fuzzy
/
dev_endboard
mirror of http://git.simp.i2p/fuzzykitten/dev_endboard
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update, reformat

main
fuzzykitten 2025-02-18 03:45:00 -05:00
parent 10882c5a84
commit 8b58b7acb3
1 changed files with 32 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
README.md
View File

@ -1,4 +1,4 @@
##Description
## Description
endboard is a textboard, intented for the use as a small service on tor
or i2p. It was written with the goal of anonymity and security, both for
@ -17,7 +17,7 @@ Code minification was a target in the beginning, but I had to give it up
to make space for all the features I wanted.
###For the users
### For the users
The textboard allows anonymous posting only, and it has no timestamps.
Only one sub is created automatically (main), others can be created by
@ -40,7 +40,7 @@ A simple bbcode dialect can be used to display headlines, bold text,
underlined text, strikethrough text, spoilers and links.
###For the admin
### For the admin
All options can be configured in one config file (or two, if the
webserver counts).
@ -67,7 +67,7 @@ unsuccessful logins (if exceeded, the interface will sent
429 - too many requests).
###Technical description
### Technical description
endboard is written in php and works with the versions 7 and 8. The
modules used are php-mbstring, php-json, php-fpm and php-sqlite3.
@ -86,7 +86,7 @@ working files to /var, the actual website to /srv).
Custom paths can be used, but will need adaption of config file
and/or index.php.
###Release history:
### Release history:
* 0.63 : changed from hash() to password_hash() for passwords, thanks anon.
* 0.64 : fixed a bug in destroy_token(), which would not log you out,
@ -102,7 +102,7 @@ and/or index.php.
* 0.71 : introduction of mobile design (thanks, anon !)
###Other features of endboard:
### Other features of endboard:
1) to have pretty urls (means: well readable), the request parameters
are parsed directly from $_SERVER['REQUEST_URI'], instead of using
@ -129,10 +129,10 @@ and/or index.php.
to 'pr0n', but http://terminus.i2p/s/P will lead to 'PP'.
##Opsec
## Opsec
###Best practises that were followed in the coding of endboard:
### Best practises that were followed in the coding of endboard:
* all user input is checked and filtered before further use
* in particular, all tags are stripped from posted texts
@ -145,7 +145,7 @@ and/or index.php.
* the panels for mods and admins can be disabled in the config file
###Best practises that were _not_ followed in the coding of endboard:
### Best practises that were _not_ followed in the coding of endboard:
* the access to the admin and mod panels (after initial authentification
with name/password) is done via a server generated token which is
@ -177,7 +177,7 @@ and/or index.php.
infamous textboard :-).
##Changes from smolBBS
## Changes from smolBBS
Almost no original code is left from smolBBS, the leftovers are the
captcha generation and a part of the spam check. I also stayed with the
@ -188,7 +188,7 @@ comparable any longer. Thanks go to sandlind for the initial inspiration
to make a board that is just simple and working.
##Installation instructions
## Installation instructions
The following instructions use debian, because I'm lazy. Adapt to your
system if needed. The setup of a tor hidden service or an eepsite is not
@ -197,43 +197,43 @@ instructions already.
The same for securing your server and making sure it doesn't blab.
###Update your system and install needed components:
### Update your system and install needed components:
``` apt update && apt upgrade -y && apt install -y php php-json php-mbstring php-sqlite3 php-fpm nginx```
###Make directories:
### Make directories:
``` mkdir -p /srv/endboard /etc/opt/endboard /var/opt/endboard```
###Distribute files to webroot (from directory of the endboard archive):
### Distribute files to webroot (from directory of the endboard archive):
``` cp -rv ./srv/* /srv/endboard/```
###Distribute config file to etc (from directory of the endboard archive):
### Distribute config file to etc (from directory of the endboard archive):
``` cp -v ./etc/config.php /etc/opt/endboard/```
###Give ownership of working directory to webserver:
### Give ownership of working directory to webserver:
``` chown -R www-data:www-data /var/opt/endboard```
###Copy config file for nginx (from directory of the endboard archive):
### Copy config file for nginx (from directory of the endboard archive):
``` cp ./etc/endboard /etc/nginx/sites-available/```
Edit the two config files according to your needs (at the very least,
define the landing page and the name of the admin account).
