From 0ab9f1fd28be64730e54031a69d8eadacbf65732 Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 17 Sep 2017 14:12:50 +0200 Subject: [PATCH 01/30] Updated Third party clients (markdown) --- Third-party-clients.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Third-party-clients.md b/Third-party-clients.md index 2a9f168..c9604ce 100644 --- a/Third-party-clients.md +++ b/Third-party-clients.md @@ -1,3 +1,3 @@ Here is a list of clients, which implement the [PrivateBin API](https://github.com/PrivateBin/PrivateBin/wiki/API) so you can use them with any PrivateBin server of your choice: -* coming soon... \ No newline at end of file +* [proof-of-concept CLI client](https://github.com/PrivateBin/PrivateBin-Cli) \ No newline at end of file From d7c15a42083f72178d037cf9352327199d499119 Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 17 Sep 2017 14:13:01 +0200 Subject: [PATCH 02/30] Updated Third party clients (markdown) --- Third-party-clients.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Third-party-clients.md b/Third-party-clients.md index c9604ce..9dad5d0 100644 --- a/Third-party-clients.md +++ b/Third-party-clients.md @@ -1,3 +1,3 @@ Here is a list of clients, which implement the [PrivateBin API](https://github.com/PrivateBin/PrivateBin/wiki/API) so you can use them with any PrivateBin server of your choice: -* [proof-of-concept CLI client](https://github.com/PrivateBin/PrivateBin-Cli) \ No newline at end of file +* [proof-of-concept CLI client in node.js](https://github.com/PrivateBin/PrivateBin-Cli) \ No newline at end of file From 8b1505625c8ac5d14faa5725374b425973ea0dc5 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Thu, 28 Sep 2017 23:04:24 +0200 Subject: [PATCH 03/30] Updated PrivateBin Directory (markdown) --- PrivateBin-Directory.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/PrivateBin-Directory.md b/PrivateBin-Directory.md index a6d05e7..709f2f9 100644 --- a/PrivateBin-Directory.md +++ b/PrivateBin-Directory.md @@ -4,8 +4,9 @@ Need a server to paste your texts? Here is a list of URLs to choose from (in not URL | forced HTTPS | file upload | other ----|:------------:|:-----------:|------ -https://snip.dssr.ch | :white_check_mark: | :white_check_mark: +https://pb.nwsec.de | :white_check_mark: | :white_large_square: | Let's Encrypt SSL, A rated on SSL Labs, A rated on securityheaders.io https://privatebin.net | :white_check_mark: | :white_large_square: +https://snip.dssr.ch | :white_check_mark: | :white_check_mark: https://p.dousse.eu | :white_check_mark: | :white_check_mark: | No IP Logs, Let's Encrypt SSL, A+ rated on SSL Labs, A rated on securityheaders.io https://paste.unixcorn.org | :white_check_mark: | :white_large_square: | French / Français https://wtf.roflcopter.fr/paste/ | :white_check_mark: | :white_large_square: From 263411337f2d6dd4e54a50c5db82cc2a79c8dad5 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sat, 30 Sep 2017 17:48:05 +0200 Subject: [PATCH 04/30] removed dead sites, updated version lists --- PrivateBin-Directory.md | 46 ++++++++++++++--------------------------- 1 file changed, 15 insertions(+), 31 deletions(-) diff --git a/PrivateBin-Directory.md b/PrivateBin-Directory.md index 709f2f9..600bc98 100644 --- a/PrivateBin-Directory.md +++ b/PrivateBin-Directory.md @@ -18,23 +18,26 @@ https://jaegers.net/privatebin/ | :white_check_mark: | :white_check_mark: | No I https://pastebin.aquilenet.fr | :white_check_mark: | :white_large_square: | darkstrap theme https://paste.carrade.eu | :white_check_mark: | :white_check_mark: | French / Français, Let's Encrypt SSL, A rated on [SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=paste.carrade.eu&hideResults=on) https://paste.wiidatabase.de | :white_check_mark: | :white_large_square: | German / Deutsch, modified darkstrap theme +https://paste.debian-fr.xyz | :white_check_mark: | :white_large_square: | modified darkstrap theme, uses Piwik +https://nopaste.xyz | :white_check_mark: | :white_large_square: | uses Cloudflare +https://zerobin.farcy.me | :white_large_square: | :white_large_square: +https://webapps.leutek.de/PrivateBin/ | :white_check_mark: | :white_check_mark: +https://p.0x0f.su | :white_check_mark: | :white_check_mark: | No logs +https://paste.nolsen.xyz | :white_check_mark: | :white_check_mark: | No IP Logs, Available Tor Hidden Service +https://paste.mondedie.fr | :white_check_mark: | :white_large_square: | french / français, modified bootstrap theme +https://paste.dd.zom.bi | :white_check_mark: | :white_large_square: | darkstrap theme +https://www.systemli.org/paste/ | :white_check_mark: | :white_large_square: +https://paste.tecff.de | :white_check_mark: | :white_large_square: +https://bin.acquia.com | :white_check_mark: | :white_large_square: +https://paste.fizi.ca | :white_check_mark: | :white_check_mark: | darkstrap theme +https://paste.schleicloud.de | :white_check_mark: | :white_check_mark: ## PrivateBin 1.0 URL | forced HTTPS | file upload | other ----|:------------:|:-----------:|------ -https://paste.schleicloud.de | :white_check_mark: | :white_check_mark: -https://paste.fizi.ca | :white_check_mark: | :white_check_mark: | darkstrap theme -https://bin.acquia.com | :white_check_mark: | :white_large_square: -https://paste.tecff.de | :white_check_mark: | :white_large_square: -https://www.systemli.org/paste/ | :white_check_mark: | :white_large_square: -https://paste.dd.zom.bi | :white_check_mark: | :white_large_square: | darkstrap theme -https://paste.mondedie.fr | :white_check_mark: | :white_large_square: | french / français, modified bootstrap theme -https://nsa.black | :white_check_mark: | :white_check_mark: | No IP Logs https://paste.tech-port.de | :white_check_mark: | :white_large_square: | No IP Logs, modified darkstrap theme -https://paste.nolsen.xyz | :white_check_mark: | :white_check_mark: | No IP Logs, Available Tor Hidden Service https://paste.nikul.in | :white_check_mark: | :white_large_square: | No IP Logs, modified darkstrap theme -https://p.0x0f.su | :white_check_mark: | :white_check_mark: | No logs ## ZeroBin 0.22 @@ -42,22 +45,11 @@ URL | forced HTTPS | file upload | other ----|:------------:|:-----------:|------ https://share.cyberguerrilla.info | :white_check_mark: | :white_check_mark: | modified darkstrap theme https://paste.chatq.net | :white_check_mark: | :white_check_mark: | modified bootstrap theme -https://webapps.leutek.de/PrivateBin/ | :white_check_mark: | :white_check_mark: https://paste.kwachu.org | :white_check_mark: | :white_large_square: -https://zerobin.farcy.me | :white_large_square: | :white_large_square: http://paste.gehaxelt.in | :white_large_square: | :white_large_square: http://gilles.wittezaele.fr/paste/ | :white_large_square: | :white_large_square: -https://nopaste.xyz | :white_check_mark: | :white_large_square: | uses Cloudflare -https://paste.debian-fr.xyz | :white_check_mark: | :white_large_square: | modified darkstrap theme, uses Piwik -https://www.mycodebin.com | :white_check_mark: | :white_large_square: | uses Google Adsense https://p.k0nsl.org | :white_check_mark: | :white_check_mark: | Let's Encrypt SSL; modified default theme; uses Piwik -## ZeroBin 0.21.1 - -URL | forced HTTPS | file upload | other -----|:------------:|:-----------:|------ -https://www.riebart.ca/zerobin/ | :white_check_mark: | :white_check_mark: - ## ZeroBin 0.19 (latest release of Seb Sauvage) URL | Version | forced HTTPS | other @@ -74,23 +66,15 @@ http://paste.piratux.com | 0.19 | :white_large_square: http://zerobin.thican.net | 0.19 | :white_large_square: http://paste.vinilox.eu | 0.19 | :white_large_square: http://zerobin.zertrin.org | 0.19 | :white_large_square: +http://www.karinafolkmusic.altervista.org/zerobin/ | 0.19.5 | :white_large_square: | uses Altervista Toolbar ## ZeroBin 0.18 URL | forced HTTPS ----|:-----------: -http://traviscj.com/ZeroBin/ | :white_large_square: +https://traviscj.com/ZeroBin/ | :white_check_mark: http://zb.zerosgaming.de | :white_large_square: -## ZeroBin 0.15 - -URL | forced HTTPS | other -----|:------------:|------ -http://www.nullfile.com/index.php | :white_large_square: -http://paste.ethernia.net | :white_large_square: -http://paste.kyleundefined.com | :white_large_square: -http://www.karinafolkmusic.altervista.org/zerobin/ | :white_large_square: | uses Altervista Toolbar - ## Other URL | Version | forced HTTPS | other From aac13497239630e1efcc725c4ee1399e95e781f9 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Wed, 4 Oct 2017 19:49:14 +0200 Subject: [PATCH 05/30] resordering installation documentation structure to focus more on the hardening of the setup --- Installation.md | 73 +++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 35 deletions(-) diff --git a/Installation.md b/Installation.md index 41b090e..a59321a 100644 --- a/Installation.md +++ b/Installation.md @@ -1,14 +1,13 @@ **TL;DR:** Download the [latest release archive](https://github.com/PrivateBin/PrivateBin/releases/latest) and extract it in your web hosts folder where you want to install your PrivateBin -instance. We try to provide a safe default configuration, but we advise you to -check the options and adjust them as you see fit. +instance. We try to provide a mostly safe default configuration, but we urge you to +check the [security section](#hardening-and-security) below and the [configuration +options](#configuration) to adjust as you see fit. **NOTE:** See [our FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-can-i-securely-clonedownload-your-project) for information how to securely download the PrivateBin release files. -## Basic installation - -### Requirements +### Minimal requirements - PHP version 5.4 or above - _one_ of the following sources of cryptographically safe randomness is required: @@ -20,37 +19,11 @@ check the options and adjust them as you see fit. Mcrypt needs to be able to access `/dev/urandom`. This means if `open_basedir` is set, it must include this file. - GD extension -- some disk space or (optional) a database supported by [PDO](https://secure.php.net/manual/book.pdo.php) -- ability to create files and folders in the installation directory and the PATH +- some disk space or (optionally) a database supported by [PDO](https://secure.php.net/manual/book.pdo.php) +- ability to create files and folders in the installation directory and the PATH defined in index.php - A web browser with javascript support -### Configuration - -In the file `cfg/conf.ini` you can configure PrivateBin. A `cfg/conf.ini.sample` -is provided containing all options and default values. You can copy it to -`cfg/conf.ini` and adapt it as needed. The config file is divided into multiple -sections, which are enclosed in square brackets. - -In the `[main]` section you can enable or disable the discussion feature, set -the limit of stored pastes and comments in bytes. The `[traffic]` section lets -you set a time limit in seconds. Users may not post more often then this limit -to your PrivateBin installation. - -More details can be found in the -[configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration). - -## Further configuration - -After (or before) setting up PrivateBin, also set up HTTPS, as without HTTPS -PrivateBin is not secure. ( -[More information](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https)) - -If you want to use PrivateBin behind Cloudflare, make sure you disabled Rocket -loader and unchecked "Javascript" for Auto Minify, found in your domain settings, -under "Speed". (More information -[in this FAQ entry](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection)) - -## Advanced installation +## Hardening and security ### Changing the path @@ -75,6 +48,29 @@ process (see also > PrivateBin will look for your includes / data here: > /home/example.com/secret/privatebin +### Transport security + +When setting up PrivateBin, also set up HTTPS, if you haven't already. Without HTTPS +PrivateBin is not secure, as the javascript files could be manipulated during transmission. +For more information on this, see our [FAQ entry on HTTPS setup](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https). + +## Configuration + +In the file `cfg/conf.php` you can configure PrivateBin. A `cfg/conf.sample.php` +is provided containing all options and default values. You can copy it to +`cfg/conf.php` and adapt it as needed. The config file is divided into multiple +sections, which are enclosed in square brackets. + +In the `[main]` section you can enable or disable the discussion feature, set +the limit of stored pastes and comments in bytes. The `[traffic]` section lets +you set a time limit in seconds. Users may not post more often then this limit +to your PrivateBin installation. + +More details can be found in the +[configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration). + +## Advanced installation + ### Web