Free* webhosting!

By Jake! Alternative links: Tor, I2P, OpenNIC, Yggdrasil, OpenNIC (Yggdrasil)(Undergoing server migration)

I require some information so I can give you free* webhosting. I won't offer this forever and when I reach lets say... 10-40 members, maybe less (depends on how my system can handle this or how much my stress level has gone up), I will stop offering this.

"I don't want to give you my data!" - you

Okay. Get you're free* webhosting elsewhere. Or you can self host yourself, which is a based and chad move.

Read the rules:

  • No blatant copyright violations.
  • Entire website should be less than 5GiB.
  • This is for websites ONLY (i.e. no minetest servers).
  • Usage of the shell should be for website related reasons only.
  • Do not upload things that will send me to jail.


Or in this case: fcurrently anticipated questions.


The server is undergoing maintenance! Expect the information on this page, especially the 'behind the scenes' details to be VERY INCORRECT.

What is the benefit of this over, say, Neocities?

Basically, none. The difference between Neocities and me is that I actually offer server side script support and other things like MySQL (or plan to) for free*. Neocities also gives you more disk space for free (about a GB?) where as I only give you a measly 50MiB. Unless you need these things, you should stick with Neocities. I also give you the option to ssh through tor and I2P...

Will you sell the data you get from this?

No. I will say this: I swear on my honor that I will never sell data given to me for this project of mine, nor will I ever give it our freely, or without permission. I will keep it for as long as I need to and will destory it when I do not.

If this statement won't convince you I have honest intentions, nothing will. Neocities requests less information, for instance, but require you to use RECAPTCHA.

How come you are doing this?

I thought it would be fun. It is stupid easy to host my own website so I wanted to also host other people's as well, if they wanted, even if temporarily.

Isn't it like, dangerous or scary?

A little bit, giving people access to your box with an actual interactive shell is scary but I think it will be worth it.

What if they install a bitcoin miner?

A raspberry pi isn't very good at bitcoin mining, but to answer the real question: I hope someone doesn't.

Will my files be safe?

Safe? Well... If it is security you are after, you ought to look else where. But I have implemented some DACs that should keep random people from accessing your files, but yeah, security is not exactly top on the priority here, hence the no critical sites rule. It is also self-hosted (by me), in case I forgot to mention that. I also have root access. I can read your scripts, so if you need them to remain secret, you are definitely in the wrong place.

Describe the DACs you placed.

		drwx------ 4 username username 4096 Mar 18 08:03 .
		drwx------ 4 username username 4096 Mar 18 08:03 logs
		drwxrwx--- 4 username webusername 4096 Mar 18 08:03 protected
		drwxr-x--- 7 username webusername 4096 Mar 19 03:14 public

I've noticed with rsync, certain flags change the directories permissions and change directory group.

Webusers view:

		drwxr-x--- 5 webfree webfree 4096 Mar 24 09:52 free
		drwxr-x--- 5 webusername webusername 4096 Mar 31 08:04 username
		drwxr-x--- 5 webasdfasdf webasdfasdf 4096 Mar 24 08:56 asdfasdf
		drwxr-x--- 5 webfdsafdsa webfdsafdsa 4096 Mar 30 19:53 fdsafdsa
		drwxr-x--- 5 webjkllkj webjkllkj 4096 Mar 24 09:52 jkllkj

Uh, describe the DACs like I am five.

There are two users associated with your account: the one you control (username) and the one the http daemon controls (webusername)

If you write a stupid script that gives an attacker a shell, they have access to only webusername. webusername has read permissions on your public and protected dir. It also has write permissions in your protected dir. In this way, a script should be unable to read files in other user's public, protected, and logs dir. Additionally, the logs folder is owned by username so a rogue script is unable to open that directory... unless YOU change the group of it.

It did not occur to me until later but I realized that I could just change the owner of the directories in the apache chroot, so this is even more secure from a certain view. Unless I did a stupid, it should be very annoyingly difficult to try to view other users directories.

What permissions should my files be (inside public/)?

Extension Perms
html, css, js 644
.cgi, .pl, .rb, etc 655
.php 644
Directories 755

These permissions seem too accessible...

You can change other permissions to 0, then if you desire. You will have to ensure that webusername will be able to read it by changing group ownership. I may write a script that handles this for you, we'll see. I did not realize that a user would be unable to change a file's group even if they were owner until recently. F.

What is the point of the protected dir?

The protected dir is intended for 'behind the scenes' files that CAN be accessible to the web in some kind of format. Posts on my guest book and the comments section on my blog are for instance, in this directory. It is recommended that webuser creates files in here rather than you since because unless the file is world readable the webuser will not be able to modify the files.

You aren't going to ask for a password for my username?

SSH Pubkey removes the need for this entirely. Besides, you didn't think that you would actually be a member of the sudoers... did you?

How will I know how to log in?

I will contact you with relevant information.

How do I modify my website?

rsync. VI/Vim. sftp. printf "<h1>hello world</h1>" > index.html. Maybe you write a setuid script for webuser and it can modify your website through http. Maybe you make your files writable by webusername group. Idk. Just a reminder that you should probably check permissions after uploading. I take no fault for mistakes that I did not cause :)

Hmm... my website is taking forever to load!

Well, I am self-hosting this... so... yeah. ISP up speed is like 10MPS... Also self-hosting other websites. Low speeds should probably be expected.

I can't access website with my phone's data tower!

Blame your cell data provider. You can probably access your website with a http proxy. If I had to wager a guess your upstream DNS doesn't like me. Annoyingly, I can see a single GET request for a favicon but nothing else gets through, at least for me.

What else do I get with this free* offer?

Logs rotated daily, up to five days. That is about all I can think of at the moment.

You can ssh through Tor into your account.

You can ssh through I2P into your account.

SSH in my account through Tor? What?

Yep, I've recently added this. Step by step instructions: 1. Make sure tor is actually active. 2. torify with account details at your .onion link. 3. Be horrified at how FUCKING SLOW it is.

SSH in my account through I2P? What?

Yep, I've recently added this. Involves bsd-netcat which is different from gnu-netcat. 1. Make sure I2P is actually active. 2. modify your .ssh/config with the following:

host itwop
	Hostname qs4bgtdrrnpkuzzlag6b6klu3zcxdtldi5rr24fnn2swhxncnrza.b32.i2p 
	User {your username}
	Port {ssh port}
	ProxyCommand nc -X connect -x %h %p
3. ssh itwop

Ok, explain the free* thing, especially the asterisk.

Well, it's free* as in free web-hosting... for as long as I can or want to host it. Or as long as I don't terminate your site. That is about it. Also you are subject to the free* treatment. As in, I will do things, and most likely your website will be taken offline from time to time. Probably for a short duration. If your site if offline, then so is mine, and I probably know about it.

Why do you ask for my GPG Public Key?

So I can encrypt messages sent to you.

Why do you ask for my SSH Public Key?

So you can log into your account.

Background/Music source?