4, 0xa9, 0xa2, 0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7, - 0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, 0x46, 0x4d, 0x50, 0x5b, - 0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f, - 0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8, - 0xf9, 0xf2, 0xef, 0xe4, 0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c, - 0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, 0xf7, 0xfc, 0xe1, 0xea, - 0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e, - 0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02, - 0x33, 0x38, 0x25, 0x2e, 0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd, - 0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, 0x3c, 0x37, 0x2a, 0x21, - 0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55, - 0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44, - 0x75, 0x7e, 0x63, 0x68, 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80, - 0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, 0x7a, 0x71, 0x6c, 0x67, - 0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13, - 0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f, - 0xbe, 0xb5, 0xa8, 0xa3 - ], - - GDX: [ - 0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, - 0x5c, 0x51, 0x46, 0x4b, 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3, - 0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, 0xbb, 0xb6, 0xa1, 0xac, - 0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0, - 0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14, - 0x37, 0x3a, 0x2d, 0x20, 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e, - 0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, 0xbd, 0xb0, 0xa7, 0xaa, - 0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6, - 0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9, - 0x8a, 0x87, 0x90, 0x9d, 0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25, - 0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, 0xda, 0xd7, 0xc0, 0xcd, - 0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91, - 0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75, - 0x56, 0x5b, 0x4c, 0x41, 0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42, - 0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, 0xb1, 0xbc, 0xab, 0xa6, - 0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa, - 0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8, - 0xeb, 0xe6, 0xf1, 0xfc, 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44, - 0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, 0x0c, 0x01, 0x16, 0x1b, - 0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47, - 0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3, - 0x80, 0x8d, 0x9a, 0x97 - ], - - GEX: [ - 0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, - 0x48, 0x46, 0x54, 0x5a, 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca, - 0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, 0xdb, 0xd5, 0xc7, 0xc9, - 0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81, - 0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59, - 0x73, 0x7d, 0x6f, 0x61, 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87, - 0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, 0x4d, 0x43, 0x51, 0x5f, - 0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17, - 0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14, - 0x3e, 0x30, 0x22, 0x2c, 0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc, - 0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, 0x41, 0x4f, 0x5d, 0x53, - 0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b, - 0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3, - 0xe9, 0xe7, 0xf5, 0xfb, 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0, - 0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, 0x7a, 0x74, 0x66, 0x68, - 0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20, - 0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e, - 0xa4, 0xaa, 0xb8, 0xb6, 0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26, - 0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, 0x37, 0x39, 0x2b, 0x25, - 