Plagued 4chan - the Internet hate machine

[Dreamy Girl]

I mean he can literally just host vichan like all the altchans do... or have a donation call to pay for a programmer

There was such a thing as 4chan pass. I'm sure it brought in a lot of money. I don't think the moot cared.

 

[disabledUserHacked777]

always knew PDF files would lead to the end of 4chan

 

[Blade 1222]

As long as Hiro doesn't hire jeets to recode the site (maybe even using Jap coders from home) there's a chance that with some effort, the chan could have a better chance to come back with a much harder to exploit system. He has the money, I know he does, he just has to give a shit.

That's a tall order considering who we're talking about here.

 

[AnOminous]

If true, getting hacked to death by a literal script kiddie would pretty much be the most fitting of all ways for this to happen.

The actual hack, as described, is subtle enough I seriously don't think it was a skid. It's not like you can just run metasploit and do shit like that. So 13 year old or not, it was some pretty clever work.

 

[RealMuthaForYa]

PBD
LOL

 

[I enjoy women]

View attachment 7229671
listen fag we party hard

How did the human population ever agree that this was a great look to have?

 

[manlikebigp]

Wait remind me one more time, who the fuck is moot?????

 

[The Lawgiver]

She's hiding in your Wifi.

Youtube brought up a relevant v!deo today that rem!nded me of the s!tuat!on

prophet!c.

 

[ringtones]

always knew PDF files would lead to the end of 4chan

I know, right? When I heard 4chan got taken down by "PDF files with AIDS" I had no idea whether the site had been compromised by a malformed multimedia document or had been attacked by homosexual child molesters

 

[Null]

Okay, I edited the summary and featured it. If it's missing anything let me know.

Plagued Post in thread '4chan'

Apr 16, 2025

The 2025 4chan Hack​

On April 15th a Sharty member posted screenshots on the /soy/ board of 4chan's moderation panels, database (using phpMyAdmin), and the private janitor board, making it clear he had gained access to 4chan's restricted moderation areas as well as full database access.

The hack exploited a vulnerability in the PDF file upload feature on specific boards (/gd/, /po/, /qst/, /sci/, /tg/) by uploading malicious PostScript which was not properly checked and was processed by an outdated 2012 version of Ghostscript to generate thumbnails. This allowed...

• Arturo

• 
• 
• 

 

[ClamAV]

There was a setuid binary called /usr/local/bin/suid_run_global which simply execves a perl script. Said perl script was writable by www so it could be hijacked to acquire a shell.

"acquire a shell" doesn't really make any sense and shouldn't be really necessary though? www/www-data typically doesn't have any restrictions on what can be ran... you can still invoke bash or whatever shell without a proper home directory.

 

[ringtones]

"acquire a shell" doesn't really make any sense and shouldn't be really necessary though? www/www-data typically doesn't have any restrictions on what can be ran... you can still invoke bash without a proper home directory.

the setuid root script was just the means by which the attacker obtained privilege escalation from www to root, there were countless ways he could have done it but that's just the way he did it

root is full system access to everything while www is some degree of lesser access, regardless of how the system is configured

 

[AnOminous]

Wait remind me one more time, who the fuck is moot?????

Just some faggot named !Εр8рui8Vw2

the setuid root script was just the means by which the attacker obtained privilege escalation from www to root, there were countless ways he could have done it but that's just the way he did it

It's kind of colloquial use but when talking about a hack when people sloppily say "shell access" they generally mean root shell access. Lots of shells are extremely limited, like the so-called "jailshells" a lot of devices have and where janny level types can do some limited command line things.

 

[Polentic]

 

[Greate Pier]

I think you could rephrase the explanation of the exploit to be a bit more concise. You should also clarify it was the PDF upload feature that was exploited, as this is an important detail. Pic related.

>a mistaken suid binary
Lol I thought this might the case.
For those interested in the technical details there, what this means is that there was an executable with a SUID permission bit set, which means that when it is ran, it runs with the privileges of the user who owns it, in this case root, the system administrator. Correction as I was wrong, seems it's instead some user called global. Probably serves a similar function.
There are a few binaries which have this by default, but if applied to the wrong binary, it can mean almost instant privilege escalation from a standard user, to admin. a more privileged user.
There are even automated tools which can check for potential privilege escalation vectors such as these, which just makes this even worse that it was possible.

 

[ClamAV]

the setuid root script was just the means by which the attacker obtained privilege escalation from www to root, there were countless ways he could have done it but that's just the way he did it

root is full system access to everything while www is some degree of lesser access, regardless of how the system is configured

it wasn't escalating to root though, it was escalating to user named "global" (it was mentioned in a sharty post, and the filename)
I guess that user could have been a sudoer... (if such a concept exists in BSD)

 

[Unarmed Gunman]

did /b/ really have no mods?

That was my first though too. I probably haven't been on there since the Obama Administration though so I figured maybe it was no longer a thing.

 

[Johnny Ringo]

You could honestly say that about the entire internet. There are too many people on it and now there are way to many third worlders to create an online "community". At the same time, do we really want "community"? I kind of see the internet as a place to shoot the shit more than anything else. Something like community is something you build in the real world with friends, family and possibly co-workers. Besides, internet communities always end in some weird shit or grooming.

It's a statement that yeah, no shit this thread was dead/dying until the great happenings because nothing of note happens on the website in a macro sense.
It can still be a fun website but it's not the forefront of anything much less a cultural hotspot worth documenting.

 

[Meat Target]

The most shocking thing is that 4chan apparently had enough human users remaining to create a few accounts here. Maybe it was only 98% bots instead of 99%.

>feds
>wignats
>incels
>trannies
>pedos
>gooners
>furries
>weebs
>streetshitters
>favela apes

>human

 

[dick brain]

made an account here because I need my online interaction. why are people so resentful of 4chan?

Because I've watched trannies systematically poison it over the course of two decades only to turn its withered husk into a nigger porn emporium, zog propaganda machine and pedophilic forced feminization grooming apparatus and I want them to suffer for it. I want trannies excised from every online community like the cancer that they are and dragged out into the light and exposed as porn addicted child predator crybully cyber-jews to their friends and families and the world at large, I want them to feel afraid to pull this kind of bullshit ever again. Only then can the internet begin to heal, only then can there be any hope at all of 4chan being worthwhile again. Sorry you were born too late to experience 4chan as it once was but if you like what it has become then you're an actual literal faggot.