The following guide will walk you through the process of installing a free Windows XP BitTorrent server on your network where all users can share and manage their torrents. All torrent traffic on the network is limited to the torrent server machine and blocked everywhere else. Torrent downloads are stored on a file server (NAS) so all other users can easily get to their downloads and other users can see what has been downloaded. The server is setup to run in headless mode (no keyboard or monitor).

 

Why not use Linux? 

I always try to use Linux as much as humanly possible for personal server projects but its just not the right tool for this job. In order to use the uTorrent WebUI in Linux you have to run it in WINE and after too much time trying to figure out how to get uTorrent to run as a daemon (in single user mode - rc2.d & up), I have given up on that idea and moved on.

 

Windows XP is NOT Free 

Let me start off by saying that I do not know the legality of 'micro-XP' operating systems so I cannot say if using the technique I describe below is morally or legally ethical so I will just say that if custom micro-XP builds are not legal then Microsoft needs a licensing model to offer them because they are awesome!

 

BitTorrent Server HOW-TO

1. Download and install TinyXP Rev10 (custom micro Windows XP SP3)
2. After the install is complete fix the Windows firewall bug in this build:
   • Start > Run > cmd.exe
   • winmgmt /regserver
3. Configure a Static IP address:
   • Start > Network Connections
   • Right-click 'Local Area Connection' > Properties
   • Click 'Internet Protocol (TCP/IP)' and then the Properties button
   • Set a static IP address/DNS based on your router settings
4. Temporarily Map Shared Drive (if storing downloads on a network share)
   • Start > Run > cmd
   • net use Y: \\ServerName\ShareName /PERSISTENT:NO
5. Install uTorrent v2.0.4 (don't install the ask.com spyware and uncheck the option to start on system startup)
6. Setup WebUI Server
   • Open the uTorrent properties: Options > Preferences > WebUI
   • Set setting: username = admin
   • Set setting: password = password
   • Set setting: alternate port = 3000
7. Configure BitTorrent Connections
   • Open the uTorrent properties: Options > Preferences > Connection
   • Incoming connections use port = 29300 (if your ISP throttles torrent traffic)
   • You will need to edit your router port forwarding settings if you use a custom port (as we are doing)
8. Configure Downloads Location (if storing downloads on a network share)
   • Open the uTorrent properties: Options > Preferences > Directories
   • Check the box: Put new downloads in: set this to the mapped share you want downloads saved in.
9. Configure XP auto-login (machine IS NOT a member of a domain)
   • Start > Run > cmd.exe
   • control userpasswords2
   • Clear the "Users must enter a user name and password to use this computer" check box, and then click Apply.
   • In the Automatically Log On window, type the password in the Password box.
   • Click OK to close the Automatically Log On window, and then click OK.
10. Configure XP auto-login (machine IS a member of a domain)
    • Refer to the registry script in the next section to configure auto-login for domain members.
11. Create login script
    • We need a login script to download the IP blocklists, map the share, and start uTorrent each time the machine boots.
    • Refer to the login script in the next section to configure the script for your machine.
    • Place a shortcut to your script in the Start Menu > Startup folder so it runs each time the machine starts up.

 

Windows XP Auto-Login Registry Script (The machine is a member of a domain)

If the TinyXP server machine is a member of a domain and there is no domain group policy applied to prevent it, you can still configure the machine to auto-login. However, it requires that you save your password in the registry in plain-text so if you decide to do this... please, please.. don't auto-login an administrator account!

Create a new file called autologin.reg and add these lines into it. Be sure to enter a valid account name and password in the rows below.

 

Windows Registry Editor Version 5.00
		
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"="Developer"
"DefaultPassword"="MyC@zyP@$$word!"
"AutoAdminLogon"="1"

 

Run this script as an administrator to save the settings. The next time the machine is rebooted it will automatically login with this account.

 

Windows XP Login Script

We have chosen to use a login script so we can do some additional work before we start the bittorrent server. Particularly we want to map the network share (where our downloads are being stored), download the newest block lists (this blocks known bad users from connecting to us), and of course we want to start the torrent server web site.