0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d, - 0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5, - 0x9f, 0x91, 0x83, 0x8d - ], - - // Key Schedule Core - core:function(word,iteration) - { - /* rotate the 32-bit word 8 bits to the left */ - word = this.rotate(word); - /* apply S-Box substitution on all 4 parts of the 32-bit word */ - for (var i = 0; i < 4; ++i) - word[i] = this.sbox[word[i]]; - /* XOR the output of the rcon operation with i to the first part (leftmost) only */ - word[0] = word[0]^this.Rcon[iteration]; - return word; - }, - - /* Rijndael's key expansion - * expands an 128,192,256 key into an 176,208,240 bytes key - * - * expandedKey is a pointer to an char array of large enough size - * key is a pointer to a non-expanded key - */ - expandKey:function(key,size) - { - var expandedKeySize = (16*(this.numberOfRounds(size)+1)); - - /* current expanded keySize, in bytes */ - var currentSize = 0; - var rconIteration = 1; - var t = []; // temporary 4-byte variable - - var expandedKey = []; - for(var i = 0;i < expandedKeySize;i++) - expandedKey[i] = 0; - - /* set the 16,24,32 bytes of the expanded key to the input key */ - for (var j = 0; j < size; j++) - expandedKey[j] = key[j]; - currentSize += size; - - while (currentSize < expandedKeySize) - { - /* assign the previous 4 bytes to the temporary value t */ - for (var k = 0; k < 4; k++) - t[k] = expandedKey[(currentSize - 4) + k]; - - /* every 16,24,32 bytes we apply the core schedule to t - * and increment rconIteration afterwards - */ - if(currentSize % size == 0) - t = this.core(t, rconIteration++); - - /* For 256-bit keys, we add an extra sbox to the calculation */ - if(size == this.keySize.SIZE_256 && ((currentSize % size) == 16)) - for(var l = 0; l < 4; l++) - t[l] = this.sbox[t[l]]; - - /* We XOR t with the four-byte block 16,24,32 bytes before the new expanded key. - * This becomes the next four bytes in the expanded key. - */ - for(var m = 0; m < 4; m++) { - expandedKey[currentSize] = expandedKey[currentSize - size] ^ t[m]; - currentSize++; - } - } - return expandedKey; - }, - - // Adds (XORs) the round key to the state - addRoundKey:function(state,roundKey) - { - for (var i = 0; i < 16; i++) - state[i] ^= roundKey[i]; - return state; - }, - - // Creates a round key from the given expanded key and the - // position within the expanded key. - createRoundKey:function(expandedKey,roundKeyPointer) - { - var roundKey = []; - for (var i = 0; i < 4; i++) - for (var j = 0; j < 4; j++) - roundKey[j*4+i] = expandedKey[roundKeyPointer + i*4 + j]; - return roundKey; - }, - - /* substitute all the values from the state with the value in the SBox - * using the state value as index for the SBox - */ - subBytes:function(state,isInv) - { - for (var i = 0; i < 16; i++) - state[i] = isInv?this.rsbox[state[i]]:this.sbox[state[i]]; - return state; - }, - - /* iterate over the 4 rows and call shiftRow() with that row */ - shiftRows:function(state,isInv) - { - for (var i = 0; i < 4; i++) - state = this.shiftRow(state,i*4, i,isInv); - return state; - }, - - /* each iteration shifts the row to the left by 1 */ - shiftRow:function(state,statePointer,nbr,isInv) - { - for (var i = 0; i < nbr; i++) - { - if(isInv) - { - var tmp = state[statePointer + 3]; - for (var j = 3; j > 0; j--) - state[statePointer + j] = state[statePointer + j-1]; - state[statePointer] = tmp; - } - else - { - var tmp = state[statePointer]; - for (var j = 0; j < 3; j++) - state[statePointer + j] = state[statePointer + j+1]; - state[statePointer + 3] = tmp; - } - } - return state; - }, - - // galois multiplication of 8 bit characters a and b - galois_multiplication:function(a,b) - { - var p = 0; - for(var counter = 0; counter < 8; counter++) - { - if((b & 1) == 1) - p ^= a; - if(p > 0x100) p ^= 0x100; - var hi_bit_set = (a & 0x80); //keep p 8 bit - a <<= 1; - if(a > 0x100) a ^= 0x100; //keep a 8 bit - if(hi_bit_set == 0x80) - a ^= 0x1b; - if(a > 0x100) a ^= 0x100; //keep a 8 bit - b >>= 1; - if(b > 0x100) b ^= 0x100; //keep b 8 bit - } - return p; - }, - - // galois