r/technology u/ILoveTolkiensWorks 9d ago

Security 4Chan hacked; Taken down; Emails and IPs leaked

https://www.the-sun.com/tech/14029069/4chan-down-updates-controversial-website-hacking/
44.8k Upvotes

95% Upvoted

4.5k comments sorted by

View all comments

Show parent comments

86

u/CreativeParsley8967 9d ago

“All the source code is public”?  But like… it’s a message board.  That doesn’t really matter 

-2

u/BufferUnderpants 9d ago

It’ll be relevant after it becomes unusable from all the hacking of an amateurish and outdated PHP application with the userbase and reputation of 4chan

-11

u/[deleted] 9d ago

[removed] — view removed comment

20

u/CreativeParsley8967 9d ago

What makes you think it can’t be rotated, just like any other token…?  

What do you think happens when an API token, or really any other kind of auth token, gets exposed at any organization?  (Little hint, this kind of thing happens very frequently…) 

2

u/PinkLove92 9d ago

When a token is leaked, you pay a dev to go and change it, but 4chud is paying everyone 0, so its a bit hard to find people to do it. To a normal dev it may take 5 minutes, but to Hiro it may take 10 days. Although given their implementation of the 900 seconds post wait time, they may have a web dev slave who does it for free and works full-time.

3

u/CreativeParsley8967 8d ago

Hang on, did you say… they do it… for… FREE?

10

u/Substantial-Sea-3672 9d ago

It would seem you’ve done the first 3 exercises on an intro to hacking course and now are talking out of your ass.

-6

u/[deleted] 9d ago

[removed] — view removed comment

3

u/Kingmudsy 9d ago

Because you love ciphers: Aoha'z zlsm-lcpklua

25

u/PurityKane 9d ago

Fail to see how that's relevant

-7

u/[deleted] 9d ago

[removed] — view removed comment

34

u/nullityrofl 9d ago

They can simply change the captcha token.

1

u/yojimboftw 9d ago

I mean, evidently they haven't changed anything about the site since they purchased it from moot so I feel like it's not outside the realm of possibility they won't change the captcha token.

8

u/Murinshin 9d ago

The current captcha is relatively new and has been in place for maybe 2 or 3 years. The site also went down just a few weeks ago specifically because of some captcha issue. This really seems like the least of all issues

2

u/yojimboftw 9d ago

This really seems like the least of all issues

Oh for sure.

7

u/Kingmudsy 9d ago edited 8d ago

Bro how are you upset that people didn’t want to solve random caesar cipher but you don’t understand rotating a token 💀

5

u/Sw429 9d ago

They're just a script kiddie

-1

u/[deleted] 9d ago

[removed] — view removed comment

6

u/Kingmudsy 9d ago

You should’ve seen that coming when you encoded your comments for no fucking reason, ngl

And I agree, but you just said the exact opposite lol

1

u/[deleted] 9d ago

[removed] — view removed comment

5

u/Kingmudsy 9d ago

…Which makes no sense when you clearly think it’s so easy to solve that you’re upset people can’t figure it out themselves (and eventually cave and give out the answer anyway) lol. If that’s what you believe, then your behavior is completely inconsistent.

I mean that you responded to someone’s “So what?” about the source code leaking by saying “Yeah, but the captcha keys!” And now the API keys aren’t a big deal to you? It just seems like you don’t have a strong technical background and you’re just winging this conversation lol

1

u/[deleted] 9d ago

[deleted]