server configuration A `robots.txt` file is provided in the root dir of PrivateBin. It disallows all @@ -88,6 +84,13 @@ some known robots and link-scanning bots. If you use Apache, you can rename the file to `.htaccess` to enable this feature. If you use another webserver, you have to configure it manually to do the same. +### On using Cloudflare + +If you want to use PrivateBin behind Cloudflare, make sure you have disabled the Rocket +loader and unchecked "Javascript" for Auto Minify, found in your domain settings, +under "Speed". (More information +[in this FAQ entry](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection)) + ### Using a database instead of flat files In the configuration file the `[model]` and `[model_options]` sections let you @@ -150,4 +153,4 @@ CREATE TABLE prefix_config ( INSERT INTO prefix_config VALUES('VERSION', '1.1'); ``` -In PostgreSQL the attachment column needs to be TEXT and not BLOB or MEDIUMBLOB. \ No newline at end of file +In PostgreSQL, the attachment column needs to be TEXT and not BLOB or MEDIUMBLOB. \ No newline at end of file From 93912de8d77514cc7772c12d2a6d7e209f8d4907 Mon Sep 17 00:00:00 2001 From: Vertux Date: Wed, 4 Oct 2017 22:33:46 +0200 Subject: [PATCH 06/30] Updated PrivateBin Directory (markdown) --- PrivateBin-Directory.md | 1 + 1 file changed, 1 insertion(+) diff --git a/PrivateBin-Directory.md b/PrivateBin-Directory.md index 600bc98..590a148 100644 --- a/PrivateBin-Directory.md +++ b/PrivateBin-Directory.md @@ -31,6 +31,7 @@ https://paste.tecff.de | :white_check_mark: | :white_large_square: https://bin.acquia.com | :white_check_mark: | :white_large_square: https://paste.fizi.ca | :white_check_mark: | :white_check_mark: | darkstrap theme https://paste.schleicloud.de | :white_check_mark: | :white_check_mark: +https://pastebin.togart.de | :white_check_mark: | :white_large_square: | Let's Encrypt SSL, A+ rated on SSL Labs, A rated on securityheaders.io ## PrivateBin 1.0 From 19966d17577c6b59b112fe557b80cbbfa8d4e949 Mon Sep 17 00:00:00 2001 From: Squitschy <32546441+Squitschy@users.noreply.github.com> Date: Thu, 5 Oct 2017 18:33:46 +0200 Subject: [PATCH 07/30] Updated PrivateBin Directory (markdown) --- PrivateBin-Directory.md | 1 + 1 file changed, 1 insertion(+) diff --git a/PrivateBin-Directory.md b/PrivateBin-Directory.md index 590a148..63b1e81 100644 --- a/PrivateBin-Directory.md +++ b/PrivateBin-Directory.md @@ -4,6 +4,7 @@ Need a server to paste your texts? Here is a list of URLs to choose from (in not URL | forced HTTPS | file upload | other ----|:------------:|:-----------:|------ +https://paste.itworx-solutions.at/ | :white_check_mark: | :white_check_mark: | Let's Encrypt SSL https://pb.nwsec.de | :white_check_mark: | :white_large_square: | Let's Encrypt SSL, A rated on SSL Labs, A rated on securityheaders.io https://privatebin.net | :white_check_mark: | :white_large_square: https://snip.dssr.ch | :white_check_mark: | :white_check_mark: From 73b0a5382acb702a45f2e61c6927fae761b03d52 Mon Sep 17 00:00:00 2001 From: Lucas Dousse Date: Tue, 24 Oct 2017 10:19:32 +0200 Subject: [PATCH 08/30] Add A+ --- PrivateBin-Directory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PrivateBin-Directory.md b/PrivateBin-Directory.md index 63b1e81..d3ce7fb 100644 --- a/PrivateBin-Directory.md +++ b/PrivateBin-Directory.md @@ -8,7 +8,7 @@ https://paste.itworx-solutions.at/ | :white_check_mark: | :white_check_mark: | L https://pb.nwsec.de | :white_check_mark: | :white_large_square: | Let's Encrypt SSL, A rated on SSL Labs, A rated on securityheaders.io https://privatebin.net | :white_check_mark: | :white_large_square: https://snip.dssr.ch | :white_check_mark: | :white_check_mark: -https://p.dousse.eu | :white_check_mark: | :white_check_mark: | No IP Logs, Let's Encrypt SSL, A+ rated on SSL Labs, A rated on securityheaders.io +https://p.dousse.eu | :white_check_mark: | :white_check_mark: | No IP Logs, Let's Encrypt SSL, A+ rated on SSL Labs, A+ rated on securityheaders.io https://paste.unixcorn.org | :white_check_mark: | :white_large_square: | French / Français https://wtf.roflcopter.fr/paste/ | :white_check_mark: | :white_large_square: https://paste.biocrafting.net | :white_check_mark: | :white_large_square: | No IP Logs, Let's Encrypt SSL, HPKP, HSTS (preload) From f55a5470c00c43ab9d3435d9466478c05a69d8b8 Mon Sep 17 00:00:00 2001 From: haywardgb Date: Sun, 12 Nov 2017 17:59:46 +0000 Subject: [PATCH 09/30] Updated FAQ (markdown) --- FAQ.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/FAQ.md b/FAQ.md index c59cab0..a532019 100644 --- a/FAQ.md +++ b/FAQ.md @@ -21,7 +21,7 @@ Please have a look at these questions *before* opening an issue in this repo. * [How to make PrivateBin work on my Android phone with data saver mode?](#user-content-how-to-make-privatebin-work-on-my-android-phone-with-data-saver-mode) * [How to make PrivateBin work when using Cloudflare for DDoS protection?](#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection) * [How to make PrivateBin work when I have changed some JavaScript files?](#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files) - +* [How to fix email-decode.min.js script causing errors?](#user-content-how-to-fix-email-decode-script-causing-errors) ## General @@ -210,4 +210,8 @@ Cloudflare works as a reverse proxy in front of your webserver. Apart from prote When changing the JS files (or adding new ones) you need to [regenerate the SRI hashes](https://github.com/PrivateBin/PrivateBin/wiki/Development#subresource-integrity-for-javascript-resources) in your template, so that they match the updated files. -If you didn't change the JS files intentionally, there might be someone/something interfering with these files. Most likely this is a (reverse) proxy, such as Cloudflare, certain VPNs, data saver modes in your client, etc. Try to use it from a different internet connection and a different device to figure out what is manipulating the files and if you can disable/circumvent it. \ No newline at end of file +If you didn't change the JS files intentionally, there might be someone/something interfering with these files. Most likely this is a (reverse) proxy, such as Cloudflare, certain VPNs, data saver modes in your client, etc. Try to use it from a different internet connection and a different device to figure out what is manipulating the files and if you can disable/circumvent it. + +### How to fix email.decode.min.js script from causing-errors? + +This problem seems to be specific to CloudFlare users. If you've enabled Email Obfuscation for your site, then you will need to create a page rule for your PrivateBin url with the Email Obfuscation disabled. \ No newline at end of file From f73e969e1732d7b86cc7205f1b0b4a91ed81a9e0 Mon Sep 17 00:00:00 2001 From: haywardgb Date: Sun, 12 Nov 2017 18:00:31 +0000 Subject: [PATCH 10/30] Updated FAQ (markdown) --- FAQ.