Skip to main content

Remote VPS file share server

 Recently, I've *allegedly* received some documents on torrent clients on my network. Of course, I wholeheartedly respect copyright laws and do my utmost to ensure that files on my systems are 100% legal. Regardless, I thought creating an offsite file download/share server might be an exciting project. 


I already had a VPS I was renting from a VPS provider, so I spun up another one with them. Relatively low specs, 4 CPUs, 4GB RAM, but it has unlimited network usage which is good for my purposes. I went with the most recent version of Ubuntu, but any OS would work with this. 


To start off, I had an idea for a setup that used a management IP that I could access to download files and communicate with the torrent client, and a download IP that ran a VPN at all times and was only used for downloading files. Luckily enough, my VPS provider had options for adding extra IPv4 addresses to the server, so I bought an extra address and got that working. OpenVPN also has an option to bind to a specific address, so I was banking on attaching that to the secondary IP and then using the primary IP for management. Unfortunately, both IPs were routing off of the same NIC, so while OpenVPN was biding to the correct IP, it was still affecting both addresses. 

This meant that I couldn't access the server using the management IP I was setting up, so I had to find a different VPN solution. I ended up going with split tunneling, which isn't necessarily ideal, but for my purpose should be fine. My VPN provider has a Linux application that works fairly well and supports split tunneling natively, so I went with that over other options. I was also able to mess with some of the VPN settings to make it slightly more secure. I set it up with my personal IP whitelisted so that traffic from my home network and the remote server wasn't captured by the VPN and I would be able to access my management portals. 

Next, I implemented a firewall to prevent other people from accessing the server. I'm a Windows guy and iptables can be a little frustrating for me, so I used gufw instead. It's essentially a GUI for iptables. It's a little more restrictive than CLI iptables, but again, for my purposes, it works well enough. Basically, I created deny all rules for incoming traffic and whitelisted my IP for web communication and SSH/RDP. I opened RDP as well as SSH because I've been on an RDP kick recently, setting it up on all of my non-interenet-facing servers. Xorg can be a little wonky, but it's been working well so far. 




After getting the security services functional, I started working on the applications I wanted running. Finding a file share solution I liked was arguably the most time-consuming aspect. Originally, I was going to do some basic FTPS/SFTP scripting to automate transfers. Maybe dump all files in X directory to my local NAS on some kind of schedule. However, Comcast really didn't like certain ports being open and started to do some "advanced security" which made it a bit annoying to do that. Instead, I opted to use FileBrowser, a self-hosted file share service I use in my home net a lot. Whenever I need to quickly share some files, and I don't feel like opening SMB or anything else, I usually use FileBrowser. It's a super nifty GUI file share service that operates through a web browser. It's dead simple to set up, and only takes a couple of minutes to get going. All I had to do was make a port 80 rule and voila, nice and neat file sharing without opening any holes in my network or setting anything up on the remote server. It isn't the ideal solution necessarily, you can't automate transfer for example, but it is simple enough to get running, and it provides exactly what I need. 



For my torrent client, I use qbittorrent. It has a WebUI, and it supports a variety of functions that can limit what/how things download. Setting up the WebUI is as easy as clicking a checkbox and typing in a password. In my case, I also bound the WebUI to the management address and the download address to the download IP. Not really necessary with how I'm routing traffic with the VPN, but if I got it, I might as well use it. 


Overall, it works really well, only has 4 ports open, all of which are whitelisted to my home IP only, and it doesn't have any complicated setup or solutions that need to be monitored. All I do is send over the DL links and then collect my files. Easy.


Comcast, if you see this, you know I was joking about those letters, right? :)

Labels:

Comments

Post a Comment

Popular posts from this blog

Using PGPy to encrypt and decrypt files and messages

 PGPy is a library for python that enables the creation, storage, and encryption/decryption of PGP keys and files in python. Recently, in a small project to reacquaint myself with python, I used PGPy for key generation and encryption and decryption. That project can be found in my github at  https://github.com/lpowell . The goal of the project was to use command-line switches to control the program, and to provide basic encryption and decryption capabilities, along with rot13 and base64 encoding.  First, to load in a key use key, _ = pgpy.PGPKey.from_file(keyfilename) . This loads the key from either a binary or ASCII armored file. You can swap out .from_file for .from_blob , if you plan on using a key stored in a string or bytes object rather than a file. In my example code, I pull the key from a file, as I found it to be the simpler method.  Next, you'll need to open a file or create a string or bytes object that contains the message you wish to encrypt. We'll cal...
3 comments
Read more

Using the Ubertooth One to sniff and intercept Bluetooth packets

While researching for my individual video project I came across this tool which allows for the sniffing and interception of bluetooth packets. This article covers some of the basic functionality of an Ubertooth One.  It's really quite interesting to see all the possibilities with devices like these. The tech behind them is very interesting as well. Hopefully, I'll be able to integrate some of this technology into my project video and include a demo of some of the interesting things it can do.
Post a Comment
Read more

Huntress CTF Challenge Writeups: HumanTwo: MoveIt IoC Analysis Challenge

HumanTwo: MoveIT IoC Analysis Challenge The HumanTwo challenge is a malware CTF from the 2023 Huntress CTF. This write-up walks through the initial discovery, de-obfuscation, and solving of the challenge. The actual flag will be redacted from the document, but interested parties should be able to follow the steps and derive it themselves. While the write-up assumes a base level of knowledge regarding the command line and Linux. Most tools and commands will be accompanied by short explanations. Step 1: Initial Analysis To start off, we are given an archive with 1000 files named after their file hash. The hint we are given is that there are minor differences between each file. We also know that HumanTwo relates to the MoveIT vulnerability and exploit. The easy way to progress is to look up articles that tell you about the vulnerability and what stands out in each exploit script. However, I didn’t do that, so I’ll put the process I followed down instead. First, because I knew that...
Post a Comment
Read more