/operate/ - Endchan Operations

 >>/29851/
My role signature.

What the heck.

Ah I was logged out.

I'm the culprit. AMA.

 >>/29851/
Two notes:
1. "root" is not the server root. The site engine calls the top role - above the admin - as root. See the Moderation Manual of Endchan. The "root" role allows access to Endchan's moderation pages with Root privileges, which comes with what I wrote in OP.
2. passwords are stored hashed, and similarly to emails that would have needed access to the database itself.

 >>/29855/
Which LLM did you use?

 >>/29857/
ChatGPT.

I noticed new commits for lynxchan and saw that the fork for endchan was last updated in 2020. Gross negligence if I dare say so. If I didn't turn every global volunteer into a "root", they probably wouldn't have noticed it at all lul

Monk could have prevented it...

 >>/29858/
Monk?

 >>/29855/
Your a faggot I dont know you. I did the hack to get the IP's so I can sell the data on the dark web. I can see your IP too and its says you are 100% full of shit.

 >>/29861/
You got me, I admit defeat

 >>/29861/
> I did the hack to get the IP's so I can sell the data on the dark web. I
That's going to bring millions, if not billions! Did you get the public or the private IPs? I heard the private ones are hard to route.

Good, go back to 4chan you faker before I destroy your computer, I can do that now that i got root access on your IP.

 >>/29863/
I used a reverse proxy AI hack, it was easy.

snaptik_76... mp4
(2.7 MB, 720x1280 h264)

 >>/29864/
I cannot be stopped.

 >>/29865/
I'll engine x you!

Why are you still running this site you useless retards? 2 years ago you let people upload custom css that could be used to get lurkers ip addresses with ip grabbers and now your entire site got hacked. You're low iq and can't run a site properly and you don't give a shit about your users either. Take down this website if you have any dignity left. I recommend whoever reads this to stop using this website right now

snaptik_76... mp4
(807.41 KB, 576x1246 h264)

 >>/29868/

 >>/29868/
Wouldn't this be easily avoidable with a proper content security policy?

 >>/29870/
I meant the css ip thingy

 >>/29868/
yeah but you cant find the delisted boards which is the only place my IP was, LOOOOOOL

 >>/29851/
too bad :/

 >>/29872/
Did you shit in the pan?

 >>/29851/
Hope you'll use this incident as an opportunity to get better and more secure, find other potential bugs and exploits in your engine before anyone else will do it.
Stay strong.

 >>/29868/
Not real problem if people use Tor Browser
https://www.torproject.org/download/

 >>/29851/
Also possible: board transfer, checking board ownership (but not BVs) with last login time, tho logs show board staff usernames.

 >>/29876/
boards can ban tor users and whole ip ranges from vpns

 >>/29851/
What exactly was in the logs e.g. only IPs for posts or views and downloads too and what was the period affected?

role-escalation-... png
(41.82 KB, 403x487)

 >>/29879/
Several things to address and clarify in your question.
> period
The logs says first escalation was on 2026 February 11th at 12:44, which means we discovered it about 20 hours later. These logs are accessible from the home page, scroll down a lot.
> logs
There are more logs generated by the engine that aren't published to that page. These logs aren't accessible with global Root privileges, no option in the moderation view or elsewhere.
> views and downloads
The engine doesn't log views and downloads - it's stated in the FAQ too.
> IPs
As for the IPs. When a user is a board or global staff member he can see IP hashes (and ranges) at posts in thread moderation view. For Root, there's an IP instead. So if they wanted to get IPs they had to open each thread. In theory they could harvest with a scraper. I don't know if this was done or not.

 >>/29880/
The timestamps there are UTC. In case it's not clear.

 >>/29881/
Из-за тебя некоторых людей убьют, других в тюрьмах сгноят. Как ты будешь нести ответственность?

1 webp
(26.02 KB, 640x678)

 >>/29880/
> superguy
This is hilarious. I imagine pic for some reason.

 >>/29882/
А он и не должен нести ответственность. Ты же не подписывал никакой договор, когда решил пользоваться этой бордой, по которому он бы нёс ответственность за сохранность твоих данных? Нет. Вот и всё. А что до морального аспекта, ему в Австралии / Новой Зеландии или где он там по большей части на это прохладно, я думаю. Лучшее что он может сделать в такой ситуации, это  >>/29875/ не допустить повторения чего-то подобного.

