Oppaitime's version of Gazelle
erio 4bdb161ec8 Thumbnail image previews in the freeleech section of the index 1 month ago
classes Cease use of deprecated functions 1 month ago
design Improve mobile experience 1 month ago
sections Thumbnail image previews in the freeleech section of the index 1 month ago
static Improve mobile experience 1 month ago
templates Require authorization for logins from new locations 1 year ago
.gitignore Nicer looking login form 8 months ago
LICENSE.md Add license 3 months ago
README.md Update 'README.md' 6 months ago
ajax.php Initial commit 1 year ago
announce.php Initial commit 1 year ago
artist.php Initial commit 1 year ago
better.php Initial commit 1 year ago
blog.php Initial commit 1 year ago
bookmarks.php Initial commit 1 year ago
browse.php Initial commit 1 year ago
chat.php Initial commit 1 year ago
collage.php Initial commit 1 year ago
collages.php Initial commit 1 year ago
comments.php Initial commit 1 year ago
contest.php Forgot to track these apparently 1 year ago
delete.php Initial commit 1 year ago
donate.php Initial commit 1 year ago
enable.php Initial commit 1 year ago
error.php Initial commit 1 year ago
feeds.php Add compatibility with php-memcached 1 month ago
flush.php Initial commit 1 year ago
forums.php Initial commit 1 year ago
friends.php Initial commit 1 year ago
gazelle.sql Remove references to third-party Push services 1 month ago
image.php Update proxy error images 1 year ago
inbox.php Initial commit 1 year ago
index.php Initial commit 1 year ago
irc.php Initial commit 1 year ago
locked.php Initial commit 1 year ago
log.php Initial commit 1 year ago
login.php Initial commit 1 year ago
logout.php Initial commit 1 year ago
manifest.php Improve mobile experience 1 month ago
peerupdate.php Change some short php tags to long tags 9 months ago
questions.php Initial commit 1 year ago
register.php Initial commit 1 year ago
reports.php Initial commit 1 year ago
reportsv2.php Initial commit 1 year ago
requests.php Initial commit 1 year ago
robots.txt Initial commit 1 year ago
rules.php Initial commit 1 year ago
schedule.php Initial commit 1 year ago
scrape.php Initial commit 1 year ago
signup.php Initial commit 1 year ago
sitehistory.php Initial commit 1 year ago
slaves.php Add preliminary slave management page 6 months ago
snatchlist.php Initial commit 1 year ago
staff.php Initial commit 1 year ago
staffblog.php Initial commit 1 year ago
staffpm.php Initial commit 1 year ago
stats.php Initial commit 1 year ago
store.php Initial commit 1 year ago
testing.php Initial commit 1 year ago
tools.php Initial commit 1 year ago
top10.php Initial commit 1 year ago
torrents.php Initial commit 1 year ago
upload.php Initial commit 1 year ago
user.php Initial commit 1 year ago
userhistory.php Initial commit 1 year ago
whitelist.php Initial commit 1 year ago
wiki.php Initial commit 1 year ago

README.md

This is Oppaitime's version of Gazelle

Below are some lists of differences between this version of Gazelle and What.cd's. Please note that these lists are far from complete.

Major Changes

Integrated Database Encryption

Using a database key provided by staff and only ever stored as a hash in memory (via APCu), the integrated database encryption is used to encrypt sensitive user data like IP addresses, emails, and private messages regardless of the underlying system gazelle is running on.

The rest of gazelle must be aware that some of the data it fetches from the DB is encrypted, and must have a fallback if that data is unavailable (the key is not in memory). You will see plenty of if (!apcu_exists('DBKEY')) { in this codebase.

Authorized Login Locations

Whenever a login occurs from a location (determined by ASN) that hasn't logged into that account before, an email is sent to the account owner requesting that they authorize that location before the login will go through.

This prevents most attacks that would be otherwise successful, as it requires an attacker to access the site from the same locations the actual user uses to login.

Two-Factor Authentication

Despite our other (less intrusive) methods of protecting user accounts being more than sufficient for virtually all feasible attacks, we also ship optional 2FA should users feel the need to enable it.

Universal 2nd Factor

Support for physical U2F tokens has also been added as an optional alternative to normal 2FA. U2F allows users to protect their account with something less likely to be lost or erased than 2FA keys stored on a phone.

Unique Infohashes

Upon upload, torrent files are modified to contain a "source" field in the info dict containing the concatination of the site name and some generated junk data (unique per-torrent). This prevents infohash collisions with torrents cross-seeded from other sites in the same client, and also helps protect against some not particularly likely peer-leaking attacks.

Expunge Requests

Users are able to view the data kept on them and issue requests for the deletion of old information to staff through a simple interface.

Resource Proxying

All external resources that may appear on a page are fetched and served by the server running gazelle. This prevents the leak of user information to third parties hosting content that has been included on a page through an image tag or similar.

Scheduler

The scheduler has been broken up into more manageable parts and has additional selective runtime features for manual execution.

Bonus Points

Like most gazelle forks, we've added a bonus point system and store.

Modern password hashing

We use modern PHP password hashing features that automatically rehash your password when a better hashing algorithm is made available and employ prehashing to allow you to use a secure password of any length. Original gazelle would effectively truncate your password after around 72 characters (if the tracker even allowed you to use a password that long). This codebase does not have the same problem, and allows passwords of virtually unlimited length (over 30,000 characters by default) that remain useful after a few tens of characters.

Minor Changes

  • When a torrent is trumped, the new torrent is made freeleech to users who snatched the old torrent for a few days.
  • Sends headers to tell cloudflare to use HTTP/2 Server Push for most resources.
  • BTN-style magnet link support.
  • Support for optional per-user stylesheet additions and tweaks
  • This codebase expects to run over https only.