danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
179 Commits 1 Branch 0 Tags
22c687b0e064a5ed9c65a96b1cda54dc061a8db8
Commit Graph

98 Commits

Author SHA1 Message Date
Daniel Winzen
22c687b0e0 Fixed syntax error 2019-01-27 18:31:21 +01:00
Daniel Winzen
4aa51f4371 Set default file manager path to /www/ 2019-01-27 17:41:24 +01:00
Daniel Winzen
9c5294e64e Add csrf tokens to all sensitive forms 2019-01-27 17:41:02 +01:00
Daniel Winzen
cf83b9901a Merge pull request #42 from NoahvdAa/patch-3 
Added CSRF protection to file manager.
 2019-01-27 16:22:20 +01:00
Daniel Winzen
7da6b8feed Install PHPMyAdmin locally as distributions ship outdated version 2019-01-26 16:48:38 +01:00
Daniel Winzen
7661c0ccdb With more than 10 crashes within 10 minutes we should restart php 2019-01-26 14:17:09 +01:00
Daniel Winzen
7eed4a05d7 hidden service dirs now contain authorized_clients folder 2019-01-25 20:32:35 +01:00
Noah van der Aa
6fc7ba7dae Merge pull request #1 from NoahvdAa/patch-4 
Added CSRF protection to file manager.
 2019-01-23 17:50:12 +01:00
Noah van der Aa
769a05b682 Added CSRF protection to file manager. 2019-01-23 17:48:54 +01:00
Noah van der Aa
bc4a8a4d7c Adding CSRF to file manager 2019-01-23 17:44:04 +01:00
Daniel Winzen
e537e06118 Enable exec() related functions since we now have resource control in place 2019-01-22 21:15:32 +01:00
Noah van der Aa
7f7b228df6 Fixed a small typo 
"Here a list of 588 public hosted sites (172 sites hidden):" -> "Here is a list of 588 public hosted sites (172 sites hidden):"
 2019-01-18 18:54:46 +01:00
Daniel Winzen
5eab397200 Randomise DB (user)names to reduce attack surface + allow multiple DBs per user 2019-01-07 22:26:33 +01:00
Daniel Winzen
c46a2584fa Add shell access and scp support 2019-01-06 18:20:02 +01:00
NoahvdAa
c306ea2518 Check-All checkmark fix 
Check-All checkmark now only appears when javascript is enabled.
 2019-01-04 14:19:04 +01:00
NoahvdAa
cdd2b5b9be Added the "select all" option to the file manager. 
#13
 2019-01-04 14:16:51 +01:00
NoahvdAa
ae2aa16f76 Fixed a typo 2019-01-04 09:57:00 +01:00
Daniel Winzen
e536a5c544 Minor nginx config fix 2019-01-01 20:43:21 +01:00
Daniel Winzen
cff617379d tmp is created by setup_chroot script already 2019-01-01 14:34:06 +01:00
Daniel Winzen
6b6efc2fc6 Logs are stored outside chroot - don't check existence and let nginx handle it 2019-01-01 13:54:36 +01:00
Daniel Winzen
55bc8cd757 Introduce mysqld socket stream forwarding with nginx for chroot jails 2019-01-01 13:47:30 +01:00
Daniel Winzen
0f38bd2449 Improved privilege separation 2019-01-01 02:24:22 +01:00
Daniel Winzen
a5b0de4b07 Added setup_chroot.sh script 2018-12-27 22:32:37 +01:00
Daniel Winzen
08cc492b86 New imap.enable_insecure_rsh php.ini option protects against imap_open exploit 
http://php.net/manual/en/imap.configuration.php
 2018-12-08 11:01:06 +01:00
Daniel Winzen
756e16b533 Fixed potential race condition pointed out in issue #31 2018-12-06 16:54:35 +01:00
Daniel Winzen
5cd13e9269 Introduced selection between v2, v3 and custom hidden service 2018-12-06 16:24:35 +01:00
Daniel Winzen
305c8bc0c3 Fix mariadb 10.3 compatibility by adding default values 2018-12-05 22:19:46 +01:00
Daniel Winzen
fd95a4e2e3 v3 hidden service export to disk + hostname file is auto generated by tor 2018-12-04 21:48:45 +01:00
Daniel Winzen
c9cddc9f86 Username should be a prepared variable 2018-12-04 21:27:35 +01:00
Daniel Winzen
0fc4412404 Revert " Disabling emulated parameters" 2018-12-04 21:10:36 +01:00
Daniel Winzen
ba71455ca5 Introduce DEFAULT_PHP_VERSION 2018-12-04 20:48:08 +01:00
Daniel Winzen
4e163a7e2d Fixed syntax error 2018-12-04 15:26:24 +01:00
Daniel Winzen
363d1b31ad Debian sid dropped php7.2 support - move to 7.3 only 2018-12-02 21:17:11 +01:00
Daniel Winzen
2149bc9fd8 update paragonie/sodium_compat dependency 2018-12-02 10:45:51 +01:00
teikakki
cf8a6cde80 emulated params 2018-11-28 14:30:36 +00:00
teikakki
1fc180752f emulated params 2018-11-28 14:30:22 +00:00
teikakki
4475e3b277 emulated params 2018-11-28 14:30:05 +00:00
teikakki
6ffd291f12 emulated params 2018-11-28 14:29:46 +00:00
teikakki
79774b5a1d emualted params 2018-11-28 14:29:27 +00:00
teikakki
b46d0c7ab0 emulated params 2018-11-28 14:29:13 +00:00
teikakki
01af3c367d emulated params 2018-11-28 14:28:49 +00:00
teikakki
7ab640ea4b emulated params 2018-11-28 14:28:36 +00:00
teikakki
5753ca2cee Disabling emulated parameters 
Emulated parameters can be vulnerable to SQL injection.
Take also a look here: https://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection
 2018-11-28 14:26:55 +00:00
Daniel Winzen
36fc7103cb Add hidden service v3 keygen and parser for base64 encoded secret keys 2018-11-25 14:36:28 +01:00
Daniel Winzen
f0afbe14c9 Add sodium_compat composer dependency for v3 hidden_services 2018-11-24 14:56:24 +01:00
Daniel Winzen
9de11a9722 Dropped PHP7.1 support and install composer 2018-11-24 10:38:59 +01:00
Daniel Winzen
41b33f2c51 Drop PHP7.0 support 2018-11-18 20:50:35 +01:00
Daniel Winzen
db626a54a4 disable imap_open because of https://github.com/Bo0oM/PHP_imap_open_exploit 2018-11-17 10:15:15 +01:00
Daniel Winzen
bb21f9f10b Reload disabled php versions since accounts can still be deleted 2018-10-28 09:31:00 +01:00
Daniel Winzen
b69293ab6d Dynamic supported versions on frontpage 2018-10-28 09:01:31 +01:00