4chan Returns, Details Breach, Blames Funding Issues, Ends Shockwave Board (slashdot.org) 59
"4chan, down for more than a week after hackers got in through an insecure script that handled PDFs, is back online," notes BoingBoing. (They add that Thursday saw 4chan's first blog postin years — just the words "Testing testing 123 123...") But 4chan posted a much longer explanation on Friday," confirming their servers were compromised by a malicious PDF upload from "a hacker using a UK IP address," granting access to their databases and administrative dashboard.
The attacker "spent several hours exfiltrating database tables and much of 4chan's source code. When they had finished downloading what they wanted, they began to vandalize 4chan at which point moderators became aware and 4chan's servers were halted, preventing further access." While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion. Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns. We had begun a process of speccing new servers in late 2023. As many have suspected, until that time 4chan had been running on a set of servers purchased second-hand by moot a few weeks before his final Q&A [in 2015], as prior to then we simply were not in a financial position to consider such a large purchase. Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services. Putting together the money for new equipment took nearly a decade...
The free time that 4chan's development team had available to dedicate to 4chan was insufficient to update our software and infrastructure fast enough, and our luck ran out. However, we have not been idle during our nearly two weeks of downtime. The server that was breached has been replaced, with the operating system and code updated to the latest versions. PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ — Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.
We are bringing on additional volunteer developers to help keep up with the workload, and our team of volunteer janitors & moderators remains united despite the grievous violations some have suffered to their personal privacy.
4chan is back. No other website can replace it, or this community. No matter how hard it is, we are not giving up.
The attacker "spent several hours exfiltrating database tables and much of 4chan's source code. When they had finished downloading what they wanted, they began to vandalize 4chan at which point moderators became aware and 4chan's servers were halted, preventing further access." While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion. Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns. We had begun a process of speccing new servers in late 2023. As many have suspected, until that time 4chan had been running on a set of servers purchased second-hand by moot a few weeks before his final Q&A [in 2015], as prior to then we simply were not in a financial position to consider such a large purchase. Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services. Putting together the money for new equipment took nearly a decade...
The free time that 4chan's development team had available to dedicate to 4chan was insufficient to update our software and infrastructure fast enough, and our luck ran out. However, we have not been idle during our nearly two weeks of downtime. The server that was breached has been replaced, with the operating system and code updated to the latest versions. PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ — Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.
We are bringing on additional volunteer developers to help keep up with the workload, and our team of volunteer janitors & moderators remains united despite the grievous violations some have suffered to their personal privacy.
4chan is back. No other website can replace it, or this community. No matter how hard it is, we are not giving up.
Re:It's dead Jim (Score:5, Insightful)
Everyone on 4chan is "Anonymous" and even with IP addresses you still have to go to an ISP to get identifying details, and they won't divulge anything without a search warrant.
Re: (Score:2)
They don't have to request data from ISPs, most what they would need to correlate the data has already been leaked...
Re: (Score:2)
"The point is nobody is going to trust 4chan anymore"
You say that like it's a bad thing
What are you going to say when you lose (Score:2)
Your job. One word stealth layoffs. There are always stealth layoffs. They target employees they know need to work from home. Typically there will be exceptions for any employees they can't afford to lose. This is basically a way for them to fire you without severance or without unemployment insurance. A friend of a friend who smokes a little weed just lost their job to random drug testing. He'd been working for that company for something like 10 years. But that's not the point, the point is to keep commerc
I mean the website is basically Russian propaganda (Score:1)
So I'm happy to see it go but I don't think it matters all that much in the scheme of things because the Russian propaganda machine coupled with the billionaire American propaganda machine basically has total and complete control over media in america. I mean yeah somebody will read my post and one of the trolls h
Re: (Score:2)
To be fair, 4chan has been performing a valuable service in acting like the bilge pump of the internet for quite a while now. We need to have a place for the bilge of the internet to collect and congregate, as it makes the signal-to-noise ratio on every other site improve.
