In this video I discuss how 4chan.org was hacked by using old insecure php code in the backend of the sites software (yotsuba) which lead to the administrators being doxxed and having to take the s...
If they don’t fix the vulnerabilities their site had then putting it back online would just lead to continuous hacks. I’m guessing it’s going to be a massive overhall. 4chan was started by a 16 year old in 2003 and really hasn’t changed much since then.
The source code leaked is all custom code that hasn’t been updated since 2015 and uses functions that have been removed from PHP for being insecure since 2019. The hack supposedly took advantage of PDF uploads not being scanned for embeded code. 4chan uses a program called ghostscript to create thumbnails of uploaded PDFs but the version they use is from 2012 and the hackers likely used a known exploit to get it to run embeded PDF code.
So unless the other websites are also running software from a decade ago, they’re probably good.
If they don’t fix the vulnerabilities their site had then putting it back online would just lead to continuous hacks. I’m guessing it’s going to be a massive overhall. 4chan was started by a 16 year old in 2003 and really hasn’t changed much since then.
I wonder - does this put the other chans and kuns at the same risk of hacking or do they use different code?
The source code leaked is all custom code that hasn’t been updated since 2015 and uses functions that have been removed from PHP for being insecure since 2019. The hack supposedly took advantage of PDF uploads not being scanned for embeded code. 4chan uses a program called ghostscript to create thumbnails of uploaded PDFs but the version they use is from 2012 and the hackers likely used a known exploit to get it to run embeded PDF code.
So unless the other websites are also running software from a decade ago, they’re probably good.
Ah interesting. Yeah I wasn’t sure since they all sorta look the same and wondered if they were forks of each other or something.