I’d say that’s the most accurate comment. In life (and even more so on the Internet), people tend to destroy more than they create.
The Internet is a good thing, given all it offers us, but unfortunately there are downsides (a lot of weirdos, for example)
Hi, first of all thanks for the nice comment.
And yes, I’m in touch with some people who run file-hosting services, and they’ve helped me a lot.
Catbox is a good file-hosting service, but unfortunately it doesn’t support files larger than 200MB
You read it right, BLOCKED_EXT is just an extension list and renaming walks straight past it. But that list was never the malware check, it only stops someone uploading payload.exe
Mime sniffing wouldn’t have caught it either, since that value rides along in the request and a renamed upload just lies about it.
The actual defense is ClamAV, same file if you grep clamScan and CLAMAV_SCAN, and it reads what’s inside the file instead of the name. I tried the calc.jpg trick for real, an EICAR test renamed to calc.jpg sent as image/jpeg, and the upload came back refused.
Hello, yes, the name refers to the webtoon (08/07). It’s an anthology of horror stories. https://www.webtoons.com/en/canvas/0807/list?title_no=848743
As for the stored files whose retention period is set to never they do indeed remain online I monitor their status rather than letting them accumulate unchecked.
There is a configurable storage limit and once it’s reached, the server blocks any new uploads instead of silently deleting or overwriting existing files.
There’s also an (optional cleanup feature) for files that haven’t been used in a long time, which I can enable if I ever run out of space.
With 16 TB, I have plenty of leeway and since I manage the server myself I can add disks or sort through the files manually if necessary. No files without an expiration date are automatically deleted.
And thanks I’m glad you like it :)
deleted by creator
deleted by creator
Hi, first of all, thanks for the kind comment, @irmadlad
Yes, you probably saw my old post (which was incomplete) and which I ended up deleting. I’ve been able to add quite a few useful things to the project, and I’ll continue to maintain it and upload updates to the subdomain (src.0807.st)
And of course, I’ll always advise people to run this locally to minimize risk :)