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index a532019..920a9dc 100644 --- a/FAQ.md +++ b/FAQ.md @@ -21,7 +21,7 @@ Please have a look at these questions *before* opening an issue in this repo. * [How to make PrivateBin work on my Android phone with data saver mode?](#user-content-how-to-make-privatebin-work-on-my-android-phone-with-data-saver-mode) * [How to make PrivateBin work when using Cloudflare for DDoS protection?](#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection) * [How to make PrivateBin work when I have changed some JavaScript files?](#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files) -* [How to fix email-decode.min.js script causing errors?](#user-content-how-to-fix-email-decode-script-causing-errors) + * [How to fix email-decode.min.js script causing errors?](#user-content-how-to-fix-email-decode-script-causing-errors) ## General From af085086a33a64a1239207d477855b6b4564e691 Mon Sep 17 00:00:00 2001 From: haywardgb Date: Sun, 12 Nov 2017 18:01:35 +0000 Subject: [PATCH 11/30] Updated FAQ (markdown) --- FAQ.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index 920a9dc..4eeeee3 100644 --- a/FAQ.md +++ b/FAQ.md @@ -21,7 +21,7 @@ Please have a look at these questions *before* opening an issue in this repo. * [How to make PrivateBin work on my Android phone with data saver mode?](#user-content-how-to-make-privatebin-work-on-my-android-phone-with-data-saver-mode) * [How to make PrivateBin work when using Cloudflare for DDoS protection?](#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection) * [How to make PrivateBin work when I have changed some JavaScript files?](#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files) - * [How to fix email-decode.min.js script causing errors?](#user-content-how-to-fix-email-decode-script-causing-errors) + * [How to fix email-decode.min.js script causing errors?](#user-content-how-to-fix-email-decode-min-js-script-causing-errors) ## General From 1c42c6f7825f1104fa38ab333451dde340e65857 Mon Sep 17 00:00:00 2001 From: haywardgb Date: Sun, 12 Nov 2017 18:03:32 +0000 Subject: [PATCH 12/30] Updated FAQ (markdown) --- FAQ.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index 4eeeee3..9b99484 100644 --- a/FAQ.md +++ b/FAQ.md @@ -212,6 +212,6 @@ When changing the JS files (or adding new ones) you need to [regenerate the SRI If you didn't change the JS files intentionally, there might be someone/something interfering with these files. Most likely this is a (reverse) proxy, such as Cloudflare, certain VPNs, data saver modes in your client, etc. Try to use it from a different internet connection and a different device to figure out what is manipulating the files and if you can disable/circumvent it. -### How to fix email.decode.min.js script from causing-errors? +### How to fix email-decode.min.js script from causing-errors? This problem seems to be specific to CloudFlare users. If you've enabled Email Obfuscation for your site, then you will need to create a page rule for your PrivateBin url with the Email Obfuscation disabled. \ No newline at end of file From 075651ab02a2e2e14b9ed006e5977f3bbc4e13fb Mon Sep 17 00:00:00 2001 From: haywardgb Date: Sun, 12 Nov 2017 18:04:26 +0000 Subject: [PATCH 13/30] Updated FAQ (markdown) --- FAQ.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index 9b99484..f75dccc 100644 --- a/FAQ.md +++ b/FAQ.md @@ -212,6 +212,6 @@ When changing the JS files (or adding new ones) you need to [regenerate the SRI If you didn't change the JS files intentionally, there might be someone/something interfering with these files. Most likely this is a (reverse) proxy, such as Cloudflare, certain VPNs, data saver modes in your client, etc. Try to use it from a different internet connection and a different device to figure out what is manipulating the files and if you can disable/circumvent it. -### How to fix email-decode.min.js script from causing-errors? +### How to fix email-decode.min.js script from causing errors? This problem seems to be specific to CloudFlare users. If you've enabled Email Obfuscation for your site, then you will need to create a page rule for your PrivateBin url with the Email Obfuscation disabled. \ No newline at end of file From 5a0d98256bc72be32e99f4c76887888f6a0164f3 Mon Sep 17 00:00:00 2001 From: haywardgb Date: Sun, 12 Nov 2017 18:04:54 +0000 Subject: [PATCH 14/30] Updated FAQ (markdown) --- FAQ.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index f75dccc..7c2e5eb 100644 --- a/FAQ.md +++ b/FAQ.md @@ -21,7 +21,7 @@ Please have a look at these questions *before* opening an issue in this repo. * [How to make PrivateBin work on my Android phone with data saver mode?](#user-content-how-to-make-privatebin-work-on-my-android-phone-with-data-saver-mode) * [How to make PrivateBin work when using Cloudflare for DDoS protection?](#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection) * [How to make PrivateBin work when I have changed some JavaScript files?](#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files) - * [How to fix email-decode.min.js script causing errors?](#user-content-how-to-fix-email-decode-min-js-script-causing-errors) + * [How to fix email-decode.min.js script causing errors?](#user-content-how-to-fix-email-decode.min.js-script-causing-errors) ## General From b8e1ca4c2fa05641d0ad7cfbdf9f0798be1bd1fe Mon Sep 17 00:00:00 2001 From: haywardgb Date: Sun, 12 Nov 2017 18:05:44 +0000 Subject: [PATCH 15/30] Updated FAQ (markdown) --- FAQ.