Posts Tagged ‘anti’

The Satanic roots of Metal and Rock Music genre – Two parts Christian movie exposing connection between Satanism and Metal music

Tuesday, May 1st, 2012

Some long time ago a bit before I repent and believed in Jesus Christ as my Lord and Saviour, I've done quite an extensive research on the trustability of the Holy Bible and mostly the Church and Christian writtings. In that times, as an ex-metal head I had a profound interest if there is really a connection between Modern Hard Rock and Heavy Metal Music?

My research back then was quite thoroughful and I found plenty of proofs clearly showing a clear connection between most of the hard rock and heavy / death metal bands to satanism. I used to listen this anti-christian music for about 8 years repeatedly believing the message is not  really bad, even though subconsciously I knew something is not right with the music.

It was quite shocking to me to find that one of my favourite hard rock / psychedelic bands Led Zeppelin, The Beatles, The Doors, Rolling Stones etc. e, had a clear connection with Alester Crawley (a new age occultist magician and a forefather of modern satanism …).

Crawley was a completely insane person proclaiming himself under the alias "The Beast". This psycho travelled all around America, cursing people and cities and teaching people to worship evil. In other words the guy was a complete modern day anti-christ. I found in youtube few short 20 minute, movies exposing the relation between the new age ecumenistic beliefs and Crawley. Along with the musicians spoken about and their exposure to be a bible and God deniers, the movie explains why the message of this popular figures is anti-Christian in essence. This short few movies explains how this terrible guy Crawley become an inspirator of many of the today world popular played rock bands in most of the radio stations …


Satanism – The Root of Rock Music (part 1)


Satanism – The Root of Rock Music (part 2)

Another interesting documentary exposing some of the major pop and rock culture and musicians connection with satanism and the occult is They Sold Their Souls to the devil. The movie is again a short research on popular musicians, who openly say in their interviews they sold their souls for fame to the devil. . Many of the star musicians featured in this videos, even say openly they're possessed by evil spirits.


They Sold Their Souls to the devil part 1 of 3


They Sold Their Souls to the devil part 2 of 3


They Sold Their Souls to the devil part 3 of 3


They Sold Thir Souls to the devil part 4 of 4

Some people might think this is a joke non-serious, some crazy christian propaganda, but if you watch it without bias and analyze it nomatter if Christian or atheist you will see most of the things said in the video reflect the reality. Actually it's very sad reality, today's world has rapidly headed towards non-christianity, occult and satanism. Believe it or not, the elite in the world, we see daily on TV or hear on the Radio and read for as heroes in the newspapers has a strong connection with magicians, occult and fake spirituality. Many of them think loving evil is fun and okay but in fact it is a big lie we're said. As I've red someone says, once a lie is repeated many times it appears to sound like truth….
Anyways we should know Evil is evil and no good can come of worshipping the evil our ancestors and forefathers knew that pretty well and they used to teach us in a spirit to obey good and walk after good and not evil. Modern pop-rock culture teach us something else it teach us to go after the ways of dis-obeying satan took … Pitily our dying generation forgot that evil seeking will bring just evil and now systematically many  governments and medias are working seriously for  destroying the Christian moral and pureness hence by that we  seek to destroy ourselves hurrying towards our own destruction….

Lets hope God will be merceful and turn more people to him and unveil them the truth we read in the Holy Bible. I have hope more and more people will realize that we have to be living in a moderate and saintly way and not like the rock and pop stars shown in those videos. We should pray for each other and love each other and keep an eye on our children to let them not go the bad ways of witchcraft, unholiness and sinfulness  the modern pop – rock culture push us to.

Bulgaria silently signs for ACTA / Why ACTA, SOPA and PIPA are bad for our freedom

Thursday, February 2nd, 2012

r freedomYesterday silently with zero publicity, Bulgarian representatives ratified the ACTA (Trade agreement for fighting counterfeit.)
The name sounds really good, but it has not much to do with what ACTA is about, when applied to digital medias and data sharing.
The ACTA legislation has been ratified in Tokyo last week, where 22 of the European Union membership countries signed in favour of these "malicious" treaty.

