Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
The Internet Security

4chan Has Been Down Since Monday Night After 'Pretty Comprehensive Own' (arstechnica.com) 30

Posted by BeauHD from the breaking-news dept.
4chan was reportedly hacked Monday night, with rival imageboard Soyjack Party claiming responsibility and sharing screenshots suggesting deep access to 4chan's databases and admin tools. Ars Technica reports: Security researcher Kevin Beaumont described the hack as "a pretty comprehensive own" that included "SQL databases, source, and shell access." 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities. Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version. In other words, there's a possibility that the hackers have gained pretty deep access to all of 4chan's data, including site source code and user data.

4chan Has Been Down Since Monday Night After 'Pretty Comprehensive Own' More | Reply

4chan Has Been Down Since Monday Night After 'Pretty Comprehensive Own'

Comments Filter:
  • "own" is more of... they left it to fend for itself.

    • Re:Stopped updating in 2016 (Score:4, Informative)

      by PPH ( 736903 ) on Tuesday April 15, 2025 @09:40PM (#65309187)

      Nah. They've been working on it actively. Trying to mine users information (it was supposed to be an anonymous board) for marketing purposes. "Either put up with a 15 minute delay to post or verify your e-mail address with us."

      And they had ClownFlare working with them. To make sure everyone had JavaScript turned on. So their scammy banner ads would work.

      • Re: (Score:1)

        by Anonymous Coward
        The 15 minute delay is if you don't have the cookie that indicates recent activity. They had too much trouble with bot posters that would post for the "first time". The side-effect is if you don't use a particular computer to post for a few days, the cookie expires and you have to go through the 15 minute delay again. And there are other ways to get around the ads. Slashdot made a change to ad blocking a few months ago that's much more annoying than what 4chan does.

        • Re: (Score:2)

          by allo ( 1728082 )

          Account with E-Mail or a cookie that is weeks old doesn't matter, you can be tracked over these weeks using the cookie.

    • Why would they stop updating? Seems completely illogical.
    • Nothing of value was lost...

  • Actual Attack Vector (Score:5, Interesting)

    by Hudson9 ( 10106782 ) on Tuesday April 15, 2025 @08:33PM (#65309083)

    "Contrary to popular belief, it was not SQL injection.
    The exploit is such:
    4chan allows uploading PDF to certain boards (/gd/, /po/, /qst/, /sci/, /tg/)
    They neglected to verify that the uploaded file is actually a PDF file. As such, PostScript files, containing PostScript drawing
    commands, can be uploaded.
    Said PostScript file will be passed into Ghostscript to generate a thumbnail image.
    The version of Ghostscript that 4chan uses is from 2012, so it is trivial to exploit.
    From there, we exploit a mistaken suid binary to elevate to the global user."

    • Re:Actual Attack Vector (Score:4, Insightful)

      by Valgrus Thunderaxe ( 8769977 ) on Tuesday April 15, 2025 @08:38PM (#65309091)
      The site is available (at this moment) so your claim can be tested. I wonder why it's been immediately modded down.

      • It's been dead since around 30 min after the sharty poster gained complete control, the homepage may still be up but that is hosted separately from the boards. It'll likely take weeks to repair unless they're willing to risk another hack due to not completely patching all the spaghetti code

      • The site is available (at this moment) so your claim can be tested. I wonder why it's been immediately modded down.

        Speaking of testing the claims. The site is *not* available. You may hit the landing page 4chan.org, but if you navigate to any board you'll get a Connection Timed Out error. It's been like this since before this story was published yesterday, and it's like this now.

        The only person here who deserves a downmodding is you.

    • Re: (Score:2)

      by Lehk228 ( 705449 )
      4chan being hacked with a .pdf file is kinda hilarious.

  • And they rejoiced (Score:3)

    by TheMiddleRoad ( 1153113 ) on Tuesday April 15, 2025 @09:21PM (#65309175)

    I've never seen such an uplifting post on /.

    Too bad 4Chan went down after their members took over the US government.

  • 4chan, the sphincter of the internet (Score:5, Interesting)

    by spazmonkey ( 920425 ) on Tuesday April 15, 2025 @10:32PM (#65309239)

    Historically, if 4chan had an outage for any length of time, the rest of the internet would suffer what was released upon it.
    Reasonable forums would be overrun with trolling and shitposting.
    No idea if that still holds true, or if 4chan is even still relevant. But it used to do the job of holding in all the excrement and keeping it away from the rest of us.
    I am betting that they still don't just stop posting just because 4chan is down. Reddit mods are probably having a very bad day

    • Reasonable forums would be overrun with trolling and shitposting.

      It's 2025. There's no reasonable discourse left on the internet. You can thank Trump for that, or Biden, or TDS, or the Climate Hoax, or the WuFlu, etc. etc. Honestly 4chan and it's children shouting the N word is child's play. I remember when it was actually newsworthy to see a troll draw a swastika, now you find them everywhere.

      I long for the days where 4chan was the worst of humanity on the internet.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      There could be consequences for some of the 4chan users. There are many .edu email addresses belonging to moderators, which include their full names.

  • Not PHP (Score:4, Insightful)

    by Kisai ( 213879 ) on Tuesday April 15, 2025 @10:43PM (#65309261)

    This isn't a PHP issue, this is literately they "fed stuff to ghostscript via php" thus ghostscript ran postscript code inside the webserver process.

    Like on it's face this is a pretty basic, dumb, hack. A properly secured site, regardless of the PHP version would not run "non-php" shell programs. All it would have taken is uploading a PDF file that grabbed a known file (eg index.php) and post it, and then figure out the configuration data from that.

  • The website was running on a version of Freebsd that was severely outdated. Version 10.1. A PDF exploit using Ghostscript allowed running a SUID binary to gain access. There is no excuse for running such an outdated version in 2025 when version 13.5 is out now. This is just laziness.

    • Laziness or cluelessness?
      The people running this site don't appear to know what they are doing, the ones who did have probably moved on to some role in the new gummint so expect those who are held to be responsible to be deported to El Salvador.

  • Seriously, it is like 4 lines of config to put that thing behind http auth and never have a problem with its security vulnerabilities again.
    Or use a desktop client for MySQL and don't install anything on your webspace.

  • Potentially, this means the entire 4chan user interaction chain and all posts and their language will be available for download. Then AI researchers will use it to study social networks and language. Then we will get 4chan regurgitated back to us by AI tools.

Slashdot Top Deals

"Been through Hell? Whaddya bring back for me?" -- A. Brilliant

Close