From e4b3e9d4e8074c75447d9d43b6d77ac99d00a57c Mon Sep 17 00:00:00 2001
From: SkyperTHC <5938498+SkyperTHC@users.noreply.github.com>
Date: Sun, 16 Oct 2022 19:53:30 +0100
Subject: [PATCH 1/5] Update README.md

---
 README.md | 52 ++++------------------------------------------------
 1 file changed, 4 insertions(+), 48 deletions(-)

diff --git a/README.md b/README.md
index cc83cbb..4dbee90 100644
--- a/README.md
+++ b/README.md
@@ -13,26 +13,15 @@ ssh root@segfault.net # the password is 'segfault'
 ```shell
 git clone --depth 1 https://github.com/hackerschoice/segfault.git && \
 cd segfault && \
-docker build -t sf-guest guest && \
-SF_SEED="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)" && \
+export SF_SEED="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)" && \
 echo "SF_SEED=${SF_SEED}" && \
-SF_BASEDIR=$(pwd) SF_SEED=${SF_SEED} SF_SSH_PORT=2222 docker-compose up
-```
-
-Then log in to a new root server
-```shell
-ssh -p 2222 root@127.1 # password is 'segfault'
-```
-Every new SSH connection creates a ***new dedicated root server.***
-
-To stop press Ctrl-C and execute:
-```
-docker-compose down
+cp provision/env.example .env && \
+make
 ```
 
 To start execute:
 ```
-SF_BASEDIR=$(pwd) SF_SEED=SecretFromAbove SF_SSH_PORT=2222 docker-compose up
+SF_BASEDIR=$(pwd) SF_SSH_PORT=2222 sfbin/sf up
 ```
 
 Take a look at `provision/env.example` for a sample `.env` file. Configure the test of the variables in `config/etc/sf/sf.conf`.
@@ -42,40 +31,7 @@ Take a look at `provision/env.example` for a sample `.env` file. Configure the t
 Provisioning turns a freshly created Linux (a bare minimum Installation) into a SSC. It's how we 'ready' a newly launched AWS Instance for SSC deployment. You likely dont ever need this but [we wrote it down anyway](https://github.com/hackerschoice/segfault/wiki/AWS-Deployment).
 
 ---
-# BETA TESTING BETA TESTING
 
-Please report back
-1. Tools missing
-1. Features needed
-
-Some suggestions by others:
-1. Allow user to share data via webserver accessible by normal Internet and TOR (.onion) [thanks 0xD1G, L]
-1. Allow email access [thanks L]
-1. Proxychain [thanks DrWho]
-1. **PM me if you have more suggestions** 
----
-
-SSC can be deployed in various regions using Route53 to reduce latency.
-
-Helpful links
-1. https://github.com/nicolaka/netshoot
-1. https://www.linuxserver.io/ and https://github.com/just-containers/s6-overlay
-1. https://jordanelver.co.uk/blog/2019/06/03/routing-docker-traffic-through-a-vpn-connection/ 
-1. https://hub.docker.com/r/alexaso/dnsmasq-dnscrypt and https://github.com/crazy-max/docker-cloudflared
-1. https://wiki.archlinux.org/title/EncFS
-1. https://www.supertechcrew.com/wetty-browser-ssh-terminal/
-
-VPN Providers:
-1. ProtonVPN
-1. NordVPN
-1. https://www.cryptostorm.is/
-1. https://mullvad.net/en/
-
-Hosting providers:
-1. https://www.linode.com/
-1. https://1984hosting.com/
-
----
 Telegram: https://t.me/thcorg  
 Twitter: https://twitter.com/hackerschoice
 

From d41e4fb86c7274ccbb5da0b3160754ce06e10edb Mon Sep 17 00:00:00 2001
From: SkyperTHC <5938498+SkyperTHC@users.noreply.github.com>
Date: Sun, 16 Oct 2022 19:54:38 +0100
Subject: [PATCH 2/5] Update README.md