The basic idea of ACTA looks tempting as it gives more freedoms to copyright holders, however if you look closely you will understand actually this copyright infringement clauses are not so in favour of us the users but mostly in favour of multinational corporations.
For all those who have not heard about ACTA and SOPA in short this is anti freedom of speech treaty, which if put in action could lead to serious filtering of the internet.
The ACTA 's controversial treaty has already raised an outcry from dozens of computer literated individuals who daily use the internet. Unfortunately, ACTA is less known among non-tech guys … and hence most people on the internet have no about its existence.

If ACTA is ratified and set to be valid as a legislation to Bulgaria, this could lead to total Internet censorship in BG (more or less like it is in china now).
ACTA legislation will make sharing files via torrents and other P2P community file sharing networks a criminal activity.
Another effect of ACTA is that practically free software which reads a proprietary formats like DVD becomes illegal in Europe (like it is currently in America) and I will become guilty for just reading the non-free format..
As a result of ACTA our ISP (Internet Service Providers) will be forced to log and keep all traffic flowing through their (Routering servers). Filters on a local ISP level that will be censoring free speech could also become totally lawful…
Already there are plenty of ANTI-ACTA and ANTI-SOPA propaganda website which are trying to bring some more awareness to the public for the issue… Once an individual is suspected, to fraudulent activity or anything that breaks what is in ACTA is he is presumed to be guilty of crome …
Just watch the two videos below and you will see how terrible the consequence could be if this legislation is integrated with todays Bulgarian government laws. If you're hearing for ACTA for a first time and you live in a country which has still not rafitied ACTA as a local country legislation, make sure you spread the word and let all your friends about the bad impact of this anti-human legislation. We have to really stand up and protest to retain our digital freedom !

The Internet can be censored if Protect IP ACT (PIPA) and Stop Online Piracy Act (SOPA) are put in action !

ANTI-ACTA – Hmmm But What can you do??
 

Communistic Government BCP epoch deliberately tried to destroy the Bulgarian Orthodox Church

Wednesday, December 21st, 2011

Communism Reality, Anti Communism Poster

As a Child I've been baptized in the Orthodox Church and since then I've been a complete atheist until the age of 21.
What is the reason to get my faith in God in 21? This is a short post to shed some light on the great efforts of communism to erradicate faith in God in Communistic countries and change faith in God with faith in man and how this kind of approach devastates societies.
During the communism it's a well known fact that communists, all the members in the Bulgarian Communist's Party (BCP),has led an anti Bulgarian Orthodox Church government politics. The fact that Communistic Governments are fighting Churches and faith in God is less known among youngesters and hardly known by people part of western democratic societies.

I did not lived this time myself, but I heard many stories about the stupidities of communism.
Many older people say, when communism came to rule the Communist Government did immediately destroy some Orthodox Christian temples, some priests were convinced in crimes they were not responsible for etc…
Other priests were send in the Concentration camps and many of them never returned in the society.
"Access" to the Churches was limited and sometimes prohibited to the orthodox layman and often to clergy.
During these terrible communism era, it was prohibited to everybody who is a member of BPC to attend Orthodox Church services or identify himself as christian in public.
I've heard from my grandma an interesting story she witnessed, while she was working as a cleaner in the militia (police).
Here is the story:
One day my grandma wanted to go to the Church St. George located on the city centre of Dobrich city Bulgaria.
A policeman stopped her when she was entering the temple and since he knew her as an employee in the police called her by name and told her that she is not allowed to enter the church building, because she is working in the police.
My grandma asked the militiaman to let her enter the temple to pray for just few minutes and light up a candle (just for this time) without reporting for that in the police.
The policeman agreed to let us in and keep silent that she entered the Church this time,but warned her that if he sees her another time entering the church he is going to report to the respective authorities.
Another part of the Government active politics against the Bulgarian Orthodox Church was by placing an ex-criminals who were sentenced for thefts, rapings, agression or other crimes as a priests in the Church.
By this move the supreme counsel of the bulgarian communist party wanted to break the people confidence in the Church as the true holy apostolic Church. The most fierce communists during these days did their best to present the church of God as a corrupted and void institution who only steals from people and exists only to deceive society.
Yet many years after the fall of communism this people distrust in the church that communists sow through the years.

