Plagued 4chan - the Internet hate machine

Will the 4chan hack be the end of it?

  • Yes, goodbye forever 4chan

    Votes: 1,034 18.5%

  • No, they will rise from the ashes, stronger than ever

    Votes: 345 6.2%

  • This will rattle them but it will be forgotten about next week

    Votes: 2,332 41.7%

  • I am just here for the janny phonebooking

    Votes: 1,096 19.6%

  • What the fuck is 4chan

    Votes: 219 3.9%

  • Yotsuba&!

    Votes: 572 10.2%
  • Total voters
    5,598
Dreamy Girl said:
4chan tranny administration has to answer for lying about not storing e-mail addresses and never updating the codebase which put even their paying customers at risk
Click to expand...
This is true, but if anyone ever gave them their email in the first place, they’re profoundly retarded.
 
Anonymous8330 said:
Whenas 4channel, being once again in operation, so that the rest, as they say, is history (if you will), I will not only post on said website, gay boys, but I will furthmore libpost so tremendously, that the amount of (You)'s I receive will easily compensate, homos, for the lack wherewith I even now am compunctious. For certes, it will make me glad, to once again see that site, which we all post upon somewhat or muchsuch, not only up again, and operating, as I said above, but moreover, receptive to my posts, in a word, functioning perfectly, and on the whole, humming and buzzing even as it once did, before it was as it is now.
View attachment 7275693
Click to expand...
I hope you've never written any books.
 
Null said:
I'm being told the German thing is a front btw and the real issue is the lolicon.
Click to expand...
Gelbooru had the same issue with Korean authorities years ago, iirc they solved it by saving a cookie and requiring guests to go on a separate settings page and manually remove the blacklist. Problem is 8moe allows loli on all boards so you can't exactly blacklist them all.
Dreamy Girl said:
4chan tranny administration has to answer for lying about not storing e-mail addresses
Click to expand...
Technically it wasn't storing verification emails, only their hashed data to check if it had been used before and flag ban evaders, that's why there were no meaningful leaks of regular users who used their email. Still, it should have been disclosed
 
  • Informative
  • Like
Reactions: Vecr, stars., Dreamy Girl and 2 others
Null said:
View attachment 7275674

Someone alerted me that Mark's 8chan had ISP level issues. They're gonna get fucked because you can find lolicon within 2 clicks of the front page. They also decided to just steal the name 8chan to try and yoink more users from Watkins, but people in the industry know what 8chan is and they know it's the site that sparked a mass murder.

Edit: Actually it appears to be over the Krauts seeing the unhappy windmill.

View attachment 7275685
Click to expand...

Let me guess, the (((German government))) did it because of a hecking wrongthink?

edit: yes
 
  • Dumb
  • Like
Reactions: dumbledore and Dreamy Girl
I took a peek at the thread on Sharty in the /tech/ board about essentially trying to get Yotsuba fixed to run on modern PHP versions (there were deprecated calls that were unsupported in the next version so they just used a version from 2015 that went end-of-life/no security patches in 2016 rather than patching the site to run on a secure PHP backend version (at least, not until this hack]).

I don't expect Hiroyuki and the 4chan admins to take these people up on using anything being done openly, but who knows. My interest in popping by the thread there is more what observations have been made about the site code that would be technically interesting.

