/operate/ - Endchan Operations

Let us know what's up

Boards | Catalog | Bottom

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

PSA: Block bypass has been enabled for some IPs Balrog Board volunteer 05/17/2016 (Tue) 14:23:15 [Preview] No. 4154 [Reply]
I found where that spam full of random garbage is coming from. It doesn't have any discernable pattern so we can't use the autoban addon to remove it, but it's all coming from the same /24 range of IPs in Russia so we can just rangeban it. The problem is that Lynxchan currently only does /16 rangebans, which would result in substantial collateral damage. To counter this I'm enabling the block bypass function.

If you are rangebanned, you can use the block bypass function to solve a CAPTCHA and bypass the rangeban. This requires your browser to store a "bypass" cookie. No CAPTCHA will be required to post if your IP has not been subject to a rangeban. Block bypasses last for 24 hours or 50 posts.

I've already asked StephenLynx about adding a second, smaller rangeban level.
30 posts omitted.

Anonymous 06/07/2017 (Wed) 02:23:57 [Preview] No. 6406 del
The block bypass is incredibly annoying for certain vpns I just wanted to bitch about that. Also storing cookies pisses me off. K done bitching.

Anonymous 06/13/2017 (Tue) 08:29:16 [Preview] No. 6439 del
then come up with a better way to stop tor flooding

Anonymous 06/13/2017 (Tue) 20:09:19 [Preview] No. 6448 del

Anonymous 07/14/2017 (Fri) 03:11:19 [Preview] No. 6768 del
captcha every 5 posts

Anonymous 07/14/2017 (Fri) 03:13:28 [Preview] No. 6769 del
Oh, and just recount the bumps when a post is deleted. So let's say your threads were layed out like so:

Thread 1.
Thread 2.
Thread 3.
Thread 4.
Thread 5.

Thread 5 is bumped and is now Thread 1. The post that bumped Thread 5 is deleted. Thread 1 returns to Thread 5. This is basically "reverse bumping"

Make it an opt-out feature. It should be the default to prevent spam, imo.

To OdiliTime: Thoughts?

FILE SUPPORT THREAD odilitime Board owner 01/23/2016 (Sat) 08:43:14 [Preview] No. 1017 [Reply]
What file types do we don't support that you would like us to add?

Making an official thread to keep on top of this better. Most of these are relatively easy to add.

I'm not quite sure why LynxChan has a filter on these. It maybe easy to start a list of what we don't want.


Here's the current list:

Message too long. Click here to view full text.

Edited last time by odilitime on 06/05/2016 (Sun) 10:44:34.
174 posts and 26 images omitted.

Anonymous 06/14/2017 (Wed) 15:34:23 [Preview] No. 6460 del
Webmaster, I don't know your programming background, so I'll assume you're not above the 2 standard deviation mark of webmasters and assume you're not up to speed on order of complexity in algorithms.

Your script, somehow, is too high a complexity order for the data you allow. Your script complexity may be O(n^2) or higher, when it should be NO MORE than O(n*lg(n)), O(n), or O(lg(n)).

odilitime Board volunteer 06/14/2017 (Wed) 16:39:31 [Preview] No. 6461 del
I'm not the developer of LynxChan.

This is a known issue here. If you're uploading large files, turn off JS.

EDIT: fix typo
Edited last time by odilitime on 06/14/2017 (Wed) 16:43:09.

Anonymous 06/14/2017 (Wed) 18:18:52 [Preview] No. 6462 del
>Problem is webmaster's cute little script is in JavaShit
I'd love to hear about all the scripting languages your browser supports besides js.

Anonymous 06/14/2017 (Wed) 18:52:41 [Preview] No. 6463 del
(409.40 KB 490x360 W E W.webm)

Anonymous 06/16/2017 (Fri) 05:20:51 [Preview] No. 6477 del
like heres the thing I should remind people of. It is hard to find someone to run a chan who is also isn't selling our data.

odilitime Board owner 09/08/2016 (Thu) 05:12:04 [Preview] No. 4983 [Reply]
I had a development server breached that I had an old development copy of the Endchan database (without media).

