/operate/ - Endchan Operations

Let us know what's up

Boards | Catalog | Bottom

Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


PSA: Block bypass has been enabled for some IPs Balrog Board volunteer 05/17/2016 (Tue) 14:23:15 [Preview] No. 4154 [Reply]
I found where that spam full of random garbage is coming from. It doesn't have any discernable pattern so we can't use the autoban addon to remove it, but it's all coming from the same /24 range of IPs in Russia so we can just rangeban it. The problem is that Lynxchan currently only does /16 rangebans, which would result in substantial collateral damage. To counter this I'm enabling the block bypass function.

If you are rangebanned, you can use the block bypass function to solve a CAPTCHA and bypass the rangeban. This requires your browser to store a "bypass" cookie. No CAPTCHA will be required to post if your IP has not been subject to a rangeban. Block bypasses last for 24 hours or 50 posts.

I've already asked StephenLynx about adding a second, smaller rangeban level.
7 posts omitted.


Anonymous 01/21/2017 (Sat) 17:47:45 [Preview] No. 5616 del
>>5615

can confirm this.

I'm using Tor browser with js disabled and after filling in CAPTCHA I'm not redirected to my post (actually my post does not get posted either).

Workaround for now is to fill in the CAPTCHA, redirect to board manually and then write a post, which is kind of annoying.

Can you look into it somehow?


Anonymous 01/21/2017 (Sat) 18:04:22 [Preview] No. 5617 del
>>5615
3rd to confirm this. I brought this up on tech and while I am grateful for the tor support. After the block bypass was implemented I have not been able to post without enabling some sort of cookies or javascript. It may have to do with the redirection. You can not post in a lightweight browser or a heavily about:configured firefox fork without being redirected to the login page.


odilitime Board owner 01/22/2017 (Sun) 23:04:08 [Preview] No. 5619 del
>>5615
I can't reproduce. I'm logged out, go to /test/ (Tor Browser, JS off, cookies on), create post, either takes to the block bypass page if I don't have one, or just creates the post.

>>5617
>I have not been able to post without enabling some sort of cookies or javascript
Cookies have to be enabled

I can post fine with torbrowser with JS off and cookies on. And I can't fix anything I can't reproduce since I can't dig into to get the details. So anything more you can provide would be really helpful, settings, version numbers (OS, browser), net capture, etc.


Anonymous 01/23/2017 (Mon) 04:01:41 [Preview] No. 5620 del
>>5619
Alright. Lets use the links2 modified for tor use with the settings in /os/. That is one example of this. I do not know why it does this in firefox so maybe that can help deduce the issue.


Anonymous 01/23/2017 (Mon) 08:31:11 [Preview] No. 5622 del
>>5619

>>5619

Are you sure redirection happens automatically after typing CAPTCHA in block bypass page?

I'm using Tor browser in gentoo 64bit multilib with js disabled (cookies on) but I have to manually navigate to other page after finishing CAPTCHA to have block bypass effect.

Can you show us your about:config?



FILE SUPPORT THREAD odilitime Board owner 01/23/2016 (Sat) 08:43:14 [Preview] No. 1017 [Reply]
What file types do we don't support that you would like us to add?

Making an official thread to keep on top of this better. Most of these are relatively easy to add.

I'm not quite sure why LynxChan has a filter on these. It maybe easy to start a list of what we don't want.

IF YOU ARE HAVING PROBLEMS, TEST HERE AND LET USE KNOW THE MIME TYPE YOU GET:
http://mime.ritey.com

Here's the current list:
application/download,
application/epub+zip,
application/gzip,
application/pdf,
application/vnd.adobe.flash.movie,
application/x-7z-compressed
application/x-7z-compressed,

Message too long. Click here to view full text.

Edited last time by odilitime on 06/05/2016 (Sun) 10:44:34.
143 posts and 21 images omitted.


Anonymous 11/11/2016 (Fri) 12:52:22 [Preview] No. 5227 del
>>7368
Why "Bad Gateway"? I can upload images (even if concatenated with archive) but not zip/7z.


Anonymous 11/18/2016 (Fri) 05:29:42 [Preview] No. 5241 del
(45.62 KB 466x345 audio_mp3.png)
audio/mp3
please.


odilitime Board owner 12/06/2016 (Tue) 02:04:19 [Preview] No. 5429 del
>>5241
Just checked the server list. It's already there.


Anonymous 01/15/2017 (Sun) 06:40:30 [Preview] No. 5587 del
>>1017
hey odil
can you add mng
https://archive.is/V4K4D



odilitime Board owner 09/08/2016 (Thu) 05:12:04 [Preview] No. 4983 [Reply]
I had a development server breached that I had an old development copy of the Endchan database (without media).

All users are advised to change their passwords ASAP.

Development server was breached used an redis/ssh exploit. Redis was installed and usually ran as a user but recently doing some development work, I accidentally started it up as root to look something up and left it running. Redis then can write to your ssh keys and insert unwanted keys and allow root access. All files in /root and /home were removed and a note was left:

>Hi, please view here: http://pastebin.com/raw/vadfLyDS for information on how to obtain your files!

Luckily I have bandwidth logs on that box and I can see there was nothing transferred out of the box. So my guess is they just deleted the files. The nature in which they left the machine leads me to believe this was an automated attack (plenty of other meaningful data directories were left alone).

The copy of Endchan's data is left untouched on this development server. However the dump that was used to transfer the copy was still likely in the /root directory that was deleted. I will get the date of the data copy as soon as I can do some data recovery on that machine, I estimated the copy to be an early 2016 Q2 dump. This server is now offline.

At Endchan, we want to be as transparent as we possibly can and even though we do not believe anything was leaked, we cannot rule out nothing happen with 100%. And even if we could be certain that nothing was at risk, we still want to report anything of this nature to our users.

I fucked up, I'm sorry for any troubles this may and has caused any of you.

Please let us know any questions you may have.
12 posts and 4 images omitted.


Anonymous 11/29/2016 (Tue) 09:52:50 [Preview] No. 5343 del
Why is/was your development/test server accessible online? Can't keep >>4986 over this mishap. Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers?
>>4998
>crazy NSA shit transmitting the data offsite without the transmission being logged by the external monitoring equipment; not likely) than anything else.
Highly possible with state actor attacks we've seen as of late.

Leaking PizzaGate really did a number, worldwide.
>>5016
You do still have a copy of that old DB, right?


odilitime Board owner 11/29/2016 (Tue) 11:16:02 [Preview] No. 5344 del
>>5343
>Why is/was your development/test server accessible online?
because we needed public testers.

>Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers
Not sure how to figure that out, let me talk with Lynx.

>You do still have a copy of that old DB, right?
No I don't.


Anonymous 11/29/2016 (Tue) 23:46:32 [Preview] No. 5380 del
>>5344
Then make a mock test site, not a duplicate, yesh.
>No I don't.
This is bad. M8, when you can, study up on Sysadmin. Rule 37 of "After an attack" is to keep an archive of the exploit. You want to retrospect on how malicious attacks are growing, so you proactively scope those vulnerabilities.


odilitime Board owner 12/06/2016 (Tue) 01:38:31 [Preview] No. 5428 del
>>5380
>make a mock test site
That's what this was. What's the point of the test if you aren't testing real data. Very few have a budget to generate similar but different data.
But you're right in the sense that we did need every users' account on the dev server. That could have and should been cleaned out more.

>keep an archive of the exploit
generally a good rule. I have a large archive of them, however the size of this development server was too large. I did a thorough analysis and deleted it. The vulnerability was easy to figure out and very popular, so there was plenty of documentation on it. In this specific case the storage costs outweighed the value.


Anonymous 12/07/2016 (Wed) 18:30:32 [Preview] No. 5430 del
>>5428
As long as you archive and properly mock the test server from hither on, you will form a basis to document changes dependent on the master branch. Usually it is cheaper to VPN the server in a locked virtual environment, so you see a full scope of the system. Vulnerabilities are getting scarier and efficient, thanks in part to manufacturers leaving vulnerabilities in the hardware/UEFI/BIOS/firmware. Right now, the biggest threat are GPUs with DMA and their undocumentation: enormous processing power that when clustered, can replicate innumerable vulnerabilities in one machine before the next cycle hits the CPU to address the bus.



(97.82 KB 213x416 mazino.png)
Last 50 Anonymous 01/23/2017 (Mon) 06:27:18 [Preview] No. 5621 [Reply]
Anyway to implement a last 50 feature for threads? Particularly longer general threads with a lot of files Lynxchan loads them rather weird and makes the thread hard to navigate as it keeps pushin shit around idk enuff bout dat internet tho maybe.



(17.54 KB 300x100 7chan.png)
audio in board? Anonymous 01/22/2017 (Sun) 17:58:32 [Preview] No. 5618 [Reply]
Can you or Lynx add like having audio or a video in your board?
like for example take a look at here
https://7chan.org/eh/



Random names? Anonymous 01/19/2017 (Thu) 16:34:40 [Preview] No. 5599 [Reply]
Can you add random names from lainchan a option?
4cuck during 2016 april fools also had random names.
4 posts and 1 image omitted.


Anonymous 01/20/2017 (Fri) 01:58:07 [Preview] No. 5608 del
i'm waiting odill


odilitime Board owner 01/20/2017 (Fri) 03:41:24 [Preview] No. 5609 del
>>5599
not familiar with this. So instead of anonymous, it's a random name from what list?

This would probably be a fair amount of work because it will require backend changes. And there are a lot more critical backend changes pending that we'll probably have to tackle first. But I'll put this on the todo list. Give BOs the option and maybe someway to share name lists.


odilitime Board owner 01/20/2017 (Fri) 03:43:29 [Preview] No. 5610 del
>>5605
Yea, I talked to Czaks about how he built that. He's already kind of forgot.

Looking at the lynxchan specs, I probably could set it up to scan the catalog JSON every X seconds (about 50-75kb per load).

This is definitely doable but maybe I should backport the live/updating catalogs first to see if there's any overlap.


Anonymous 01/20/2017 (Fri) 21:00:38 [Preview] No. 5613 del
>>5610
sauron tells you when you have a new post. That be funny to see a text box appear with sauron gif.


odilitime Board owner 01/21/2017 (Sat) 00:14:13 [Preview] No. 5614 del
>>5613
easily done but should we continue with the Sauron theme? Maybe better for the thread watch system



s6424n4xbsmqs27.onion Anonymous 01/19/2017 (Thu) 19:01:48 [Preview] No. 5604 [Reply]
s6424n4xbsmqs27.onion is broken - completely

also, is it the better tor link or should I use the endchan5dox one?

I dont know if this deserves a new thread but I think a heads up is important. feel free to delete it if you want the catalog empty


Anonymous 01/19/2017 (Thu) 19:09:49 [Preview] No. 5606 del
also the spoiler feature doesnt work

at least when I click the small box next to the image itself (happened twice, first time was about 2 weeks ago but I forgot /operate/ exists ignored it, and again today)

I think the clicking "spoiler all images" beneath the post works but spoilering individual images (even if it's all of them) as in clicking the spoiler box doesnt work at all


Anonymous 01/19/2017 (Thu) 22:41:47 [Preview] No. 5607 del
>>5604
I don't know who s6424n4xbsmqs27.onion is but we're s6424n4x4bsmqs27.onion


Anonymous 01/20/2017 (Fri) 12:42:44 [Preview] No. 5611 del
>>5607
Yeah, that.
I omitted a 4 because I manually wrote it all down since I couldnt access it and copy and paste it.
It started working a few hours after I made this thread, so it's all good.
Plus endchan.xyz always works with tor, so at least there was that.


Anonymous 01/20/2017 (Fri) 15:04:50 [Preview] No. 5612 del
>>5611
I don't think if you use .xyz that it uses tor at all, so be cautious



New Feature: use local time odilitime Board owner 01/19/2017 (Thu) 15:41:17 [Preview] No. 5598 [Reply]
Just added a new (JS-required) feature. You'll find it next to the theme switcher: "Use local time" which will change all dates/times to your local timezone.

Try it out, give feedback.


Anonymous 01/19/2017 (Thu) 17:13:28 [Preview] No. 5603 del
>>5598
Also made the auto-refresh state save between page reloads (a long outstanding request).

And put a display limit on original filenames, so they don't blow out the displays.



(62.38 KB 1280x720 new-features.jpeg)
odilitime Board owner 01/09/2017 (Mon) 09:40:38 [Preview] No. 5530 [Reply]
Cleaned up the UI on IDs:
- You now see the count of posts per ID.
- You can now click to highlight all the posts of that ID (click again on ID to turn if off, You can also highlight multiple IDs)
- If you hover on the ID and they have more than one post, you'll see "prev" and "next" links that let you scroll to the previous or next post by that ID

Thanks to StephenLynx for the initial proof-of-concept.
9 posts and 2 images omitted.


odilitime Board owner 01/15/2017 (Sun) 23:09:10 [Preview] No. 5592 del
>>5575
ok try now


Anonymous 01/16/2017 (Mon) 01:06:45 [Preview] No. 5594 del
>>5592
No, now the "ban" button doesn't do anything.


odilitime Board owner 01/16/2017 (Mon) 07:17:06 [Preview] No. 5595 del
>>5594
looks like another JS error. I've compared the various reference frontends and made a fix, which was to remove this now broken check. Try now


Anonymous 01/16/2017 (Mon) 15:01:25 [Preview] No. 5596 del
>>5595
Back to square one, every ban is 5 years


odilitime Board owner 01/16/2017 (Mon) 18:43:13 [Preview] No. 5597 del
>>5596
It works for me, i put "1y" for 1 year in the duration field and it banned me for only 1 year. I did have JS on, let me know if you're trying with JS off or a meme browser.

Let me know any questions you may have?



(80.08 KB 615x619 new.png)
odilitime Board owner 01/12/2017 (Thu) 09:54:02 [Preview] No. 5559 [Reply]
Just implemented a request from /AM/, there is now an expand/collapse all images link in the upper right of the thread page.

Let me know if there are any problems.
16 posts and 4 images omitted.


Anonymous 01/14/2017 (Sat) 14:47:34 [Preview] No. 5583 del
I have got a problem with feature "Expand/Collapse All".
the problem when collapse all images when there is the small picture in the thread.

> TypeError: link.getElementsByClassName(...)[0] is undefined
> expandAll.js:38:7: link.getElementsByClassName('imgExpanded')[0].style.display = 'none';

for example: >>>/librejp/27722


odilitime Board owner 01/14/2017 (Sat) 16:56:09 [Preview] No. 5584 del
>>5583
ok fixed.


Anonymous 01/14/2017 (Sat) 19:27:47 [Preview] No. 5586 del
>>5584
thanks.
but
>> if (elem.slength) {
dot position is wrong.


odilitime Board owner 01/15/2017 (Sun) 19:41:56 [Preview] No. 5589 del
>>5586
Argh, fixed.


Anonymous 01/16/2017 (Mon) 00:10:25 [Preview] No. 5593 del
I missed this feature when 8ch went to shit, thanks