Before continuing download a copy of my uTorrentBlackListupdater script. Create a new folder: c:\Program Files\uTorrentBlacklist and save all the files in the script folder (in the download) into this folder.

Now, create a new file in My Documents, called startup.cmd and create a shortcut from it to the Start Menu > Startup folder. This will ensure the script is run each time the user logs in. Copy the following lines of code into the file and save it.

@echo off

:: The drive letter to map
SET drive=Y:

:: The server & share to map
SET share=\\baileyfs01\Files

:: The blacklist script
SET UpdateBlackList=NO
SET blacklist=c:\progra~1\uTorrentBlacklist\uTorrentBLupdater.js

:: The utorrent install location
SET utorrent=c:\progra~1\utorrent\utorrent.exe

:: Offset; Wait (seconds) specified time to begin
SET WAIT=10

GOTO Main

:Main
         :: Ghetto-ass sleep
	ping 127.0.0.1 -n 2 -w 1000 > nul
	ping 127.0.0.1 -n %WAIT% -w 1000> nul

	NET USE %drive% %share% /PERSISTENT:NO
	IF ERRORLEVEL 1 GOTO ErrMap
	IF %UpdateBlackList% == YES cscript /nologo %blacklist%
	start %utorrent%
	echo Done. Server is ready for use.

:ErrMap
	echo An error occurred. Quiting. 

Be sure to change the variables at the top of the script to reflect your environment.

 

That's It!

Well that's all there is to it. We have used a tiny Windows XP build to create a headless torrent server for our network! You can log into the server from the url: http://IpAddressOfServer:3000/gui/

 

This guide will walk you through creating a subversion server source control repository which can be used to version files (source code, documents, etc, etc). You can browse the repository with Mozilla FireFox, Google Chrome, etc. We will install the svn server on a Ubuntu v9.10 (Minimal System) Linux server. Our end users are developers using Windows XP, Windows Vista, and Windows 7.

 

Part 1: Apache-SVN Server Installation

The steps in the following section are performed on a newly installed Ubuntu 9.10 Minimal Server installation.

 

STEP 1: Setup Static IP Address

# Backup network settings
  $ sudo cp /etc/network/interfaces /etc/network/interfaces.old
  $ sudo nano /etc/network/interfaces

# Edit network config. Edit lines:
  auto eth0
  iface eth0 inet dhcp

# and change them to (something like) the following:
  auto eth0
  iface eth0 inet static
  address 192.168.2.[PickANumberFrom1to254]
  netmask 255.255.255.0
  gateway 192.168.2.252
  broadcast 192.168.2.255

# Save the file, and then restart networking: 
  $ sudo /etc/init.d/networking restart

 

STEP 2: Install Apache & Subversion Servers

$ sudo apt-get install apache2 libapache2-svn subversion subversion-tools

 

STEP 3: Create Source Code Store

The folder you create here is the physical location the code is stored on the server. I have a backup hard disk (/dev/sdb) mounted on /home, so I have created my repository in this location.

 

 $ sudo mkdir -p /home/svn/repo

 

STEP 4: Configure Apache SVN Module

This step can be a bit tricky. Be sure you restart apache after making these changes. If Apache throws an error restarting then you have not done this correctly.

 

$ sudo nano /etc/apache2/mods-available/dav_svn.conf

# Uncomment these settings:
  <Location /svn>
    DAV svn
    SVNParentPath /home/svn/repo
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile /etc/apache2/dav_svn.passwd

# Add this line directly below the line above (require login for read & write)
    Require valid–user
  </Location>

 

STEP 5: Create Users

This step is for adding web users to the system. NOTE: be sure to only use the -c switch for the first user, to prevent the file from being written over each time you add a user.

  
$ sudo htpasswd -cm /etc/apache2/dav_svn.passwd firstUser
$ sudo htpasswd -m /etc/apache2/dav_svn.passwd secondUser

 

STEP 6: Create Initial Repostiory

Next, we are going to create our first repository and assign the correct permissions for it.

