Plagued 4chan - the Internet hate machine

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.

Will the 4chan hack be the end of it?

  • Yes, goodbye forever 4chan

    Votes: 1,032 18.5%

  • No, they will rise from the ashes, stronger than ever

    Votes: 343 6.1%

  • This will rattle them but it will be forgotten about next week

    Votes: 2,324 41.7%

  • I am just here for the janny phonebooking

    Votes: 1,093 19.6%

  • What the fuck is 4chan

    Votes: 218 3.9%

  • Yotsuba&!

    Votes: 569 10.2%
  • Total voters
    5,579
Made In Lovely Kin said:
I never really ventured there, but I remember there was lots of touhou posting which that community has lots of pedophiles and troons. I knew there was jpop there as well. Very little about it was Japan
Click to expand...
i browsed there out of curiosity and there was simping about some girl named remilia that they either wanted to rape or be raped by them. I closed it fast as hell
 
  • Horrifying
Reactions: 𒀭Δημιουργός χάος
I post a lot on /sp/ cos its one of the few places i can chat about sport whilst using slurs and insulting people.

However, pic related is very true
1749292854805826.webp
There is a host of characters people accuse each other of being. Mainly Dave, but also Arsewog, Citymong, 190, and others. Dave (a Man United fan who used to post a lot at about 3am apparently) is the most common accusation.
 
  • Like
Reactions: PeterMannion, Billow Riley, Vygode and 1 other person
On /pol/ , when you see the wrist watch threads,Its a guy named “Archie Luxury”, from the old bbs redboards, I think he lives in Singapore or some such shithole. Big fat ugly bastard. Has been obsessed with wrist watches & anonymous boards for decades.
Its his only topic that interests him and nobody cares,yet he still posts daily.
He is searchable as Archie Luxury on the open net searches,The guy is completely harmless though. Dont even know why I mention it.
 
Last edited:
  • Winner
Reactions: Cnidarian
I can't comprehend owning one of the most infamous and historically important websites, and not even fucking with it in the customary way of every other big website.
Kan I Go Too? said:
On /pol/ , when you see the wrist watch threads,Its a guy named “Archie Luxury”, from the old bbs redboards, I think he lives in Singapore or some such shithole. Big fat ugly bastard. Has been obsessed with wrist watches & anonymous boards for decades.
Its his only topic that interests him and nobody cares,yet he still posts daily.
He is searchable as Archie Luxury on the open net searches,The guy is completely harmless though. Dont even know why I mention it.
Click to expand...
Based and redpilled.
 
Apparently the algorithm that generates a "random" public ID for you in each thread is made by some retard. So if someone knows the server-side salt, they can brute-force your IP from the publicly visible hash with other publicly visible information, which is simply "post_time+thread_id+ip_address+salt"... Also I'd speculate one could brute-force the server-side salt too with this information with modern hardware, assuming it isn't ridiculously large. This is because you know the country of the poster thanks to the flag, so the IPv4 search space can be reduced to the networks of one single country. However, I notice there is a substr call that only takes 8 characters from the final hash, I personally have no idea how reasonable it is to brute-force an IP out of a truncated hash like this.

polscreen.webp
The threads mentioning this are getting nuked by mods.
 
Last edited:
  • Thunk-Provoking
  • Like
  • DRINK!
Reactions: Punished Magician, fuckingIncredable, StacticShock and 6 others
triforce9001 said:
However, I notice there is a substr call that only takes 8 characters from the final hash, I personally have no idea how reasonable it is to brute-force an IP out of a truncated hash like this.
Click to expand...
I think it doesn't really make sense. The post mentions that the three letter agencies have the salt (they do, just trust me bro) but why would a three letter agency bother with this kind of a setup if they could just force 4chan to log the IP per post and share the information with them.

But just to entertain the thought:
1. Here someone claims to be able to crack SHA1 hashes at 385k hashes per second with 8x 4090 GPUs using Hashcat.
2. There are 4,294,967,296 (2^32) IPv4 addresses possible.
3. (2^32) IP addresses / 385k hashes per second ~= 11155 seconds ~= 3 hours of cracking.
This excludes all the fluff around this process like having an another process check whether the last 8 chars match the hash in the post (not sure how to do that with Hashcat).

So at least in theory it's not that unfeasible but I question the point of doing so, seems like a lot of effort to reveal what most likely will be a VPN address anyway.
 
  • Informative
Reactions: StacticShock
triforce9001 said:
Apparently the algorithm that generates a "random" public ID for you in each thread is made by some retard. So if someone knows the server-side salt, they can brute-force your IP from the publicly visible hash with other publicly visible information, which is simply "post_time+thread_id+ip_address+salt"... Also I'd speculate one could brute-force the server-side salt too with this information with modern hardware, assuming it isn't ridiculously large. This is because you know the country of the poster thanks to the flag, so the IPv4 search space can be reduced to the networks of one single country. However, I notice there is a substr call that only takes 8 characters from the final hash, I personally have no idea how reasonable it is to brute-force an IP out of a truncated hash like this.

View attachment 7477728
The threads mentioning this are getting nuked by mods.
Click to expand...
Sounds like schizophrenic /pol/nigger nonsense. Why would the jannies need to do all that when they already have your IP the moment you post.
 
  • Agree
Reactions: StacticShock
SIMON THE PIEMAN said:
but why would a three letter agency bother with this kind of a setup?
Click to expand...
The post says that, sure, but I personally agree with you that they wouldn't have to. And in my opinion the obvious detail here is that it's not about some CIA-faggots getting your IP (which they do anyways), such an algorithm speaks of incompetence and is a vulnerability for the users information because, as I said, it's probably possible for ANYONE to brute-force the IP's of pre-hack 4chan archives, if they have enough compute and competence.

SIMON THE PIEMAN said:
There are 4,294,967,296 (2^32) IPv4 addresses possible.
Click to expand...
But you have the country flags, so you'd have to only include a small portion of the IPv4 space, for each ID you want to crack.

Grog said:
Sounds like schizophrenic /pol/nigger nonsense. Why would the jannies need to do all that when they already have your IP the moment you post.
Click to expand...
As I said earlier in this post, the problem isn't jannies or mods knowing your IP (which they do if they have to, that's obvious and common practice for any forum/imageboard), it's about anyone being able to deduce your IP based on the public 4chan archives alone, IF they either know or brute-force the salt. And since 4chan was hacked, the old salt that was in use for probably a decade or more, was leaked.

Is this a huge thing? No, but it's still a valid concern, if someone has had the same static IP for a long time, while posting on /pol/. And it's unnecessary, it should be obvious you don't construct the ID in the way they did and still probably do.
 
  • Like
Reactions: supremeautismo
SIMON THE PIEMAN said:
So at least in theory it's not that unfeasible but I question the point of doing so, seems like a lot of effort to reveal what most likely will be a VPN address anyway.
Click to expand...
4chan has cleverly made it virtually impossible to use any of the major VPNs unless you buy passu.
 
  • Agree
Reactions: Mexican_Wizard_711 and 𒀭Δημιουργός χάος
You must log in or register to reply here.
Back