###Enable the site:
### Enable the site:
``` ln -s /etc/nginx/sites-available/endboard /etc/nginx/sites-enabled/```
###Then, test and restart web server:
### Then, test and restart web server:
``` nginx -t && systemctl reload nginx```
###First use
### First use
Before you publish your servers address anywhere, open your browser and
go to http://youraddress.i2p/aa (or locally to http://127.0.0.1/aa).
@ -256,7 +256,7 @@ consist of only one letter.
After this procedure, you can disable the admin interface in the config
file, if you want, and only enable it when needed.
###Moderators
### Moderators
If enabled in the config file (take_applications), users can apply to be
moderators under:
@ -277,7 +277,7 @@ they are not displayed any longer).
##Risks when using endboard:
## Risks when using endboard:
* bugs in the code of endboard, this is still the beta version
* if you run a public server somewhere on the internet, you are
@ -288,10 +288,10 @@ they are not displayed any longer).
If you don't do that, this is on you.
##Limits of the endboard software
## Limits of the endboard software
###Admin
### Admin
Currently, there is only one admin account, the name of which is defined
in the config file. If the password is lost, it cannot be reset.
@ -306,7 +306,7 @@ Because of the length of the token this approach is very unlikely
to succeed.
###Network
### Network
endboard relies on being on a darknet that provides full end-to-end
encryption between client and server (which is the case for both tor
@ -317,7 +317,7 @@ browser and the server. ssl could probably be used for this, but
clearnet is not the usecase anyway, so I will put no work into it.
###Traffic
### Traffic
The php and database components of endboard are able to manage a lot of
traffic, by darknet standards. Using sqlite3 is faster than using a
@ -333,7 +333,7 @@ resources play a larger role than the potential waiting time
(but no precise measurements have been done yet).
###Captcha
### Captcha
The captcha is simple, and its parameters can be read directly from the
source of the page. A moderately skilled attacker could write a bot that
@ -344,17 +344,7 @@ A postform can still be only used once, and for a limited time,
since it is preloaded with a token.
###Entry portal
The entry portal works great in general, however, it does not work properly
with lynx. And not properly means actually, not at all, unless lynx is
started a second time (after clicking the portal).
The reason is that lynx does not reload a known address, I could never
find out if this is a bug of lynx, or an intended feature.
Anyway, I will rewrite the code to work around that, but it might take a bit.
###Log files
### Log files
endboard logs events like deletions, imports, authorization failures and
others to the db. The logs can be viewed on the admin panel, although
@ -363,7 +353,7 @@ Another option would be to log to /var/log or syslog. Maybe in future
versions.
###Display on mobile screens
### Display on mobile screens
For some reason the display on small screens used to suck. Along came
one anon who made a working proposal. This is the current status, it is
@ -374,7 +364,7 @@ functions for admins and mods, those should be used with the original
site.
###Number of posts, number of subs
### Number of posts, number of subs
The theoretical maximum number of rows in a table is 2^64
(18446744073709551616 or about 1.8e+19). This limit is unreachable since
@ -389,7 +379,7 @@ like this. A terabyte of text only, that's an assload of posts.
That's as precise as it gets for now.
##Changes from earlier versions
## Changes from earlier versions
The code has been almost completely rewritten. A lot of features have
been added, and a lot of bugs were fixed.
@ -399,7 +389,7 @@ All features that resided in other php files in earlier versions have
been put in index.php, this file has grown a lot as a result
(but the code is much better organized and consistent now).
##Licence stuff
## Licence stuff
* The writing of the code of endboard started some time ago with another
* software called smolBBS. Although there is almost no original code