Также удвою  >>/29876/. Для polru-шизиков и люbbителей ПАВ это актуально как никогда, на любом ресурсе. Ответственность за человека в первую очередь несёт этот же самый человек, сам за себя, а не кто-то другой.

 >>/29880/
Thx for the clarifications.
Basically, root can see IPs of every post on Endchan, even the for the ones created many years ago.

> So if they wanted to get IPs they had to open each thread. In theory they could harvest with a scraper. I don't know if this was done or not.
Obviously this was the point.

I have no account and I always use a VPN. Checked my network and background OS processes and everything seems fine, nothing abnormal is running in the background or sniffing my traffic. I do use a very secure alternative web browser too (no telemetry, no webgl, no webrtc, no geo api, no camera or mic access because physically disconnected). Everything seems fine for me.

 >>/29878/
Boards that ban Tor and VPN = avoided bro. That's just 101 opsec.

How long were users' IP addresses stored?

 >>/29885/
You know that your very special alternate browser just makes you unique among all users and thus trackable? Tor Browser is the only way to go because every tor user looks the same

 >>/29884/
> Basically, root can see IPs of every post on Endchan, even the for the ones created many years ago.
Yes.
 >>/29888/
> How long were users' IP addresses stored?
Until the post gets deleted or thread gets bumped off (deleted).

 >>/29876/
yeah basically. I don't understand the mouthbreathing variety of the imageboard user who's not behind tor plus 7 proxies at all times. I'm not even alluding to the possibility of a malicious admin. these hacks can and do happen. oh well. survival of the fittest I guess?

 >>/29891/
Indeed. Fit people don't sit at the computer.

image (18) png
(200.86 KB, 446x366)

 >>/29851/
i already complained months ago, and to you personally i think, that powertripping BV's (such as "endmin" of endchan.org/ttg) are doing weird stuff such running scripts which track IP hashes to try to discern users or running scripts to delete hundreds of posts, going back months, which are not did not break any rules, just because they have a personal grudge. allowing this sort of stuff is just a testament to the carelessness which lead to what can be presumed complete leak of all IPs
i had trust in endchan's security, so for the past year i have been posting exclusively from my bare home IP. now all bad actors know i reside in lesotho. thank you shiban.

always practice safe text boys
dont rawdog the internet and especially sites that have a particularly annoying pedo spammer
thx for the warning tho op

 >>/29891/
Not sure if you could easily do this but the best opsec would be to run a 'burner laptop' (laptop with no personal info/never used for anything personal) with Linux installed, connected to a VPN network, then run another OS on a virtual machine that you can route through the Tor network, isolating any internet traffic from the virtual machine from the host burner laptop. This way it's near impossible to trace anything.

Although to be fair I do believe this is a bit overkill unless you are actually engaging in some sort of high risk illegal activity. I prefer using an old burner laptop with a VPN and if it was ever hacked there is no personal data or online account information to steal from it.

 >>/29889/
> every tor user looks the same

Nope

 >>/29896/
If you don't edit about:config and keep the default resolution, yes.

 >>/29893/
always the most pathetic retard of every thread or chat you show up to, how do you do it?

 >>/29898/
your dedication in following him everywhere is a sign of true homsexual desire

image (9) png
(217.73 KB, 493x383)

easychan net png
(55.34 KB, 930x926)

 >>/29898/
my ops (including you) are praying on my downfall, and they think this IP hack is a dub for them. the more pathetic thing is saying that they wish this hack will lead to me getting raped by a pack of feral niggers
 >>/29899/
so true

 >>/29893/
 >>/29901/
who is that lady?

 >>/29899/
> biggest news on the whole site
> believes everyone came here following him
god you are delusional
anyways, this is a nothingburger, any bad actor that could suffer consequences from their posts uses a vpn

 >>/29897/
> it is practically impossible to make all Tor Browser users identical
https://support.torproject.org/tor-browser/features/fingerprinting-protections/

timing attacks btw

 >>/29903/
> its not like im an obsessed stalker or anything....
perfect tsundere response

 >>/29906/
the baby at every christening, the bride at every wedding and the corpse at every funeral

 >>/29899/
True love shows no bounds.

 >>/29902/
That's a man!

 >>/29911/
Yes Whizzy.