All users are advised to change their passwords ASAP.

Development server was breached used an redis/ssh exploit. Redis was installed and usually ran as a user but recently doing some development work, I accidentally started it up as root to look something up and left it running. Redis then can write to your ssh keys and insert unwanted keys and allow root access. All files in /root and /home were removed and a note was left:

>Hi, please view here: http://pastebin.com/raw/vadfLyDS for information on how to obtain your files!

Luckily I have bandwidth logs on that box and I can see there was nothing transferred out of the box. So my guess is they just deleted the files. The nature in which they left the machine leads me to believe this was an automated attack (plenty of other meaningful data directories were left alone).

The copy of Endchan's data is left untouched on this development server. However the dump that was used to transfer the copy was still likely in the /root directory that was deleted. I will get the date of the data copy as soon as I can do some data recovery on that machine, I estimated the copy to be an early 2016 Q2 dump. This server is now offline.

At Endchan, we want to be as transparent as we possibly can and even though we do not believe anything was leaked, we cannot rule out nothing happen with 100%. And even if we could be certain that nothing was at risk, we still want to report anything of this nature to our users.

I fucked up, I'm sorry for any troubles this may and has caused any of you.

Please let us know any questions you may have.
13 posts and 4 images omitted.

odilitime Board owner 11/29/2016 (Tue) 11:16:02 [Preview] No. 5344 del
>Why is/was your development/test server accessible online?
because we needed public testers.

>Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers
Not sure how to figure that out, let me talk with Lynx.

>You do still have a copy of that old DB, right?
No I don't.

Anonymous 11/29/2016 (Tue) 23:46:32 [Preview] No. 5380 del
Then make a mock test site, not a duplicate, yesh.
>No I don't.
This is bad. M8, when you can, study up on Sysadmin. Rule 37 of "After an attack" is to keep an archive of the exploit. You want to retrospect on how malicious attacks are growing, so you proactively scope those vulnerabilities.

odilitime Board owner 12/06/2016 (Tue) 01:38:31 [Preview] No. 5428 del
>make a mock test site
That's what this was. What's the point of the test if you aren't testing real data. Very few have a budget to generate similar but different data.
But you're right in the sense that we did need every users' account on the dev server. That could have and should been cleaned out more.

>keep an archive of the exploit
generally a good rule. I have a large archive of them, however the size of this development server was too large. I did a thorough analysis and deleted it. The vulnerability was easy to figure out and very popular, so there was plenty of documentation on it. In this specific case the storage costs outweighed the value.

Anonymous 12/07/2016 (Wed) 18:30:32 [Preview] No. 5430 del
As long as you archive and properly mock the test server from hither on, you will form a basis to document changes dependent on the master branch. Usually it is cheaper to VPN the server in a locked virtual environment, so you see a full scope of the system. Vulnerabilities are getting scarier and efficient, thanks in part to manufacturers leaving vulnerabilities in the hardware/UEFI/BIOS/firmware. Right now, the biggest threat are GPUs with DMA and their undocumentation: enormous processing power that when clustered, can replicate innumerable vulnerabilities in one machine before the next cycle hits the CPU to address the bus.

Anonymous 04/04/2017 (Tue) 22:02:00 [Preview] No. 6042 del
testing sticky bump

NON-javascript users poll odilitime Board owner 05/16/2016 (Mon) 03:45:09 [Preview] No. 4047 [Reply]
Spent some time looking non-animated thumbnails for GIFs.

I need to know the following
NON-JS users: do you prefer animated GIFs thumbs or static thumbs?

The only way I can make it configureable for NON-JS would to be to require a log in for setting storage and I don't think any one wants to have to log in to get their settings. Also let me know if I'm wrong on that too.
15 posts and 3 images omitted.

