This post is for the Apache web server, I created a simple script that will do the job. You may use it in Wordpress or in many CMS, surely this script will be useful in a lot of situations. It will help you to increase the speed and security of your site. Requirements: root access.

#! /bin/bash
b=$(find $1 -name .htaccess)
for p in $b; do if [[ -s "$p" ]] ; then a=$(dirname $p); echo \<Directory \"$a\"\>; cat $p; echo; echo \</Directory\>; echo; fi; done


You only have to specify the website directory and it fill search for all .htaccess files in sub-directories, then it will print the directives for the httpd.conf file, you can invoke the script like this:

./script.sh /var/www/html

Add the resulting configuration manually to httpd.conf and don't forget to add AllowOverride None to the root directory, in this way my website speed increased noticeably! Also security increased. Please notice that you may end with a duplicated entry for the base directory, so please check it carefully. I read that a hacked website may include malicious code in the .htaccess files, so please check the code before adding into the config file.

If you use Google Chrome, be aware because Google opens a port in your computer and keeps it open even if you close Google Chrome.

The port is 5228 which you can check with the following command:

netstat -n -t | grep 5228

---

I blocked all the Googles ips, actually Google has 239616 ips , the following command will calculate the total ips that Google owns.

for slash in $(dig TXT +short _netblocks{,2,3}.google.com | tr ' ' '\n' | grep '^ip4:' | cut -d '/' -f 2); do total=$((total+$(echo "2^(32-$slash)" | bc -l))) ; done; echo $total

In this post I will teach you how to block all the Google ips using UFW, however, it is also possible to do so using iptables.

First disable the ipv6 addresses in your PC

Read: https://curl.pink/index.php?article30/10-september-2017

Then get all the Google ipv4 ips:

dig TXT +short _netblocks{,2,3}.google.com | tr ' ' '\n' | grep '^ip4:'

Finally as root add block rules in the following way to each of that addresses:

ufw deny out to 64.18.0.0/20 ufw deny out to 64.233.160.0/19 ufw deny out to 66.102.0.0/20 ufw deny out to 66.249.80.0/20 ufw deny out to 72.14.192.0/18 ufw deny out to 74.125.0.0/16 ufw deny out to 108.177.8.0/21 ufw deny out to 173.194.0.0/16 ufw deny out to 207.126.144.0/20 ufw deny out to 209.85.128.0/17 ufw deny out to 216.239.32.0/19 ufw deny out to 172.217.0.0/19 ufw deny out to 108.177.96.0/19

Don't forget to reload the Firewall:

ufw reload

Frow now you will need to use the Tor Browser in order to watch Youtube videos, the same for Gmail and Blogger and Blogspot sites. Also block Google with Ublock because many sites will keep waiting for Google to load.

With regards of cellphone, you can read: https://curl.pink/index.php?article27/reseted-my-cellphone, you can delete Google Play Store with any problem using Link2SD.

Today I disabled the IPV6 protocol in Fedora and blocked all the http (non-https) pages, since the NSA is spying on us, it's very important to use encryption.

Only a man could fight against this powerful organization (Snowden), so you knew that everything can be different, so we avoid abuses from the NSA and the governments.

Blocking the http will make very uncomfortable your internet experience and you will have to use the Google cache or the site archive.org in order to have access to the contents. You can bypass the restriction using Tor. I managed to update Fedora using Tor because all the packages had to be downloaded in http.

Blocking the non-https pages

Install the UFW firewall and execute:

sudo ufw deny 80 sudo ufw deny out 80 sudo ufw reload

In order to bypass to update Fedora I installed Tor (dnf install tor) and added the following line to: /etc/dnf/dnf.conf:

proxy=socks5://127.0.0.1:9050

Blocking the IPV6 protocol

The IPV6 protocol leaks information about your computer and isn't as well implemented as the IPV4.

To disable the IPV6 protocol add "ipv6.disable=1" to the boot parameters, the main way to do this is to edit the file: /etc/default/grub and add the following line:

GRUB_CMDLINE_LINUX=”ipv6.disable=1″

Another alternative is compiling the kernel with no ipv6 support, I think that that is the most secure alternative.