87
[Project] 0807 - a self-hosted ephemeral file host with no accounts and a Tor onion service (0807.st)
submitted 21 hours ago* (last edited 21 hours ago) by 0807@lemmy.world to c/selfhosted@lemmy.world
17 comments fedilink hide all child comments

I run 0807, a small self-hosted file host. Drop a file, get a short link, and choose when it disappears.

What it does:

  • No account, no ads, no trackers
  • Auto-delete by time (1 hour up to 30 days, or never) or after a set number of downloads
  • Optional password protection on files and on text notes
  • Files up to 20 GB, with 16 TB of storage behind it
  • Reachable over Tor through an onion service
  • Text notes with the same self-destruct and password options
  • A few file types are blocked for safety (exe, bat, scripts, and similar)

PS: there is no end-to-end encryption, and that is deliberate. The server can read what is stored.

I want to be able to take illegal uploads down when they get reported, CSAM in particular.

End-to-end encryption would make the server blind to its own contents, which is great for privacy but would also stop me from acting on those reports.

If you need real secrecy, encrypt the file before you upload it. The password option is there for casual privacy (not as protection from me or from whoever might get into the server.)

The code is open, and I host it the same way I host the files, on my own server instead of HERE .

You can read it, propose a change, or open an issue there, no account needed

Happy to answer questions about the setup or take feedback.

you are viewing a single comment's thread
view the rest of the comments
[-] 0807@lemmy.world 8 points 18 hours ago

You read it right, BLOCKED_EXT is just an extension list and renaming walks straight past it. But that list was never the malware check, it only stops someone uploading payload.exe

Mime sniffing wouldn't have caught it either, since that value rides along in the request and a renamed upload just lies about it.

The actual defense is ClamAV, same file if you grep clamScan and CLAMAV_SCAN, and it reads what's inside the file instead of the name. I tried the calc.jpg trick for real, an EICAR test renamed to calc.jpg sent as image/jpeg, and the upload came back refused.

[-] non_burglar@lemmy.world 6 points 17 hours ago

Clamav is woefully behind on definitions, just be aware of that.

[-] xinayder@infosec.pub 2 points 6 hours ago

you can install updated filters for it, though. Just check out fangfrisch.

this post was submitted on 18 Jun 2026
87 points (95.8% liked)

Selfhosted

59973 readers
401 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world