4chan Returns, Details Breach, Blames Funding Issues, Ends Shockwave Board (slashdot.org) 47
"4chan, down for more than a week after hackers got in through an insecure script that handled PDFs, is back online," notes BoingBoing. (They add that Thursday saw 4chan's first blog postin years — just the words "Testing testing 123 123...") But 4chan posted a much longer explanation on Friday," confirming their servers were compromised by a malicious PDF upload from "a hacker using a UK IP address," granting access to their databases and administrative dashboard.
The attacker "spent several hours exfiltrating database tables and much of 4chan's source code. When they had finished downloading what they wanted, they began to vandalize 4chan at which point moderators became aware and 4chan's servers were halted, preventing further access." While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion. Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns. We had begun a process of speccing new servers in late 2023. As many have suspected, until that time 4chan had been running on a set of servers purchased second-hand by moot a few weeks before his final Q&A [in 2015], as prior to then we simply were not in a financial position to consider such a large purchase. Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services. Putting together the money for new equipment took nearly a decade...
The free time that 4chan's development team had available to dedicate to 4chan was insufficient to update our software and infrastructure fast enough, and our luck ran out. However, we have not been idle during our nearly two weeks of downtime. The server that was breached has been replaced, with the operating system and code updated to the latest versions. PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ — Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.
We are bringing on additional volunteer developers to help keep up with the workload, and our team of volunteer janitors & moderators remains united despite the grievous violations some have suffered to their personal privacy.
4chan is back. No other website can replace it, or this community. No matter how hard it is, we are not giving up.
The attacker "spent several hours exfiltrating database tables and much of 4chan's source code. When they had finished downloading what they wanted, they began to vandalize 4chan at which point moderators became aware and 4chan's servers were halted, preventing further access." While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion. Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns. We had begun a process of speccing new servers in late 2023. As many have suspected, until that time 4chan had been running on a set of servers purchased second-hand by moot a few weeks before his final Q&A [in 2015], as prior to then we simply were not in a financial position to consider such a large purchase. Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services. Putting together the money for new equipment took nearly a decade...
The free time that 4chan's development team had available to dedicate to 4chan was insufficient to update our software and infrastructure fast enough, and our luck ran out. However, we have not been idle during our nearly two weeks of downtime. The server that was breached has been replaced, with the operating system and code updated to the latest versions. PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ — Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.
We are bringing on additional volunteer developers to help keep up with the workload, and our team of volunteer janitors & moderators remains united despite the grievous violations some have suffered to their personal privacy.
4chan is back. No other website can replace it, or this community. No matter how hard it is, we are not giving up.
Re:It's dead Jim (Score:5, Insightful)
Everyone on 4chan is "Anonymous" and even with IP addresses you still have to go to an ISP to get identifying details, and they won't divulge anything without a search warrant.
Re: (Score:2)
They don't have to request data from ISPs, most what they would need to correlate the data has already been leaked...
This (Score:1)
Maybe something else will crop up to replace it but it won't be nearly as big because the normies won't show up. One of the things that made 4chan so huge is that had this bizarre mix of relatively normal people and the absolute worst dregs of the internet
Re: (Score:2)
"The point is nobody is going to trust 4chan anymore"
You say that like it's a bad thing
What are you going to say when you lose (Score:1)
Your job. One word stealth layoffs. There are always stealth layoffs. They target employees they know need to work from home. Typically there will be exceptions for any employees they can't afford to lose. This is basically a way for them to fire you without severance or without unemployment insurance. A friend of a friend who smokes a little weed just lost their job to random drug testing. He'd been working for that company for something like 10 years. But that's not the point, the point is to keep commerc
I mean the website is basically Russian propaganda (Score:2)
So I'm happy to see it go but I don't think it matters all that much in the scheme of things because the Russian propaganda machine coupled with the billionaire American propaganda machine basically has total and complete control over media in america. I mean yeah somebody will read my post and one of the trolls h
Re: (Score:2)
One of the things that made 4chan so huge is that had this bizarre mix of relatively normal people and the absolute worst dregs of the internet
More or less. Regardless of its flaws, 4Chan is one of the few places where you can still have an opinion that goes against the “bubble”. For example, if you try to post an opinion on Reddit that goes against the group's opinion you'll be banned very fast. And I'm not talking here about opinions that would actually be crimes or universally wrong, I'm talking about trivial things where the reason you get banned is merely to be different from what the group thinks, imagine things like “I li
Re:It's dead Jim (Score:4, Informative)
Or the data can be cross referenced with data from a hacked ad provider or common JavaScript cdn provider, either now or at a later date, to provide probable identity information...
Re: (Score:3)
Yeah, sure, trust the hacker.
And it doesn't matter that it's not been released right now, that can change at any point in the future - the fact is, the data is out of the control of the original site now, so you should be acting like it's public.
Re: (Score:2)
I'm not so worried. I've always posted pictures of my prince albert anonymously, and have not done so in ten years..
Re: (Score:1)
And everyone is using a VPN these days, often from another country with favorable peering for their activities. On the internet, no one knows I'm a dog posting from an IP address on Mars.
Re: (Score:3)
Moderators had email addresses leaked in the hack. Many of them contained their real names.
Re: (Score:2)
Somehow, Ashley Madison still manages to be around after their data breach and the resulting blackmail/divorces/whatever that ensued. Plus, I think you're kind of overestimating how much stigma is actually attached to being outed as an internet troll. Arguably, the richest man on the planet kind of fits that description.
Re: LOL you extreme right troll at -1 at least I (Score:2)
Yet libertarians are right wing.
Oh, I'm sorry, I didn't mean to interrupt your special "crazy time". Please, continue AC.