 

# Create initial repository:
  $ sudo svnadmin create /home/svn/repo/<repoName>

# Assign Ownership to Apache (so we can write to it from the http)
  $ sudo chown www–data:www–data –R /home/svn/repo/<repoName>
  $ sudo chmod –R 770 /home/svn/repo/<repoName>

 

STEP 7: Port Assignment/Validation

If you run more than one web server but only have a single internet IP address then you may wish to change the IP address that Apache listens on so your router can forward apache traffic into the network on a port other than 80. Below are the steps for configuring Apache to listen on port 8888:

 
# Assign Port (if needed)
  $ sudo /etc/apache2/ports.conf
	
# Add this line below Listen 80:
  Listen 8888

Restart Apache: to apply all the changes in Steps 1-7, you must restart Apache:

  $ sudo /etc/init.d/apache2 restart

 

Apache should now be setup and working. To test it navigate to: http://ServerIPAddress/svn/<repoName>

 

Part 2: Using Subversion in Windows

The steps in the following section are performed on a windows workstation which will use our apache-svn server for source control.

 

STEP 1: Install subversion client

Download and install the TortoiseSVN client application. You will be required to reboot. Following the reboot you will notice a new set of right click shell links in your context menu for tortioseSVN.

 

STEP 2: Create/Get Source Controlled Folder

I typically have 2 primary directories under source control in the Visual Studio 2008/Projects directory; TFS and SVN. Team Foundation Server projects are stored in the TFS\<projectName> folder and Subversion projects are stored in the SVN\<repoName> folder.

 

• Create a new folder: <repoName> which will store all of your SVN-controlled code files.
• Right-click on the <repoName> folder and select SVNCheckout.
• Enter the path to your repository (e.g. http://ServerIpAddress/svn/<repoName>). This will sync the client and workstation.

 

Create 3 new folders within your <repoName> folder. Call these folders: branches, tags, and trunk. Copy all the files you want to version into the trunk folder.

You are now ready to begin committing code to the repository, unless you are using Windows 7 (or you have the enhanced Indexing Service installed through Microsoft Update).

 

STEP 3: Fix Windows 7 x64 Indexing Bug (which causes reporitory fs corruption)

If you try to commit or update to the repository in Windows 7 you will likely get this error:
Can't move '.svn/tmp/entries' to '.svn/entries': The file or directory is corrupted and unreadable.

 

This is due to the Microsoft Windows Indexing Service attempting to seize a handle to the files subversion is controlling in it's internal/hidden .svn directories. To fix this bug you have to either wait for Windows 7 SP1, or disable the Indexing Service for the folder containing your SVN files (see below)

 

1. Click the start menu button, then click in the 'Search programs and files' text box
2. Type in “windows index”.
3. Click on “Indexing Options” that should come up in the search.
4. When the Indexing Options box comes up, Click on the Modify button.
5. In the indexed locations dialog box, uncheck the root folder where subversion is managing files.

 

Bug info: http://tortoisesvn.tigris.org/faq.html#cantmove2
Bug info: http://serverfault.com/questions/72561/64-bit-tortoisesvn-on-windows-7-says-file-or-directory-is-corrupted-and-unreadab

 

STEP 4: Set MIME-TYPE and Commit Code

If you do not plan on viewing your checked-in source code directly within you web browser you can skip to comitting your code into subversion. If you do plan on allowing users to view versioned code directly in the web browser then you will have to set the MIME-TYPE property on each file you wish for apache to serve up as plain-text. If you do not do this then the directory structure will be viewble but any file you click will bring up a download dialog box.

 

Set the MIME-TYPE property to text/plain

In our sample, we are checking in a collection of shared scripts. We want to view these scripts directly in the browser, so we need to set the mime-type on all of them. To do this we perform a search in windows to list all *.vbs files in our <repoName> folder. When the search is complete, we highlight all the files and right click > TortoiseSVN > Properties.

 

 

 

In the properties dialog box select the property name: svn:mime-type and enter text/plain.

 

 

Commit the code to Subversion

Finally, we are ready to commit our code to subversion. to do this, all you have to do is right-click on the <repoName> root folder and select SVNCommit.

