Upload.Hattix FAQs

  • You don't have to register.
  • It isn't client-to-client, so works on all networks - Useful if file sending is very slow.
  • It works using normal standard HTML which all browsers since 1997 understand.
  • The files here cannot be listed, so nobody else can get at whatever you're sending or storing unless you give them the URL.
  • No censorship. Ever.
  • It is fully compatible with all home networking equipment at full speed.
  • It's actually quite a useful way to transfer files between smartphones.

Is there any restriction on what I can or can't upload?
Nothing larger than 100MB. Other than that, anything. Obey laws and stuff.

No, restriction as in content? Y'know, like porn or whatever?
Since only you and whoever else you send the URL to will be the only ones who know about it, why should anyone else care?
Upload whatever the hell you like. Censorship sucks and there'll be none of that on Hattix. Other than what laws say will CORRUPT THE DELICATE MINDS OF SOCIETY, of course, as we're all just ticking time-bombs waiting to go off.

I hear this service is quite popular in the Middle East (either that or the Saudis just show up in my logs for other, more nefarious reasons) where most things like this are forbidden. I like to think I caused the Arab Spring, but I think Twitter takes a lot of that credit.

UPDATE: Due to quite a lot of abuse, and after a lot of consideration, I don't allow Android APKs anymore. For a period of three months in 2019, APK hashes were submitted to VirusTotal. 99.2% of them were malware. Or, of all APKs handled by Upload.Hattix in those three months, only one was not detected as malicious by VirusTotal. That's not what Upload.Hattix is here for.

My image is called just "image.jpg"
Limitation of Safari on iOS. This site assumes your browser knows what it's doing, Safari sadly doesn't.

I get an error from my gateway/proxy or firewall
The most likely cause is that your ISP or company limits either the time a POST request can last or the amount of data which can be POSTed. Try smaller files, archivers such as WinRAR can split a large file into several smaller ones. For slower connections, an effective maximum size to upload anywhere is about 250MB. It's whatever you can put here in the timeout period, which I have set to 10 minutes, but your ISP may have something set lower.

I'm a really clueless skript kiddie and I think I can compromise your server by uploading this PHP thing I found!
Script execution within the upload store is disabled. So is pretty much everything else.

What happens if I upload something that pisses someone off?
Apologise? Buy them flowers? Why are you asking me?

Where do I send a DMCA notice?
Anywhere you like. Hattix does not do business, nor has any business interest in the United States. Therefore, in the same way you don't obey Iranian decency laws (you're probably breaking them right now), I don't obey American censorship laws.

Is there ANY legal stuff I need to watch out for?
Umm... Not sure. Generally the user of a service like this is liable for stuff like copyright infringement, but because it's hard to actually go after users, IP owners have been twisting laws to breaking point to try to go after the service providers (like me) with pretty poor success rates - but they have had some success, especially in the US where it's a lot easier to buy laws than it is in Europe.

Some stuff is plain ol' illegal anywhere, like topless 17 year olds. Some stuff is grey area, like how the UK has banned chemistry textbooks under terrorism law (you might learn how to make a bomb!) or how our illustrious Parliament has cracked down on the BDSM community.

As the service provider, I have an obligation to remove stuff like that if I'm notified of it by a competent authority. Said competent authority would probably need to be UK law enforcement. I also don't get a say in the matter, I just delete dumbly, it's a fairly effective means for the .gov.uk to get to delete anything they want from anywhere. I just hope they don't think I'm a Brazillian electrician, one of the UK's few remaining capital offences.

Can I hotlink?
Yes. A link back here would be nice too, but not necessary. After all, you found it useful, maybe someone else will too.

What's this QR code rubbish?
A fairly convenient way to transfer files to a smartphone. Or between smartphones, without the bullshit that is Bluetooth and pairing and the transfer hanging and accepting and PINs and... do they want anyone to use Bluetooth OBEX at all?!

Your HTML code really sucks
And yet it works. Such marvels of modern technology! It's actually really simple so it works anywhere. Nothing advanced, not even stylesheets, this thing works on a WAP featurephone - I remember testing it on a Motorola RAZR V3... and using 1.14 of data just to upload a 640x480 image.

I forgot the URL or filename. How do I get my file back?
You can't. I can't. Nobody can. It's as good as gone. While this can be used as a small off-site backup service, you need to remember the URL or filename. If you just have the filename then use "upload.hattix.co.uk/uploads/FILENAME" to retrieve your file.

I clicked "Upload" but it doesn't seem to be doing anything.
Give it a few minutes. A file cannot be uploaded instantly, your computer needs to send it to the Hattix server. On cable and DSL, which have quite slow uploading speeds, this may take several minutes. If it times out, you'll need to make the file smaller or split it into several parts. The uploader only waits for 10 minutes, if an upload takes longer than this it is aborted.

How does this work?
It's quite a simple self-contained PHP script, derived from the web based file manager Hattix fully hosted users use.
It uses a HTTP POST upload which is exactly how you attach files to web based email or upload pictures to whatever gallery, profile or networking site. In the name of simplicity and privacy, that's all it does. It doesn't list anything (indeed, takes measures to ensure no listing can be done). It does some funky database stuff too. Initially it was to teach me how to interact with MySQL through PHP, but now it's a privacy and anti-hacking device.