If 4chan was to go away permanently, do you think all the shitbirds that are regulars there would just stop being shitbirds, or would they disperse to any and every other forum out there making everything worse for everyone not interested
Re: (Score:2)
Naaaa
But didja ever hear about the Kesterson drain?
https://en.wikipedia.org/wiki/... [wikipedia.org]
See the part about contamination. Anything like 4Chan is kinda like that
Bad stuff happens when things get concentrated like that... Or if a ghetto is made
Re: (Score:3)
One of the things that made 4chan so huge is that had this bizarre mix of relatively normal people and the absolute worst dregs of the internet
More or less. Regardless of its flaws, 4Chan is one of the few places where you can still have an opinion that goes against the “bubble”. For example, if you try to post an opinion on Reddit that goes against the group's opinion you'll be banned very fast. And I'm not talking here about opinions that would actually be crimes or universally wrong, I'm talking about trivial things where the reason you get banned is merely to be different from what the group thinks, imagine things like “I li
Re: (Score:2)
As with all things, it depends on the community. There definitely is a lot of echo chamber subreddits out there where the snowflake moderators will tolerate zero divergence from the approved opinion, and those subs aren't worth the energy it takes to write the bits to disk. Getting banned from them is doing you a favor.
There are others where you can have discussion - much like here - where people can be open minded about dissenting views and listen / debate. Just like any other heterogeneous group of peo
Re:It's dead Jim (Score:4, Informative)
Or the data can be cross referenced with data from a hacked ad provider or common JavaScript cdn provider, either now or at a later date, to provide probable identity information...
Re: (Score:3)
Yeah, sure, trust the hacker.
And it doesn't matter that it's not been released right now, that can change at any point in the future - the fact is, the data is out of the control of the original site now, so you should be acting like it's public.
Re: (Score:2)
I'm not so worried. I've always posted pictures of my prince albert anonymously, and have not done so in ten years..
Re: (Score:1)
And everyone is using a VPN these days, often from another country with favorable peering for their activities. On the internet, no one knows I'm a dog posting from an IP address on Mars.
Re: (Score:3)
Moderators had email addresses leaked in the hack. Many of them contained their real names.
Re: (Score:2)
Somehow, Ashley Madison still manages to be around after their data breach and the resulting blackmail/divorces/whatever that ensued. Plus, I think you're kind of overestimating how much stigma is actually attached to being outed as an internet troll. Arguably, the richest man on the planet kind of fits that description.
Re: LOL you extreme right troll at -1 at least I (Score:2)
Yet libertarians are right wing.
Oh, I'm sorry, I didn't mean to interrupt your special "crazy time". Please, continue AC.
Re: (Score:2)
Vile. It's 'VILE' not 'VIAL'. Unless they were posting beakers and test tubes, then carry on.
It was good while it lasted (Score:3, Informative)
We shall all remember the week without 4chan fondly.
Re: (Score:3)
No. Just no.
Every single online forum I visit felt the arrival of a new kind of users. That kind that makes discussions difficult and makes you wish that their website would go back online as fast as possible.
There's a rumor that the CIA is operating 4chan, or at least keeping tabs on it, and I can see a good basis for that rumor. It's basically a containment are for what we would rather not have somewhere else.
Re: (Score:2)
No. Just no. Every single online forum I visit felt the arrival of a new kind of users. That kind that makes discussions difficult and makes you wish that their website would go back online as fast as possible.
It was almost as bad as when school lets out for the summer.
Re: (Score:1)
I hope they do the same with reddit servers
Re: (Score:2)
That's about like saying "man, it sure is quiet in the basement when the sump pump isn't running" not thinking ahead to what happens if it rains and the sump pump isn't working. The sump fills with nasty groundwater and overflows into the basement.
We need a working sump pump for the internet. 4chan was keeping that bilge somewhat contained - that's it's value to the rest of us.
A week without 4chan (Score:2, Funny)
and nothing of value (Score:2)
Teenagers. WITH. (Score:2)
Funding issues (Score:5, Funny)
Am I really supposed to feel bad that the internet's second biggest cesspool is having trouble keeping the rent paid? Now I just have to ask ChatGPT to re-imagine Wikipedia's donation nag campaign if it was written by 4chan.
"Hi, it's us. Yes, those guys.
Every day, millions of people come to 4chan to post things they should probably never have thought, let alone typed out in full public view.
Against all odds - lawsuits, outrage, DDoS attacks, existential despair - we’re still here. But barely.
If everyone who used 4chan gave just $5, we could afford actual security instead of trusting in apathy and expired SSL certificates.
Instead of shutting down due to crushing incompetence, we could continue enabling bad memes, chaotic neutral trolling, and deeply questionable life choices for another year.
We know we're a mistake.
We know you know we're a mistake.
But we're your mistake.
Fund the disaster. Keep 4chan alive."
[Donate Now] [Make It Worse]
Oh god, ChatGPT nailed it.
Re: (Score:3)
I don't visit 4chan.
That attitude in a society would lead to slashdot shutting down. The US is very close to this point. Just the remarks about the republicans, Musk and Trump is enough reason for Trumpies to call slashdot "biggest cesspool".
