Sync latest changes.

This commit is contained in:
Alexander Andreev 2023-01-15 20:07:12 +04:00
parent 2424d89222
commit 32053257fa
Signed by: Arav
GPG Key ID: 0388CC8FAA51063F
6 changed files with 12 additions and 4 deletions

View File

@ -50,7 +50,7 @@ async function getProcesses() {
// 127.0.0.1:19322 // 127.0.0.1:19322
async function getNewCaptcha() { async function getNewCaptcha() {
try { try {
return await fetch("http://startpage.arav.home.arpa/captcha/", {method: "POST"}).then(r => r.text()); return await fetch("http://arav.home.arpa/captcha/", {method: "POST"}).then(r => r.text());
} catch { } catch {
return null; return null;
} }

View File

@ -34,6 +34,10 @@ pre {
white-space: pre-wrap; white-space: pre-wrap;
word-break: break-all; } word-break: break-all; }
figure { margin: 1rem 0; }
figure.center { text-align: center; }
article { article {
margin-top: 1rem; margin-top: 1rem;
max-width: 100%; } max-width: 100%; }

View File

@ -7,7 +7,7 @@
:root { :root {
--background-color: #0a0a0a; --background-color: #0a0a0a;
--background-image: url('/shared/img/desu_z.webp'); --background-image: url('/shared/img/alpha1918_z.webp');
--primary-color: #cd2682; --primary-color: #cd2682;
--secondary-color: #9f2b68; --secondary-color: #9f2b68;
--text-color: #f5f5f5; --text-color: #f5f5f5;
@ -17,7 +17,6 @@
@media (prefers-color-scheme: light) { @media (prefers-color-scheme: light) {
:root { :root {
--background-color: #f5f5f5; --background-color: #f5f5f5;
--background-image: url('/shared/img/desu_z_dark.webp');
--primary-color: #9f2b68; --primary-color: #9f2b68;
--secondary-color: #cd2682; --secondary-color: #cd2682;
--text-color: #0a0a0a; } } --text-color: #0a0a0a; } }

Binary file not shown.

After

Width:  |  Height:  |  Size: 29 KiB

View File

@ -26,13 +26,18 @@ block article
li #[a(href='#art-5-2') Forward chain] li #[a(href='#art-5-2') Forward chain]
h3#art-1 #[a(href='#art-1') 1. Introduction] h3#art-1 #[a(href='#art-1') 1. Introduction]
figure.center
img(src='/assets/img/articles/mikrotik_please_just_dont.jpg' title='%)' alt='Just don\'t!')
figcaption You don't want to be like this, am I right?
p I always wandered, since I #[s joined a cult] got mine, why almost no one can properly secure them. Looks like people just don't bother to do that, and leave it as it is barely configured, and only whine when get hacked. But, holy shit, even through #[code Quick Set] you get a proper secure firewall, yet there are thousands of routers sticking out with a #[s naked ass] acessible WebFig (I bet alongside with it Winbox comes as well, didn't check). p I always wandered, since I #[s joined a cult] got mine, why almost no one can properly secure them. Looks like people just don't bother to do that, and leave it as it is barely configured, and only whine when get hacked. But, holy shit, even through #[code Quick Set] you get a proper secure firewall, yet there are thousands of routers sticking out with a #[s naked ass] acessible WebFig (I bet alongside with it Winbox comes as well, didn't check).
p In this article I'll show you how to harden your router's security. There's nothing difficult and could be find just by learning available features. Considering the firewall, I will just copy-paste a default set of rules, yeah, that feels no good, but what can I do if many haven't done even that. p In this article I'll show you how to harden your router's security. There's nothing difficult and could be find just by learning available features. Considering the firewall, I will just copy-paste a default set of rules, yeah, that feels no good, but what can I do if many haven't done even that.
p If you are setting up a router for the first time I strongly recommend you use a default configuration as a base. First you need to reset a configuration to clear a router. For that in Winbox go to #[code System->Reset Configuration] and check an option #[code No Default Configuration]. In teminal #[code > system/reset-configuration no-defaults=yes]. And then using #[code Quick Set] configure basic access to the Internet and a LAN. We need #[code No Default Configuration] because these defaults doesn't include a firewall (if I recall correctly, I did that in 2019 for the last time). p If you are setting up a router for the first time I strongly recommend you use a default configuration as a base. First you need to reset a configuration to clear a router. For that in Winbox go to #[code System->Reset Configuration] and check an option #[code No Default Configuration]. In teminal #[code > system/reset-configuration no-defaults=yes]. And then using #[code Quick Set] configure basic access to the Internet and a LAN. We need #[code No Default Configuration] because these defaults doesn't include a firewall (if I recall correctly, I did that in 2019 for the last time).
h3#art-2 #[a(href='#art-2') 2. Ways to harden your router] h3#art-2 #[a(href='#art-2') 2. Ways to harden your router]
p Vital thing to do is to keep a firmware up to date. That's another major reason why routers becomes a part of a botnet — vulnerabilities. p Vital thing to do is to keep a firmware up to date. That's another major reason why routers becomes a part of a botnet — vulnerabilities.
p To do it in Winbox go to #[code System->Packages] and click a #[code Check For Updates] button. Or using teminal: #[code > system/package/update/check-for-updates]. p To do it in Winbox go to #[code System->Packages] and click a #[code Check For Updates] button. Or using teminal: #[code > system/package/update/check-for-updates]. After a reboot you need to upgrade a RouterBOARD firmware. In Winbox go to #[code System->RouterBOARD] and click #[code Upgrade] button. After that reboot a router again, go for it in #[code System->Reboot]. In a CLI #[code > system/routerboard/upgrade], and then #[code > system/reboot].
p First thing is setting a password for your admin account. Many other articles recommend to rename it, but I never do that, because there's no access from outside anyway. Also we restrict from what addresses we can login. p First thing is setting a password for your admin account. Many other articles recommend to rename it, but I never do that, because there's no access from outside anyway. Also we restrict from what addresses we can login.
p Second, restrict access to router's configuration by IP, and disable not used services. p Second, restrict access to router's configuration by IP, and disable not used services.
p And here comes a firewall. p And here comes a firewall.

Binary file not shown.

After

Width:  |  Height:  |  Size: 101 KiB