/operate/ - Endchan Operations

Let us know what's up

Boards | Catalog | Bottom

Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


PSA: Block bypass has been enabled for some IPs Balrog Board volunteer 05/17/2016 (Tue) 14:23:15 [Preview] No. 4154 [Reply]
I found where that spam full of random garbage is coming from. It doesn't have any discernable pattern so we can't use the autoban addon to remove it, but it's all coming from the same /24 range of IPs in Russia so we can just rangeban it. The problem is that Lynxchan currently only does /16 rangebans, which would result in substantial collateral damage. To counter this I'm enabling the block bypass function.

If you are rangebanned, you can use the block bypass function to solve a CAPTCHA and bypass the rangeban. This requires your browser to store a "bypass" cookie. No CAPTCHA will be required to post if your IP has not been subject to a rangeban. Block bypasses last for 24 hours or 50 posts.

I've already asked StephenLynx about adding a second, smaller rangeban level.
25 posts omitted.


Anonymous 05/02/2017 (Tue) 06:14:38 [Preview] No. 6243 del
>#1 we don't use them
Stop bullshitting me: https://gitgud.io/search?utf8=%E2%9C%93&search=TorIps&group_id=&project_id=660&search_code=true&repository_ref=master
>#2 I don't see any problem
replied to you the exact problem on overchan: tl;dr why record at all?
>Wut?
Read the first thread >>>/8leaks/1


odilitime 05/03/2017 (Wed) 00:35:34 [Preview] No. 6244 del
>>6243
>Stop bullshitting me
Well, you see that's called the "Master" branch, it contains the latest source code for LynxChan (1.8/1.9?). We don't use vanilla LynxChan, we use InfinityNow which is currently based on 1.7.5. 1.7.5 uses the database to store the list of tor exit nodes, it does not use the "binary TorIP lookup".

>replied to you the exact problem on overchan: tl;dr why record at all?
It's to make sure BOs don't ban tor exit nodes. And again we're not recording, we're download the publicly disclosed database from the tor site to speed the software up and reduce the load on the tor project's website.


Anonymous 05/03/2017 (Wed) 01:44:44 [Preview] No. 6245 del
>>6244
/t/cfece09191990a45b0888942f8b1ac922d22dadf/#b142c609366435fbadafdfb84d83d6e47e321165
&
>project_id=660
>Showing 1 - 19 of 19 blobs for "TorIps" in project InfinityNow / LynxChan
>we use InfinityNow which is currently based on 1.7.5. 1.7.5 uses the database to store the list of tor exit nodes, it does not use the "binary TorIP lookup".

>to speed the software up and reduce the load on the tor project's website.
tis fine.


Anonymous 05/05/2017 (Fri) 00:06:05 [Preview] No. 6251 del
since this is about tor I wont make another thread

here's my experience of the endchan.onion links
>wake up monday morning
>go to the endchan.onion links
>1 open in each tab
>make coffee
>make breakfast
>eat
>shower
>go to work
>come back
>wednesday evening the tabs are fully loaded
>try to post
>takes about 2-3 days for the block bypass to load
>a few weeks later finally the pages loaded and I can post
>refresh the page, go to catalog, go to new threads, block bypass expires

Message too long. Click here to view full text.



odilitime Board volunteer 05/05/2017 (Fri) 22:04:08 [Preview] No. 6253 del
>>6251
if I know how to make the onion not shit, I would. I'm told restarting it too often isn't good either. There's not much I can do



FILE SUPPORT THREAD odilitime Board owner 01/23/2016 (Sat) 08:43:14 [Preview] No. 1017 [Reply]
What file types do we don't support that you would like us to add?

Making an official thread to keep on top of this better. Most of these are relatively easy to add.

I'm not quite sure why LynxChan has a filter on these. It maybe easy to start a list of what we don't want.

IF YOU ARE HAVING PROBLEMS, TEST HERE AND LET USE KNOW THE MIME TYPE YOU GET:
http://mime.ritey.com

Here's the current list:
application/download,
application/epub+zip,
application/gzip,
application/pdf,
application/vnd.adobe.flash.movie,
application/x-7z-compressed
application/x-7z-compressed,

Message too long. Click here to view full text.

Edited last time by odilitime on 06/05/2016 (Sun) 10:44:34.
164 posts and 23 images omitted.


Anonymous 04/07/2017 (Fri) 17:25:27 [Preview] No. 6093 del
>>6092
Are you doing that now, because the captcha is acting weird and stuff is randomly showing 404 for me, then working again a minute later.