 >>/29912/
Whizzy prefers the 98 octane or the Diggers metho

fuck chabad png
(72.52 KB, 779x325)

Why mods in polru delete this everytime? I told you there is the kike nest. Enjoy your chabad, goyim

 >>/29915/
You were shutdown.

how about you anonymize old posts you retards

 >>/29917/
don't be a rude cunt, you cunt

What are your bets lads, you think it was a cheeky slav or someone with a vendetta against a specific board most people here don't even use?

 >>/29919/
Sure as fuck wasn't that retart IGA

The sharty user who hacked 4chan was on the sides of the posters. I hope that Mr. Superguy is as well and doesn't use whatever he potentially scraped for anything that harms innocent people by infringing on their privacy. I have to imagine that the vast majority of users aren't using Tor or VPNs every single time they post. Some boards here involve pretty dire circumstances. Superguy, don't screw over everyone with whatever you're doing. If you have a few enemies, that's fine, but protect everyone else.

 >>/29921/
> Some boards here involve pretty dire circumstances
yeah, bonbibonkers general is terrible

 >>/29920/
I do find this post  >>/29872/ and this interesting:
> but you cant find the delisted boards which is the only place my IP was
Similarly the delisted board on wrongthink was found and then some retard mysterious speaks about the same thing here.

 >>/29920/
 >>/29923/
tf is IGA

 >>/29924/
I think it's the same guy that hacked 4chan.

 >>/29921/
I hope he leaks all the post histories. I want to have a good laugh.

 >>/29891/
Maybe i am being stupid but i dont see what having ips that arent fresh is useful for
Like i switch my router off every day i go to bed and get a new ip every time it connets
This is only interesting if somebody somehow has same ip for long time and who has that anyway?

 >>/29933/
Certain bad actors have it out for specific people in specific cities, use your brain.

 >>/29893/
 >>/29901/
> Site gets hacked
> Retard schizo tries to use it to attack boards run by people he imagines are his mortal enemy by making up shit
Image is a piece of shit and really ought to be permabanned as he is on every other site.  When I saw the post about endchan being hacked I half thought this guy would be behind it.

ahahhahaa at least its not worse than 4chan xd

That was an obvious exploit. LOL. One would only need AI because StephenLynx wrote the engine in a way that it is spaghetti code, pure callback hell.

 >>/29937/
Errybody is Mr Robot in hindsight

 >>/29937/
I've been experimenting with other things on my board and XSS might be a problem soon for both Magrathea and the regular frontend.

 >>/29939/
the Cloudflare WAF should be able to drop most of that before it even hits the board logic

 >>/29940/
Why is it not stopping then? You can try it yourself.

No real harm done. Is this the kind of trust you were asking for, Shiban?

 >>/29941/
Do you have an example?

 >>/29941/
Might be a premium product

 >>/29934/
How do you gett the city from an ip all you get is an isps node location which is no more reliable than the country
I just checked with mine and some ip lookup site

next time you hack endchan, delete all the boards. you would do a favor to humanity.

 >>/29946/
Fuck off, Mr. Soy Redtard.

 >>/29946/
Some of the boards are actually pretty good, although you do have to look around for them as they are vastly outnumbered by retardation and spam too.

This hack just proves why you should never hand over your personal info to social media sites. That's why I refuse to join 4chan, Spotify, Discord, Facebook/Instagram and sadly I just added Roku devices to my blacklist too because they are starting to mandate digital IDs to access their TVs and media players. We desperately need more alternative sites and decentralized p2p networks for anonymous communication in the future or the internet is going broke and will be deeply at the mercy of hackers stealing everyone's personal info and internet history.

 >>/29937/
> pure callback hell.
thats just nodejs

 >>/29921/
В рашке сайт не открывается без впн или тора, поэтому да, мы сидим тут не с реальных айпи)) А ты как будто не знал этого, подзалупка?

super cool jpg
(331.4 KB, 2019x1276)

super cool 2 jpg
(202.43 KB, 5062x426)

 >>/29950/
Sir you are a very smart man.

Sir can you teach me to be an elite h4cker Sir?

image png
(353 KB, 1901x917)

 >>/29953/

 >>/29954/
This Sir is very clever, XSS is a very good coding and will make everyone very happy.

 >>/29955/
Let's hope not!

 >>/29954/
Seems like template injection, not just XSS or whatever the fuck is happening with those links. I don't think this engine will render templates but the second window shows it did (?)

 >>/29957/
> but the second window shows it did (?)
Sir, could he have clicked on embedded payload to do the needful in the second window?

The link Sir.

 >>/29953/
sir how do you look logs sir? you so mr robot

 >>/29960/
Sir, logs are here  >>/29953/ showing the reflective XSS injection. Please redeem!

 >>/29957/
LynxChan has a weird templating system but that does not allow for anything malicious. However, endchan's software is many years behind the latest LynxChan patch, and many vulnerabilities have been patched since, like the major hack recently, so there are undoubtedly more vulnerabilities like XSS present.

super cool 3 jpg
(126.75 KB, 2004x1434)

 >>/29962/
Sir, how do I make board flash pretty colours, it's so beautiful!

It also eats resources from what I can see.

Goddamn. Those people here panicking, how petty and insignificant are your real life problems? Somebody might have my IP. Oh no. I couldn't give less of a shit. I've been handing out my own doxx to people on the internet who promised to come kick my ass since the 1990s. Newsflash. Nothing happened. Get some real problems. Trade me for my fucking life.

 >>/29890/
Could you delete IP addresses e.g 48 hours after the post has been created? That's plenty of time to react to the report.

Moreover, if the board supports TOR, there's no sense in banning anybody whatsoever, then why even storing IP addresses?

 >>/29965/
На вас пиндосов вообще похуй что ваши айпи адреса слили. Трясутся в страхе руснявые аноны которые политику обсуждали в /polru/ и /polrus/ , их реально могут в турьму посадить за гнилой базар против Пыни.

 >>/29967/
Sounds like a user input issue tbqh

1a77f92c-1326-4... jpg
(125.74 KB, 912x1136)

magyarmin is a fat tranny dyke too busy chopping up 10 onions to add to his signature lamb goulash recipe than to perform basic maintenance necessary to update lynx.

have sex incel

> lynxchan
> lynxchan
> lynxchan
It's not lynxchan...

What a missing 'return' can do to a motherfucker.

 >>/29953/
 >>/29954/
 >>/29963/
What's this?

128258245724 jpg
(91.29 KB, 604x413)

JIy4y_yz_Qfc jpg
(54.66 KB, 604x580)

 >>/29967/
Europe and Slav anons in /pol/ could be jailed for their talk against Putin's people.

 >>/29970/
That's like saying WSL is not Linux

Please tell you didn't disclose the vuln without fixing it first.
 >>/29890/
Staff should never need to see IPs, not even the admin. IPs of hostile actors are worthless in the age of residential VPNs, "free" proxies and IPv6.
 >>/29917/
 >>/29966/
Not hard, you could even do it with a bash script. Crawl the post database table every X hours, check if a post is at least Y hours old, replace the ip field of the post row with NULL or a fake IP like 1.1.1.1 if the software can't handle null strings.

 >>/29969/
Nasty shit steamer

 >>/30007/
Cooking poo should be illegal

 >>/29965/
> since the 1990s
i wager you probably could get away with being an internet badass if someone got your IP back in those times but now it seems like you never know if a hacker is part of or has ties to some org and if that org is backed by a nation-state and if that org is sophisticated enough to do more than just delete your system32 folder. i would err on the side of caution with this site's security breach

 >>/30006/
Those foul underpigs shouldn't have been grunting about our President, Vladimir Vladimirovich Putin. Deal with the consequences now.

16712256762950 png
(1.73 MB, 960x1280)

 >>/30012/

 >>/29963/
why does my vpn turn off when i visit that board?

 >>/30015/
Adolf Hitler does not approve of VPNs.

 >>/30015/
I'm on tor and can say it doesn't do anything like that. It's just a stress test page that leaks memory. Maybe lunix is killing your vpn client due to the memory leak?

 >>/30017/
> stress test
makes sense. tried again and it crashed all my cheap android phone's apps

That's to keep people away from that place. There's nothing of value there. Move on.

 >>/30019/
Smart. Keep the testing environment isolated without visability.

dark and geeky jpg
(85.69 KB, 741x629)

 >>/30019/
It's got more values than u fag

 >>/29851/
> Yesterday (2026 February 11) users exploited a bug in the engine 

It happens. To pretty much every company and site out there. 
https://en.wikipedia.org/wiki/List_of_data_breaches

I'm generally familiar with these kind of priv elevation attacks.

To clarify, by IP you mean the hash values associated with those IPs?

I was going to say that people who visit sites other than big main websites should be smart enough to be using VPN but I think everyone everywhere who gives a shit should

Add this to Site Announcements, you scumbags.

nobody even cares that the JIDF runs the internet anymore dont even bother posting this you gay retard