Author Topic: my method of personal internet security  (Read 919 times)

Joshex

  • Full Member
  • ***
  • Posts: 106
  • Inf: +3/-1
    • View Profile
    • Awards
my method of personal internet security
« on: February 24, 2024, 04:25:44 am »
So I'll start this by saying in my experience so far, it's not possible to make an internet enabled device truely safe while you are doing anything online. Obviously some sites (like this one) are trustworthy-ish.

But today I want to teach you how to know if your device is safe. (this advice is not fool-proof mindyou). but it's good to at least know who is spying on you and on what sites and what sort of information they are gathering. it may leave a bad taste in your mouth and make you move away from certain sites and banks etc. but. meh I'll leave that call upto how much you can stand of the spies.

Why should you care? well if you trust employees at google, facebook and microsoft with your bank login info and password reset questions, and info about all your finances in your account then you don't need to read any further, you are as safe as you want to be, but all it takes is one bad employee and LEAK. your personal info was sold to someone in another country and now your bank account has mysterious charges or the password has been changed. now this doesn't happen very often. but when it does happen, it happens Enmass you will not be the only one effected. but it's a huge oops that can be avoided.

OR EVEN MORE IMPORTANT YOUR DEVICE MAY BE SLOW BECAUSE TOO MANY SPYWARE COMPANIES ARE ALL FIGHTING OVER YOUR DATA AND DESTROYING YOUR HARDWARE IN THE PROCESS.

that deserved capslocks. you onboard mi hearty? cool lets sail this vessel off into the high seas and figure out how to stop it.

the following contains advice to use windows. Linux is also cool but haven't used it in years, it's also high maintenance and with the rate software advances you'll need to pull off your files once a year and install a new kernel before you can install any other dependencies to install the software you actually want to run.
I would never mac'ncrash though. if you need to know what a macn'crash or iCrash is you obviously didn't know crapple in the 90s. "mr librarian sir I need to use a computer for my school assignment but there are no computers available" librarian "what are you talking about there are plenty of macs avaialble right in front of the counter here, no one is using them" me "yeah but everytime I write a paragraph I get the spinning wheel of death and have to unplug it and start over".

remember kids in the beginning real people used IBMs, they were expensive and ran windows, and then a guy started a company called Macintosh and used old thirdrate hardware and only 1 option and made an os catered to that exact cheap hardware and called it macintosh (no drivers for other hardware so if you wanted a better CPU or grraphics card or memory sticks, tough apples.). be we called it crashintosh, because the operating system wasn't written well either.

if you are on a chromebook, you are already infested with malware. I suggest pulling your files off, transferring all your logins and such to a new non google machine, deleting all passwords and such on your google book, and selling it to some schlup, or selling it for scrap. if you are advanced enough you could try formatting the hardisk and installing another OS, but I've heard many google BIOS actually are spyware ridden and may prevent other OSes from being installed (which is actually illegal, as Dell was found guilty of that with windows in the 90s, bricking machines so you couldn't install anything else, but google gets treated special.)

If you are using windows, some tools that come with windows are very helpful.

Task Manager, we all know this, or at least you should, you can open it by holding ctrl+alt+delete and selecting task manager. you could also open a run dialogue with the "windows key and r" and type taskmgr.exe and hit enter, or search for and use cmd.exe and type taskmgr.exe and enter.

task manager is useful for seeing what programs and services are running. if you don't want Microsoft spying on everything you do (what you type, and using your camera and mic to record you without your knowledge (*cough*windows 8 and 10 *cough* no idea what I'm coming down with I hope it's not microsoftie) you should immediately go to the Services tab of task manager and disable BITS (Background Intelligent Transefer Service) the internet works fine without it, it's just for ONLINE BACKUPS (that you usually can't access, for microsoftie's eyes only). You may need to run taskmanager as administrator to disable this, in the Services tab you'll want to click BITS and then the Services button with the admin symbol on it, then use the dropdown menu to set it to "Disabled" and click the Stop button and you can watch it enjoy it's ban. If your copy of windows does not allow you to disable this, I truely am sorry. there's not much you can do, but I'll tell you anyways later in the post (it has to do with blocking ranges of IP addresses belonging to microsoft in your router). Naturally if you disable BITS or block microsoft you will not be able to update (if successful, if not successful everything you do is not secure, you are essentially spied on by microsoft and at their mercy hoping a bad employee with access doesn't sell private info) and will not be able to use microsft online backups! (seriously, get a usb thumb drive and back things up manually there). You can always reenable it if you really want to.