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index 4dbee90..49ffa28 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,6 @@ git clone --depth 1 https://github.com/hackerschoice/segfault.git && \
 cd segfault && \
 export SF_SEED="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)" && \
 echo "SF_SEED=${SF_SEED}" && \
-cp provision/env.example .env && \
 make
 ```
 

From fa3dc395941cbf3efab03346b0655f3f08b61dbf Mon Sep 17 00:00:00 2001
From: SkyperTHC <5938498+SkyperTHC@users.noreply.github.com>
Date: Sun, 16 Oct 2022 19:55:14 +0100
Subject: [PATCH 3/5] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 49ffa28..d5dfa4f 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ make
 
 To start execute:
 ```
-SF_BASEDIR=$(pwd) SF_SSH_PORT=2222 sfbin/sf up
+SF_BASEDIR="$(pwd)" SF_SSH_PORT=2222 sfbin/sf up
 ```
 
 Take a look at `provision/env.example` for a sample `.env` file. Configure the test of the variables in `config/etc/sf/sf.conf`.

From 59756c90cae4e853b06a35a25f9489cd138aa2c3 Mon Sep 17 00:00:00 2001
From: Brandon Lin <blin00@gmail.com>
Date: Tue, 18 Oct 2022 02:44:13 -0700
Subject: [PATCH 4/5] fix typo: pkt-install.sh -> pkg-install.sh

---
 guest/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/guest/Dockerfile b/guest/Dockerfile
index 455abd2..c4fe2d7 100644
--- a/guest/Dockerfile
+++ b/guest/Dockerfile
@@ -195,6 +195,6 @@ RUN	apt-get update -y \
 # Do fs-root last (on vmbox it messes with chmod and setup.sh fixes it)
 COPY /fs-root/ /
 RUN		/setup.sh \
-	&& rm -f /setup.sh /pkt-install.sh
+	&& rm -f /setup.sh /pkg-install.sh
 
 CMD ["zsh", "-il"]

From 3d07abef9b8eae22d233e8d5ce36e1efc3bbd10e Mon Sep 17 00:00:00 2001
From: al3x8 <al3x8@users.noreply.github.com>
Date: Tue, 18 Oct 2022 17:09:35 +0100
Subject: [PATCH 5/5] FEAT: Implement exit node blocking

---
 config/etc/sf/sf.conf       |  2 ++
 host/fs-root/bin/segfaultsh | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/config/etc/sf/sf.conf b/config/etc/sf/sf.conf
index daceefc..3ce3e98 100644
--- a/config/etc/sf/sf.conf
+++ b/config/etc/sf/sf.conf
@@ -20,6 +20,8 @@
 #SF_ULIMIT_NOFILE="256:256"
 SF_SHM_SIZE=16MB
 
+# Allow tor exit nodes to connect
+SF_ALLOW_SRC_TOR=1
 
 # Limit to 8 concurrently running servers per IP
 #SF_LIMIT_SERVER_BY_IP=8
diff --git a/host/fs-root/bin/segfaultsh b/host/fs-root/bin/segfaultsh
index 1ef2df7..878d646 100755
--- a/host/fs-root/bin/segfaultsh
+++ b/host/fs-root/bin/segfaultsh
@@ -467,6 +467,37 @@ wait_for_resources()
 	wait_for_conn_limit "all" "15"
 }
 
+print_tor_notice()
+{
+
+        echo >&2 -e "\
+[${CR}ERROR${CN}]
+--> ${CDY}You ($YOUR_IP) are trying to connect from a Tor exit node${CN}
+--> Tor exit node access is only available to ${CG}PREMIUM${CN} users
+--> Read ${CB}${CUL}https://www.thc.org/segfault/youcheapfuck${CN}
+--> Contact us on Telegram: ${CW}https://t.me/thcorg${CN}"
+        sleep 10
+}
+
+# Check if Tor is disabled due to abuse
+# TODO: Make this work with the IP hashes
+check_tor_status()
+{
+
+        [[ -n $SF_ALLOW_SRC_TOR ]] && return
+        [[ -n $SF_IS_PAYING ]] && return
+        DEBUGF "Tor check: ${YOUR_IP}"
+
+        if [[ -f "/config/host/tor-exit-nodes" ]]; then
+                DEBUGF "Tor nodes file exists!"
+        else
+                DEBUGF "Tor nodes file doesn't exist!"
+        fi
+
+        exec_devnull grep -q -Fx "${YOUR_IP}" /config/host/tor-exit-nodes && { print_tor_notice; ERREXIT 255; }
+
+}
+
 # Check if max servers per IP are in use.
 check_limit_server_by_ip()
 {
@@ -590,6 +621,9 @@ load_limits
 # Keep guest waiting until there are sufficient resources
 wait_for_resources
 
+# Check if the user is using a tor exit node
+check_tor_status
+
 ### Check if the limit has been reached for this user
 check_limit_server_by_ip