Plagued 4chan - the Internet hate machine

Helon · Apr 17, 2025

BigBadBastich said:
Has it been covered by news outlets? They covered the site before on Fox years ago and other places during the mid 2010's controversies like Fappening and GG.

Daily news I guess

NoBueno · Apr 17, 2025

Fae Supremacist said:
I forgot the average /pol/tard is an Aryan /fit/ Ubermensch and not a fat hairy cave troll.

Helon said:
/pol/ or /x/ anon's wet dream

Modern /pol/ is a bunch of retards, pic related

GilaCutter · Apr 17, 2025

Fucker Carlson said:
View attachment 7233845

View attachment 7233852

View attachment 7233853

This may come to you as a shock, but I don't consider some random twitter troons to be "mainstream".

I was thinking something more in the lines of this:

'The end of 4chan as we know it': Why hacking attack could kill notorious internet forum | Science, Climate & Tech News | Sky News

Fae Supremacist · Apr 17, 2025

GilaCutter said:
This may come to you as a shock, but I don't consider some random twitter troons to be "mainstream".

The most mainstream coverage I've seen so far is this.

He did research on what /qa/ is and didn't call 4chan a heckin nazi website so it's already ahead of most journos.

Smooth Jazz · Apr 17, 2025

ringtones said:
you ruined my night thanks

https://www.geni.com/people/Kenny-G/6000000011656527677

Do you like Kenny G? His early work was a little too synthpop for my tastes, but when Gravity came out in '85, I think he really came into his own, commercially and artistically. The whole album has a clear, crisp sound, and a new sheen of consummate professionalism that really gives the songs a big boost. He's been compared to Grover Washington Jr, but I think Kenny has a much more bitter, cynical sense of humor. In '86, Kenny released this, Duotones, his most accomplished album. I think his undisputed masterpiece is "You Make Me Believe", a song so saccharine, most people probably don't listen to the lyrics. But they should, because it's not just about the pleasures of companionship, and the importance of romantic dedication, it's also a personal statement about Kenny himself.

LinkinParkxNaruto[AMV] · Apr 17, 2025

The News Crews said:
Post your favorite screencapsView attachment 7232022

View attachment 7232028 View attachment 7232029 View attachment 7232031

23iwakura23 · Apr 17, 2025

Nothing Is Written said:
Taking longer than expected I fucking hate this codebase.

View attachment 7233849

No MIME confirmed, assumes PDFs are safe and passes them to the shell, Ghostscript isn't sandboxed and runs as the same process I'm fucking losing my mind.

I have two versions of the server running right now to see how Ghostscript interacts with legacy FBSD. Ghostscript itself was really vulnerable ~v9.x so it's a rabbit hole right now.

all of the image uploads make calls to command line processors that are intended to be the file type validation method. the only sanitization the others have is anti cmd injection. old versions of gifsicle have rce vulns, and old versions of pngcrush have BoF DoS vulns that maybe could be weaponized to get RCE by someone good at binex. the cmd injection filters would give you some bad bytes, but its possible that every single file upload type is vulnerable.

Fucker Carlson · Apr 17, 2025

Fae Supremacist said:
The most mainstream coverage I've seen so far is this.

He did research on what /qa/ is and didn't call 4chan a heckin nazi website so it'd already ahead of most journos.

You mean there are other boards besides /pol/?

Nothing Is Written · Apr 17, 2025

23iwakura23 said:
all of the image uploads make calls to command line processors that are intended to be the file type validation method. the only sanitization the others have is anti cmd injection. old versions of gifsicle have rce vulns, and old versions of pngcrush have BoF DoS vulns that maybe could be weaponized to get RCE by someone good at binex. the cmd injection filters would give you some bad bytes, but its possible that every single file upload type is vulnerable.

It gets worse.

Chudborean · Apr 17, 2025

Fae Supremacist said:
The most mainstream coverage I've seen so far is this.

>penetrated by a gang of soyjaks

Paranoia Machine · Apr 17, 2025

Finally, a time to post my favorites.

datura_binge · Apr 17, 2025

I realize this is a thread about 4chan but can we fucking stop uploading "favorite images" or whatever? THIS isnt an image board and it's just shitting up the thread because its got nothing to do with the topic at hand.

Unlicensed Shitposter · Apr 17, 2025

23iwakura23 said:
all of the image uploads make calls to command line processors that are intended to be the file type validation method. the only sanitization the others have is anti cmd injection. old versions of gifsicle have rce vulns, and old versions of pngcrush have BoF DoS vulns that maybe could be weaponized to get RCE by someone good at binex. the cmd injection filters would give you some bad bytes, but its possible that every single file upload type is vulnerable.