multipication of the 4x4 matrix - mixColumns:function(state,isInv) - { - var column = []; - /* iterate over the 4 columns */ - for (var i = 0; i < 4; i++) - { - /* construct one column by iterating over the 4 rows */ - for (var j = 0; j < 4; j++) - column[j] = state[(j*4)+i]; - /* apply the mixColumn on one column */ - column = this.mixColumn(column,isInv); - /* put the values back into the state */ - for (var k = 0; k < 4; k++) - state[(k*4)+i] = column[k]; - } - return state; - }, - - // galois multipication of 1 column of the 4x4 matrix - mixColumn:function(column,isInv) - { - var mult = []; - if(isInv) - mult = [14,9,13,11]; - else - mult = [2,1,1,3]; - var cpy = []; - for(var i = 0; i < 4; i++) - cpy[i] = column[i]; - - column[0] = this.galois_multiplication(cpy[0],mult[0]) ^ - this.galois_multiplication(cpy[3],mult[1]) ^ - this.galois_multiplication(cpy[2],mult[2]) ^ - this.galois_multiplication(cpy[1],mult[3]); - column[1] = this.galois_multiplication(cpy[1],mult[0]) ^ - this.galois_multiplication(cpy[0],mult[1]) ^ - this.galois_multiplication(cpy[3],mult[2]) ^ - this.galois_multiplication(cpy[2],mult[3]); - column[2] = this.galois_multiplication(cpy[2],mult[0]) ^ - this.galois_multiplication(cpy[1],mult[1]) ^ - this.galois_multiplication(cpy[0],mult[2]) ^ - this.galois_multiplication(cpy[3],mult[3]); - column[3] = this.galois_multiplication(cpy[3],mult[0]) ^ - this.galois_multiplication(cpy[2],mult[1]) ^ - this.galois_multiplication(cpy[1],mult[2]) ^ - this.galois_multiplication(cpy[0],mult[3]); - return column; - }, - - // applies the 4 operations of the forward round in sequence - round:function(state, roundKey) - { - state = this.subBytes(state,false); - state = this.shiftRows(state,false); - state = this.mixColumns(state,false); - state = this.addRoundKey(state, roundKey); - return state; - }, - - // applies the 4 operations of the inverse round in sequence - invRound:function(state,roundKey) - { - state = this.shiftRows(state,true); - state = this.subBytes(state,true); - state = this.addRoundKey(state, roundKey); - state = this.mixColumns(state,true); - return state; - }, - - /* - * Perform the initial operations, the standard round, and the final operations - * of the forward aes, creating a round key for each round - */ - main:function(state,expandedKey,nbrRounds) - { - state = this.addRoundKey(state, this.createRoundKey(expandedKey,0)); - for (var i = 1; i < nbrRounds; i++) - state = this.round(state, this.createRoundKey(expandedKey,16*i)); - state = this.subBytes(state,false); - state = this.shiftRows(state,false); - state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds)); - return state; - }, - - /* - * Perform the initial operations, the standard round, and the final operations - * of the inverse aes, creating a round key for each round - */ - invMain:function(state, expandedKey, nbrRounds) - { - state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds)); - for (var i = nbrRounds-1; i > 0; i--) - state = this.invRound(state, this.createRoundKey(expandedKey,16*i)); - state = this.shiftRows(state,true); - state = this.subBytes(state,true); - state = this.addRoundKey(state, this.createRoundKey(expandedKey,0)); - return state; - }, - - numberOfRounds:function(size) - { - var nbrRounds; - switch (size) /* set the number of rounds */ - { - case this.keySize.SIZE_128: - nbrRounds = 10; - break; - case this.keySize.SIZE_192: - nbrRounds = 12; - break; - case this.keySize.SIZE_256: - nbrRounds = 14; - break; - default: - return null; - break; - } - return nbrRounds; - }, - - // encrypts a 128 bit input block against the given key of size specified - encrypt:function(input,key,size) - { - var output = []; - var block = []; /* the 128 bit block to encode */ - var nbrRounds = this.numberOfRounds(size); - /* Set the block values, for the block: - * a0,0 a0,1 a0,2 a0,3 - * a1,0 a1,1 a1,2 a1,3 - * a2,0 a2,1 a2,2 a2,3 - * a3,0 a3,1 a3,2 a3,3 - * the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3 - */ - for (var i = 0; i < 4; i++) /* iterate over the columns */ - for (var