BITS may try to start itself back up (in example on login, at which point you may have to remove it from starup in msconfig.exe), if you notice this you may need admin priviledges by openning task manager as an admin to truely disable it. If you want to update you can always reenable it temporarily.

Resource Monitor: this is a critical tool to know whats going on over the web. You can find it Inside Task Manager in the Performance tab, merely click the button and it'll open. alternatively you can run it with a run dialogue as resmon.exe or in a cmd.exe prompt.

The network tab in resource monitor is great to see whats really going on when you do things(when you are connected to the internet, or open your browser, or load a certain website etc, or run software). (though you cannot see what the data actually is, but it's probably encrypted anyways, you probably already saw it and google wants their copy secret so you don't know what they re taking, you'd need to be a higher level keyjocky to even listen what the bytes say)

just because something shows up in the network list doesn't mean theres a problem. it depends on WHAT is showing up and WHEN. if you are just openning your browser with no site, just a blank page and google pops up or psychz.net etc., then yeah thats a problem and you'll want to block that. If you visit a website that's not google and you get lots of 1e100.net addresses showing up or googleusercontent.com or edgestarmini facebook.com addresses, than yeah your ISP or DNS server has sold you out to their monitoring, and you will want to block those.

in my experience actually blocking things like 1e100.net is practically impossible because they do not publish their entire IP ranges and do not resolve to all their IPs when requested by a user (they have outgoing-only IP addresses, which they ensure are sent to you as a URL so you cannot see the IP address) but you want to try to block them anyways, because google is one of the nastiest of all spies. facebook, cloudflare, cloudfront and amazon, even akamai are pretty bad too. you will want to keep toggleable firewall rules for them so you can block them when you want to. we'll get in to that soon.

First you'll want to know how to Check what something is in resource monitor. if it's a url a "something.someplace.com" kinda thing then you'll need to find it's Ip address to fully block it. if it's an IP address such as "0.0.0.0" to "255.255.255.255"  then you'll want to find out who it belongs to before considering banning it (you'll also want to make sure it isn't an alternate IP address for the site you are visiting in your browser).

heres some tools:

cmd.exe in windows windowskey + r and run cmd.exe
type:
ping website.com

inexample: ping google.com
it will then send 4 pings to the site and tell you the Ip address it recieved from and the speed of the data and packet size. this can be used to determine if you are not correctly online. if every website fails ping, you are doing something wrong in your net settings, or somethign got corrupted and you should probably do a malware scan with malwarebytes. but we just want the IP address from here. some websites have multiple IP addresses, so you can keep pinging them and get different IPs. but some URLs don;t have an IP and if you ping them you'll get a "general failure" these are really bad spy servers. for example best-offers-usa.space I caught them snooping once. as robotnik would say "Snoopingas Usual I see?!" Ping As. Keep in mind "General Failure" could mean you are blocking that IP in your firewall or hosts file too!

domaintoipconverter.com/
(This is a place where you can put in a .com address and get it's IP address (sometimes it resolves names to IPs that ping wont. it's a service hosted on cloudflare, lets be fair it's either them or google, and google lies about IPs and said "not found" a lot more than cloudflare does in my experience). so if you have a cloudflare blocking firewall rule you'll disable it to use this site then reenable it after. and make sure you are not doing anything private nor sensitive when doing this.)
To use it plop in the URLs on one line each in the box and hit the button, the page will reload and tell you the Ip addresses for what you entered.
Keep in mind many places have more than 1 IP address, google admits to having 25 million IP addresses, but in reality they have a lot more.

db-ip.com
(This is a Database of Ip Addresses and who owns them.  it's a service hosted on cloudflare as well. using this service you can type db-ip.com/all/the.ip.address (in example like this: db-ip.com/all/34.0.0 ) and hit enter. this nasty IP range 34.0.0.0 belongs to google llc they use it primarily for spying on people, but sadly some sites are hosted on it
(click to show/hide)
.

on that site you'll see they give you the entire range of addresses in that range. you'll also see that you can click on in example "google llc" under "Search the IP Address Locator for All Details" and it'll take you to a page and show you all their other registered google services' IP addresses in that category, and under the other ASN numbers it lists out as links (again this is not all of them, but it's a good start for your google blocker firewall rule).
(click to show/hide)
.

ok so now you know how to identify things you see in resource monitor. and from the information given to you, you can guess whether or not you requested a connection to them. if not, then they are spying.