 

 

 

The following guide will walk you through creating a headless (no monitor, mouse, or keyboard) VMWare Server which is used to host virtual machines on a network. For this guide I am using Ubuntu Linux v9.10 (Karmic Koala) server edition. This solution is based on running a tiny, leightweight Linux operating system to act as the host. The solution is software based, and as such, it will incur a certain degree of performance degradation compared to a bare-metal solution such as VMWare ESX Server. I encourage you to investigate the free VMWare ESXi product, if your hardware supports it. We are using Linux for this effort as Linux supports nearly every possible hardware configuration.

Once completed, this solution will provide you with an entire server farm hosted on a single computer. For developers, home users, and small businesses, you just can't beat it!

 

 

Step 1: Download & Install host operating system

 

• Download and burn the Ubuntu Linux Server ISO image to CD.
• Boot to the CD on your host server. At the startup screen hit the F4 key and select the 'Minimal System Install' option.
• Accept all the defaults in the installation until the installation is complete.

 

Step 2: Update Linux install

Once the OS is loaded and you are logged into the terminal, update the system with the following commands. This is important because after this you will no longer update this server (updates will break VMWare Server).

 

  $ sudo apt-get install vim-nox
  $ sudo apt-get update
  $ sudo apt-get upgrade

Step 3: Set Static IP Address

This step will set a static IP Address on the server so we know what to connect to.

 
# Backup network settings
   $ sudo cp /etc/network/interfaces /etc/network/interfaces.old
   $ sudo vim /etc/network/interfaces

# Edit network config. Edit lines:
   auto eth0
   iface eth0 inet dhcp

# and change them to (something like*) the following:
   auto eth0
   iface eth0 inet static
   address 192.168.2.5 # change this to your IP
   netmask 255.255.255.0 # for all class 'C' subnets
   gateway 192.168.2.252 # change this to your router IP
   broadcast 192.168.2.255 # change this to your upper subnet range

# Save the file, and then restart networking: 
   $ sudo /etc/init.d/networking restart
 

Step 4: Install OpenSSH Server

This step will install an SSH server so we can access the terminal from remote clients.

 

  $ sudo apt-get install openssh-server openssh-client

 

After SSH has installed, download PuTTY on your remote workstations. From this point forward, you can disconnect the monitor, mouse, and keyboard and perform the rest of the installation over the remote SSH terminal using PuTTY.

 

Step 5: Install FTP Server

This step will install a file transfer protocol (FTP) server on the host. FTP provides us a way to transfer very large files (like VMDK) over the network reliably.

 

# Fetch/Install FTP daemon
  $ sudo apt-get install vsftpd

# First, you’ll want to make a backup copy of the vsftpd.conf file:
  $ sudo cp /etc/vsftpd.conf /etc/vsftp.conf.old

# Next, open up a text editor to make changes to the vsftpd.conf file:
  $ sudo vim /etc/vsftpd.conf

# Change anonymous_enable=YES To this: anonymous_enable=NO

# Uncomment these settings:
   local_enable=YES
   write_enable=YES

# Restart the vsftpd service with this command:
  $ sudo /etc/init.d/vsftp restart

 

The settings above will allow local user accounts on the host to log into the machine over FTP and have full control of their home directory.

 

Step 6: Install Samba Server (Optional)

The following step will enable windows computers to access the host server using the windows UNC network convention (\\ServerIP\Share). Samba is not reliable for transferring large files but it's a nice luxery to have. Only install this if you need samba file sharing services.

# Fetch/Install Samba packages:
  $ sudo apt-get install samba smbfs

# Next, configure homw shares:
  $ sudo vim /etc/samba/smb.conf

# Change the workgroup line:
  workgroup = [WindowsWorkgroup]

# Next, uncomment the security line and add another as follows:
  security = user
  username map = /etc/samba/smbusers

# Find the share definitions section and match the following:
  [homes]
  comment = Home Directories
  browseable = yes
  read only = no
  create mask = 0755
  directory mask = 0755

# Save the file and then set up the samba user password:
  $ sudo smbpasswd -a <WindowsUsername>

# Create the file /etc/samba/smbusers  
  $ sudo vim /etc/samba/smbusers

# Add User to file
  system_username = "WindowsUsername"

# Restart the Samba service:
  $ sudo /etc/init.d/samba restart

# Try out the access from your windows PC \\ServerName\Username.

 

Step 7: Install VMWare Server v2.0.2.x

The following step will install and configure VMWare Server v2.0.2, which will host our virtual server farm.