The US is no longer a free society. The "woke" crowd that Trump is trying to stop is being replaced by a new "woke" crowd. Going after lawyers, judges, universities, media, etc... to push your opinion is the same attitude as promoting or hiring someone based on the colo
Re: (Score:3)
The US is no longer a free society.
We are not there yet, but I share your concerns based on the trajectory.
The "woke" crowd that Trump is trying to stop is being replaced by a new "woke" crowd.
The two-faced nature of free speech "advocates" within MAGA, like Shapiro, is the biggest disappointment for me so far. I cancelled my Daily Wire subscription over that and from what was reported a lot people did to the point that DW is in financial trouble now.
Going after lawyers, judges, universities, media, etc...
So far, Trump Administration's censorship is narrowly focused on going after anti-Israel speech. Yes, that alone is sufficiently bad to warrant condemnation, but it hasn't metast
Re: (Score:3)
Sure but the current admin isn't just censoring, they are deporting people based on beliefs, or as we would more alarmingly call them thought-crimes (and they say in court it they can on nothing but belief) [apnews.com]
You are allowed to have anti-Israel sentiments in America. You're allowed to have anti-America sentiments in America, that's like the *most American* thing you can do.
Trump said Sunday that he loves the idea of deporting incarcerated Americans to El Salvador, but that he doesn’t “know what the law says on that.” A reporter had asked Trump about El Salvadoran President Nayib Bukele’s offer to house American prisoners.
I do appreciate how we have to pretend like the current sitting US President "doesn't know" if it's legal to ship citizens to another cou
Re: (Score:2)
I'm assuming you're referring to sites being choked out because they've spooked all their potential sponsors?
Speech often has societal consequences. The concept of free speech has only ever meant that the government is not supposed to prevent you from or arrest you for speaking, it does not mean that you're guaranteed a platform or that some segment of society won't start referring to your EVs as "swastikars" because you did something that strongly resembled a Nazi salute on television.
Even if we looked at
Re: (Score:2)
Yes. You should be worried that they run out of money or talent to keep 4chan up, because you don't want these people ending up on sites you do enjoy, like here.
Blaming hardware... (Score:4, Insightful)
Blaming old hardware for security flaws in your software is an interesting take and deflection. Upgrading hardware was never going to fix Ghostscript.
At best, I'm betting they ran apt update && apt upgrade, and called it good.
Re: Blaming hardware... (Score:2)
It's pretty natural if you run Windows.
And if your CPU is i386, then no reasonably new Linux kernel will run, either... /s
Re: (Score:3)
Blaming old hardware for security flaws in your software is an interesting take and deflection.
That's a pretty tone deaf comment in 2025, the year of the great Windows 10 hardware-software support security nightmare.
To be clear they probably are just bullshitting whatever, but hardware can absolutely be blamed for security flaws - when that updater say no.
4Chan has been dead for a while (Score:1)
They had been making u wait 900 seconds to post. Unless you gave them an email address.
Who's got that much time on their hands? Who doesn't have to worry about having their privacy violated because they are the violators?
The database that got exposed showed that there's only 1 country in the world that matches this criteria. Then it become clear why 4chan had so much bbc and gore posting.
Re: (Score:2)
Re: (Score:2)
someone who knows how to program a "fire and forget" posting script?
Unfortunately, you didn't get your CAPTCHA until the 900 second timer ran out.
Re: (Score:2)
Re: (Score:2)
With a fixed IP the cookies lasted a long while. It was mostly a pain for phone posters.
PDFs, Flash (Score:2)
PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ - Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.
Next, block .webm videos. Looks like they are already working in that direction by enabling .mp4 uploads.
4chan is a mossad honeypot (Score:1)
and has been for awhile. the whole Q-tard phenomenon is remake of the bolshevik "operation trust".
https://halturnerradioshow.com... [halturnerradioshow.com]
"Malicious PDF" (Score:3)
Two words that should never have been put together are "Malicious" and "PDF" -- Adobe Reader and Adobe Flash are two of the most vulnerable pieces of software ever written. A document viewer should not be able to compromise an entire server! There is something fundamentally wrong about the foundations of software engineering that such a thing is even possible. This is equivalent to a poorly designed lawnmower destroying company HQ.
Re: (Score:2)
Also, why the hell is anything that does automatic parsing of PDF not jailed to prevent this kind of crap? It's not like malicious PDFs are a new concept - this has been a thing for like 10 years or more.
Incompetence. That's why.
wretched hive of scum and villainy (Score:1)
Nuke it from orbit. It's the only way to be sure.