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index 7c2e5eb..d820f18 100644 --- a/FAQ.md +++ b/FAQ.md @@ -21,7 +21,7 @@ Please have a look at these questions *before* opening an issue in this repo. * [How to make PrivateBin work on my Android phone with data saver mode?](#user-content-how-to-make-privatebin-work-on-my-android-phone-with-data-saver-mode) * [How to make PrivateBin work when using Cloudflare for DDoS protection?](#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection) * [How to make PrivateBin work when I have changed some JavaScript files?](#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files) - * [How to fix email-decode.min.js script causing errors?](#user-content-how-to-fix-email-decode.min.js-script-causing-errors) + * [How to fix email-decode.min.js script causing errors?](#how-to-fix-email-decode.min.js-script-causing-errors) ## General From 2a8e2db367bc7c95f7f513635854b91bb69b7e9f Mon Sep 17 00:00:00 2001 From: haywardgb Date: Sun, 12 Nov 2017 18:14:20 +0000 Subject: [PATCH 16/30] Updated FAQ (markdown) --- FAQ.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index d820f18..9951d25 100644 --- a/FAQ.md +++ b/FAQ.md @@ -21,7 +21,7 @@ Please have a look at these questions *before* opening an issue in this repo. * [How to make PrivateBin work on my Android phone with data saver mode?](#user-content-how-to-make-privatebin-work-on-my-android-phone-with-data-saver-mode) * [How to make PrivateBin work when using Cloudflare for DDoS protection?](#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection) * [How to make PrivateBin work when I have changed some JavaScript files?](#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files) - * [How to fix email-decode.min.js script causing errors?](#how-to-fix-email-decode.min.js-script-causing-errors) + * [How to fix email-decode.min.js script causing errors?](#how-to-fix-email-decodeminjs-script-from-causing-errors) ## General From 7a763c61091b6b4da349431a3d7987bcc68aec8f Mon Sep 17 00:00:00 2001 From: Lee Hayward Date: Sun, 12 Nov 2017 21:00:13 +0000 Subject: [PATCH 17/30] Added my communities PrivateBin url --- PrivateBin-Directory.md | 1 + 1 file changed, 1 insertion(+) diff --git a/PrivateBin-Directory.md b/PrivateBin-Directory.md index d3ce7fb..c134d99 100644 --- a/PrivateBin-Directory.md +++ b/PrivateBin-Directory.md @@ -4,6 +4,7 @@ Need a server to paste your texts? Here is a list of URLs to choose from (in not URL | forced HTTPS | file upload | other ----|:------------:|:-----------:|------ +https://thecloud.org.uk/paste/ | :white_check_mark: | :white_large_square: | SSL , No Logging https://paste.itworx-solutions.at/ | :white_check_mark: | :white_check_mark: | Let's Encrypt SSL https://pb.nwsec.de | :white_check_mark: | :white_large_square: | Let's Encrypt SSL, A rated on SSL Labs, A rated on securityheaders.io https://privatebin.net | :white_check_mark: | :white_large_square: From a51b03493489eeba1c3b405dacbe5d01c23ee63a Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 12 Nov 2017 23:50:25 +0100 Subject: [PATCH 18/30] fix space, move down as still broken (and alphabetically) --- PrivateBin-Directory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PrivateBin-Directory.md b/PrivateBin-Directory.md index c134d99..8226679 100644 --- a/PrivateBin-Directory.md +++ b/PrivateBin-Directory.md @@ -4,7 +4,6 @@ Need a server to paste your texts? Here is a list of URLs to choose from (in not URL | forced HTTPS | file upload | other ----|:------------:|:-----------:|------ -https://thecloud.org.uk/paste/ | :white_check_mark: | :white_large_square: | SSL , No Logging https://paste.itworx-solutions.at/ | :white_check_mark: | :white_check_mark: | Let's Encrypt SSL https://pb.nwsec.de | :white_check_mark: | :white_large_square: | Let's Encrypt SSL, A rated on SSL Labs, A rated on securityheaders.io https://privatebin.net | :white_check_mark: | :white_large_square: @@ -34,6 +33,7 @@ https://bin.acquia.com | :white_check_mark: | :white_large_square: https://paste.fizi.ca | :white_check_mark: | :white_check_mark: | darkstrap theme https://paste.schleicloud.de | :white_check_mark: | :white_check_mark: https://pastebin.togart.de | :white_check_mark: | :white_large_square: | Let's Encrypt SSL, A+ rated on SSL Labs, A rated on securityheaders.io +https://thecloud.org.uk/paste/ | :white_check_mark: | :white_large_square: | SSL, No Logging ## PrivateBin 1.0 From df20ca01c9de102fcaf670bbaf3c1c66baa9bf7d Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 12 Nov 2017 23:54:39 +0100 Subject: [PATCH 19/30] Updated FAQ (markdown) --- FAQ.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/FAQ.md b/FAQ.md index 9951d25..12f595b 100644 --- a/FAQ.md +++ b/FAQ.md @@ -21,7 +21,6 @@ Please have a look at these questions *before* opening an issue in this repo. * [How to make PrivateBin work on my Android phone with data saver mode?](#user-content-how-to-make-privatebin-work-on-my-android-phone-with-data-saver-mode) * [How to make PrivateBin work when using Cloudflare for DDoS protection?](#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection) * [How to make PrivateBin work when I have changed some JavaScript files?](#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files) - * [How to fix email-decode.min.js script causing errors?](#how-to-fix-email-decodeminjs-script-from-causing-errors) ## General @@ -206,12 +205,12 @@ More details on Google Chromes Data Saver mode on Android can be found at [Googl Cloudflare works as a reverse proxy in front of your webserver. Apart from protecting your site against DDoS it acts as a man-in-the-middle even for HTTPS sites and by default tries to optimize your site for faster loading. Part of that optimization (currently) breaks our [SRI](https://scotthelme.co.uk/subresource-integrity/) used to ensure that your JS files don't get modified (actually it works as intended as Cloudflare _does_ modify them). It has been reported that disabling the "rocket loader" feature in Cloudflare solves this issue. +Similarly, if you encounter problems with `email-decode.min.js` you've enabled "email obfuscation" for your site in Cloudflare. In that case you will need to create a page rule for your PrivateBin URL to disable "email obfuscation". + ### How to make PrivateBin work when I have changed some JavaScript files? When changing the JS files (or adding new ones) you need to [regenerate the SRI hashes](https://github.com/PrivateBin/PrivateBin/wiki/Development#subresource-integrity-for-javascript-resources) in your template, so that they match the updated files. If you didn't change the JS files intentionally, there might be someone/something interfering with these files. Most likely this is a (reverse) proxy, such as Cloudflare, certain VPNs, data saver modes in your client, etc. Try to use it from a different internet connection and a different device to figure out what is manipulating the files and if you can disable/circumvent it. -### How to fix email-decode.min.js script from causing errors? - -This problem seems to be specific to CloudFlare users. If you've enabled Email Obfuscation for your site, then you will need to create a page rule for your PrivateBin url with the Email Obfuscation disabled. \ No newline at end of file +### How to fix script from causing errors? From 3f592685b8280da6ec0c7f2bc32353f94ded4b53 Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 12 Nov 2017 23:55:39 +0100 Subject: [PATCH 20/30] Updated FAQ (markdown) --- FAQ.