diff --git a/etc/security/limits.conf b/etc/security/limits.conf
new file mode 100644
index 0000000..7ced053
--- /dev/null
+++ b/etc/security/limits.conf
@@ -0,0 +1,56 @@
+# /etc/security/limits.conf
+#
+#Each line describes a limit for a user in the form:
+#
+#<domain>        <type>  <item>  <value>
+#
+#Where:
+#<domain> can be:
+#        - a user name
+#        - a group name, with @group syntax
+#        - the wildcard *, for default entry
+#        - the wildcard %, can be also used with %group syntax,
+#                 for maxlogin limit
+#        - NOTE: group and wildcard limits are not applied to root.
+#          To apply a limit to the root user, <domain> must be
+#          the literal username root.
+#
+#<type> can have the two values:
+#        - "soft" for enforcing the soft limits
+#        - "hard" for enforcing hard limits
+#
+#<item> can be one of the following:
+#        - core - limits the core file size (KB)
+#        - data - max data size (KB)
+#        - fsize - maximum filesize (KB)
+#        - memlock - max locked-in-memory address space (KB)
+#        - nofile - max number of open files
+#        - rss - max resident set size (KB)
+#        - stack - max stack size (KB)
+#        - cpu - max CPU time (MIN)
+#        - nproc - max number of processes
+#        - as - address space limit (KB)
+#        - maxlogins - max number of logins for this user
+#        - maxsyslogins - max number of logins on the system
+#        - priority - the priority to run user process with
+#        - locks - max number of file locks the user can hold
+#        - sigpending - max number of pending signals
+#        - msgqueue - max memory used by POSIX message queues (bytes)
+#        - nice - max nice priority allowed to raise to values: [-20, 19]
+#        - rtprio - max realtime priority
+#        - chroot - change root to directory (Debian-specific)
+#
+#<domain>      <type>  <item>         <value>
+#
+
+#*               soft    core            0
+#root            hard    core            100000
+#*               hard    rss             10000
+#@student        hard    nproc           20
+#@faculty        soft    nproc           20
+#@faculty        hard    nproc           50
+#ftp             hard    nproc           0
+#ftp             -       chroot          /ftp
+#@student        -       maxlogins       4
+
+# End of file
diff --git a/var/www/common.php b/var/www/common.php
index 018813b..9f1ae36 100644
--- a/var/www/common.php
+++ b/var/www/common.php
@@ -19,11 +19,12 @@ const INDEX_MD5S=[ //MD5 sums of index.hosting.html files that should be considd
 '703fac6634bf637f942db8906092d0ab', //new default file
 ];
 const REQUIRE_APPROVAL=false; //require admin approval of new sites? true/false
+const ENABLE_SHELL_ACCESS=true; //allows users to login via ssh, when disabled only (s)ftp is allowed - run setup.php to migrate existing accounts
 const ADMIN_PASSWORD='MY_PASSWORD'; //password for admin interface
 const SERVICE_INSTANCES=['2', '3', '4', '5', '6', '7', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'];
-const DISABLED_PHP_VERSIONS=[];
-const PHP_VERSIONS=[4 => '7.3'];
-const DEFAULT_PHP_VERSION='7.3';
+const DISABLED_PHP_VERSIONS=[]; //php versions still installed on the system but no longer offered for new accounts
+const PHP_VERSIONS=[4 => '7.3']; //currently active php versions
+const DEFAULT_PHP_VERSION='7.3'; //default php version
 const PHP_CONFIG='memory_limit = 256M
 error_reporting = E_ALL
 post_max_size = 10G
diff --git a/var/www/cron.php b/var/www/cron.php
index 302f9c3..b85e365 100644
--- a/var/www/cron.php
+++ b/var/www/cron.php
@@ -26,7 +26,8 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){
 	$reload[$firstchar]=true;
 	$enable_onion->execute([$id[6]]);
 	//add and manage rights of system user
