It does not take common sense to know the internet is a place where malicious people are on the rise and if your running a VPN end node you have to show some level of pre-emotive protection for your self and people using your node to try to make the internet a safer place.

Over the past 14 years in the UK and mostly in the western countries we have seen governments tightening up there grip on our freedoms and right’s, like the UK government able to snoop into bank accounts with no evidence that your doing anything illegal.

There are services like the Mysterium VPN network that are a shrinking pool of services that are trying to legally help up keep our freedoms and rights but these have recently been used for people with malicious intent.

We as VPN end node runners need to do what we can to protect ourselves and these services as much as we can but we are limited in what we can do.

We have a few tricks up our sleeves that we can use to help protect ourselves and show some level of pre-emptive action to cover ourselves in the even our IP addresses are to be used for malicious intent.

 

Block Lists

Run our own local DNS server to help block requests to anything that could be considered illegal, some of these services are easy to setup and come with clear easy to follow instructions on how to use:

• Pi-hole
• AdGuard Home
• Blocky
• Technitium DNS Server

Once this is setup you can supply a number of blocklists to block against, so that devices request DNS from your newly setup DNS server.
Here are bit a few actively maintained blocklists to get you started.

• All Torrent Websites – https://raw.githubusercontent.com/SM443/Pi-hole-Torrent-Blocklist/main/all-torrent-websites.txt
• All Torrent Trackers – https://raw.githubusercontent.com/SM443/Pi-hole-Torrent-Blocklist/main/all-torrent-trackres.txt
• More Torrent Trackers – https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt
• Torrent List – https://raw.githubusercontent.com/blocklistproject/Lists/master/torrent.txt
• Fraud – https://raw.githubusercontent.com/blocklistproject/Lists/master/fraud.txt
• Abuse – https://raw.githubusercontent.com/blocklistproject/Lists/master/abuse.txt
• Drugs – https://raw.githubusercontent.com/blocklistproject/Lists/master/drugs.txt
• Porn – https://blocklistproject.github.io/Lists/porn.txt
• Ransomware – https://blocklistproject.github.io/Lists/ransomware.txt
• CSAM – https://raw.githubusercontent.com/gardenfence/blocklist/refs/heads/main/gardenfence.txt
• Gambling – https://blocklistproject.github.io/Lists/gambling.txt
• Malware – https://blocklistproject.github.io/Lists/malware.txt
• Piracy – https://blocklistproject.github.io/Lists/piracy.txt
• Proxy Bypass – https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/doh-vpn-proxy-bypass.txt

Most importantly this is the ONLY list that I could find that has a list for CSAM (child related abuse domains) to block against, there are also many more lists on github but you may have to do some editing to get them to work.

Regardless if your using any of the DNS servers that you have installed from the list in the previous section you can set all of your devices to use this new DNS server to resolve and cache any DNS requests from your devices on your network.

The first thing that you need to do is setup a static IP address for your DNS server, this is in your routers setting usually under LAN.
you can usually google “your router and set up static ip” for instructions on how to do that.

Once you have setup a static IP address for your DNS server such as Pihole then head to the DHCP settings if you do not see a setting to add a DNS server on that page you probably need to look in an advanced section of your DHCP settings to find it, once you have found it, add the IP address of your DNS server (Pihole or similar) and click apply.

 

Once you have done this all the devices on your local network will request DNS from your DNS server and run through the block lists including the VPN end nodes and you will be blocking the domain names that exist in the lists you have chosen to block against.

If a VPN client allows you to select DNS resolvers like Cloudflare (1.1.1.1) then you may have to setup firewall rules to drop all DNS traffic that does not go through your DNS server but this is more technical and we will not be covering that here.

If you are a moderator or admin of a discord community you might want to check out the ServerCompanion.

The server companion is a discord bot currently in development that has some ground breaking features and is its first of a kind to offer advanced protection and security to any discord community.

• Scanning message attachments for viruses and malware.
• Unicode prevention.
• Admin/moderate impersonation prevention.
• Scam link prevention (stop our members getting scammed).
• Block known scammers from joining your Discord server in the first place.
• Adult word and phrase censorship.

and lots more features.

The long term plan for this Discord Bot is to have it in all Discord servers as the number one protection for your community, it will also contain leader board’s, XP systems to keep your community engaged, prize draw features, social media plugins ect.