e949e4ea48
Bugfixes
2020-02-14 06:43:52 +01:00
3a53ea59f8
Hardlink chroot related files across all accounts to save disk space
2020-01-28 20:51:17 +01:00
61d15297b7
Bugfix
2020-01-26 12:07:15 +01:00
47fb983557
sanitize $system_account to protect against database modification exploits
2020-01-25 21:53:00 +01:00
93dc5b10c4
Avoid passing password hash as parameter and write directly to /etc/shadow
2020-01-25 20:29:51 +01:00
fc244d3182
Move chroot creation/updating to new setup_chroot() function
2020-01-23 21:49:36 +01:00
cb90bc7508
Introduced HOME_MOUNT_PATH const
2020-01-23 20:59:44 +01:00
e6946ad1ce
Introduced new const to easily change the sites name globally
2020-01-21 21:47:51 +01:00
f573f79f6c
Switch gnupg1 to gnupg2 and set env[HOME] for php correctly
2020-01-05 15:03:20 +01:00
264eacc3f9
Added some empty dirs and files that may be used within a chroot
2019-12-14 22:55:45 +01:00
6b19346b20
Various optimizations
2019-11-02 19:41:05 +01:00
ae925a2000
Allow changing instances + add nginx_rewrites table + optimizations
2019-09-22 21:24:27 +02:00
287eedf318
More tor instances + guard relays for stability and added disk quota
2019-06-30 16:20:06 +02:00
851a3103be
Added canonical tag and store tor/php instance responsibility in db
2019-06-20 18:53:30 +02:00
7eed4a05d7
hidden service dirs now contain authorized_clients folder
2019-01-25 20:32:35 +01:00
c46a2584fa
Add shell access and scp support
2019-01-06 18:20:02 +01:00
cff617379d
tmp is created by setup_chroot script already
2019-01-01 14:34:06 +01:00
55bc8cd757
Introduce mysqld socket stream forwarding with nginx for chroot jails
2019-01-01 13:47:30 +01:00
0f38bd2449
Improved privilege separation
2019-01-01 02:24:22 +01:00
08cc492b86
New imap.enable_insecure_rsh php.ini option protects against imap_open exploit
...
http://php.net/manual/en/imap.configuration.php
2018-12-08 11:01:06 +01:00
756e16b533
Fixed potential race condition pointed out in issue #31
2018-12-06 16:54:35 +01:00
fd95a4e2e3
v3 hidden service export to disk + hostname file is auto generated by tor
2018-12-04 21:48:45 +01:00
c9cddc9f86
Username should be a prepared variable
2018-12-04 21:27:35 +01:00
db626a54a4
disable imap_open because of https://github.com/Bo0oM/PHP_imap_open_exploit
2018-11-17 10:15:15 +01:00
bb21f9f10b
Reload disabled php versions since accounts can still be deleted
2018-10-28 09:31:00 +01:00
58b5efb96c
Added suspend hidden service feature + disabled php7.0 for new accounts
2018-10-28 08:48:30 +01:00
9985ba4864
Add PHP7.3 support and let setup.php write initial config files
2018-10-24 19:59:02 +02:00
d9e496930d
Add HiddenServiceMaxStreams option and service_instances table
2018-10-20 20:44:10 +02:00
2cee59dc6f
Structure changes for future features
2018-10-20 18:20:27 +02:00
1f2ff2176b
Save DB information in separate table
2018-10-17 21:50:20 +02:00
6eb068222c
Refactor DB foreign keys to auto_incrementing id instead of onion
...
Allows moving domains into separate table at a later stage
2018-10-16 21:09:16 +02:00
1d157473e6
Move account folder creation into cron.php
2018-07-14 10:41:44 +02:00
dda49153b3
Buffer access log writes to reduce IO
2018-05-13 09:04:12 +02:00
300cd647df
Increase limits and add putenv to disabled functions (vulerability)
...
Potential security vulnerability:
<?php
putenv("LD_PRELOAD=/home/site.onion/libtest.so");
mail("test@localhost","hacked","you");
2018-04-22 09:11:43 +02:00
e6ac79457f
We have proper firewalling, fsockopen no longer needs to be disabled
2018-03-11 20:26:19 +01:00
7bd2e79f06
Separate nginx sockets for each site to make hoster identification harder
2018-03-08 20:57:42 +01:00
6b0759be73
Added admin panel + optional manual approval for new sites
2018-02-25 21:25:05 +01:00
fa24bb61ec
Added PHP 7.2 support + minor bugfixes and performance tweaks
...
Note when applying this update you will have to update existing nginx vhosts to match new listening addresses (IPv6). Preferably you should update them to unix socket though and apply the changes to the tor hidden service config as well
2018-02-10 22:10:07 +01:00
c65055a9bb
Set mysql host to % instead of localhost to allow connections to 127.0.0.1
...
Note, for updating an existing database, you should run the following:
UPDATE mysql.user SET host='%'; FLUSH PRIVILEGES;
2017-12-21 20:26:24 +01:00
e8dd2b864e
Sort disable_functions and added a few system info revealing posix_* functions
2017-09-03 18:25:13 +02:00
8801d3ae0c
Increase PHP memory limit to 256M
2017-09-02 08:49:36 +02:00
daecda2500
Add instructions to create missing directories in skel directory
2017-05-29 13:15:16 +02:00
b7cefd1f5e
Fix error in older MariaDB/MySQL versions
2017-05-20 20:42:03 +02:00
74d340aabf
Only reload services that are affected by changes
2017-05-19 20:35:13 +02:00
63feb340f1
chdir is not required
2017-05-18 19:24:07 +02:00
f164927471
Add anything@your.onion aliases (for sending and receiving)
2017-05-01 17:42:58 +02:00
c1f53feb94
Use onion as name in email From header and add some missing docs
2017-05-01 09:18:43 +02:00
e0b35fb943
Initial commit
2017-04-30 19:32:42 +02:00