This is not earth shattering news since the thread started a few days ago and the anons have been looking at the code since then, but some of its info:
  1. 4chan was known to have a CAPTCHA and later a 15 minute timer if you didn't email verify on the first CAPTCHA without purchasing a pass. It was also known that if you posted from known public VPN ranges (most popular VPN services people buy access to), you'd be blocked from posting unless signed in with a pass.
    • What was not public, was speculated, and confirmed is that there was post filtering with multiple inputs (weighing of post content, the IP address/range it came from) that would cause the site to display a false post successful message and then silently discard the post. Anons would notice that the post would be discarded, but without any message that it was blocked for particular words/phrases/whatever, some assumed it was just bad site code, when actually posts were scored with homebrew code on a "threat level" that would effectively function as a form of shadowbanning.
    • There seems to have been board specific and global code for these "threats". Unfortunately, the list of words was in the actual MySQL database of the site, which if I trust the information I've seen, the actual entire DB was not leaked (ostensibly because it had information in it that the hacker said they didn't want to make public, like the identities/emails of pass holders.)
  2. There's just terrible, terrible coding practices all around.
    • Echo <HTML> functions in the middle of SQL (database) queries
    • Hardcoded credentials
    • Hardcoded paths, etc.
  3. The CAPTCHA that 4chan used beyond reCAPTCA and hCAPTCHA was internally dubbed twister, and all its source code leaked.
    • It may make automated spam worse on the site if people do more analysis of it, but that's not the scope of the thread (which is basically getting the old code working on a newer release).
  4. Desuwa is/was(?) associated with site admin, and after the leak uploaded site code under a WTFPL license (essentially declaring it public domain).
    • There's some skepticism that someone may have merely used Desuwa's account (hacked/compromised) because up to know its barely had any commits in history in the last 12 years.
    • Flip side is if the code was already leaked then if 4chan admins actually wanted public help coordinated, it would be easier on a code repo where people could pull, make changes, and then look to have them merged into prod branch.
    • It's also questionable given the origin of Yotsuba as software if someone can just declare it free.
    • If you're gonna study it, it's been leaked. If you want to use the code, it's of pretty questionable legality. Practically speaking that may not mean much. Whether or not there is code (from the original Futallby code moot said was "mostly gone" to BoingBoing circa 2012) that you can't just declare an open license because it isn't yours on or if it really was Desuwa/Desuwa is authorized to make that license declaration is unknown.
  5. There's over 200,000 lines of code in the leak, a good amount of it repeated for specific boards. Someone getting a semi-functional clone working in less than a week on a modern PHP version is pretty impressive. It's also being done in the shittiest way possible (no disrespect to the people doing it as a hobby, but having to beat your head against the wall as quickly as possible with dogshit code trying to get something to display/run is not giving it love, it's doing the minimum paint the walls/throw a carpet over the damaged flooring).
  6. Some random interesting tidbits included the janitor agreement terms (which did confirm in writing that you were doing it for free and sign on the line to acknowledge that) and apparently that a channel on bans discussion went from IRC to Discord.
The thread was interesting, but it hasn't really changed my opinion that trying to just get the bare minimum changes to get the site working at a breakneck pace is irresponsible. Someone with more interest and technical skill than me, probably multiple people, are looking at the dogfood that comprises the 4chan site code looking for a way to make their way in when it gets back online.
 
  • Informative
  • Like
Reactions: Ralph Epperson, Vecr, R8TheIr8andOverw8 and 21 others
NOOOOO! YOU CAN'T RAISE YOUR ARM AT THIS ANGLE!!! 😦
zeeg.webp
 
Last edited by a moderator:
  • Semper Fidelis
Reactions: mongrelmuch
One of the more interesting phenomena I've seen on altchans is the ability for a single person to impersonate or hijack threads with a spambot. The process seems to be:
  1. Find a thread you don't like. Or any thread, if you're a pointlessly destructive Sharty faggot.
  2. Scrape one of 4chan's archives for posts in prior threads related to the subject. You will need about two-thousand of them.
  3. Set up bot. I don't know how this is done. Pre-solve captchas and store them. I don't know how this is done either.
  4. Have bots on various IP addresses (VPN) begin posting old replies, responding to themselves. This is most effective when the replies are non sequitur, as it makes conversation impossible.
  5. Set bots to reply once every second. This also makes conversation impossible, since a human isn't going to think up a response to anything and post it before thirty replies appear.
  6. Have the bots report every post so the janitors have to sift through (eventually) thousands of reports, all of which are nonsense as they don't appear to break rules (but actually do because they're spam.) Legitimate users will be hit with any punishment doled out to bots, if you report them too.
  7. Hit the bump limit. Have bot create a new thread. Repeat from first step.
If done correctly this makes alternatives to 4chan largely unusable. 4chan itself seems to combat it (sort of) with the 15 minute post timer for new IP addresses and carpet-banning all possible VPN connections, which smaller altchans don't have the time nor resources to adequately do.
 
  • Informative
  • Like
  • Horrifying
Reactions: Vecr, A Series Of Tubes, stars. and 7 others
You must log in or register to reply here.
Back