Anonymous 05/21/2016 (Sat) 10:50:35 [Preview] No. 4187 del
Animations are visual noise and although it's nice I don't need to click on them I really don't need to see them all the time.

In fact I just realized how I can fuck with people in here, flashing Spiderman.

Anonymous 05/10/2017 (Wed) 00:01:10 [Preview] No. 6268 del
bump to save

Anonymous 05/15/2017 (Mon) 21:01:24 [Preview] No. 6291 del
you are doing something really STUUUUUUUUPID!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
If the "GIF" is over 1MB, render to .mp4. All browsers still first frame display of the video before "play". everyone is doing this for beyond blatant reasons like JPEG became the web standard. Webm encoded AC1 is competing for this status, like opus won the audio lossy debate. Javashit will always be javashit. It should have never existed.

Anonymous 05/17/2017 (Wed) 02:10:34 [Preview] No. 6296 del
how about fixing the fucking del button for non-js users

Anonymous 07/23/2017 (Sun) 16:56:34 [Preview] No. 6834 del
That's a good point

odilitime Board owner 02/16/2017 (Thu) 15:22:54 [Preview] No. 5684 [Reply]
working with a developer from /librejp/, we'll made some minor adjustments on page loading and refresh. We're trying to:
1. Make sure freshly added posts at the bottom of the page have all the same bells as whistles at the posts that were there when the page loaded
2. Cut down on browser stalls when processing large pages

Let me know if you notice anything better or worse.
25 posts and 12 images omitted.

to_sha_ki#xs0+7l 06/27/2017 (Tue) 05:48:21 [Preview] No. 6610 del
I think local-storage better than cookies.

there is a Puffin user in /librejp/.
Puffin browser supports local-storage. but it doesn't save/resotore at exit/start.

the recovery page was more worth in a month ago.
I am too late.

to_sha_ki#xs0+7l 07/22/2017 (Sat) 08:35:45 [Preview] No. 6815 del
(161.56 KB 1172x251 unbalanced_tag.jpg)
two issues
1. apply of unintended markdown
2. unbalanced tag

workaround is necessary

to_sha_ki#xs0+7l 07/22/2017 (Sat) 08:42:35 [Preview] No. 6816 del
(18.60 KB 199x155 1500712739090.jpg)
quotation style is not working.

odilitime Board volunteer 07/22/2017 (Sat) 21:38:45 [Preview] No. 6827 del
this is now fixed.


to_sha_ki#xs0+7l 07/23/2017 (Sun) 12:52:39 [Preview] No. 6833 del
thank you

(163.15 KB 365x362 1.png)
#sj7DAl 07/21/2017 (Fri) 03:27:38 [Preview] No. 6807 [Reply]
Hi odili here some serious questions: Are IP's stored in any form or will they get deleted after some months? What about banned IP's? Do you look into the non-hashed IP's of people including guys you don't like from political or any other aspect (for example me)?

I can remember some weeks ago there was some range ban applied on /pol/ and I could see the range of the IP's I use to post on /pol/. It popped in the error message and I was able asked to blockbypass it as if I was using Tor. It happened when I spammed ocoletts /pol/. Coincidentally oclolette also talked about IP range bans in the meta exact the same time when the error message occurred. Does it means he contacted you and you tried to ban IP ranges on demand of a BO? Do you value a BO over users just because of his status? What is your relation to ocolette?

Do you have any logs like 8chan (where its logged what picture you clicked and how long you looked at it until you minimize it, etc)? It does not really matter if you delete the logs later on but are there any logs?
Are there any logs/profiles related to accounts and tags?
3 posts and 2 images omitted.

Anonymous 07/22/2017 (Sat) 14:20:48 [Preview] No. 6820 del
>When I go to moderate thread to clean up floods, the ip is of interest to me. I always like to know how the flood happened and who's doing it.
>>Do you look into the non-hashed IP's of people including guys you don't like from political or any other aspect (for example me)?
Wait what?

