![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
paserbyp
Starting on Monday night, users began reporting a mass outage at the 4chan.org domain, which has persisted for the last 12 hours, according to Downdetector.com. But during the outage, users spotted evidence that 4chan suffered a breach that enabled a hacker to gain access to the site. This includes a screenshot that apparently shows an account from 4chan’s owner Hiroyuki Nishimura writing: “LOL HACKED I LOVE DICKS.”
Another post from the hijacked Nishimura’s account indicates the hacker gained access to the backend administrative site for 4chan. The same screenshot shows that 4chan runs on an old version of PHP, a scripting language for websites.
As a result, users suspect the hacker exploited age-old vulnerabilities in 4chan to conduct the takeover. A rival imageboard at Soyjak.party has also been celebrating the site’s shutdown.
t’s possible someone at Soyjak.party was involved in the hack since the 4chan board for questions and answers was briefly changed to say “SOYJAK.PARTY WON.” The Soyjak.party site has also been posting screenshots that show the hacker was able to access moderator functions for 4chan. This includes accessing the ability to ban 4chan users, revealing their IP address, ISP, and geographic location.
In addition, links have appeared on Soyjak and on another web forum, Kiwi Farms, that claim to contain data stolen from 4chan, including the usernames and email addresses for hundreds of moderators. So, it’s possible the hacker may have stolen email address information for all registered users of the site.
no subject
Date: 2025-04-28 09:02 pm (UTC)In addition, the whole incident could have been avoided if 4chan’s development team had routinely installed security patches. The messaging board says an attacker “exploited an out-of-date software package on one of 4chan’s servers, via a bogus PDF upload.”
“With this entry point, they were eventually able to gain access to one of 4chan’s servers, including database access and access to our own administrative dashboard,” 4chan wrote in a blog post(More details: https://blog.4chan.org/post/781845918774394880/still-standing). “The hacker spent several hours exfiltrating database tables and much of 4chan’s source code.”
The breach happened on April 14, culminating in the hacker vandalizing 4chan’s site. “While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion,” 4chan’s blog post adds.
4chan didn’t mention the exact vulnerability exploited or how many users were affected in the breach. But the hacker behind the incident leaked screenshots and computer code that suggested 4chan ran on a years-old versions of PHP, a scripting language for websites, and FreeBSD, an OS for servers.
s for why it didn’t install the patches, 4chan blames the site’s dire financial situation. Advertisers and web hosts have long shunned the messaging board over its controversial content.
“Ultimately, this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns,” 4chan said.
The blog post adds that 4chan had been trying to deploy new servers since 2023, but a lack of funding and a slow migration process prevented it from being done before April 14. 4chan has since installed the security patches. “The server that was breached has been replaced, with the operating system and code updated to the latest versions,” the blog post said.
Still, some 4chan users are worried the site could suffer another hack since its funding problems persist. However, the blog post notes: “We are bringing on additional volunteer developers to help keep up with the workload.”
It's unclear who is behind the hack. 4chan merely sourced the hijacking to a UK-based IP address. But a rival message board, Soyjak.party, might have been involved since the hacker who vandalized 4chan at one point posted the words: “SOYJAK.PARTY WON.”