It was good while it lasted (Score:2, Informative)
We shall all remember the week without 4chan fondly.
Re: (Score:3)
No. Just no.
Every single online forum I visit felt the arrival of a new kind of users. That kind that makes discussions difficult and makes you wish that their website would go back online as fast as possible.
There's a rumor that the CIA is operating 4chan, or at least keeping tabs on it, and I can see a good basis for that rumor. It's basically a containment are for what we would rather not have somewhere else.
Re: (Score:1)
I hope they do the same with reddit servers
A week without 4chan (Score:1, Funny)
and nothing of value (Score:2)
Teenagers. WITH. (Score:2)
Funding issues (Score:4, Funny)
Am I really supposed to feel bad that the internet's second biggest cesspool is having trouble keeping the rent paid? Now I just have to ask ChatGPT to re-imagine Wikipedia's donation nag campaign if it was written by 4chan.
"Hi, it's us. Yes, those guys.
Every day, millions of people come to 4chan to post things they should probably never have thought, let alone typed out in full public view.
Against all odds - lawsuits, outrage, DDoS attacks, existential despair - we’re still here. But barely.
If everyone who used 4chan gave just $5, we could afford actual security instead of trusting in apathy and expired SSL certificates.
Instead of shutting down due to crushing incompetence, we could continue enabling bad memes, chaotic neutral trolling, and deeply questionable life choices for another year.
We know we're a mistake.
We know you know we're a mistake.
But we're your mistake.
Fund the disaster. Keep 4chan alive."
[Donate Now] [Make It Worse]
Oh god, ChatGPT nailed it.
Re: (Score:3)
I don't visit 4chan.
That attitude in a society would lead to slashdot shutting down. The US is very close to this point. Just the remarks about the republicans, Musk and Trump is enough reason for Trumpies to call slashdot "biggest cesspool".
The US is no longer a free society. The "woke" crowd that Trump is trying to stop is being replaced by a new "woke" crowd. Going after lawyers, judges, universities, media, etc... to push your opinion is the same attitude as promoting or hiring someone based on the colo
Re: (Score:2)
The US is no longer a free society.
We are not there yet, but I share your concerns based on the trajectory.
The "woke" crowd that Trump is trying to stop is being replaced by a new "woke" crowd.
The two-faced nature of free speech "advocates" within MAGA, like Shapiro, is the biggest disappointment for me so far. I cancelled my Daily Wire subscription over that and from what was reported a lot people did to the point that DW is in financial trouble now.
Going after lawyers, judges, universities, media, etc...
So far, Trump Administration's censorship is narrowly focused on going after anti-Israel speech. Yes, that alone is sufficiently bad to warrant condemnation, but it hasn't metast
Re: (Score:2)
Sure but the current admin isn't just censoring, they are deporting people based on beliefs, or as we would more alarmingly call them thought-crimes (and they say in court it they can on nothing but belief) [apnews.com]
You are allowed to have anti-Israel sentiments in America. You're allowed to have anti-America sentiments in America, that's like the *most American* thing you can do.
Trump said Sunday that he loves the idea of deporting incarcerated Americans to El Salvador, but that he doesn’t “know what the law says on that.” A reporter had asked Trump about El Salvadoran President Nayib Bukele’s offer to house American prisoners.
I do appreciate how we have to pretend like the current sitting US President "doesn't know" if it's legal to ship citizens to another cou
Re: (Score:2)
I'm assuming you're referring to sites being choked out because they've spooked all their potential sponsors?
Speech often has societal consequences. The concept of free speech has only ever meant that the government is not supposed to prevent you from or arrest you for speaking, it does not mean that you're guaranteed a platform or that some segment of society won't start referring to your EVs as "swastikars" because you did something that strongly resembled a Nazi salute on television.
Even if we looked at
Re: (Score:2)
Yes. You should be worried that they run out of money or talent to keep 4chan up, because you don't want these people ending up on sites you do enjoy, like here.
Blaming hardware... (Score:3)
Blaming old hardware for security flaws in your software is an interesting take and deflection. Upgrading hardware was never going to fix Ghostscript.
At best, I'm betting they ran apt update && apt upgrade, and called it good.
Re: Blaming hardware... (Score:2)
It's pretty natural if you run Windows.
And if your CPU is i386, then no reasonably new Linux kernel will run, either... /s
Re: (Score:2)
Blaming old hardware for security flaws in your software is an interesting take and deflection.
That's a pretty tone deaf comment in 2025, the year of the great Windows 10 hardware-software support security nightmare.
To be clear they probably are just bullshitting whatever, but hardware can absolutely be blamed for security flaws - when that updater say no.
4Chan has been dead for a while (Score:1)
They had been making u wait 900 seconds to post. Unless you gave them an email address.
Who's got that much time on their hands? Who doesn't have to worry about having their privacy violated because they are the violators?
The database that got exposed showed that there's only 1 country in the world that matches this criteria. Then it become clear why 4chan had so much bbc and gore posting.
Re: (Score:2)
Re: (Score:2)
someone who knows how to program a "fire and forget" posting script?
Unfortunately, you didn't get your CAPTCHA until the 900 second timer ran out.
Re: (Score:2)
With a fixed IP the cookies lasted a long while. It was mostly a pain for phone posters.
PDFs, Flash (Score:2)
PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ - Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.
Next, block .webm videos. Looks like they are already working in that direction by enabling .mp4 uploads.
4chan is a mossad honeypot (Score:1)
and has been for awhile. the whole Q-tard phenomenon is remake of the bolshevik "operation trust".
https://halturnerradioshow.com... [halturnerradioshow.com]