 

# Install pre-requisites
  $ sudo apt-get install linux-headers-`uname -r` build-essential xinetd

# If previous VMWare is installed (or previous install failed) delete bad files
  $ sudo rm -rf /usr/lib/vmware/modules/

# Download VMWare Server tarball
  http://www.vmware.com/download/server/getserver.html

# SSHfs, Samba, or FTP the tarball to your Linux server
  \\ServerIp\UserName

# Create directory for virtual machines
  $ mkdir ~/virtualMachines

# Move tarball into virtual machine directory
  $ mv *.gz ~/virtualMachines

# Extract & delete tarball
  $ cd virtualMachines
  $ tar -xzvf VMware-server-2.0.2-203138.i386.tar.gz
  $ rm *.gz

# Download/unpack repair script (works for VMWare Server v.2.0.1 & v2.0.2)
  $ cd vmware-server-distrib
  $ wget  http://www.ubuntugeek.com/images/vmware-server.2.0.1_x64-modules-2.6.30.4-fix.tgz
  $ tar -xzvf vmware-server.2.0.1_x64-modules-2.6.30.4-fix.tgz
    
# Run installer perl script
# Accept all defaults, Do not run the /usr/bin/vmware-config.pl script when asked
  $ sudo ./vmware-install.pl

# Run the repair script
  $ sudo sh vmware-server.2.0.1_x64-modules-2.6.30.4-fix.sh
  $ sudo rm -rf /usr/lib/vmware/modules/binary

# Run the config script
  $ sudo /usr/bin/vmware-config.pl

# Accept all defaults, when prompted for an administrative user enter your user name
# The current administrative user for VMware Server  is ''. 
# Would you like to specify a different administrator? [no] yes
  System_UserName

 

Step 8: Logging into VMWare Infrastructure Server

To connect to your new VMWare Server open a web browser and connect to https://ServerIP:8333. You will receive a certificate error or a blank screen. If you receive a certificate error, then add the server to your browser's list of trusted sites and import the certificate. If you receive a tinted blank page then you'll have to delete every VMWare certificate in your browser's certificate store.

 

I have posted a mirror of this article on ubuntuforums.org.

 

This is a follow-up post to this one (Dedicated BitTorrent Server).

My enthusiasm for TorrentFlux was a bit overblown because after using it for a few weeks I came to the understanding that TorrentFlux sucks. Sorry to be so blunt but it's a fact (at least on a Windows Server & in comparison to other Windows clients). The web script is buggy and crashes often. When it's not crashing, it's busy having no idea how to read 3/4 of the torrents you try to upload to it and the logging is so poor that the user has no clue as to the nature of a failure. 

So, we're back to using the best BitTorrent client out there uTorrent. Of course uTorrent is a desktop application but it does come with a built in WebUI feature that allows users to remote control it from anywhere from any web browser. So for this to meet the goals of the previous post we need to be able to access the BitTorrent web server from any client and we need the server to run as a service so we don't have to log in with remote desktop and turn on uTorrent each time someone on the network wants to use it.

First things first, we install uTorrent on the Windows 2003 server. Next we edit the uTorrent properties to use the correct port for our network and setup WebUI. These settings can be found in the properties sheet of the program. See this post for detailed instructions for installing WebUI. Basically, I just had to download a zip file, rename it to WebUI.zip and place it in my user's %APPDATA% directory. 

I launched uTorrent and verified that I could access http://localhost:3000/gui/ in the web browser (3000 is the port I run WebUI on). 

 

Next up is the Windows NT Service Wrapper. Rather than write something I used an awesome Service daemon on code-project called XYNTService. Below you can see the ini configuration I used to setup the service.

