Julius Plenz – Blog

Wikileaks mass mirroring project

Since a day after Wikieleaks called for mass mirroring support I've been hosting a Wikileaks mirror at http://wikileaks.feh.name.

If you're curious how to allow to upload files via rsync, but just to a certain directory with no possibility to access other system parts, take a look at rrsync, which should ship with rsync. On a Debian system, simply do:

# cp /usr/share/doc/rsync/scripts/rrsync.gz /usr/bin
# gunzip /usr/bin/rrsync.gz

Now, I have this line in ~wl/.ssh/authorized_keys:

command="rrsync www" ssh-rsa AAAAB3N[...]w== wwwsync@wikileaks.org

So any rsync mirroring command issued will have a $HOME/www/ prepended. Thus, the wikileaks upload script can only modify files below a certain subdirectory. If you touch the file rrsync.log, each login will be logged as well.

Now, there are some 1400 sites mirroring the content now. How to access a random mirror, then? The German taz had a call for action page with a strange bash script which would always link to the first mirror in the list.

However, there are more clever approaches. http://wikileaks.de, for example, uses round robin DNS to display the cablegate pages of a randomly chosen host. However, there seem to be only five hosts registered yet:

$ ( repeat 100 host wikileaks.de ) | cut -f3 | sort -n | uniq -c

I just registered my IP to show up there. You can, too! (Be sure to click the "commit changes" radio button when you receive the confirmation link!)

Another possibility is to point your browser to http://r.whereiswikileaks.org/, which emits a 302 HTTP header ("found") and adds a Location header to redirect you to a randomly selected mirror:

$ curl http://r.whereiswikileaks.org/ -s --head | grep Location:
Location: http://wikileaks.my-niap.org

Some french guy made interesting pie charts about the distribution of the 1400 mirrors. German mirrors are most common (30% of all active), mirrors from the US, France, Germany and the Netherlands combined make up more than three quarter of all active mirrors. There are other vizualizations, too.

Finally, there's a site grouping wikileaks mirrors by netblock. Interestingly, more than 100 mirrors are within German ISP Hetzner's netblock (whose position on Wikileaks hosting had not been clear entirely during the first few days).

posted 2011-01-09 tagged wikileaks