Data Flow Consideration:

you also want to look at the data flow here, 1 letter is 8 bits(1byte), if every time you type something it's sending 1 byte somewhere that means theres spyware we call a "keylogger" being used, probably in the scripts of the website you are on or even worse embedded in the softare you are using. if it's sending 300,000 kb/sec thats a screenrecording or video, 4,000 might be audio, you get the idea. now data coming IN might be warranted! do not block your video hosts for watching your stuff, done that way too many times, easily rectified by unblocking them at least. but I don't watch things on Youtube, that's google
(click to show/hide)

but outgoing data to somewhere, especially google analytics or any analytics is going to destroy your hardware and overclock your CPU. all it takes is 2 of them fighting for whose spyware should get the video screengrab first, and your fan turns on and your CPU struggles, and things like webpages and browsers freeze and stop responding (sound familiar) until they are satisfied they got the uptodate info on you. they also monitor mousepointer locations and clicks. and you're sitting there going "gee it's really taking my computer awhile to struggle to load one shimmering table on this webpage". (it's time to check resource monitor when you hear the fan)



So now you know What they are trying to get by the data flow and the fact they are unrequested connections. and you may get the basic idea of why they want it and why it's valuable.
(click to show/hide)



How do they sort through it? they have massive massive spy servers the size of entire multi floor football stadium sized buildings, and these machines sift through collected data based on set rules input by the masters, these rules tell it to look for interesting or senisitive information and categorize it as "hey human this needs looking at", or for junk info like gamers talking about enhancements "categorize as 'unvaluable information', save in folder 'delete me' for the human janitors to go through with additional search queries before dumping the lot of it."


What can you do about it?

there are 3 key tools you'll need to use, 4 if you count your internet router. (don't use your phone for internet stuff, it's not safe there are no user security controls and the operating system comes preinstalled with unremovable spyware that bypasses the firewall for vendor requests. so kind of them to include that, just what I wanted. not..)

the Hosts file,
found in C:/Windows/System32/drivers/etc/
open it with notepad or wordpad openned as an administrator (because only an admin can modify this file) it has no extension (no .something, it's just "Hosts") so you may need to tell the folder to show extensions(in windows file explorer, you go to tools>folder options>view tab>hidden files and folders>show hidden files, and unclick "hide extensions for known file types" , windows usually comes with this disabled to stop you from messing with things. the hosts document is just a simple .txt file with no extension(do not rename it to .txt, leave it as Hosts).
this is essentially a document of IP addresses and websites filled out by you manually, it has the same function as a DNS server, it can be used for more than blocking URLs, such as cleverly to avoid your internet service provider throttling (slowing) your connection to videos and other things by supplying the website and video hosts IP address and their url you can guarantee your connection without having to go through the internet to find the IP address.

normally thats what happens, you go to website.com, but that means nothing, so your computer contacts the DNS server you set (and if you didn't set one, it contacts your internet service provider's server) and Asks "what does website.com mean, where is it?" and during that DNS request even if it's to your specified DNS server, your ISP can hijack the request and say "I'm cloudflare 1.1.1.1 and 1.0.0.1 and I don't feel like telling you what website.com's IP address is, you know what, I don't feel like giving you an IP address either" = "the connection is limited - no internet access". you cannot get online without an IP address because sites need to know where to send data back to. sometimes your internet service provider will Proxy the video and site to you, meaning they impersonate the website and forward it to you, this slows things waaaay down. if it gets really bad you can go to a search engine like duckduckgo.com and search for somethign simple like "blue" in images and it will say "no results" this is a fast way to know if you are beign proxied to fake sites. if this happens it can be extremely dangerous, log-in to NOWHERE and close your browser disconnect from the internet and restart your router and reconnect manually.

so in hosts you do:
ipaddress url.com

in example
3.218.0.127 www.nintendo.com # this is one of nintendo's IP addresses. they have awful routing, they fluctuate between 2 Ip addresses while you are loading causing the site to not load some times, but meh they'll lose what business they want to lose and I can't stop them.