Anonymous 07/22/2017 (Sat) 16:46:35 [Preview] No. 6821 del
<checking to see where spam comes from
<not stalking people you disagree with
makes sense tbh

odilitime Board volunteer 07/22/2017 (Sat) 21:06:10 [Preview] No. 6825 del
I don't check for political reasons, I only check for technical reasons.

#sj7DAl 07/23/2017 (Sun) 02:21:55 [Preview] No. 6829 del
(305.95 KB 700x1263 asfsffasf.jpg)
>There was some work done to create a cleaner but I haven't check on the status of it yet. I'd like to clean out ip after X amount of time (maybe a week?).
IPs should be deleted after some (short period of) time because endchan could be hacked and IPs leaked. Reminder: 8/pol/ IP leak (that exposed Jim was storing all IPs for years).

Here is a log from 01/03/2017
>Time: 01/03/2017 (Tue) 15:37:55
>User ecco denied an appeal for ban 584feb99abc2b4ebXXXXXX.
You see [first pic] his IP is stored on this server for over half a year now.

>Not sure what you mean by tags?
It's possible to create logs in combination to a hash tag/tripcode. people use tags to identify themselves or as a group of people. It's possible to create a database to each hashtag and log everything in relation to a specific tag.

<Do you look into the non-hashed IP's of people

Message too long. Click here to view full text.

Anonymous 07/23/2017 (Sun) 12:45:57 [Preview] No. 6832 del
Excellent posts.
My main concerns with an IP cleaner are how bans would be handled. I suppose you could use a 1-way hash for banned IP addresses, and keep those in a bans table indefinitely. 1-2 weeks seems appropriate for IP storage time.

(194.85 KB 1368x1026 IMG_0716.jpg)
Flood Timer - TOR Anonymous 07/22/2017 (Sat) 11:11:51 [Preview] No. 6817 [Reply]
How long is the flood timer for TOR?
I open 5 threads so I can post in them every evening, but it takes me 40 minutes total to make a post in each (5 posts), what the fuck?
I swear the flood time is like 5 minutes for tor.

Anonymous 07/22/2017 (Sat) 17:01:17 [Preview] No. 6823 del
You must be posting wrong, I just made torposts 2 minutes apart.

odilitime Board volunteer 07/22/2017 (Sat) 21:03:55 [Preview] No. 6824 del
Thanks for letting me know. I'll review it now I know it's fucking with legitimate posters.

odilitime Board volunteer 07/22/2017 (Sat) 21:40:56 [Preview] No. 6828 del
ok tuned it, 1-2mins but if you get the flood message, does reset the timer.

Anonymous 07/23/2017 (Sun) 11:01:35 [Preview] No. 6831 del
>if you get the flood message, does reset the timer
That explains it, that's gotta be it then.

Anonymous 07/13/2017 (Thu) 15:46:56 [Preview] No. 6762 [Reply]
updated lynxchan to a newer version literally when ? Also do you plan on introducing that meme cyber frontend that a few others boards have introduced ?
1 post omitted.

odilitime 07/14/2017 (Fri) 06:29:26 [Preview] No. 6771 del
>updated lynxchan to a newer version literally when
When I feel like it. There is a lot of work required and the documentation is shitty at best (see https://gitgud.io/LynxChan/LynxChan/blob/master/doc/Templates.txt and tell me how I bring a 1.7 frontend up to a 1.8). That time is best spent in implementing features that are in demand.

>meme cyber frontend
No, we'll never use that.


Anonymous 07/18/2017 (Tue) 00:03:04 [Preview] No. 6792 del
You fucking illiterate nigger, did you forget about the fucking migration documentation?

Anonymous 07/18/2017 (Tue) 19:19:30 [Preview] No. 6794 del
Yes, because I'm an ARCH LINUX user .