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/FAQ.md b/FAQ.md index 12f595b..748ef6b 100644 --- a/FAQ.md +++ b/FAQ.md @@ -211,6 +211,4 @@ Similarly, if you encounter problems with `email-decode.min.js` you've enabled " When changing the JS files (or adding new ones) you need to [regenerate the SRI hashes](https://github.com/PrivateBin/PrivateBin/wiki/Development#subresource-integrity-for-javascript-resources) in your template, so that they match the updated files. -If you didn't change the JS files intentionally, there might be someone/something interfering with these files. Most likely this is a (reverse) proxy, such as Cloudflare, certain VPNs, data saver modes in your client, etc. Try to use it from a different internet connection and a different device to figure out what is manipulating the files and if you can disable/circumvent it. - -### How to fix script from causing errors? +If you didn't change the JS files intentionally, there might be someone/something interfering with these files. Most likely this is a (reverse) proxy, such as Cloudflare, certain VPNs, data saver modes in your client, etc. Try to use it from a different internet connection and a different device to figure out what is manipulating the files and if you can disable/circumvent it. \ No newline at end of file From 3b676ae30b309bdc055764ad0e1fbd31400f63f4 Mon Sep 17 00:00:00 2001 From: Lee Hayward Date: Sun, 12 Nov 2017 23:45:29 +0000 Subject: [PATCH 21/30] Updated FAQ (markdown) --- FAQ.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index 748ef6b..84d16e0 100644 --- a/FAQ.md +++ b/FAQ.md @@ -203,7 +203,7 @@ More details on Google Chromes Data Saver mode on Android can be found at [Googl ### How to make PrivateBin work when using Cloudflare for DDoS protection? -Cloudflare works as a reverse proxy in front of your webserver. Apart from protecting your site against DDoS it acts as a man-in-the-middle even for HTTPS sites and by default tries to optimize your site for faster loading. Part of that optimization (currently) breaks our [SRI](https://scotthelme.co.uk/subresource-integrity/) used to ensure that your JS files don't get modified (actually it works as intended as Cloudflare _does_ modify them). It has been reported that disabling the "rocket loader" feature in Cloudflare solves this issue. +Cloudflare works as a reverse proxy in front of your webserver. Apart from protecting your site against DDoS it acts as a man-in-the-middle even for HTTPS sites and by default tries to optimize your site for faster loading. Part of that optimization (currently) breaks our [SRI](https://scotthelme.co.uk/subresource-integrity/) used to ensure that your JS files don't get modified (actually it works as intended as Cloudflare _does_ modify them). It has been reported that disabling the "rocket loader" feature in Cloudflare solves this issue. If you don't want to disable "Rocket Loader" site wide, then you can disable it on a per page basis by adding the "Disable Performance" rule to for that page only, this will turn off "Minification, Rocket Loader, Mirage and Polish". Similarly, if you encounter problems with `email-decode.min.js` you've enabled "email obfuscation" for your site in Cloudflare. In that case you will need to create a page rule for your PrivateBin URL to disable "email obfuscation". From 0533cfb07a699ef5bda6b23b2a3bb316c3697334 Mon Sep 17 00:00:00 2001 From: Lee Hayward Date: Sun, 12 Nov 2017 23:46:26 +0000 Subject: [PATCH 22/30] Updated FAQ (markdown) --- FAQ.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index 84d16e0..d050168 100644 --- a/FAQ.md +++ b/FAQ.md @@ -203,7 +203,7 @@ More details on Google Chromes Data Saver mode on Android can be found at [Googl ### How to make PrivateBin work when using Cloudflare for DDoS protection? -Cloudflare works as a reverse proxy in front of your webserver. Apart from protecting your site against DDoS it acts as a man-in-the-middle even for HTTPS sites and by default tries to optimize your site for faster loading. Part of that optimization (currently) breaks our [SRI](https://scotthelme.co.uk/subresource-integrity/) used to ensure that your JS files don't get modified (actually it works as intended as Cloudflare _does_ modify them). It has been reported that disabling the "rocket loader" feature in Cloudflare solves this issue. If you don't want to disable "Rocket Loader" site wide, then you can disable it on a per page basis by adding the "Disable Performance" rule to for that page only, this will turn off "Minification, Rocket Loader, Mirage and Polish". +Cloudflare works as a reverse proxy in front of your webserver. Apart from protecting your site against DDoS it acts as a man-in-the-middle even for HTTPS sites and by default tries to optimize your site for faster loading. Part of that optimization (currently) breaks our [SRI](https://scotthelme.co.uk/subresource-integrity/) used to ensure that your JS files don't get modified (actually it works as intended as Cloudflare _does_ modify them). It has been reported that disabling the "rocket loader" feature in Cloudflare solves this issue. If you don't want to disable "Rocket Loader" site wide, then you can disable it on a per page basis by adding the "Disable Performance" rule to that page only, this will turn off "Minification, Rocket Loader, Mirage and Polish". Similarly, if you encounter problems with `email-decode.min.js` you've enabled "email obfuscation" for your site in Cloudflare. In that case you will need to create a page rule for your PrivateBin URL to disable "email obfuscation". From 9ca4d6dd5cba8b1caf0a4cf54cfc03e8207e2aba Mon Sep 17 00:00:00 2001 From: EchoDev Date: Sat, 25 Nov 2017 14:20:27 +0000 Subject: [PATCH 23/30] Added "What are the recommended file and folder permissions for Privatebin?" --- FAQ.md | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/FAQ.md b/FAQ.md index d050168..e87b008 100644 --- a/FAQ.md +++ b/FAQ.md @@ -21,6 +21,7 @@ Please have a look at these questions *before* opening an issue in this repo. * [How to make PrivateBin work on my Android phone with data saver mode?](#user-content-how-to-make-privatebin-work-on-my-android-phone-with-data-saver-mode) * [How to make PrivateBin work when using Cloudflare for DDoS protection?](#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection) * [How to make PrivateBin work when I have changed some JavaScript files?](#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files) + * [What are the recommended file and folder permissions for Privatebin?](#what-are-the-recommended-file-and-folder-permissions-for-privatebin) ## General @@ -211,4 +212,38 @@ Similarly, if you encounter problems with `email-decode.min.js` you've enabled " When changing the JS files (or adding new ones) you need to [regenerate the SRI hashes](https://github.com/PrivateBin/PrivateBin/wiki/Development#subresource-integrity-for-javascript-resources) in your template, so that they match the updated files. -If you didn't change the JS files intentionally, there might be someone/something interfering with these files. Most likely this is a (reverse) proxy, such as Cloudflare, certain VPNs, data saver modes in your client, etc. Try to use it from a different internet connection and a different device to figure out what is manipulating the files and if you can disable/circumvent it. \ No newline at end of file +If you didn't change the JS files intentionally, there might be someone/something interfering with these files. Most likely this is a (reverse) proxy, such as Cloudflare, certain VPNs, data saver modes in your client, etc. Try to use it from a different internet connection and a different device to figure out what is manipulating the files and if you can disable/circumvent it. + + + +### What are the recommended file and folder permissions for Privatebin? + +Depending on your setup, the PHP process may run under a different user then the web server. Here are a few common setup scenarios: + +1. "Classic" Apache web server with mod_php - In this case PHP scripts are run as child-processes of the apache server and as the same user as the apache server. Since there is only one user in this scenario that needs access, one could go with just owner level permissions (0600 instead of 0640 for example). + +2. Any webserver, PHP runs as (fast)cgi or PHP-FPM (fast process manager) process - here the webserver and PHP may run in separate users. This is very common on shared hosters, where each customers PHP scripts are run in their own user, so that they can't read other customers files, etc. For this setup to work, the owner needs to be set to the same as the php process (usually not something that you can change on a share hoster) and the group needs to be set to a group the web servers user is in. + +The permissions need to look like this: + +* Directories: 0550 (read-only for owner and group, not accessible for others) +* Data directory: 0750 (writeable for owner, read-only for group, not accessible for others) +* Files: 0640 (writeable for owner, read-only for group, not accessible for others), created files get these permissions automatically + +For most setups it is also possible to use the following script. Make sure to edit the users and folders where necessary. + +```#!/bin/bash +pbpath='/var/www/privatebin' +pbdata='/var/www/privatebin/data' +htuser='www-data' +htgroup='www-data' +rootuser='root' + +printf "chmod Files and Directories\n" +find ${pbpath}/ -type f -print0 | xargs -0 chmod 0640 +find ${pbpath}/ -type d -print0 | xargs -0 chmod 0550 +find ${pbdata}/ -type f -print0 | xargs -0 chmod 0640 +find ${pbdata}/ -type d -print0 | xargs -0 chmod 0750 + +printf "chown Directories\n" +chown -R ${rootuser}:${htgroup} ${pbpath}/``` \ No newline at end of file From c70d2224a59650de074301ca10e1548e1ffaa473 Mon Sep 17 00:00:00 2001 From: rugk Date: Sat, 25 Nov 2017 19:12:58 +0100 Subject: [PATCH 24/30] correct syntax highlighting --- FAQ.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/FAQ.md b/FAQ.md index e87b008..269a7dc 100644 --- a/FAQ.md +++ b/FAQ.md @@ -232,7 +232,7 @@ The permissions need to look like this: For most setups it is also possible to use the following script. Make sure to edit the users and folders where necessary. -```#!/bin/bash +```sh pbpath='/var/www/privatebin' pbdata='/var/www/privatebin/data' htuser='www-data' @@ -246,4 +246,5 @@ find ${pbdata}/ -type f -print0 | xargs -0 chmod 0640 find ${pbdata}/ -type d -print0 | xargs -0 chmod 0750 printf "chown Directories\n" -chown -R ${rootuser}:${htgroup} ${pbpath}/``` \ No newline at end of file +chown -R ${rootuser}:${htgroup} ${pbpath}/ +``` \ No newline at end of file From cb042167fde9598cc5e1d4643f97c191123c6a40 Mon Sep 17 00:00:00 2001 From: rugk Date: Sat, 25 Nov 2017 19:16:10 +0100 Subject: [PATCH 25/30] make script a little nicer (thx shellcheck) --- FAQ.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/FAQ.md b/FAQ.md index 269a7dc..f43d9cd 100644 --- a/FAQ.md +++ b/FAQ.md @@ -233,18 +233,19 @@ The permissions need to look like this: For most setups it is also possible to use the following script. Make sure to edit the users and folders where necessary. ```sh +#!/bin/sh pbpath='/var/www/privatebin' pbdata='/var/www/privatebin/data' -htuser='www-data' +# htuser='www-data' (unused) htgroup='www-data' rootuser='root' -printf "chmod Files and Directories\n" +echo "[chmod] files and directories" find ${pbpath}/ -type f -print0 | xargs -0 chmod 0640 find ${pbpath}/ -type d -print0 | xargs -0 chmod 0550 find ${pbdata}/ -type f -print0 | xargs -0 chmod 0640 find ${pbdata}/ -type d -print0 | xargs -0 chmod 0750 -printf "chown Directories\n" -chown -R ${rootuser}:${htgroup} ${pbpath}/ +echo "[chown] Directories" +chown -R ${rootuser}:${htgroup} "${pbpath}/" ``` \ No newline at end of file From d7b0c1bb55b20bc391bd7cc37a623651edb47d40 Mon Sep 17 00:00:00 2001 From: rugk Date: Sat, 25 Nov 2017 19:16:59 +0100 Subject: [PATCH 26/30] Updated FAQ (markdown) --- FAQ.