Anonymous 04/10/2017 (Mon) 16:34:13 [Preview] No. 6131 del
>>1023
>odili bans himself for kike shill
What did he mean by this?


odilitime Board owner 04/12/2017 (Wed) 19:48:36 [Preview] No. 6140 del
(10.16 KB 480x360 hqdefault.jpg)
>>6131
was fixing/testing the ban/unban system. Apparently LynxChan doesn't ever remove ban messages.


pls add djvu files to upload-OK list Anonymous 05/04/2017 (Thu) 11:32:19 [Preview] No. 6249 del
I second the request to add .DjVu files as upload-capable.


Re: attempted tor message with attachment does not get captcha prompt at pdfs Anonymous 05/04/2017 (Thu) 11:36:50 [Preview] No. 6250 del
@Odil could you kindly take a look at user reports of upload problems at
http://endchan.net/pdfs/res/7.html
seems standard tor post prompts OK for captcha but attempted tor posting of message with attachment does not correctly or at all get a captcha prompt. tia



odilitime Board owner 09/08/2016 (Thu) 05:12:04 [Preview] No. 4983 [Reply]
I had a development server breached that I had an old development copy of the Endchan database (without media).

All users are advised to change their passwords ASAP.

Development server was breached used an redis/ssh exploit. Redis was installed and usually ran as a user but recently doing some development work, I accidentally started it up as root to look something up and left it running. Redis then can write to your ssh keys and insert unwanted keys and allow root access. All files in /root and /home were removed and a note was left:

>Hi, please view here: http://pastebin.com/raw/vadfLyDS for information on how to obtain your files!

Luckily I have bandwidth logs on that box and I can see there was nothing transferred out of the box. So my guess is they just deleted the files. The nature in which they left the machine leads me to believe this was an automated attack (plenty of other meaningful data directories were left alone).

The copy of Endchan's data is left untouched on this development server. However the dump that was used to transfer the copy was still likely in the /root directory that was deleted. I will get the date of the data copy as soon as I can do some data recovery on that machine, I estimated the copy to be an early 2016 Q2 dump. This server is now offline.

At Endchan, we want to be as transparent as we possibly can and even though we do not believe anything was leaked, we cannot rule out nothing happen with 100%. And even if we could be certain that nothing was at risk, we still want to report anything of this nature to our users.

I fucked up, I'm sorry for any troubles this may and has caused any of you.

Please let us know any questions you may have.
13 posts and 4 images omitted.


odilitime Board owner 11/29/2016 (Tue) 11:16:02 [Preview] No. 5344 del
>>5343
>Why is/was your development/test server accessible online?
because we needed public testers.

>Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers
Not sure how to figure that out, let me talk with Lynx.

>You do still have a copy of that old DB, right?
No I don't.


Anonymous 11/29/2016 (Tue) 23:46:32 [Preview] No. 5380 del
>>5344
Then make a mock test site, not a duplicate, yesh.
>No I don't.
This is bad. M8, when you can, study up on Sysadmin. Rule 37 of "After an attack" is to keep an archive of the exploit. You want to retrospect on how malicious attacks are growing, so you proactively scope those vulnerabilities.


odilitime Board owner 12/06/2016 (Tue) 01:38:31 [Preview] No. 5428 del
>>5380
>make a mock test site
That's what this was. What's the point of the test if you aren't testing real data. Very few have a budget to generate similar but different data.
But you're right in the sense that we did need every users' account on the dev server. That could have and should been cleaned out more.

>keep an archive of the exploit
generally a good rule. I have a large archive of them, however the size of this development server was too large. I did a thorough analysis and deleted it. The vulnerability was easy to figure out and very popular, so there was plenty of documentation on it. In this specific case the storage costs outweighed the value.


Anonymous 12/07/2016 (Wed) 18:30:32 [Preview] No. 5430 del
>>5428
As long as you archive and properly mock the test server from hither on, you will form a basis to document changes dependent on the master branch. Usually it is cheaper to VPN the server in a locked virtual environment, so you see a full scope of the system. Vulnerabilities are getting scarier and efficient, thanks in part to manufacturers leaving vulnerabilities in the hardware/UEFI/BIOS/firmware. Right now, the biggest threat are GPUs with DMA and their undocumentation: enormous processing power that when clustered, can replicate innumerable vulnerabilities in one machine before the next cycle hits the CPU to address the bus.


Anonymous 04/04/2017 (Tue) 22:02:00 [Preview] No. 6042 del
testing sticky bump



(28.38 KB 550x400 QPU filth.gif)
Quick question Anonymous 04/02/2017 (Sun) 03:04:05 [Preview] No. 5919 [Reply]
Is "thread limit" the postlimit option? I want to impliment a post-limit but don't want a limit on the ability to create new threads.
Would putting "thread limit" at say 500 lock the thread at 500 posts or only allow 500 threads to be created.
5 posts and 1 image omitted.