Anonymous 07/18/2017 (Tue) 20:50:55 [Preview] No. 6795 del
1.8 updates the spammer ip list hourly instead of daily.

Anonymous 07/23/2017 (Sun) 09:25:23 [Preview] No. 6830 del
easily changed timer on 1.7

Anonymous 07/03/2017 (Mon) 06:03:03 [Preview] No. 6644 [Reply]
This shit is unacceptable.
Deleting OC from extremely slow boards for no reason at all?
1. immediate dismissal/resignation of 0b5c3n3 as global vol
2. public apology from either him or the glovol team on behalf of him
15 posts omitted.

odilitime Board volunteer 07/21/2017 (Fri) 16:18:32 [Preview] No. 6810 del
I don't make or change policy. If you had worked out something with Balrog and I've misinterpreted the rules, then I'm sorry but afaik I'm following Balrog's wishes.

All boards must follow the global rules.

Read >>6803

>How do you expect /int*/ to enjoy this imageboard if we can't flood our own boards in the name of free speech?
I don't. We've never said Endchan is a bastion for all types of speech. /int*/ has like 2-3 IBs, they can flood another one.

>I could somewhat understand if it were causing damage to the server, but there is no reason to ban flood outright.
It is consuming our resources and can impact perceptions and reputations if one of top ten boards is flooded.

Balrog Board owner 07/22/2017 (Sat) 01:31:09 [Preview] No. 6813 del
>If you had worked out something with Balrog and I've misinterpreted the rules, then I'm sorry but afaik I'm following Balrog's wishes.
You are incorrect. In fact, the rule is the way it is specifically because of /AM/. Given the number of boardwipe funtimes that have happened over the last couple months I've considered changing it, but in the meantime it's still spam-deletion-only.

>We've never said Endchan is a bastion for all types of speech. /int*/ has like 2-3 IBs, they can flood another one.
To elaborate on this, I believe that endchan should be a place where you have a choice in just how spammy and shitposty you want your board to be, based on your board's subject matter and community. /int*/ (or whoever is propping up /int*/ for their own purposes) has made it their avowed goal to deny you that choice and force everyone to be all zero-content shitposting all the time. That shit ain't cool.

Anonymous 07/22/2017 (Sat) 11:16:08 [Preview] No. 6818 del
>2. Rule are subject to change at any time. They're not fixed in stone.
Bullshit. No sane person ever punishes people retroactively. If you want to change the rules then announce a change, then act on it. Everyone on endchan is tired of imkampfy and mark and their constantly changing "rules".

>1. I didn't change the rule, it's always been that way.

Anonymous 07/22/2017 (Sat) 11:26:00 [Preview] No. 6819 del
(2.54 MB 275x324 1468400258416.gif)
(393.83 KB 1164x735 are you serious.png)
(19.28 KB 575x323 confused nigger.jpg)
>can impact perceptions and reputations if one of top ten boards is flooded
An imageboard where the 2nd rule is "loli ok"?
An imageboard about death and the end of the universe?
An imageboard - good reputation?
Ahahaha faggot! Good joke!

odilitime Board volunteer 07/22/2017 (Sat) 21:09:34 [Preview] No. 6826 del
Well fuck. Then I am in the wrong. I'm sorry. and I'll inform the globals that I instructed wrong.

Who's punishing retroactively? No rules were changed. We will make an announcement when they do.

You're right, I fucked up.

[d+] Anonymous 07/19/2017 (Wed) 19:18:58 [Preview] No. 6798 [Reply]
Is there any possibility of a [d+] feature getting added?

Anonymous 07/19/2017 (Wed) 20:51:00 [Preview] No. 6799 del
d+? You mean the delete global? We have the global checkbox.

Anonymous 07/19/2017 (Wed) 23:49:06 [Preview] No. 6800 del

Anonymous 07/19/2017 (Wed) 23:49:43 [Preview] No. 6801 del