Do you think it's possible this exploit has been used in the past by bad actors who DIDN'T make it obvious they breached the server?
Like just someone exporting data and then returning everything to normal?

ringtones · Apr 17, 2025

Smooth Jazz said:
https://www.geni.com/people/Kenny-G/6000000011656527677

Do you like Kenny G? His early work was a little too synthpop for my tastes, but when Gravity came out in '85, I think he really came into his own, commercially and artistically. The whole album has a clear, crisp sound, and a new sheen of consummate professionalism that really gives the songs a big boost. He's been compared to Grover Washington Jr, but I think Kenny has a much more bitter, cynical sense of humor. In '86, Kenny released this, Duotones, his most accomplished album. I think his undisputed masterpiece is "You Make Me Believe", a song so saccharine, most people probably don't listen to the lyrics. But they should, because it's not just about the pleasures of companionship, and the importance of romantic dedication, it's also a personal statement about Kenny himself.

yeah, I really like his christmas album, I had it on casette as a kid. I got into the sax a little bit because I'm a big fan of Chuck Greenberg (another fuckin' jew but what can you do) of Shadowfax. I kind of have a Lyricon

CEO of Gay · Apr 17, 2025

Nothing Is Written said:
Taking longer than expected I fucking hate this codebase.

View attachment 7233849

No MIME confirmed, assumes PDFs are safe and passes them to the shell, Ghostscript isn't sandboxed and runs as the same process I'm fucking losing my mind.

I have two versions of the server running right now to see how Ghostscript interacts with legacy FBSD. Ghostscript itself was really vulnerable ~v9.x so it's a rabbit hole right now.

23iwakura23 said:
all of the image uploads make calls to command line processors that are intended to be the file type validation method. the only sanitization the others have is anti cmd injection. old versions of gifsicle have rce vulns, and old versions of pngcrush have BoF DoS vulns that maybe could be weaponized to get RCE by someone good at binex. the cmd injection filters would give you some bad bytes, but its possible that every single file upload type is vulnerable.

Nothing Is Written said:
It gets worse.

If you're willing, I would love to read a longform post or thread with your analysis of the hack and other flaws in 4chan's code and the environment in which it ran.

primaryaccount · Apr 17, 2025

Would be nice to look at a reply on a thread and see if it got quoted a lot of times, and quickly preview the replies, you know?

CEO of Gay · Apr 17, 2025

primaryaccount said:
Would be nice to look at a reply on a thread and see if it got quoted a lot of times, and quickly preview the replies, you know?

I believe Null has a new forum software in the works, and this is one of his planned features.

primaryaccount · Apr 17, 2025

Unlicensed Shitposter said:
Do you think it's possible this exploit has been used in the past by bad actors who DIDN'T make it obvious they breached the server?
Like just someone exporting data and then returning everything to normal?

Yes, absolutely. It is not even a controversial question really. All you need is one successful RCE chain and then you get a shell and then you do whatever you want. You can be as quiet and non-destructive as you want after that point.

Pierre D'Olnique · Apr 17, 2025

RedDelicious said:
I think it's a fun throwback honestly, I legitimately forgot about 4chumblr.
View attachment 7232110

There's also a DUDE SEX UNATCO killphrase joke to be made here, but I'm too lazy to actually do it.

MatrixMustDie · Apr 17, 2025

Fae Supremacist said:
The most mainstream coverage I've seen so far is this.

He did research on what /qa/ is and didn't call 4chan a heckin nazi website so it's already ahead of most journos.

Effortless fireship W
Maybe Kevin Fang will do a video on the breach lmao

Plagued 4chan - the Internet hate machine

Will the 4chan hack be the end of it?

Yes, goodbye forever 4chan

No, they will rise from the ashes, stronger than ever

This will rattle them but it will be forgotten about next week

I am just here for the janny phonebooking

What the fuck is 4chan

Yotsuba&!

Helon

NoBueno

/x/ Schizo

GilaCutter

Total Trannihilation

Fae Supremacist

Smooth Jazz

LinkinParkxNaruto[AMV]

I try so hard and got so far

23iwakura23

Fucker Carlson

Goblin Researcher

Nothing Is Written

:(){:|:&};:

Chudborean

Looks like that and says that

Paranoia Machine

Where am I?

datura_binge

Unlicensed Shitposter

ringtones

King in Yellow

CEO of Gay

primaryaccount

CEO of Gay

primaryaccount

Pierre D'Olnique

Oh shit I pulled it off where's my virtual cookie?

MatrixMustDie