j = 0; j < 4; j++) /* iterate over the rows */ - block[(i+(j*4))] = input[(i*4)+j]; - - /* expand the key into an 176, 208, 240 bytes key */ - var expandedKey = this.expandKey(key, size); /* the expanded key */ - /* encrypt the block using the expandedKey */ - block = this.main(block, expandedKey, nbrRounds); - for (var k = 0; k < 4; k++) /* unmap the block again into the output */ - for (var l = 0; l < 4; l++) /* iterate over the rows */ - output[(k*4)+l] = block[(k+(l*4))]; - return output; - }, - - // decrypts a 128 bit input block against the given key of size specified - decrypt:function(input, key, size) - { - var output = []; - var block = []; /* the 128 bit block to decode */ - var nbrRounds = this.numberOfRounds(size); - /* Set the block values, for the block: - * a0,0 a0,1 a0,2 a0,3 - * a1,0 a1,1 a1,2 a1,3 - * a2,0 a2,1 a2,2 a2,3 - * a3,0 a3,1 a3,2 a3,3 - * the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3 - */ - for (var i = 0; i < 4; i++) /* iterate over the columns */ - for (var j = 0; j < 4; j++) /* iterate over the rows */ - block[(i+(j*4))] = input[(i*4)+j]; - /* expand the key into an 176, 208, 240 bytes key */ - var expandedKey = this.expandKey(key, size); - /* decrypt the block using the expandedKey */ - block = this.invMain(block, expandedKey, nbrRounds); - for (var k = 0; k < 4; k++)/* unmap the block again into the output */ - for (var l = 0; l < 4; l++)/* iterate over the rows */ - output[(k*4)+l] = block[(k+(l*4))]; - return output; - } - }, - /* - * END AES SECTION - */ - - /* - * START MODE OF OPERATION SECTION - */ - //structure of supported modes of operation - modeOfOperation:{ - OFB:0, - CFB:1, - CBC:2 - }, - - // get a 16 byte block (aes operates on 128bits) - getBlock: function(bytesIn,start,end,mode) - { - if(end - start > 16) - end = start + 16; - - return bytesIn.slice(start, end); - }, - - /* - * Mode of Operation Encryption - * bytesIn - Input String as array of bytes - * mode - mode of type modeOfOperation - * key - a number array of length 'size' - * size - the bit length of the key - * iv - the 128 bit number array Initialization Vector - */ - encrypt: function (bytesIn, mode, key, iv) - { - var size = key.length; - if(iv.length%16) - { - throw 'iv length must be 128 bits.'; - } - // the AES input/output - var byteArray = []; - var input = []; - var output = []; - var ciphertext = []; - var cipherOut = []; - // char firstRound - var firstRound = true; - if (mode == this.modeOfOperation.CBC) - this.padBytesIn(bytesIn); - if (bytesIn !== null) - { - for (var j = 0;j < Math.ceil(bytesIn.length/16); j++) - { - var start = j*16; - var end = j*16+16; - if(j*16+16 > bytesIn.length) - end = bytesIn.length; - byteArray = this.getBlock(bytesIn,start,end,mode); - if (mode == this.modeOfOperation.CFB) - { - if (firstRound) - { - output = this.aes.encrypt(iv, key, size); - firstRound = false; - } - else - output = this.aes.encrypt(input, key, size); - for (var i = 0; i < 16; i++) - ciphertext[i] = byteArray[i] ^ output[i]; - for(var k = 0;k < end-start;k++) - cipherOut.push(ciphertext[k]); - input = ciphertext; - } - else if (mode == this.modeOfOperation.OFB) - { - if (firstRound) - { - output = this.aes.encrypt(iv, key, size); - firstRound = false; - } - else - output = this.aes.encrypt(input, key, size); - for (var i = 0; i < 16; i++) - ciphertext[i] = byteArray[i] ^ output[i]; - for(var k = 0;k < end-start;k++) - cipherOut.push(ciphertext[k]); - input = output; - } - else if (mode == this.modeOfOperation.CBC) - { - for (var i = 0; i < 16; i++) - input[i] = byteArray[i] ^ ((firstRound) ? iv[i] : ciphertext[i]); - firstRound = false; - ciphertext = this.aes.encrypt(input, key, size); - // always 16 bytes because of the padding for CBC - for(var k = 0;k < 16;k++) - cipherOut.push(ciphertext[k]); - } - } - } - return cipherOut; - }, - - /* - * Mode of Operation Decryption - * cipherIn - Encrypted String as array of bytes - * originalsize - The unencrypted string length - required for CBC - * mode - mode of type modeOfOperation - * key - a number array of length 'size' - * size - the bit length of the key - * iv - the 128 bit number array Initialization Vector - */ - decrypt:function(cipherIn,mode,key,iv) - { - var size = key.length; - if(iv.length%16) - { - throw 'iv length must be 128 bits.'; - } - // the AES input/output - var ciphertext = []; - var input = []; - var output = []; - var byteArray = []; - var bytesOut = []; - // char firstRound - var firstRound = true; - if (cipherIn !