Anonymous 04/02/2017 (Sun) 16:31:11 [Preview] No. 5932 del
>>5927
got to be honest (not OP) but that's still very confusing.


odilitime Board owner 04/02/2017 (Sun) 19:20:01 [Preview] No. 5936 del
>>5932
thread limit is the number of threads a board can hold
reply limit is the number of replies a thread can have and still get bumped

does that help?


Anonymous 04/02/2017 (Sun) 19:28:02 [Preview] No. 5938 del
>>5936
where did everyone go?


generic cialis generic_cialis 04/21/2017 (Fri) 02:02:25 [Preview] No. 6214 del


viagra| buy viagra| viagra online| generic viagra online| viagra coupon| buy viagra online| generic viagra| cheap viagra| order buy 05/28/2017 (Sun) 19:44:38 [Preview] No. 6330 del



generic cialis generic_cialis 05/28/2017 (Sun) 08:16:41 [Preview] No. 6329 [Reply]



Anonymous 03/07/2016 (Mon) 11:25:45 [Preview] No. 2240 [Reply]
No idea what are the correct terms but the reply string doesn't go into next line after width limit is reached.
>>>/am/16764
9 posts and 4 images omitted.


Anonymous 06/05/2016 (Sun) 21:49:14 [Preview] No. 4476 del
>>4472
my.mixtape.moe/qrdrwr.mp4


odilitime Board owner 06/07/2016 (Tue) 00:50:34 [Preview] No. 4507 del
>>2240
an update on this. StephenLynx says we either have to stop allowing large files or turn-off animated thumbnails.

What's happening is that the number of frames in the animation/video is taking too long for our server to process before the AJAX and node processes timeout. And then post can't continue posting normally unless it has a thumbnail. So instead it strips the fiile and makes the post.

I'm going to look into other solutions on our fork. Including using a temporary placeholder thumbnail, that will be replaced if the processing does finish.


StephenLynx##8HkpNt 06/07/2016 (Tue) 15:26:51 [Preview] No. 4516 del
I added an option to use ffmpeg to generate animated thumbnails for 1.7.

The thumbs are of lower quality, but are much, much faster to generate and often much smaller.

Odili will be able to integrate this feature on his fork if he wishes to have this change before I release 1.7.


female free sample viagra free 03/17/2017 (Fri) 19:27:03 [Preview] No. 5822 del


viagra|generic viagra|buy viagra|buy viagra online|viagra online|viagra generic|viagra super active plus|viagra super active|via viagra|buy 05/28/2017 (Sun) 08:12:11 [Preview] No. 6328 del



Anonymous 05/24/2017 (Wed) 21:26:28 [Preview] No. 6311 [Reply]
>>>/AM/20344

1. blacklist ALL .tk links
2. delete those fucking pics


Anonymous 05/24/2017 (Wed) 21:27:55 [Preview] No. 6312 del
They'll probably switch urls thats what these sites do but yeah blacklisting .tk links is a start.


Anonymous 05/27/2017 (Sat) 14:53:42 [Preview] No. 6326 del
>>>/AM/
it's happened again...

can you please moderate that board 1/day or something


Anonymous 05/27/2017 (Sat) 15:45:20 [Preview] No. 6327 del
(8.72 KB 1240x1754 Untitled.png)



odilitime Board owner 02/16/2017 (Thu) 15:22:54 [Preview] No. 5684 [Reply]
working with a developer from /librejp/, we'll made some minor adjustments on page loading and refresh. We're trying to:
1. Make sure freshly added posts at the bottom of the page have all the same bells as whistles at the posts that were there when the page loaded
2. Cut down on browser stalls when processing large pages

Let me know if you notice anything better or worse.
15 posts and 6 images omitted.


odilitime Board owner 03/29/2017 (Wed) 12:42:18 [Preview] No. 5884 del
>>5798
thank you so much for the fix. I've put it in place.


to_sha_ki#xs0+7l 05/13/2017 (Sat) 10:33:08 [Preview] No. 6283 del
(111.61 KB 302x270 double_count_down.webm)
>>5884
thank you for merge.

it's been a while.

https://gitgud.io/to_sha_ki/8TailedLynxJa/commit/cc79f2a8d01939e34caf2a62c5bfd995dfb2d856
・catalog hiding support.( >>5889 )
・the issue on firefox. fix double countdown of catalog update timer.


