4chan Has Been Down Since Monday Night After 'Pretty Comprehensive Own' (arstechnica.com) 22
4chan was reportedly hacked Monday night, with rival imageboard Soyjack Party claiming responsibility and sharing screenshots suggesting deep access to 4chan's databases and admin tools. Ars Technica reports: Security researcher Kevin Beaumont described the hack as "a pretty comprehensive own" that included "SQL databases, source, and shell access." 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities. Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version. In other words, there's a possibility that the hackers have gained pretty deep access to all of 4chan's data, including site source code and user data.
Stopped updating in 2016 (Score:2)
Re:Stopped updating in 2016 (Score:4, Informative)
Nah. They've been working on it actively. Trying to mine users information (it was supposed to be an anonymous board) for marketing purposes. "Either put up with a 15 minute delay to post or verify your e-mail address with us."
And they had ClownFlare working with them. To make sure everyone had JavaScript turned on. So their scammy banner ads would work.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Actual Attack Vector (Score:5, Interesting)
"Contrary to popular belief, it was not SQL injection. /po/, /qst/, /sci/, /tg/)
The exploit is such:
4chan allows uploading PDF to certain boards (/gd/,
They neglected to verify that the uploaded file is actually a PDF file. As such, PostScript files, containing PostScript drawing
commands, can be uploaded.
Said PostScript file will be passed into Ghostscript to generate a thumbnail image.
The version of Ghostscript that 4chan uses is from 2012, so it is trivial to exploit.
From there, we exploit a mistaken suid binary to elevate to the global user."
Re:Actual Attack Vector (Score:4, Insightful)
Re: (Score:2)
It started at -1; OP apparently spends most of their time being a troll.
Exactly the kind of poster most likely to be informed about the topic at hand.
Re: (Score:1)
It's been dead since around 30 min after the sharty poster gained complete control, the homepage may still be up but that is hosted separately from the boards. It'll likely take weeks to repair unless they're willing to risk another hack due to not completely patching all the spaghetti code
Re: (Score:2)
And they rejoiced (Score:2)
I've never seen such an uplifting post on /.
Too bad 4Chan went down after their members took over the US government.
Re: Oh no! (Score:2)
My guess would be try to link email addresses to public figures and try to blackmail them with the threat of releasing all of their posts
Hey there mr politician, I see you post some pretty racist stuff on 4chan, would be a shame if it went public in time for the next election
4chan, the sphincter of the internet (Score:5, Interesting)
Historically, if 4chan had an outage for any length of time, the rest of the internet would suffer what was released upon it.
Reasonable forums would be overrun with trolling and shitposting.
No idea if that still holds true, or if 4chan is even still relevant. But it used to do the job of holding in all the excrement and keeping it away from the rest of us.
I am betting that they still don't just stop posting just because 4chan is down. Reddit mods are probably having a very bad day
Not PHP (Score:4, Insightful)
This isn't a PHP issue, this is literately they "fed stuff to ghostscript via php" thus ghostscript ran postscript code inside the webserver process.
Like on it's face this is a pretty basic, dumb, hack. A properly secured site, regardless of the PHP version would not run "non-php" shell programs. All it would have taken is uploading a PDF file that grabbed a known file (eg index.php) and post it, and then figure out the configuration data from that.