-	exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s /usr/sbin/nologin ' . escapeshellarg($system_account));
+	$shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin';
+	exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($system_account));
 	exec('/var/www/setup_chroot.sh  ' . escapeshellarg("/home/$system_account"));
 	exec('grep ' . escapeshellarg($system_account) . ' /etc/passwd >> ' . escapeshellarg("/home/$system_account/etc/passwd"));
 	foreach(['.ssh', 'data', 'Maildir'] as $dir){
diff --git a/var/www/html/index.php b/var/www/html/index.php
index c645bdc..1ce3694 100644
--- a/var/www/html/index.php
+++ b/var/www/html/index.php
@@ -19,7 +19,8 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
 </head><body>
 <h1>Hosting - Info</h1>
 <p>Info | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>
-<p>After the hack that took place on November 15th, the hosting is finally back. There are just a few more things that need to be done before I can enable account registration. Due to a temporary loss of motivation in mid-december I'm behind schedule by about 2 weeks as initially planned, but new year, new opportunity. Registrations will open soon, once the last necessary changes are done, stay tuned.</p>
+<p><b>The waiting has an end - Happy new Year and Hosting!</b></p>
+<p>This is a completely fresh installation with many changes done to the internals of how the hosting works. Not everything is working 100% yet, please be patient. To those coming here for the first time since 15th November and are wondering what happened to their account, see <a href="https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/" target="_blank">here</a>.</p>
 <p>Here you can get yourself a hosting account on my server.</p>
 <p>What you will get:</p>
 <ul>
diff --git a/var/www/html/register.php b/var/www/html/register.php
index 70c8fcf..76f29e5 100644
--- a/var/www/html/register.php
+++ b/var/www/html/register.php
@@ -169,7 +169,7 @@ foreach(PHP_VERSIONS as $key => $version){
 <?php echo isset($_REQUEST['private_key']) ? htmlspecialchars($_REQUEST['private_key']) : ''; ?>
 </textarea>
 </label></td></tr>
-<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required>I have read and agreed to the <a href="/privacy.php" target="_blank">Privacy Policy</a></label><br></td></tr>
+<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required>I have read and agreed to the <a href="https://danwin1210.me/privacy.php" target="_blank">Privacy Policy</a></label><br></td></tr>
 <tr><td colspan="2"><input type="submit" value="Register"></td></tr>
 </table></form>
 </body></html>
diff --git a/var/www/setup.php b/var/www/setup.php
index 8c2e0ee..b8d324d 100644
--- a/var/www/setup.php
+++ b/var/www/setup.php
@@ -233,7 +233,10 @@ php_admin_value[open_basedir] = /usr/share/adminer:/tmp
 	echo "Updating chroots, this might take a while…\n";
 	exec('/var/www/setup_chroot.sh /var/www');
 	$stmt=$db->query('SELECT system_account FROM users;');
+	$shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin';
 	while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
+		echo "Updating chroot for user $tmp[system_account]…\n";
+		exec('usermod -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($tmp['system_account']));
 		exec('/var/www/setup_chroot.sh  ' . escapeshellarg('/home/'.$tmp['system_account']));
 		exec('grep ' . escapeshellarg($tmp['system_account']) . ' /etc/passwd >> ' . escapeshellarg("/home/$tmp[system_account]/etc/passwd"));
 	}
diff --git a/var/www/setup_chroot.sh b/var/www/setup_chroot.sh
index 15fd802..6058b2a 100755
--- a/var/www/setup_chroot.sh
+++ b/var/www/setup_chroot.sh
@@ -102,6 +102,7 @@ BINARIES_GENERAL=(
     '/usr/bin/unzip'
     '/usr/bin/curl'
     '/usr/bin/rsync'
+    '/usr/bin/scp'
     '/usr/bin/wget'
     '/usr/bin/php7.3'
     '/usr/bin/mysql'