[    [    [    [    [    [    [    b l o g g i n   s p a c e    wiki   ]    ]    ]    ]    ]    ]    ]

4chan

From blogginpedia
Jump to navigation Jump to search
4chanhack1.jpg

4chan has been hacked. The hack is largely attributed to individuals or a group associated with Soyjak.party, a rival imageboard also known as "The Sharty." The primary motive appears to be related to the restoration of the /qa/ board, which was banned on 4chan about four years ago. The sharty boys allegedly reinstated this board during the attack, demanding a space significant to their community. Additionally, the hack involved leaking moderator and janitor emails, source code, and internal communications, exposing and undermining 4chan’s moderation practices.

the process


Evidently, some sharty boys had access to root on 4chan's servers since 2021 and planned the hack for a few years. The attackers exploited vulnerabilities in 4chan’s outdated infrastructure, specifically an old version of PHP (potentially from 2016) and deprecated MySQL functions in a script called "yotsuba.php." This script, which handles post submissions and moderation, was a key entry point. Some reports suggest the hackers gained shell access to 4chan’s servers, allowing them to leak sensitive data like admin panels, source code, and moderator credentials. There’s also mention of an exploit involving PDF uploads, where a malicious PDF could execute PostScript commands via an outdated Ghostscript version, granting shell access.[1]

4chanhack2.jpeg
4chanhack10.png

what to do


Commentary and help from our friends in the east:

gallery


Oh well, despite the fact that people are crying about it and saying "this is the end," 4chan will probably be back in a few hours. Reminder: you are here forever.

stuff


Quote.png So 4chan very likely got hacked because they were running on an extremely out of date version of PHP that has a lot of vulnerabilities and exploits and are using deprecated function to interact with there MySQL database. Web security 101: Keep your code and software up to date. Quote1.png

it's back!!! (kinda)


Still standing
TL;DR
Anonymous 02:38, 1 June 2025 (EDT)
Andy.jpg
On the afternoon of April 14th, a hacker using a UK IP address exploited an out-of-date software package on one of 4chan’s servers, via a bogus PDF upload. With this entry point, they were eventually able to gain access to one of 4chan’s servers, including database access and access to our own administrative dashboard. The hacker spent several hours exfiltrating database tables and much of 4chan’s source code. When they had finished downloading what they wanted, they began to vandalize 4chan at which point moderators became aware and 4chan’s servers were halted, preventing further access.

Over the following days, 4chan’s development team surveyed the damage, which to be frank, was catastrophic. While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion. Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns.

We had begun a process of speccing new servers in late 2023. As many have suspected, until that time 4chan had been running on a set of servers purchased second-hand by moot a few weeks before his final Q&A, as prior to then we simply were not in a financial position to consider such a large purchase. Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services. Putting together the money for new equipment took nearly a decade.

In April of 2024 we had agreed on specs and began looking for possible suppliers. Money is always tight for us, and few companies were willing to sell us servers, so actually buying the hardware wasn’t a trivial problem. We managed to finalize a purchase in June, and had the new servers racked and online in July. Over the next few months we slowly moved functionality onto the new servers, but we had still been relying on the old servers for key functions. Everything about this process took much longer than intended, which is a recurring theme in this debacle. The free time that 4chan’s development team had available to dedicate to 4chan was insufficient to update our software and infrastructure fast enough, and our luck ran out.

However, we have not been idle during our nearly two weeks of downtime. The server that was breached has been replaced, with the operating system and code updated to the latest versions. PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ - Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files. We are bringing on additional volunteer developers to help keep up with the workload, and our team of volunteer janitors & moderators remains united despite the grievous violations some have suffered to their personal privacy.

4chan is back. No other website can replace it, or this community. No matter how hard it is, we are not giving up.[2]

Anonymous 02:38, 1 June 2025 (EDT)
4chanuptime.jpg
>impblying


further reading


references


4chan is part of a series on Websites