Ne00n

December 3, 2013: Google finds fraudulent certificates for Google domains, signed by ANSII. The certificates are used for MITM attacks. (source)

March 3, 2015: An intermediate CA operating under CNNIC (named MCS Holdings) is found issuing fraudulent certificates for various Google domains, for the purpose of MITM attacks. This delegation should have never occurred, as MCS Holdings was not fit to hold this kind of authority. (source)

	/**
	* Check if a given ip is in a network
	* @param string $ip IP to check in IPV4 format eg. 127.0.0.1
	* @param string $range IP/CIDR netmask eg. 127.0.0.0/24, also 127.0.0.1 is accepted and /32 assumed
	* @return boolean true if the ip is in this range / false if not.
	*/
	function ip_in_range( $ip, $range ) {
	if ( strpos( $range, '/' ) == false ) {
	$range .= '/32';
	}

	#!/bin/bash
	#Original: http://www.hyenacloud.com/blog/?p=327
	#Modified by Neoon

	/sbin/iptables -D INPUT -m set --match-set blacklist src -j DROP
	/sbin/ipset create blacklist hash:net hashsize 10000000 maxelem 200000
	/sbin/iptables -I INPUT -m set --match-set blacklist src -j DROP
	IP_TMP=/tmp/ip.tmp
	IP_BLACKLIST=/root/ip-blacklist.conf
	IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp

	systemctl stop rpcbind.service
	systemctl disable rpcbind.service
	chmod -x /usr/bin/spiceproxy
	#/etc/network/interfaces
	#Proxmox block
	post-up iptables -A INPUT -p tcp --dport 8006 -s 127.0.0.0/8 -j ACCEPT #allow localhost for reverse proxy
	post-up ip6tables -A INPUT -p tcp --dport 8006 -s ::1/128 -j ACCEPT #allow localhost for reverse proxy
	post-up iptables -A INPUT -p tcp --dport 8006 -j DROP #webinterface
	post-up ip6tables -A INPUT -p tcp --dport 8006 -j DROP #webinterface
	post-up iptables -A INPUT -p tcp --dport 3128 -j DROP #spiceproxy

	frontend https
	bind :443
	mode tcp
	acl tls req.ssl_hello_type 1
	tcp-request inspect-delay 5s
	tcp-request content accept if tls
	#Define hosts
	acl host_nano.test.com_https req.ssl_sni -i nano.test.com
	use_backend nano.test.com_https if host_nano.test.com_https

	apt-get update
	apt-get upgrade
	apt-get dist-upgrade
	sed -i 's/stretch/buster/g' /etc/apt/sources.list
	sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/pve-install-repo.list
	apt-get update
	apt-get upgrade
	apt-get dist-upgrade
	#Optional clean kernels
	dpkg --list\|grep pve-kernel

	#kubernetes
	sudo apt update
	sudo apt -y install curl apt-transport-https
	curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg \| sudo apt-key add -
	echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" \| sudo tee /etc/apt/sources.list.d/kubernetes.list
	sudo apt update
	sudo apt -y install vim git curl wget kubelet kubeadm kubectl
	sudo apt-mark hold kubelet kubeadm kubectl
	#sysctl
	sudo modprobe overlay

	apt-get install libio-socket-inet6-perl libhttp-daemon-perl libnet-dns-perl libio-socket-inet6-perl libev-dev liburcu-dev libsodium-dev libmaxminddb-dev
	./configure --with-rundir=/var/run && make check && sudo make install
	https://github.com/gdnsd/gdnsd/blob/master/init/gdnsd.service.tmpl