Anonymous 05/15/2017 (Mon) 21:06:45 [Preview] No. 6292 del
Hi Ron


odilitime 05/23/2017 (Tue) 06:32:06 [Preview] No. 6310 del
>>6283
Again, thank you so much. You read my horrible code, and write in the same style, I find this a rare but highly valued quality.

I see you used DocumentFragment, was working why? Should we convert more to use that?

Your changes are now in place.


Anonymous 05/26/2017 (Fri) 05:32:46 [Preview] No. 6325 del
(165.36 KB 1280x720 fasffafsfasf.jpg)
>>5684
>cheap china clap

lol you bought all that fag color monitors you dont need and now have no money left for a proper keyboard with letters.

i suggest you to but buy some stickers from ebay to fix your cheap china keyboard.if you want you can use a marker or chalk to redraw them manually. in case you need advise on how to use chalk: we have guy on our board called schlomoko, he is a professional faggot and specialized on drawing interesting mojis with chalk on the walkway.



(12.51 KB 404x427 image.jpeg)
Concerned Anonymous 05/19/2017 (Fri) 04:14:39 [Preview] No. 6301 [Reply]
Hello site owners,

Why is there a what looks to be straight up cp showing up on the side tab of the main page from some old ass collection of threads from draw with never more than one reply? Is it just me? Should we be worried?

I would post a screenshot, but I do not have a tool on hand capable of blur, and I would rather not risk it.

Thanks for taking time to read this.
9 posts and 4 images omitted.


Anonymous 05/25/2017 (Thu) 19:31:13 [Preview] No. 6320 del
>>6319
if boards could have their own jannies to manage stuff it would prevent most abuses of a system like that
76chan had like 5 jannies and everyone just benevolently did their duties- it was a last resort tho, and if theres any other way to stop the spam id do that first


Anonymous 05/25/2017 (Thu) 22:59:17 [Preview] No. 6321 del
>>6320
this could work I think the issue is that it takes a while before someone can delete it so if you could use people that are logged in like board owners to be able to globally delete this then that could help in shrinking the time it is up.


Anonymous 05/25/2017 (Thu) 23:11:12 [Preview] No. 6322 del
>>6321
abuse of this could result in losing control of their boards to make sure the board owners only use this to delete illegal material that they can see is being spammed on the overboard or at least have the ability to.

perhaps spoil posts that are reported for global rule violations. that seems to be an easy solution to having to see the thumbnails.


Balrog Board owner 05/26/2017 (Fri) 00:48:36 [Preview] No. 6323 del
(44.32 KB 316x436 how to remove CP.PNG)
NOTE FOR BOARD OWNERS

When cleaning up CP on your board, make sure that "scrub media" is checked in the moderation panel. This removes the image from endchan's deduplication database, which means that an admin doesn't have to manually remove them later. While I'm not 100% on it checking "global" can't hurt either.

>>6317
Define "weird" because good fucking luck coming up with a regex for that which won't fuck over anons who tried to save money on registration. For the record, we are banning both image hashes and URLs as we see them.

>>6622
This is an interesting idea, but I'd be worried about it being abused for shilling/shitposting purposes. Still, one more idea for the bucket.


Anonymous 05/26/2017 (Fri) 01:05:39 [Preview] No. 6324 del
(275.44 KB 1000x967 good post fam.jpg)
>>6323
>For the record, we are banning both image hashes and URLs as we see them.

Thank you so much m8, seriously



Anonymous 05/02/2017 (Tue) 04:20:23 [Preview] No. 6241 [Reply]
Hey
>>>/draw/
has been hit hard by cp spam bots. I'm not going to go through and global report every post of it but its needing a nuke dropped. Might have hit some of the other low activity boards too, didn't check them all.
1 post omitted.


Anonymous 05/19/2017 (Fri) 04:20:57 [Preview] No. 6302 del
(16.52 KB 309x297 image.jpeg)
It happened again


Anonymous 05/19/2017 (Fri) 05:34:50 [Preview] No. 6305 del
odili


odilitime Board volunteer 05/19/2017 (Fri) 08:10:14 [Preview] No. 6306 del
>>6302
>>6305
thank you, saw the message on IRC too. All clean now.


Anonymous 05/21/2017 (Sun) 19:48:29 [Preview] No. 6308 del
>>6306
Guy posting about his Gondola Animation project on /draw/ here; The faggot's at it again today. Seeing as there's a manual captcha system in place it seems he's shitting on the board manually...


odilitime Board volunteer 05/21/2017 (Sun) 19:57:51 [Preview] No. 6309 del
>>6308
all cleaned