What is pity is even after the communism is gone for a long, time the churches are only full on biggest feasts and no more than 5% of the citizens are regularly going for Church service or have even the basic knowledge on the Church truths and mysteries.
Following the fall of communism the democratic governments who come to power, elected in a citizen democratic elections did not do much to help the church either, some of them does lead politics openly hostile to our Bulgarian Church.
The last government selected, seems to be less hostile to our Church, but people have once been cut away from the Church and now its really hard for our nation to get back to faith.
The severe crisis (a word that means judgement in greek) and the hardships many people experience started to make some people rethink about what is the meaning of life and made them occasionally go back to faith of our fathers orthodoxy.
What will happen further nobody knows, we need to pray and hope God will have mercy and people will repent for their sins and come back to faith again.

Sjecas li se dolly bell? – Do you remember Dolly Bell? – A classic serbian movie by Emil Kosturica

Tuesday, September 27th, 2011

Sjecas li se Dolly Bell / Do you remember dolly bell?

Sjecas li se dolly is a piece of classic in the well known Kosturica genre, the movie is from the distant 1981. The movie action takes place in communistic Yugoslavia. It clearly contains anti-communistic nuances. I’m really amazed that this movie see the light of the day in the early ’90s while still communism had strong influence on information media in Yugoslavia.

As I’ve lived until the age of 7 in communism and post-communism (and experienced myself communism), the movie was especially interesting to see. In the family in the movie I can see many things I’ve seen and suffered many of the anti-human communistic bull-shit in my own family in my boy years.
Communism has cripppled us the Bulgarians as a nation and destroyed any society which it was in (clearly observable in all post-communistic countries).

Interesting thing to notice among the communistic Marxist ideas in the plot is the growing influence of the Western World (seen in the anti social behavior of the actors),the enthusiasm to look for occult of the main actor the teenager boy – (Dino), the desire to look follow Italian western culture etc.
The movie also keeps the mark of the negativism and crazyness which is so distinct about all Kosturica movies I’ve seen. Anyways from an art point of view the movie is a real master piece.

The movie plot takes place in the so conflict area of Sarajevo, a place predominated by Muslims. What is shocking about the movie considering its time of make, is the explicit erotic and sexually related scenes. The censorship in communistic times was quite severe so it’s amazing, how this anti-communistic movie containing society unacceptable scenes ever came to existence.
Do you remember Dolly Bell? is a drama movie, presenting a sad reality, we still partially continue to live in the Balkans. Though 20 years has passed since the fall of communism pitily not much has changed here…

Near the movie end there are some religious scenes as well obviously attempting to fill in the material emptiness of communism with something spiritual. The religious scene,is a muslim local tradition of a funeral preparations.
The relation between the movie and Islam is understandable as Kosturica had some Bosnian Muslim roots from the line of his father. This kind of muslim influence is also observable on the other Kosturica movies as well.
Nowdays since 2005, Kosturica is officially Orthodox Christian baptized in Savina Monastery which makes me happy as myself am Orthodox Christian 😉

Secure Apache webserver against basic Denial of Service attacks with mod_evasive on Debian Linux

Wednesday, September 7th, 2011

Secure Apache against basic Denial of Service attacks with mod evasive, how webserver DDoS works

One good module that helps in mitigating, very basic Denial of Service attacks against Apache 1.3.x 2.0.x and 2.2.x webserver is mod_evasive

I’ve noticed however many Apache administrators out there does forget to install it on new Apache installations or even some of them haven’t heard about of it.
Therefore I wrote this small article to create some more awareness of the existence of the anti DoS module and hopefully thorugh it help some of my readers to strengthen their server security.