How the hell can you afford to do this?
I own the server, I own the bandwidth. If it's used or if it isn't used, I pay the same. I use it for my own purposes too, so I simply extend this service because I can.

Are there any file name restrictions?
If you can store the file name on your disk, chances are I can on mine. Spaces are a special case, for this the output of the script's link target has spaces replaced with "%20", which is more copy-and-paste friendly, as well as being how your browser should encode spaces anyway. The displayed URL will still be spaced, just the target will be fixed. For IE users, right click the URL and "Copy Shortcut" which will place the URL as text into the clipboard to be pasted anywhere. Certain characters are also stripped to protect against SQL injection attacks.

So I can effectively delete a file by uploading another file with the same name?

What does the server log?
W3C default logs. Same as pretty much any other website in the world really. The script removes the filename from the logs using a bit of magical jiggery-pokery. Magical what? Actually, it executes a small script running locally on the server which does a search and replace in access.log, to match "upload/*.*" and replace with "-uploader-"

I have a problem not covered here?
This service comes with no support other than this FAQ. Try putting what you know about the problem into Google and seeing if that helps.

What do you recommend I do if I don't want anyone else even guessing my filename?
Rename the file to something like "10hf377651jewt". That sure won't be guessed. Consider the name to be the "password".

How reliable is Hattix?
Utterly hopeless. A network backbone upgrade in December 2014 should fix this.

How fast is the server?
About 10 Mbps. It's plenty fast enough for general use, though larger files may take some time.

Does PHP work? Perl? ASP? CGI?

So if I uploaded a few images and a html file, I could host a website here?
You could, but anyone could overwrite it.

Why not use SSL (HTTPS)?
As of February 2017, we now do use SSL. Quite well too. The certificate is signed using SHA256 with RSA, the insecure SSL 1.0, SSL 2.0 and SSL 3.0 protocols are disabled, known-weak encryption is disabled, TLS 1.0 is disabled as a precaution (everyone can do TLS 1.1 at least these days) and TLS 1.2 is the default.

We also support Perfect Forward Security and are immune to the common BEAST, DROWN, POODLE, Heartbeat and Heartbleed attacks. At the moment, we do not have strict downgrade attack protection, as we don't support TLS_FALLBACK_SCSV, but we also don't support weaker ciphers and protocols, so a downgrade attack isn't really possible.

Most modern browsers will negotiate TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384. The weakest cipher we support is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, which is considered strong enough for 2017.

Compatibility Report Android 4.4 (KitKat) or above. IE11 or above. Java 8 or above. OpenSSL 1.0.1 or above. iOS 7.1 / Safari 7 or above Chrome 36 (min version tested) Firefox 31.3 ESR (min version tested)

Old Compatibility Report (NO SSL)
Internet Explorer 1.0 - Untested (Does not work on NT/2k/XP)
Internet Explorer 1.5 - Untested (Does not work on NT/2k/XP)
Internet Explorer 2.0 - Untested (Does not work on NT/2k/XP)
Internet Explorer 3.0.1152 - Tested BAD (no HTTP upload support [1])
Internet Explorer 4.0 - Tested UNKNOWN [2]
Internet Explorer 5.0.3314.2100 - Tested OK
Internet Explorer 5.5 - Tested OK
Internet Explorer 6.0 SP1 - Tested OK
Internet Explorer 7.0.5730.11 - Tested OK
Internet Explorer 7.0.6000.16512 - Tested OK
Internet Explorer 8.0 AND BETTER - OK
Netscape Navigator 3.01 - Tested OK
Netscape Navigator 3.04 - Tested OK
Netscape Navigator 4.76 - Tested OK
Mozilla Firefox 1.5 - Tested OK
Mozilla Firefox 2.0 - Tested OK [3]
Mozilla Firefox 2.5 AND BETTER - OK
Google Chrome 1.0 AND BETTER - OK
Android Browser 2.1 AND BETTER - OK
iOS Safari 3.2 AND BETTER - Mostly OK (iOS has a weird thing going on between you and your files, but that's not my problem - all image uploads will be called "image.jpg" and I didn't find an easy way to change that.)

Browsers such as Netscape and Mozilla are just re-branded versions of Firefox and are usually several versions out of date (hence are vulnerable to known security flaws). Browsers like Maxthon are re-branded versions of Internet Explorer but due to how IE handles re-branding, are always as up to date as the base IE browser.

[1] IE3.0 can upload through HTTP, but requires special code to do so. Upload.Hattix has no support for this.
[2] An unrelated error prevents IE4.0 from loading the HTML. It should have no issues, however.
[3] A known issue with Firefox 2.0 occasionally means it sends the wrong MIME type. Hattix regenerates all MIME types on access, but FF2 users may find the MIME type on upload success to be nonsensical. This does not affect operation other than it means Hattix cannot generate links for images if the browser denies that what it has uploaded is an image.