 

[Settings]
ServiceName=XYNTService
CheckProcessSeconds = 30
[Process0]
CommandLine = C:\Progra~1\uTorrent\uTorrent.exe
WorkingDir= C:\Progra~1\uTorrent
PauseStart= 1000 
PauseEnd= 1000 
UserInterface = Yes 
Restart = Yes

In the Service Control Manager in Windows (compmgmt.msc) I set the service to log on with the account I installed uTorrent with. It won't work otherwise.

Thats it! Now we have a BitTorrent Server running on a network server that all of our users can use and we don't have to install BT software on every machine and we can monitor our users activity! 

 

My wife was in the hospital for 4 days this past week and at the end of the first day my wife felt well enough to sit up and she wanted to log into her myspace page to post some photos. The hospital offered free Wi-fi internet access for staff and patients but they run a WebSense firewall which blocks just about every site online other than email sites and internal Sentara intranet sites. We tried about 25 sites and all but 4 were blocked by the firewall. You can see the screenshot below.

 

We tried several online proxies such as proxify.com but all of those were blocked as well as sites that outline steps for bypassing firewall filters. Ultimately, I left the hospital that night when my wife fell asleep and I went home to stand up a SOCKS SSH proxy server.

I don't have a full blown Linux server running at the house so I used my Windows 2003 Enterprise Web Server to host the OpenSSH server. 

The steps went like this:

• Install Cygwin in Windows 2003 with OpenSSH, vim, & diffutils 
• Set /var writeable for all (chmod 777 /var)
• Set /etc/passwd & /etc/group as readable (chmod +r /etc/passwd)
• Run the SSH install script (ssh-host-config)
• Answered the questions in the script allowing a service account to be created and an NTService for SSH server

After the server was installed, I went to my client and installed PuTTY which is used to create the encrypted tunnel from the client to the server. See the instructions here. Once the SSH session has been established all that's left is to configure firefox to use the tunnel as a SOCKS proxy.

Now that the tunnel was functional, I ran wireshark to sniff the traffic in order to validate that this setup wasn't going to set off alarms by the hospital admins. Wireshark revealed that firefox was leaking DNS requests, which means that even though my tunnel was fetching the remote sites, it was sending DNS requests to the host network DNS (which would setup a huge red flag).

Luckily in FireFox you canstop this behavior by typing about:config into the web browser and editting the setting network.proxy.socks_remote_dns to true.

I unplugged the laptop, set a port forwarding rule in my smoothwall router for inbound ssh traffic, and returned to the hospital and hooked it into the network there. Everything worked perfectly. 

So if you haven't heard the term seedbox here's a quick explanation: basically a seedbox is a dedicated server that is used to seed or leech BitTorrent files on the net. The idea of running a seedbox interests me  not because I want to seed anything online but because each of my machines  currently have  BitTorrent software like uTorrent  or Azuerus  installed and it's a big hassle having to administrate these applications by going to the SmoothWall to configure port forwarding to each client every time I want to download something. (I refuse to trigger the BT ports through the router into my network so when I want to download BT files I manually configure forwarding).

By having a dedicated seedbox I could remove the BitTorrent applications from all of the devices on my network and force my users to use the seedbox for all BitTorrent activity. Additionally, I can monitor and report on all the BitTorrent activity.

So I decided to run TorrentFlux on my server. Problem is that TorrentFlux is a mySql/PHP application and I run a windows server. I found this guide online for setting up a WAMP server and it worked out good other than having to set the listening port to something other than 80 since IIS is using that. 

I have it running now and to this point I'm inpressed. There are some features that are missing that I'd like, such as the ability to select individual files in the torrent to download but all in all it meets my needs. I had to work through some hacks in order to get it to work properly (and some torrent files still don't work) but so far I am impressed.  

 

 

After attending the HOPE conference I made a conscious decision to keep a closer look at my home network and implement some rudimentary security measures. It's time to re-enstate an IDS (Instrusion Detection System) on the network and start logging activity. Lucky for me I already have a SmoothWall router I built earlier in the year but had disconnected due to network issues I thought were due to the SmoothWall, which turned out to be due to a Gigabit ethernet switch I had recently added. Below you'll see the latest network diagram and where the SmoothWall is deployed. This diagram represents the entire house and all it's devices connectivity. 

Download: SmoothWall