# is used to comment so if you have an old Ip address for a site that isn;t current you can #comment it. or just leave 2 of them active it doesn't matter your computer will try them all.



Lets learn basic blocking: Hey look real spyservers pa!!
#block spyservers
127.0.0.1 508282028.hou.cdn77.com
127.0.0.1 cdn77.com
127.0.0.1 atl.cdn77.com
127.0.0.1 851154692.atl.cdn77.com
127.0.0.1 hou.cdn77.com
127.0.0.1 hwcdn.net
127.0.0.1 unassigned.psychz.net
127.0.0.1 psychz.net
127.0.0.1 ddos-guard.net
127.0.0.1 best-offers-usa.space
127.0.0.1 disuanqi.dadongeng.cn
127.0.0.1 dadongeng.cn
127.0.0.1 wordpress.com
127.0.0.1 mia.cdn77.com
127.0.0.1 1e100.net
127.0.0.1 *.1e100.net
127.0.0.1 .1e100.net
127.0.0.1 yb-in-f95.1e100.net
127.0.0.1 yq-in-f95.1e100.net
127.0.0.1 ec2-50-16-33-120.compute-1.amazonaws.com
127.0.0.1 *.amazonaws.com
127.0.0.1 .amazonaws.com
127.0.0.1 amazonaws.com
127.0.0.1 ya-in-f127.1e100.net
127.0.0.1 ym-in-f127.1e100.net
127.0.0.1 ec2-44-218-88-39.compute-1.amazonaws.com
127.0.0.1 yq-in-f127.1e100.net
127.0.0.1 ec2-52-24-144-241.us-west-2.compute.amazonaws.com
127.0.0.1 81.33.190.35.bc.googleusercontent.com

this is just a selection of really nasty ones that as I said earlier do not say what their real IP address is when coming to your computer and tell you a different Ip address when you ask them what it is. for nasty sites like that, you set them to 127.0.0.1 which is the local host and will not leave your computer "enjoy your ban google". they snoop in the background and you'll never know they are there unless you are watching resource monitor periodically.

but banning them all one by one is never going to work. spy servers can get around the hosts file by supplying their IP address hidden in your software or in a hidden .js script on a website (probably/usually hosted on google, and made by google) or making an agreement with your ISP or DNS server.

lets talk about stopping scripts, it can be done realitively easily, it is annoying to have to figure out what scripts are needed to make a website run by toggling them on and off, but the alternative is computer grape and stolen information, don't let computer-chan get graped, it's not a pleasant flavour she doesn't like it, consent was not given..

you can install the addon NoScript into your browser. it's a legitimate and official addon supported by all trustworthy browsers. it's simple to use, with a single click on it's icon on the browser or a rightclick on any page, you can access it's menu and see what URLs scripts are trying to run from.

hmm bank.com/login.html yep I'm on bank.com and I'm trying to login sounds like a script I want to run.
cdn.bank.com hmm whats cdn mean? oh "content developer network" and it's hosted on that actual site, should be safe.

analytics.google.com

googleanalytics.com

googletagmanager.com

... um, yeah... no.

it takes a bit of trial and error but you'll get it. it beats the alternative "man this page is really workin my machine hard and it's so slow.." computerchan: "help..... me! .... please helpme!"

but things like ajax.googleapis.com yeah sadly too many sites use google video players and such. you'll start to learn just how many tentacles this hydra has. sadly some parts of it are necessary if only because everyone killed the old .js players and flash based video players, at googles advice because "they were unsecure". that bit abotu google advising people to kill their competition based on fake "security" reasons probably sounds worse than it actually is... I hope..