Here is a description on what exactly mod-evasive module does:

debian:~# apt-cache show libapache2-mod-evasive | grep -i description -A 7

Description: evasive module to minimize HTTP DoS or brute force attacks
mod_evasive is an evasive maneuvers module for Apache to provide some
protection in the event of an HTTP DoS or DDoS attack or brute force attack.
.
It is also designed to be a detection tool, and can be easily configured to
talk to ipchains, firewalls, routers, and etcetera.
.
This module only works on Apache 2.x servers

How does mod-evasive anti DoS module works?

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address which matches the criterias:

  • Requesting the same page more than number of times per second
  • Making more than N (number) of concurrent requests on the same child per second
  • Making requests to Apache during the IP is temporarily blacklisted (in a blocking list – IP blacklist is removed after a time period))

These anti DDoS and DoS attack protection decreases the possibility that Apache gets DoSed by ana amateur DoS attack, however it still opens doors for attacks who has a large bot-nets of zoombie hosts (let’s say 10000) which will simultaneously request a page from the Apache server. The result in a scenario with a infected botnet running a DoS tool in most of the cases will be a quick exhaustion of system resources available (bandwidth, server memory and processor consumption).
Thus mod-evasive just grants a DoS and DDoS security only on a basic, level where someone tries to DoS a webserver with only possessing access to few hosts.
mod-evasive however in many cases mesaure to protect against DoS and does a great job if combined with Apache mod-security module discussed in one of my previous blog posts – Tightening PHP Security on Debian with Apache 2.2 with ModSecurity2
1. Install mod-evasive

Installing mod-evasive on Debian Lenny, Squeeze and even Wheezy is done in identical way straight using apt-get:

deiban:~# apt-get install libapache2-mod-evasive
...

2. Enable mod-evasive in Apache

debian:~# ln -sf /etc/apache2/mods-available/mod-evasive.load /etc/apache2/mods-enabled/mod-evasive.load

3. Configure the way mod-evasive deals with potential DoS attacks

Open /etc/apache2/apache2.conf, go down to the end of the file and paste inside, below three mod-evasive configuration directives:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097DOS
PageCount 30
DOSSiteCount 40
DOSPageInterval 2
DOSSiteInterval 1
DOSBlockingPeriod 120
#DOSEmailNotify hipo@mymailserver.com
</IfModule>

In case of the above configuration criterias are matched, mod-evasive instructs Apache to return a 403 (Forbidden by default) error page which will conserve bandwidth and system resources in case of DoS attack attempt, especially if the DoS attack targets multiple requests to let’s say a large downloadable file or a PHP,Perl,Python script which does a lot of computation and thus consumes large portion of server CPU time.

The meaning of the above three mod-evasive config vars are as follows:

DOSHashTableSize 3097 – Increasing the DoSHashTableSize will increase performance of mod-evasive but will consume more server memory, on a busy webserver this value however should be increased
DOSPageCount 30 – Add IP in evasive temporary blacklist if a request for any IP that hits the same page 30 consequential times.
DOSSiteCount 40 – Add IP to be be blacklisted if 40 requests are made to a one and the same URL location in 1 second time
DOSBlockingPeriod 120 – Instructs the time in seconds for which an IP will get blacklisted (e.g. will get returned the 403 foribden page), this settings instructs mod-evasive to block every intruder which matches DOSPageCount 30 or DOSSiteCount 40 for 2 minutes time.
DOSPageInterval 2 – Interval of 2 seconds for which DOSPageCount can be reached.
DOSSiteInterval 1 – Interval of 1 second in which if DOSSiteCount of 40 is matched the matched IP will be blacklisted for configured period of time.

