Plagued 4chan - the Internet hate machine

[23iwakura23]

Do you think it's possible this exploit has been used in the past by bad actors who DIDN'T make it obvious they breached the server?
Like just someone exporting data and then returning everything to normal?

its possible, but i couldnt say if its ever been done before without looking at logs, and honestly, sufficient logs to determine that probably dont exist anymore due to routine log rotation.

the fact that this threat actor used well documented vulns and a pretty common linux privesc method to get in, though, and was only caught by being a vandal tells me that 4chan has no or at least very bad monitoring in their environment, and i think someone else confirmed that they had no DMZ and several other things of that nature that just point to a badly monitored network. 4chan could have been breached daily and i figure the team couldnt even see it considering the above.

 

[Hentai-Semitism]

D1D they ever F!nd out what the umbrella guy's deal was when jfk got shot?

I don't think so. My source for JFK-related information is Ryan Dawson, who's an expert on the subject and he said he doesn't know anything about the umbrella guy, if I remember correctly. You can check out his Rumble channel, he talks about JFK all the time.

That exclamation mark thing you do is very odd and makes your posts less legible for no good reason.

 

[Nothing Is Written]

If you're willing, I would love to read a longform post or thread with your analysis of the hack and other flaws in 4chan's code and the environment in which it ran.

There are already YouTubers who've sort of covered it, but I can make a thread if it's of any use along with a post mortem report of the attack. I just wish I had the logs of when it happened but there's no fucking recording done by 4chan except for an enormous amount of data on banned users.

There are other potential attack vectors I want to test out before I upload my PDF to the VM's web server with the script. I'm just having fun at this point, it's pretty nostalgic looking at this code if not terrifying.

 

[The Lawgiver]

That exclamation mark thing you do is very odd and makes your posts less legible for no good reason.

!f you lurked more you would know why !t happens.
Keyboard l!nt hell.

 

[Helon]

I believe Null has a new forum software in the works, and this is one of his planned features.

Farms are getting a bit more channy

 

[Fae Supremacist]

Farms are getting a bit more channy

Now we just need global post counters for sequential digits.

 

[23iwakura23]

There are already YouTubers who've sort of covered it, but I can make a thread if it's of any use along with a post mortem report of the attack. I just wish I had the logs of when it happened but there's no fucking recording done by 4chan except for an enormous amount of data on banned users.

There are other potential attack vectors I want to test out before I upload my PDF to the VM's web server with the script. I'm just having fun at this point, it's pretty nostalgic looking at this code if not terrifying.

anyway you could make an image of that lab vm? id like to try and run some tests against it.

 

[Smooth Jazz]

yeah, I really like his christmas album, I had it on casette as a kid. I got into the sax a little bit because I'm a big fan of Chuck Greenberg (another fuckin' jew but what can you do) of Shadowfax. I kind of have a Lyricon

Holy shit I've always wanted one of those Lyricons. Wikipedia says the first Lyricon was made for Tom Scott. Look for him, he's an awesome jazz saxophonist, from really early fusion to later smooth jazz and he's recorded with a billion big names like Joni Mitchell. EWIs are cool too. There was this one saxophonist who played on a live Rippingtons performance and he used a Lyricon a few times I think. Switching from natural to electric instruments can create some funky tunes.

 

[Paranoia Machine]

I realize this is a thread about 4chan but can we fucking stop uploading "favorite images" or whatever? THIS isnt an image board and it's just shitting up the thread because its got nothing to do with the topic at hand.

Bro, it just died; what more is there to say? There's a good chance it may not actually come back due to incompetency of the administration. At least bear with us a bit while we reminisce on old times.

 

[DangDingleDonk]

RIP 4Cuck this was always my fav post.

 

[primaryaccount]

Now we just need global post counters for sequential digits.

>>17677
Checked

 

[Stupor Mundi]

Bro, it just died; what more is there to say? There's a good chance it may not actually come back due to incompetency of the administration. At least bear with us a bit while we reminisce on old times.

I highly doubt it won't come back. Hiromoot needs his passive income, the feds need their asset, the mods need their power-trip and we all need to shitpost.

Might be a long month though.

 

[ringtones]

Holy shit I've always wanted one of those Lyricons. Wikipedia says the first Lyricon was made for Tom Scott. Look for him, he's an awesome jazz saxophonist, from really early fusion to later smooth jazz and he's recorded with a billion big names like Joni Mitchell. EWIs are cool too. There was this one saxophonist who played on a live Rippingtons performance and he used a Lyricon a few times I think. Switching from natural to electric instruments can create some funky tunes.

Cool, I'll check Tom Scott out. I think the lyricon is a slightly more capable instrument than the ewi due to the better tactile feedback and since it's analog and not digital like MIDI the controls are smoother without needing a slew limiter. I cannot recommend the lyricon though and I can recommend the ewi. I think the lyricon is going to electrocute me to death one day

 

[primaryaccount]

The main issue will be to find a competent developer. Not that it is hard to find someone good enough to build it, it is actually relatively simple even as far as create read update delete or scale goes. I don't have faith that they'll be competent enough to pick a competent developer. If they did, or if they had someone in mind already, it would genuinely be up in 2 weeks.

 

[Nothing Is Written]

anyway you could make an image of that lab vm? id like to try and run some tests against it.

Yeah I plan to, as well as git repo. I'll add a checksum for posterity and the paranoids.

Do you know if there's a way to use archived boards from a snapshot so I can restore the server with content consistent with its state seconds before takedown?

I've invested too much time in this PHP shitshow already, and it being Easter I'm on holiday with the family so I likely won't publish anything until early next week.

 

[The Lawgiver]

I realize this is a thread about 4chan but can we fucking stop uploading "favorite images" or whatever? THIS isnt an image board and it's just shitting up the thread because its got nothing to do with the topic at hand.

"Don't post 4chan memes !n the 4chan general d!scuss!on"
! see you...

 

[23iwakura23]

Yeah I plan to, as well as git repo. I'll add a checksum for posterity and the paranoids.

Do you know if there's a way to use archived boards from a snapshot so I can restore the server with content consistent with its state seconds before takedown?

I've invested too much time in this PHP shitshow already, and it being Easter I'm on holiday with the family so I likely won't publish anything until early next week.

unfortunately, no i dont.

 

[Paranoia Machine]

I highly doubt it won't come back. Hiromoot needs his passive income, the feds need their asset, the mods need their power-trip and we all need to shitpost.

Might be a long month though.

I'm not as big of a Chanster as I used to be. I was very big into it as a teen and young man, but eventually gravitated here due to CWC and other cows I learned of through 4chan. If it wasn't for 4chan, I'd not be here, so I'm sad to see it go in that regard

But over the last 10 years 4chan has been getting steadily worse. So I'm sure it will come back, but to what capacity is dubious at best. Not updating the sites security since 2015 is a sign they might not know what they are doing past general moderation.

 

[Three4Free]

For me, it's the McChicken.

 

[GluttonousManSlob]

No MIME confirmed, assumes PDFs are safe and passes them to the shell, Ghostscript isn't sandboxed and runs as the same process I'm fucking losing my mind.

I have two versions of the server running right now to see how Ghostscript interacts with legacy FBSD. Ghostscript itself was really vulnerable ~v9.x so it's a rabbit hole right now.

If anyone who had a precursory understanding of cyber security worked at 4chan, wouldn't they have quickly picked up on a vulnerability like this?