danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
154 Commits 1 Branch 0 Tags
cdd2b5b9bed74fe9eddb5e9743dabf23bd6666cc
Commit Graph

154 Commits

Author SHA1 Message Date
Daniel Winzen
f0afbe14c9 Add sodium_compat composer dependency for v3 hidden_services 2018-11-24 14:56:24 +01:00
Daniel Winzen
9de11a9722 Dropped PHP7.1 support and install composer 2018-11-24 10:38:59 +01:00
Daniel Winzen
910381fee2 Removed php7.0 setup instructions 2018-11-19 21:23:34 +01:00
Daniel Winzen
7d032f4955 Merge pull request from jtesta/sshd_hardening 
Hardened SSH Service
 2018-11-19 21:20:43 +01:00
Joe Testa
e4e59782ca Disabled RSA host key type (because small keys are generated by default), as well as ECDSA (due to suspicions of NSA-compromised P-curves). Enabled only strong key exchange, cipher, and MAC algorithms. See https://www.sshaudit.com/ and https://github.com/arthepsy/ssh-audit. 2018-11-19 15:01:11 -05:00
Daniel Winzen
41b33f2c51 Drop PHP7.0 support 2018-11-18 20:50:35 +01:00
Daniel Winzen
db626a54a4 disable imap_open because of https://github.com/Bo0oM/PHP_imap_open_exploit 2018-11-17 10:15:15 +01:00
Daniel Winzen
f4ca23336b Add clamav virus scan to mails 2018-11-11 11:17:20 +01:00
Daniel Winzen
bb21f9f10b Reload disabled php versions since accounts can still be deleted 2018-10-28 09:31:00 +01:00
Daniel Winzen
5f3dfefa02 Drop now redundant config 2018-10-28 09:07:20 +01:00
Daniel Winzen
b69293ab6d Dynamic supported versions on frontpage 2018-10-28 09:01:31 +01:00
Daniel Winzen
58b5efb96c Added suspend hidden service feature + disabled php7.0 for new accounts 2018-10-28 08:48:30 +01:00
Daniel Winzen
1884f4b08b php is .ini not .conf 2018-10-26 19:14:29 +02:00
Daniel Winzen
9985ba4864 Add PHP7.3 support and let setup.php write initial config files 2018-10-24 19:59:02 +02:00
Daniel Winzen
d5d7078776 Allow editing hidden service options 2018-10-22 21:45:08 +02:00
Daniel Winzen
b80f30ac03 Ignore insecure 777 permissions set by users on logrotate 2018-10-21 10:44:23 +02:00
Daniel Winzen
cfb19915b5 Optimized find query to only search within each users tmp directory 2018-10-20 21:08:44 +02:00
Daniel Winzen
d9e496930d Add HiddenServiceMaxStreams option and service_instances table 2018-10-20 20:44:10 +02:00
Daniel Winzen
2cee59dc6f Structure changes for future features 2018-10-20 18:20:27 +02:00
Daniel Winzen
96efd92ab1 bump dbversion 2018-10-17 21:51:20 +02:00
Daniel Winzen
1f2ff2176b Save DB information in separate table 2018-10-17 21:50:20 +02:00
Daniel Winzen
6eb068222c Refactor DB foreign keys to auto_incrementing id instead of onion 
Allows moving domains into separate table at a later stage
 2018-10-16 21:09:16 +02:00
Daniel Winzen
81c2364b7b Better load distribution on multiple relays 2018-09-23 20:09:04 +02:00
Daniel Winzen
acc8782043 Add privacy policy checkbox (required by GDPR) 2018-09-10 19:30:12 +02:00
Daniel Winzen
382ea73efb Update firewall rules 2018-09-10 19:20:11 +02:00
Daniel Winzen
2c634b889c Add dnsmasq DNS caching and performance tune tor instances 2018-09-10 19:11:02 +02:00
Daniel Winzen
156a66a3ff Added missing php7.0-intl package 2018-09-10 19:06:51 +02:00
Daniel Winzen
1d157473e6 Move account folder creation into cron.php 2018-07-14 10:41:44 +02:00
Daniel Winzen
f43e699b91 chroot postfix 2018-06-18 20:24:00 +02:00
Daniel Winzen
e6d798370f secmail.pro dropped rewriting of .onion to .pro domain 2018-06-02 12:05:30 +02:00
Daniel Winzen
943ca4b151 Enable fastcgi_cache 2018-05-15 20:45:49 +02:00
Daniel Winzen
dda49153b3 Buffer access log writes to reduce IO 2018-05-13 09:04:12 +02:00
Daniel Winzen
1a9ee646c6 Adapt firewall rule to new ftp ports 2018-05-06 09:57:24 +02:00
Daniel Winzen
c6498ea1dc Increase available ports for passive ftp 2018-05-05 14:10:01 +02:00
Daniel Winzen
49a5b187b0 Increase buffer to get rid of errors on large response headers (e.g. cookies) 
upstream sent too big header while reading response header
 2018-04-22 15:07:00 +02:00
Daniel Winzen
300cd647df Increase limits and add putenv to disabled functions (vulerability) 
Potential security vulnerability:
<?php
putenv("LD_PRELOAD=/home/site.onion/libtest.so");
mail("test@localhost","hacked","you");
 2018-04-22 09:11:43 +02:00
Daniel Winzen
c9487adb1a MariaDB hit open_files_limit -> increase it 2018-03-12 06:47:18 +01:00
Daniel Winzen
e6ac79457f We have proper firewalling, fsockopen no longer needs to be disabled 2018-03-11 20:26:19 +01:00
Daniel Winzen
b2fab1ec53 Fix /var/run/nginx not being created on nginx start 2018-03-11 20:17:14 +01:00
Daniel Winzen
7bd2e79f06 Separate nginx sockets for each site to make hoster identification harder 2018-03-08 20:57:42 +01:00
Daniel Winzen
9eb5c2ae3c Show error message on login when account has not yet been created 2018-03-03 19:22:57 +01:00
Daniel Winzen
47b9b6e3a6 Fixed db query 2018-02-26 16:37:35 +01:00
Daniel Winzen
e8f8f42a24 Fix db query 2018-02-25 21:53:00 +01:00
Daniel Winzen
463be89b09 bumped database layout version 2018-02-25 21:47:29 +01:00
Daniel Winzen
6b0759be73 Added admin panel + optional manual approval for new sites 2018-02-25 21:25:05 +01:00
Daniel Winzen
eca0c675cd Added missing dovecot config to use home maildir 2018-02-11 19:53:10 +01:00
Daniel Winzen
ea112b3389 Added missing authorized destinations for services also reachable via .onion 2018-02-11 17:36:50 +01:00
Daniel Winzen
5163c7aa2b Connect to unix socket for default site 2018-02-11 17:22:31 +01:00
Daniel Winzen
ee191ccbb8 PHP7.2 no longer has the mcrypt module as a package 2018-02-11 15:46:52 +01:00
Daniel Winzen
fa24bb61ec Added PHP 7.2 support + minor bugfixes and performance tweaks 
Note when applying this update you will have to update existing nginx vhosts to match new listening addresses (IPv6). Preferably you should update them to unix socket though and apply the changes to the tor hidden service config as well
 2018-02-10 22:10:07 +01:00