mod-evasive also supports IP whitelisting with its option DOSWhitelist , handy in cases if for example, you should allow access to a single webpage from office env consisting of hundred computers behind a NAT.
Another handy configuration option is the module capability to notify, if a DoS is originating from a number of IP addresses using the option DOSEmailNotify
Using the DOSSystemCommand in relation with iptables, could be configured to filter out any IP addresses which are found to be matching the configured mod-evasive rules.
The module also supports custom logging, if you want to keep track on IPs which are found to be trying a DoS attack against the server place in above shown configuration DOSLogDir “/var/log/apache2/evasive” and create the /var/log/apache2/evasive directory, with:
debian:~# mkdir /var/log/apache2/evasive

I decided not to log mod-evasive DoS IP matches as this will just add some extra load on the server, however in debugging some mistakenly blacklisted IPs logging is sure a must.

4. Restart Apache to load up mod-evasive debian:~# /etc/init.d/apache2 restart
...

Finally a very good reading which sheds more light on how exactly mod-evasive works and some extra module configuration options are located in the documentation bundled with the deb package to read it, issue:

debian:~# zless /usr/share/doc/libapache2-mod-evasive/README.gz

How to harden Linux Security and imprpove network efficiency on Kernel sysctl Level to Stop SYN flood

Friday, July 8th, 2011

Power up Linux and protect against DDoS with sysctl var optimization

Some long time ago I’ve written an article Optimizing Linux tcp/ip networking

In the article I’ve examined a number of Linux kernel sysctl variables, which significantly improve the way TCP/IP networking is handled by a non router Linux based servers.

As the time progresses I’ve been continuing to read materials on blogs and internet sites on various tips and anti Denial of Service rules which one could apply on newly installed hosting (Apache/MySql/Qmail/Proxy) server to improve webserver responce times and tighten the overall security level.

In my quest for sysctl 😉 I found a few more handy sysctl variables apart from the old ones I incorporate on every Linux server I adminstrate.
The sysctl variables improves the overall network handling efficiency and protects about common SYN/ACK Denial of service attacks.

Here are the extra sysctl variables I started incorporating just recently:

############ IPv4 Sysctl Settings ################
#Enable ExecShield protection (randomize virtual assigned space to protect against many exploits)
kernel.randomize_va_space = 1
#Increase the number of PIDs processes could assign this is very needed especially on more powerful servers
kernel.pid_max = 65536
# Prevent against the common 'syn flood attack'
net.ipv4.tcp_syncookies = 1
# Controls the use of TCP syncookies two is generally a better idea, though you might experiment
#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
##################################################
#
############## IPv6 Sysctl Settings ################
# Number of Router Solicitations to send until assuming no routers are present.
net.ipv6.conf.default.router_solicitations = 0
# Accept Router Preference in RA? Again not necessery if the server is not a router
net.ipv6.conf.default.accept_ra_rtr_pref = 0
# Learn Prefix Information in Router Advertisement (Unnecessery) for non-routers
net.ipv6.conf.default.accept_ra_pinfo = 0
# disable accept of hop limit settings from other routers (could be used for DoS)
net.ipv6.conf.default.accept_ra_defrtr = 0
# disable ipv6 global unicasts server assignments
net.ipv6.conf.default.autoconf = 0
# neighbor solicitations to send out per address (better if disabled)
net.ipv6.conf.default.dad_transmits = 0
# disable assigning more than 1 address per network interface
net.ipv6.conf.default.max_addresses = 1
#####################################################

 

To use this settings paste the above sysctl variables in /etc/sysctl.conf and ask sysctl command to read and apply the newly added conf settings:

server:~# sysctl -p
...

Hopefully you should not get errors while applying the sysctl settings, if you get some errors, it’s possible some of the variable is differently named (depending on the Linux kernel version) or the Linux distribution on which sysctl’s are implemented.