Next lets get to the Firewall. it's actually simple to use. you go to the start menu, you type in the search field Firewall, and "Windows Firewall with Advanced Security" shows up. thats the one we want. it's one of the second things I open when I start my computer. resource monitor is one of the first.

you'll see Inbound and Outbound rules, google blocking requires both, blocking the outgoing stuff just isn't enough. but for most spyware outgoing blocks are enough. "hmm I don't hear anything from frank... frank must be offline.. yeah definitely offline, that's frank for you.... frank hasn't been online for months... I think franks dead... but I'm a machine and have no sympathy." frank unblocks them outgoing with a new Ip address and different browsing habbits and user names, server "huh new user, I'll name you dave, hi dave, you don't know it but I'm watching you"

ok so outbound is where to start, this prevents software which comes with spyware in it from phoning home. you'll collect the IP addresses and ranges like we saw above in db-ip and do "new rule> Custom> all programs> leave protocols and ports at default>

under scope this is where the action happens, under "which Remote Ip Addresses does this rule apply to?" > These Ip Addresses> Add> this IP address range.

to know what to enter in here takes a bit of half-assed experience, google may own the entire 34.0.0.0 to 35.255.255.255 range, but.. you never know for sure, there might be one legitimate Ip in there somewhere that google sold to some legitimate site. so lets not ban the whole range. maybe lets say 34.0.0.0 to 34.190.33.80, but this is a rough example, you'll determine this based on what you see showing up in resource monitor, for example I know 34.190.33.81 and a good portion of the rest of the way to 35.255.255.255 IS still in fact a google spy server address, but it also happens to host other websites. so, figure it out as you go and block what you know is bad.
New Site? New Firewall rule. make it easy on yourself! especailly if a site you want to go to shares the same IP as a spyserver, best separate that out as it's own rule so you can turn it off independently.
you can add many Ip ranges to a rule and you can easily right click the rule in Outgoing once you've made it and edit more IPs in under "Scope" later, so don't worry about getting them all right now.

next Action > Block the connection

"Enjoy your Ban google"

don't modify profile not really necessary

finally lets name this character and add a description

"Goorble outgoing BAN-HAMMA"
description: "The Name Of The Evil One is so corrupt it shall not be mentioned. Gorble. like a garbled website that they made with a single javascript under the html header, in disarray and broken."


Remember you can always turn rules off if in example you want to watch some youtube or need to load those awful recaptchas, or upload an image to discord. some websites are entirely hosted on google, like nearly ALL the comic book viewing sites. "but joshex those images are hosted on some sort of blogspot page, thats not google." me "check the Ip range, take the IP of such a site, put it in yourbrowser's URL field and hit enter. huh google.com.. howd that happen." at least cloudflare tries to hide theirs by saying "this Ip address cannot be visited directly, only by url name, this Ip address is part of the cloudflare network". wait, so you're saying google is responsible for hosting pirated scans of new comicbooks? yes, and they are unashamed. perhaps it's the one good thing they do those surley old dogs. if you can call it good.

Congrats, you are a level 1 keyjocky. google hates you even more. they've gone mad bro.

time for level 2~!

lets talk about that internet router, the wifi thing that supplies your net, did you know you can log-in to it via wifi or wire so long as you use the admin password printed on it's side and visit it's IP address in your browser? usually it's a 168. something IP address, check online abotu the unique login method for your router.

most have an "Advanced" tab or page, and here somewhere there will be an option to block access to certain IP addresses and ranges just like in firewall, because it is a firewall. this is necessary if like on windows 10+ blocking microsoft's IPs means nothing because that rule will get ignored by microsoft's software. well, now you have an exterior option to block them with.

Welcome to Level 2 Keyjockeydom j0053 73# 31337 #4x0r! (not really you probably just feel like it, this is only level 2)


these are the basics, I'm thinking of teaching a class on this and getting more people familiar with monitoring and blocking offending spyservers.

sorry no pictures, I'm lazy.
« Last Edit: March 07, 2024, 12:20:51 pm by Joshex »

Joshex

  • Full Member
  • ***
  • Posts: 106
  • Inf: +3/-1
    • View Profile
    • Awards
Re: my method of personal internet security
« Reply #1 on: March 07, 2024, 12:21:50 pm »
resmon.exe is resource monitor, not perfmon.exe, perfmon is a tab in task manager.