diff --git a/README.md b/README.md index 1a0bd48..e4d87ee 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -##Description +## Description endboard is a textboard, intented for the use as a small service on tor or i2p. It was written with the goal of anonymity and security, both for @@ -17,7 +17,7 @@ Code minification was a target in the beginning, but I had to give it up to make space for all the features I wanted. -###For the users +### For the users The textboard allows anonymous posting only, and it has no timestamps. Only one sub is created automatically (main), others can be created by @@ -40,7 +40,7 @@ A simple bbcode dialect can be used to display headlines, bold text, underlined text, strikethrough text, spoilers and links. -###For the admin +### For the admin All options can be configured in one config file (or two, if the webserver counts). @@ -67,7 +67,7 @@ unsuccessful logins (if exceeded, the interface will sent 429 - too many requests). -###Technical description +### Technical description endboard is written in php and works with the versions 7 and 8. The modules used are php-mbstring, php-json, php-fpm and php-sqlite3. @@ -86,7 +86,7 @@ working files to /var, the actual website to /srv). Custom paths can be used, but will need adaption of config file and/or index.php. -###Release history: +### Release history: * 0.63 : changed from hash() to password_hash() for passwords, thanks anon. * 0.64 : fixed a bug in destroy_token(), which would not log you out, @@ -102,7 +102,7 @@ and/or index.php. * 0.71 : introduction of mobile design (thanks, anon !) -###Other features of endboard: +### Other features of endboard: 1) to have pretty urls (means: well readable), the request parameters are parsed directly from $_SERVER['REQUEST_URI'], instead of using @@ -129,10 +129,10 @@ and/or index.php. to 'pr0n', but http://terminus.i2p/s/P will lead to 'PP'. -##Opsec +## Opsec -###Best practises that were followed in the coding of endboard: +### Best practises that were followed in the coding of endboard: * all user input is checked and filtered before further use * in particular, all tags are stripped from posted texts @@ -145,7 +145,7 @@ and/or index.php. * the panels for mods and admins can be disabled in the config file -###Best practises that were _not_ followed in the coding of endboard: +### Best practises that were _not_ followed in the coding of endboard: * the access to the admin and mod panels (after initial authentification with name/password) is done via a server generated token which is @@ -177,7 +177,7 @@ and/or index.php. infamous textboard :-). -##Changes from smolBBS +## Changes from smolBBS Almost no original code is left from smolBBS, the leftovers are the captcha generation and a part of the spam check. I also stayed with the @@ -188,7 +188,7 @@ comparable any longer. Thanks go to sandlind for the initial inspiration to make a board that is just simple and working. -##Installation instructions +## Installation instructions The following instructions use debian, because I'm lazy. Adapt to your system if needed. The setup of a tor hidden service or an eepsite is not @@ -197,43 +197,43 @@ instructions already. The same for securing your server and making sure it doesn't blab. -###Update your system and install needed components: +### Update your system and install needed components: ``` apt update && apt upgrade -y && apt install -y php php-json php-mbstring php-sqlite3 php-fpm nginx``` -###Make directories: +### Make directories: ``` mkdir -p /srv/endboard /etc/opt/endboard /var/opt/endboard``` -###Distribute files to webroot (from directory of the endboard archive): +### Distribute files to webroot (from directory of the endboard archive): ``` cp -rv ./srv/* /srv/endboard/``` -###Distribute config file to etc (from directory of the endboard archive): +### Distribute config file to etc (from directory of the endboard archive): ``` cp -v ./etc/config.php /etc/opt/endboard/``` -###Give ownership of working directory to webserver: +### Give ownership of working directory to webserver: ``` chown -R www-data:www-data /var/opt/endboard``` -###Copy config file for nginx (from directory of the endboard archive): +### Copy config file for nginx (from directory of the endboard archive): ``` cp ./etc/endboard /etc/nginx/sites-available/``` Edit the two config files according to your needs (at the very least, define the landing page and the name of the admin account). -###Enable the site: +### Enable the site: ``` ln -s /etc/nginx/sites-available/endboard /etc/nginx/sites-enabled/``` -###Then, test and restart web server: +### Then, test and restart web server: ``` nginx -t && systemctl reload nginx``` -###First use +### First use Before you publish your servers address anywhere, open your browser and go to http://youraddress.i2p/aa (or locally to http://127.0.0.1/aa). @@ -256,7 +256,7 @@ consist of only one letter. After this procedure, you can disable the admin interface in the config file, if you want, and only enable it when needed. -###Moderators +### Moderators If enabled in the config file (take_applications), users can apply to be moderators under: @@ -277,7 +277,7 @@ they are not displayed any longer). -##Risks when using endboard: +## Risks when using endboard: * bugs in the code of endboard, this is still the beta version * if you run a public server somewhere on the internet, you are @@ -288,10 +288,10 @@ they are not displayed any longer). If you don't do that, this is on you. -##Limits of the endboard software +## Limits of the endboard software -###Admin +### Admin Currently, there is only one admin account, the name of which is defined in the config file. If the password is lost, it cannot be reset. @@ -306,7 +306,7 @@ Because of the length of the token this approach is very unlikely to succeed. -###Network +### Network endboard relies on being on a darknet that provides full end-to-end encryption between client and server (which is the case for both tor @@ -317,7 +317,7 @@ browser and the server. ssl could probably be used for this, but clearnet is not the usecase anyway, so I will put no work into it. -###Traffic +### Traffic The php and database components of endboard are able to manage a lot of traffic, by darknet standards. Using sqlite3 is faster than using a @@ -333,7 +333,7 @@ resources play a larger role than the potential waiting time (but no precise measurements have been done yet). -###Captcha +### Captcha The captcha is simple, and its parameters can be read directly from the source of the page. A moderately skilled attacker could write a bot that @@ -344,17 +344,7 @@ A postform can still be only used once, and for a limited time, since it is preloaded with a token. -###Entry portal - -The entry portal works great in general, however, it does not work properly -with lynx. And not properly means actually, not at all, unless lynx is -started a second time (after clicking the portal). -The reason is that lynx does not reload a known address, I could never -find out if this is a bug of lynx, or an intended feature. -Anyway, I will rewrite the code to work around that, but it might take a bit. - - -###Log files +### Log files endboard logs events like deletions, imports, authorization failures and others to the db. The logs can be viewed on the admin panel, although @@ -363,7 +353,7 @@ Another option would be to log to /var/log or syslog. Maybe in future versions. -###Display on mobile screens +### Display on mobile screens For some reason the display on small screens used to suck. Along came one anon who made a working proposal. This is the current status, it is @@ -374,7 +364,7 @@ functions for admins and mods, those should be used with the original site. -###Number of posts, number of subs +### Number of posts, number of subs The theoretical maximum number of rows in a table is 2^64 (18446744073709551616 or about 1.8e+19). This limit is unreachable since @@ -389,7 +379,7 @@ like this. A terabyte of text only, that's an assload of posts. That's as precise as it gets for now. -##Changes from earlier versions +## Changes from earlier versions The code has been almost completely rewritten. A lot of features have been added, and a lot of bugs were fixed. @@ -399,7 +389,7 @@ All features that resided in other php files in earlier versions have been put in index.php, this file has grown a lot as a result (but the code is much better organized and consistent now). -##Licence stuff +## Licence stuff * The writing of the code of endboard started some time ago with another * software called smolBBS. Although there is almost no original code