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/FAQ.md b/FAQ.md index f43d9cd..ad7198f 100644 --- a/FAQ.md +++ b/FAQ.md @@ -241,10 +241,10 @@ htgroup='www-data' rootuser='root' echo "[chmod] files and directories" -find ${pbpath}/ -type f -print0 | xargs -0 chmod 0640 -find ${pbpath}/ -type d -print0 | xargs -0 chmod 0550 -find ${pbdata}/ -type f -print0 | xargs -0 chmod 0640 -find ${pbdata}/ -type d -print0 | xargs -0 chmod 0750 +find "${pbpath}/" -type f -print0 | xargs -0 chmod 0640 +find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550 +find "${pbdata}/" -type f -print0 | xargs -0 chmod 0640 +find "${pbdata}/" -type d -print0 | xargs -0 chmod 0750 echo "[chown] Directories" chown -R ${rootuser}:${htgroup} "${pbpath}/" From c6683733eecd800a17693df45c12ae1acd8610ad Mon Sep 17 00:00:00 2001 From: rugk Date: Sat, 25 Nov 2017 19:19:17 +0100 Subject: [PATCH 27/30] add info how to condfigure file level permissions --- Installation.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Installation.md b/Installation.md index a59321a..298762b 100644 --- a/Installation.md +++ b/Installation.md @@ -69,6 +69,12 @@ to your PrivateBin installation. More details can be found in the [configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration). +### File-level permissions + +After completing the installation, you should make sure, other users on the system cannot read the config file or the `data/` directory, as – depending on your configuration – potential secret information are saved there. + +See [this FAQ item](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#what-are-the-recommended-file-and-folder-permissions-for-privatebin) for a detailed guide on how to "harden" the permissions of files and folders. + ## Advanced installation ### Web server configuration @@ -84,7 +90,7 @@ some known robots and link-scanning bots. If you use Apache, you can rename the file to `.htaccess` to enable this feature. If you use another webserver, you have to configure it manually to do the same. -### On using Cloudflare +### When using Cloudflare If you want to use PrivateBin behind Cloudflare, make sure you have disabled the Rocket loader and unchecked "Javascript" for Auto Minify, found in your domain settings, From 241e609fe2ea2f8f51067a95a6b419babf7d1843 Mon Sep 17 00:00:00 2001 From: rugk Date: Sat, 25 Nov 2017 19:20:25 +0100 Subject: [PATCH 28/30] correct position --- Installation.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Installation.md b/Installation.md index 298762b..2baa48c 100644 --- a/Installation.md +++ b/Installation.md @@ -54,6 +54,12 @@ When setting up PrivateBin, also set up HTTPS, if you haven't already. Without H PrivateBin is not secure, as the javascript files could be manipulated during transmission. For more information on this, see our [FAQ entry on HTTPS setup](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https). +### File-level permissions + +After completing the installation, you should make sure, other users on the system cannot read the config file or the `data/` directory, as – depending on your configuration – potential secret information are saved there. + +See [this FAQ item](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#what-are-the-recommended-file-and-folder-permissions-for-privatebin) for a detailed guide on how to "harden" the permissions of files and folders. + ## Configuration In the file `cfg/conf.php` you can configure PrivateBin. A `cfg/conf.sample.php` @@ -69,12 +75,6 @@ to your PrivateBin installation. More details can be found in the [configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration). -### File-level permissions - -After completing the installation, you should make sure, other users on the system cannot read the config file or the `data/` directory, as – depending on your configuration – potential secret information are saved there. - -See [this FAQ item](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#what-are-the-recommended-file-and-folder-permissions-for-privatebin) for a detailed guide on how to "harden" the permissions of files and folders. - ## Advanced installation ### Web server configuration From 225df2d544ce1751ac98218eb6347f72c55845f3 Mon Sep 17 00:00:00 2001 From: Lee Hayward Date: Thu, 14 Dec 2017 23:18:23 +0000 Subject: [PATCH 29/30] Site no longer active on Tor. Broken link. --- PrivateBin-Directory.md | 1 - 1 file changed, 1 deletion(-) diff --git a/PrivateBin-Directory.md b/PrivateBin-Directory.md index 8226679..86fd1c1 100644 --- a/PrivateBin-Directory.md +++ b/PrivateBin-Directory.md @@ -13,7 +13,6 @@ https://paste.unixcorn.org | :white_check_mark: | :white_large_square: | French https://wtf.roflcopter.fr/paste/ | :white_check_mark: | :white_large_square: https://paste.biocrafting.net | :white_check_mark: | :white_large_square: | No IP Logs, Let's Encrypt SSL, HPKP, HSTS (preload) https://paste.imirhil.fr | :white_check_mark: | :white_large_square: | No IP Logs, Let's Encrypt SSL, HPKP, HSTS (preload), CAA, DNSSec, DANE/TLSA,… -http://paste.aeriszyr4wbpvuo2.onion/ | :white_large_square: | :white_large_square: | Tor hidden service https://paste.warth-hofer.de | :white_check_mark: | :white_check_mark: | No IP Logs, Let's Encrypt SSL, A+ rated on [SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=paste.warth-hofer.de&s=37.120.174.18&hideResults=on) and [securityheaders.io](https://securityheaders.io/?q=https%3A%2F%2Fpaste.warth-hofer.de%2F&hide=on) https://jaegers.net/privatebin/ | :white_check_mark: | :white_check_mark: | No IP Logs, all languages, logo added to bootstrap theme https://pastebin.aquilenet.fr | :white_check_mark: | :white_large_square: | darkstrap theme From 9d7b3e339da2f4febb89ca8b0bcee69bbb5fa4de Mon Sep 17 00:00:00 2001 From: El RIDO Date: Fri, 15 Dec 2017 11:11:56 +0100 Subject: [PATCH 30/30] Updated PrivateBin Directory (markdown) --- PrivateBin-Directory.md | 1 + 1 file changed, 1 insertion(+) diff --git a/PrivateBin-Directory.md b/PrivateBin-Directory.md index 86fd1c1..c064c6c 100644 --- a/PrivateBin-Directory.md +++ b/PrivateBin-Directory.md @@ -4,6 +4,7 @@ Need a server to paste your texts? Here is a list of URLs to choose from (in not URL | forced HTTPS | file upload | other ----|:------------:|:-----------:|------ +https://pasteit.se | :white_large_square: | :white_large_square: | darkstrap theme, Let's Encrypt SSL https://paste.itworx-solutions.at/ | :white_check_mark: | :white_check_mark: | Let's Encrypt SSL https://pb.nwsec.de | :white_check_mark: | :white_large_square: | Let's Encrypt SSL, A rated on SSL Labs, A rated on securityheaders.io https://privatebin.net | :white_check_mark: | :white_large_square: