/operate/ - Endchan Operations

Let us know what's up

Boards | Catalog | Bottom

Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


FILE SUPPORT THREAD odilitime Board owner 01/23/2016 (Sat) 08:43:14 [Preview] No. 1017 [Reply]
What file types do we don't support that you would like us to add?

Making an official thread to keep on top of this better. Most of these are relatively easy to add.

I'm not quite sure why LynxChan has a filter on these. It maybe easy to start a list of what we don't want.

IF YOU ARE HAVING PROBLEMS, TEST HERE AND LET USE KNOW THE MIME TYPE YOU GET:
http://mime.ritey.com

Here's the current list:
application/download,
application/epub+zip,
application/gzip,
application/pdf,
application/vnd.adobe.flash.movie,
application/x-7z-compressed
application/x-7z-compressed,

Message too long. Click here to view full text.

Edited last time by odilitime on 06/05/2016 (Sun) 10:44:34.
162 posts and 22 images omitted.


Anonymous 04/07/2017 (Fri) 13:40:57 [Preview] No. 6091 del
>>5959
You must be new.
We dont censor that stuff.
this is the end.


Anonymous 04/07/2017 (Fri) 14:57:38 [Preview] No. 6092 del
(74.14 KB 635x634 skullcrab.jpg)
>>6040
Yeah probably a good idea since someone mentioned they had a consistent 0day for it on freech.


Anonymous 04/07/2017 (Fri) 17:25:27 [Preview] No. 6093 del
>>6092
Are you doing that now, because the captcha is acting weird and stuff is randomly showing 404 for me, then working again a minute later.


Anonymous 04/10/2017 (Mon) 16:34:13 [Preview] No. 6131 del
>>1023
>odili bans himself for kike shill
What did he mean by this?


odilitime Board owner 04/12/2017 (Wed) 19:48:36 [Preview] No. 6140 del
(10.16 KB 480x360 hqdefault.jpg)
>>6131
was fixing/testing the ban/unban system. Apparently LynxChan doesn't ever remove ban messages.



odilitime Board owner 09/08/2016 (Thu) 05:12:04 [Preview] No. 4983 [Reply]
I had a development server breached that I had an old development copy of the Endchan database (without media).

All users are advised to change their passwords ASAP.

Development server was breached used an redis/ssh exploit. Redis was installed and usually ran as a user but recently doing some development work, I accidentally started it up as root to look something up and left it running. Redis then can write to your ssh keys and insert unwanted keys and allow root access. All files in /root and /home were removed and a note was left:

>Hi, please view here: http://pastebin.com/raw/vadfLyDS for information on how to obtain your files!

Luckily I have bandwidth logs on that box and I can see there was nothing transferred out of the box. So my guess is they just deleted the files. The nature in which they left the machine leads me to believe this was an automated attack (plenty of other meaningful data directories were left alone).

The copy of Endchan's data is left untouched on this development server. However the dump that was used to transfer the copy was still likely in the /root directory that was deleted. I will get the date of the data copy as soon as I can do some data recovery on that machine, I estimated the copy to be an early 2016 Q2 dump. This server is now offline.

At Endchan, we want to be as transparent as we possibly can and even though we do not believe anything was leaked, we cannot rule out nothing happen with 100%. And even if we could be certain that nothing was at risk, we still want to report anything of this nature to our users.

I fucked up, I'm sorry for any troubles this may and has caused any of you.

Please let us know any questions you may have.
13 posts and 4 images omitted.


odilitime Board owner 11/29/2016 (Tue) 11:16:02 [Preview] No. 5344 del
>>5343
>Why is/was your development/test server accessible online?
because we needed public testers.

>Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers
Not sure how to figure that out, let me talk with Lynx.

>You do still have a copy of that old DB, right?
No I don't.


Anonymous 11/29/2016 (Tue) 23:46:32 [Preview] No. 5380 del
>>5344
Then make a mock test site, not a duplicate, yesh.
>No I don't.
This is bad. M8, when you can, study up on Sysadmin. Rule 37 of "After an attack" is to keep an archive of the exploit. You want to retrospect on how malicious attacks are growing, so you proactively scope those vulnerabilities.


odilitime Board owner 12/06/2016 (Tue) 01:38:31 [Preview] No. 5428 del
>>5380
>make a mock test site
That's what this was. What's the point of the test if you aren't testing real data. Very few have a budget to generate similar but different data.
But you're right in the sense that we did need every users' account on the dev server. That could have and should been cleaned out more.

>keep an archive of the exploit
generally a good rule. I have a large archive of them, however the size of this development server was too large. I did a thorough analysis and deleted it. The vulnerability was easy to figure out and very popular, so there was plenty of documentation on it. In this specific case the storage costs outweighed the value.


Anonymous 12/07/2016 (Wed) 18:30:32 [Preview] No. 5430 del
>>5428
As long as you archive and properly mock the test server from hither on, you will form a basis to document changes dependent on the master branch. Usually it is cheaper to VPN the server in a locked virtual environment, so you see a full scope of the system. Vulnerabilities are getting scarier and efficient, thanks in part to manufacturers leaving vulnerabilities in the hardware/UEFI/BIOS/firmware. Right now, the biggest threat are GPUs with DMA and their undocumentation: enormous processing power that when clustered, can replicate innumerable vulnerabilities in one machine before the next cycle hits the CPU to address the bus.


Anonymous 04/04/2017 (Tue) 22:02:00 [Preview] No. 6042 del
testing sticky bump



PSA: Block bypass has been enabled for some IPs Balrog Board volunteer 05/17/2016 (Tue) 14:23:15 [Preview] No. 4154 [Reply]
I found where that spam full of random garbage is coming from. It doesn't have any discernable pattern so we can't use the autoban addon to remove it, but it's all coming from the same /24 range of IPs in Russia so we can just rangeban it. The problem is that Lynxchan currently only does /16 rangebans, which would result in substantial collateral damage. To counter this I'm enabling the block bypass function.

If you are rangebanned, you can use the block bypass function to solve a CAPTCHA and bypass the rangeban. This requires your browser to store a "bypass" cookie. No CAPTCHA will be required to post if your IP has not been subject to a rangeban. Block bypasses last for 24 hours or 50 posts.

I've already asked StephenLynx about adding a second, smaller rangeban level.
18 posts omitted.


odilitime 01/24/2017 (Tue) 00:50:27 [Preview] No. 5635 del
>>5634
I haven't applied the fix to EndChan yet


Anonymous 01/24/2017 (Tue) 00:53:45 [Preview] No. 5636 del
>>5635
I figured it was the same error that you get on 8ch when it says "invalid referrer". Thanks for looking into it though this is wonderful.


Anonymous 01/25/2017 (Wed) 18:12:29 [Preview] No. 5642 del
>>5630
>I don't want to copy every outside url manually to open them.
The latest Tor browser update is for you:
>Tor Browser 6.5 -- January 24 2017
> * Bug 17334: Spoof referrer when leaving a .onion domain
Allowing referrers on per-site basis is a bit harder to do. You still need to use about:config and manually set it, post somewhere and set it back when you are done.

>>5631
>Yes, that's an antispam measure, so it has benefits.
Well, it worth just as much as relying on the browser's user-agent for anti-spam. Nothing. Even the most simple spambots include referrer spoofing. And when referrers are used for "security purpose" (like at Webfaction), I become so confused: I don't know whether I should cry or laugh.


odilitime 01/28/2017 (Sat) 02:02:48 [Preview] No. 5643 del
>>5636
fix has been applied

>>5642
>it worth just as much as relying on the browser's user-agent
it's more like, if it stops one piece of spam, it's worth implementing


Czwarty 02/21/2017 (Tue) 19:34:56 [Preview] No. 5713 del
there's more spam incoming lately. I don't know if it's just some bored scamdude (only one post appearing in latest thread on my board in random time with big intervals) or shitty spambot. Leaving the post for you and the link he gave (added xxx among numbers there, if you remove it you will get actual link) - don't know if it will be of any use for you but whatever

>>/4/10531



(22.58 KB 250x255 lmao.png)
Catalog displaying deleted threads. Anonymous 04/30/2017 (Sun) 00:02:04 [Preview] No. 6236 [Reply]
http://endchan.xyz/pol/catalog.html

Look at the threads with pic related attached, they've been deleted but still show up in the catalog. What could be causing this?



