danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
324 Commits 1 Branch 0 Tags
3de4580595c090e7dfb51fc1b8238e07e8f01d27
Commit Graph

172 Commits

Author SHA1 Message Date
Daniel Winzen
305c8bc0c3 Fix mariadb 10.3 compatibility by adding default values 2018-12-05 22:19:46 +01:00
Daniel Winzen
fd95a4e2e3 v3 hidden service export to disk + hostname file is auto generated by tor 2018-12-04 21:48:45 +01:00
Daniel Winzen
c9cddc9f86 Username should be a prepared variable 2018-12-04 21:27:35 +01:00
Daniel Winzen
0fc4412404 Revert " Disabling emulated parameters" 2018-12-04 21:10:36 +01:00
Daniel Winzen
ba71455ca5 Introduce DEFAULT_PHP_VERSION 2018-12-04 20:48:08 +01:00
Daniel Winzen
4e163a7e2d Fixed syntax error 2018-12-04 15:26:24 +01:00
Daniel Winzen
363d1b31ad Debian sid dropped php7.2 support - move to 7.3 only 2018-12-02 21:17:11 +01:00
Daniel Winzen
2149bc9fd8 update paragonie/sodium_compat dependency 2018-12-02 10:45:51 +01:00
teikakki
cf8a6cde80 emulated params 2018-11-28 14:30:36 +00:00
teikakki
1fc180752f emulated params 2018-11-28 14:30:22 +00:00
teikakki
4475e3b277 emulated params 2018-11-28 14:30:05 +00:00
teikakki
6ffd291f12 emulated params 2018-11-28 14:29:46 +00:00
teikakki
79774b5a1d emualted params 2018-11-28 14:29:27 +00:00
teikakki
b46d0c7ab0 emulated params 2018-11-28 14:29:13 +00:00
teikakki
01af3c367d emulated params 2018-11-28 14:28:49 +00:00
teikakki
7ab640ea4b emulated params 2018-11-28 14:28:36 +00:00
teikakki
5753ca2cee Disabling emulated parameters 
Emulated parameters can be vulnerable to SQL injection.
Take also a look here: https://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection
 2018-11-28 14:26:55 +00:00
Daniel Winzen
36fc7103cb Add hidden service v3 keygen and parser for base64 encoded secret keys 2018-11-25 14:36:28 +01:00
Daniel Winzen
f0afbe14c9 Add sodium_compat composer dependency for v3 hidden_services 2018-11-24 14:56:24 +01:00
Daniel Winzen
9de11a9722 Dropped PHP7.1 support and install composer 2018-11-24 10:38:59 +01:00
Daniel Winzen
41b33f2c51 Drop PHP7.0 support 2018-11-18 20:50:35 +01:00
Daniel Winzen
db626a54a4 disable imap_open because of https://github.com/Bo0oM/PHP_imap_open_exploit 2018-11-17 10:15:15 +01:00
Daniel Winzen
bb21f9f10b Reload disabled php versions since accounts can still be deleted 2018-10-28 09:31:00 +01:00
Daniel Winzen
b69293ab6d Dynamic supported versions on frontpage 2018-10-28 09:01:31 +01:00
Daniel Winzen
58b5efb96c Added suspend hidden service feature + disabled php7.0 for new accounts 2018-10-28 08:48:30 +01:00
Daniel Winzen
1884f4b08b php is .ini not .conf 2018-10-26 19:14:29 +02:00
Daniel Winzen
9985ba4864 Add PHP7.3 support and let setup.php write initial config files 2018-10-24 19:59:02 +02:00
Daniel Winzen
d5d7078776 Allow editing hidden service options 2018-10-22 21:45:08 +02:00
Daniel Winzen
cfb19915b5 Optimized find query to only search within each users tmp directory 2018-10-20 21:08:44 +02:00
Daniel Winzen
d9e496930d Add HiddenServiceMaxStreams option and service_instances table 2018-10-20 20:44:10 +02:00
Daniel Winzen
2cee59dc6f Structure changes for future features 2018-10-20 18:20:27 +02:00
Daniel Winzen
96efd92ab1 bump dbversion 2018-10-17 21:51:20 +02:00
Daniel Winzen
1f2ff2176b Save DB information in separate table 2018-10-17 21:50:20 +02:00
Daniel Winzen
6eb068222c Refactor DB foreign keys to auto_incrementing id instead of onion 
Allows moving domains into separate table at a later stage
 2018-10-16 21:09:16 +02:00
Daniel Winzen
81c2364b7b Better load distribution on multiple relays 2018-09-23 20:09:04 +02:00
Daniel Winzen
acc8782043 Add privacy policy checkbox (required by GDPR) 2018-09-10 19:30:12 +02:00
Daniel Winzen
1d157473e6 Move account folder creation into cron.php 2018-07-14 10:41:44 +02:00
Daniel Winzen
dda49153b3 Buffer access log writes to reduce IO 2018-05-13 09:04:12 +02:00
Daniel Winzen
300cd647df Increase limits and add putenv to disabled functions (vulerability) 
Potential security vulnerability:
<?php
putenv("LD_PRELOAD=/home/site.onion/libtest.so");
mail("test@localhost","hacked","you");
 2018-04-22 09:11:43 +02:00
Daniel Winzen
e6ac79457f We have proper firewalling, fsockopen no longer needs to be disabled 2018-03-11 20:26:19 +01:00
Daniel Winzen
7bd2e79f06 Separate nginx sockets for each site to make hoster identification harder 2018-03-08 20:57:42 +01:00
Daniel Winzen
9eb5c2ae3c Show error message on login when account has not yet been created 2018-03-03 19:22:57 +01:00
Daniel Winzen
47b9b6e3a6 Fixed db query 2018-02-26 16:37:35 +01:00
Daniel Winzen
e8f8f42a24 Fix db query 2018-02-25 21:53:00 +01:00
Daniel Winzen
463be89b09 bumped database layout version 2018-02-25 21:47:29 +01:00
Daniel Winzen
6b0759be73 Added admin panel + optional manual approval for new sites 2018-02-25 21:25:05 +01:00
Daniel Winzen
fa24bb61ec Added PHP 7.2 support + minor bugfixes and performance tweaks 
Note when applying this update you will have to update existing nginx vhosts to match new listening addresses (IPv6). Preferably you should update them to unix socket though and apply the changes to the tor hidden service config as well
 2018-02-10 22:10:07 +01:00
Daniel Winzen
c65055a9bb Set mysql host to % instead of localhost to allow connections to 127.0.0.1 
Note, for updating an existing database, you should run the following:
UPDATE mysql.user SET host='%'; FLUSH PRIVILEGES;
 2017-12-21 20:26:24 +01:00
Daniel Winzen
a9fd1b658c Use X-Accel-Redirect in log.php output 2017-12-03 12:48:37 +01:00
Daniel Winzen
99ccbdccfe Updated tutorial for Ubuntu 16.04 LTS compatibility 2017-11-05 10:43:44 +01:00