For some convenience I’ve created unified sysctl variables /etc/sysct.conf containing the newly variables I started implementing to servers with the ones I already exlpained in my previous post Optimizing Linux TCP/IP Networking

Here is the optimized / hardened sysctl.conf file for download

I use this exact sysctl.conf these days on both Linux hosting / VPS / Mail servers etc. as well as on my personal notebook 😉

Here is also the the complete content of above’s sysctl.conf file, just in case if somebody wants to directly copy/paste it in his /etc/sysctl.conf

# Sysctl kernel variables to improve network performance and protect against common Denial of Service attacks
# It's possible that not all of the variables are working on all Linux distributions, test to make sure
# Some of the variables might need a slight modification to match server hardware, however in most cases it should be fine
# variables list compiled by hip0
### http://www.pc-freak.net
#### date 08.07.2011
############ IPv4 Sysctl Kernel Settings ################
net.ipv4.ip_forward = 0
# ( Turn off IP Forwarding )
net.ipv4.conf.default.rp_filter = 1
# ( Control Source route verification )
net.ipv4.conf.default.accept_redirects = 0
# ( Disable ICMP redirects )
net.ipv4.conf.all.accept_redirects = 0
# ( same as above )
net.ipv4.conf.default.accept_source_route = 0
# ( Disable IP source routing )
net.ipv4.conf.all.accept_source_route = 0
# ( - || - )net.ipv4.tcp_fin_timeout = 40
# ( Decrease FIN timeout ) - Useful on busy/high load server
net.ipv4.tcp_keepalive_time = 4000
# ( keepalive tcp timeout )
net.core.rmem_default = 786426
# Receive memory stack size ( a good idea to increase it if your server receives big files )
##net.ipv4.tcp_rmem = "4096 87380 4194304"
net.core.wmem_default = 8388608
#( Reserved Memory per connection )
net.core.wmem_max = 8388608
net.core.optmem_max = 40960
# ( maximum amount of option memory buffers )
# tcp reordering, increase max buckets, increase the amount of backlost
net.ipv4.tcp_max_tw_buckets = 360000
net.ipv4.tcp_reordering = 5
##net.core.hot_list_length = 256
net.core.netdev_max_backlog = 1024
#Enable ExecShield protection (randomize virtual assigned space to protect against many exploits)
kernel.randomize_va_space = 1
#Increase the number of PIDs processes could assign this is very needed especially on more powerful servers
kernel.pid_max = 65536
# Prevent against the common 'syn flood attack'net.ipv4.tcp_syncookies = 1
# Controls the use of TCP syncookies two is generally a better idea, though you might experiment
#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
###################################################
############## IPv6 Sysctl Settings ################
# Number of Router Solicitations to send until assuming no routers are present.
net.ipv6.conf.default.router_solicitations = 0
# Accept Router Preference in RA? Again not necessery if the server is not a router
net.ipv6.conf.default.accept_ra_rtr_pref = 0
# Learn Prefix Information in Router Advertisement (Unnecessery) for non-routersnet.
ipv6.conf.default.accept_ra_pinfo = 0
# disable accept of hop limit settings from other routers (could be used for DoS)
net.ipv6.conf.default.accept_ra_defrtr = 0
# disable ipv6 global unicasts server assignmentsnet.
ipv6.conf.default.autoconf = 0
# neighbor solicitations to send out per address (better if disabled)
net.ipv6.conf.default.dad_transmits = 0
# disable assigning more than 1 address per network interfacenet.
ipv6.conf.default.max_addresses = 1
#####################################################
# Reboot if kernel panic
kernel.panic = 20

These sysctl settings will tweaken the Linux kernel default network settings performance and you will notice the improvements in website responsiveness immediately in some cases implementing this kernel level goodies will make the server perform better and the system load might decrease even 😉

This optimizations on a kernel level are not only handy for servers, their implementation on Linux Desktop should also have a positive influence on the way the network behaves and could improve significantly the responce times of opening pages in Firefox/Opera/Epiphany Torrent downloads etc.

Hope this kernel tweakenings are helpful to someone.
Cheers 😉