Anonymous 04/27/2017 (Thu) 18:24:54 [Preview] No. 6231 [Reply]
>go to .onion links
>problem loading page
What did you do this time?


Anonymous 04/29/2017 (Sat) 17:11:46 [Preview] No. 6235 del
The .onion is still broken



Anonymous 04/29/2017 (Sat) 03:49:00 [Preview] No. 6234 [Reply]
fix the onion
i
x

t
h
e

o
n
i
o
n



Purging/Deleting truly inactive boards? Anonymous 04/17/2017 (Mon) 23:41:21 [Preview] No. 6195 [Reply]
Dozens upon dozens of boards are claimable and have 0 total posts and are cluttering up the website. If a board has not been claimed within a month and has no posts in sight, it could be possibly deleted to preserve space on the database and make this website a better place. If all boards with only a few posts that were claimable were deleted, there would be about 2 or 3 pages of boards and this would allow growing boards to see the light of day and not sink to the bottom, never to be seen again.

Ideas?


Anonymous 04/28/2017 (Fri) 13:01:56 [Preview] No. 6233 del
To be honest, any boards with zero posts should just be deleted after a fortnight. The problem is that some fucktards come here and claim popular board names with no intention of starting a board, just to power trip over users if they migrate here. It also makes extra work for admin having to deal with claim requests.



Board claim resposne time Anonymous 04/15/2017 (Sat) 04:57:17 [Preview] No. 6146 [Reply]
what is the average response time when attempting to contact site admins for board claim?


Anonymous 04/15/2017 (Sat) 04:58:11 [Preview] No. 6147 del
(21.00 KB 609x462 m1xhLvk.jpg)
>>6146
ate my image, good thing I didn't need one


Anonymous 04/15/2017 (Sat) 22:07:30 [Preview] No. 6149 del
>>6146
No later than 1 week. Most handled within a few hours


Anonymous 04/15/2017 (Sat) 22:32:26 [Preview] No. 6150 del
>>6149
cool


Anonymous 04/27/2017 (Thu) 03:39:05 [Preview] No. 6230 del
welp, waited over a week still no word, should I send another e-mail?


Anonymous 04/28/2017 (Fri) 12:56:09 [Preview] No. 6232 del
>>6230
That's odd. Try sending it again. You can also try on IRC.



(1.54 MB 3600x3000 474874071.jpg)
New Feature: Post History odilitime Board owner 04/16/2017 (Sun) 08:05:14 [Preview] No. 6169 [Reply]
I've added post history tracking to the site (requires JS). This allows you to see " (you)" next to replies, posts and threads that you made. You can of course opt-out by checking the box at the bottom.

This feature will be the basis for a thread/post watcher. As I'll probably make each thread you post to, automatically add to the thread watcher.

Also finally changed all settings from cookies to use localStorage (falls back to cookie if not available in your browser). And fixed a bug I saw with the auto-update timer (it was creating 2 timers and running twice as fast).

Leave your feedback here. Let us know if you have any problems/ideas.
5 posts omitted.


Anonymous 04/18/2017 (Tue) 10:24:44 [Preview] No. 6201 del
>you can see the exact way we datamine you
>you can opt out of it
winchan 10 or enddows 10


Anonymous 04/18/2017 (Tue) 21:19:54 [Preview] No. 6207 del
>all the "new" features are just ripped from 8chan repeats
imageboards are stagnant as fuck. innovate or kys


Anonymous 04/20/2017 (Thu) 06:45:09 [Preview] No. 6212 del
>>6207
nah, new things scare people.


Anonymous 04/25/2017 (Tue) 16:28:44 [Preview] No. 6226 del
>>6212
heey heey hey! eye of sauron is innovative. whoever thought of that shit needs to think up some shit.


Anonymous 04/27/2017 (Thu) 01:32:34 [Preview] No. 6229 del
Y doo?



Anonymous 04/26/2017 (Wed) 02:57:25 [Preview] No. 6228 [Reply]
Not about Endchan, but does OdiliTime still have the HD with all the 8chan archives? If so are you ever going to put them back online?