== null) - { - for (var j = 0;j < Math.ceil(cipherIn.length/16); j++) - { - var start = j*16; - var end = j*16+16; - if(j*16+16 > cipherIn.length) - end = cipherIn.length; - ciphertext = this.getBlock(cipherIn,start,end,mode); - if (mode == this.modeOfOperation.CFB) - { - if (firstRound) - { - output = this.aes.encrypt(iv, key, size); - firstRound = false; - } - else - output = this.aes.encrypt(input, key, size); - for (i = 0; i < 16; i++) - byteArray[i] = output[i] ^ ciphertext[i]; - for(var k = 0;k < end-start;k++) - bytesOut.push(byteArray[k]); - input = ciphertext; - } - else if (mode == this.modeOfOperation.OFB) - { - if (firstRound) - { - output = this.aes.encrypt(iv, key, size); - firstRound = false; - } - else - output = this.aes.encrypt(input, key, size); - for (i = 0; i < 16; i++) - byteArray[i] = output[i] ^ ciphertext[i]; - for(var k = 0;k < end-start;k++) - bytesOut.push(byteArray[k]); - input = output; - } - else if(mode == this.modeOfOperation.CBC) - { - output = this.aes.decrypt(ciphertext, key, size); - for (i = 0; i < 16; i++) - byteArray[i] = ((firstRound) ? iv[i] : input[i]) ^ output[i]; - firstRound = false; - for(var k = 0;k < end-start;k++) - bytesOut.push(byteArray[k]); - input = ciphertext; - } - } - if(mode == this.modeOfOperation.CBC) - this.unpadBytesOut(bytesOut); - } - return bytesOut; - }, - padBytesIn: function(data) { - var len = data.length; - var padByte = 16 - (len % 16); - for (var i = 0; i < padByte; i++) { - data.push(padByte); - } - }, - unpadBytesOut: function(data) { - var padCount = 0; - var padByte = -1; - var blockSize = 16; - - - if(data.length > 16) { - - for (var i = data.length - 1; i >= data.length-1 - blockSize; i--) { - if (data[i] <= blockSize) { - if (padByte == -1) - padByte = data[i]; - if (data[i] != padByte) { - padCount = 0; - break; - } - padCount++; - } else - break; - if (padCount == padByte) { - break; - } - } - - if (padCount > 0) { - data.splice(data.length - padCount, padCount); - } - - } - - } - /* - * END MODE OF OPERATION SECTION - */ -}; diff --git a/static/vhost/default b/static/vhost/default deleted file mode 100644 index 5f87c0c..0000000 --- a/static/vhost/default +++ /dev/null @@ -1,48 +0,0 @@ -server { - listen 80 default_server; - root /hostdata/default/public_html; - index index.html; - server_name localhost; - - # ================================================ - # LIMIT CONNECTION FOR IP / IPs WILL BE AUTO BANNED IF YOU HAVE INSTALL IPTABLES/FAIL2BAN - limit_conn max 800; - limit_req zone=one burst=300 nodelay; - # ================================================ - - # ================================================ - # 1. Don't put log files into location / {..} it will not work as you think. Use like this. - # 2. If you change their name or location make sure you also change those https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L118 - access_log /hostdata/default/logs/access.log main; - error_log /hostdata/default/logs/error.log; - # ================================================ - - # ================================================ - location / { - SecRulesEnabled; - LearningMode; - DeniedUrl "/denied/"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$EVADE >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - - try_files $uri $uri/ =404; - } - # ================================================ - - location /denied/ { - return 444; - } - - # ================================================ - location ~ \.php { - try_files $uri /index.php =404; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - # ================================================ -}