/operate/ - Endchan Operations

Let us know what's up

Boards | Catalog | Bottom

Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


FILE SUPPORT THREAD odilitime Board owner 01/23/2016 (Sat) 08:43:14 [Preview] No. 1017 [Reply]
What file types do we don't support that you would like us to add?

Making an official thread to keep on top of this better. Most of these are relatively easy to add.

I'm not quite sure why LynxChan has a filter on these. It maybe easy to start a list of what we don't want.

IF YOU ARE HAVING PROBLEMS, TEST HERE AND LET USE KNOW THE MIME TYPE YOU GET:
http://mime.ritey.com

Here's the current list:
application/download,
application/epub+zip,
application/gzip,
application/pdf,
application/vnd.adobe.flash.movie,
application/x-7z-compressed
application/x-7z-compressed,

Message too long. Click here to view full text.

Edited last time by odilitime on 06/05/2016 (Sun) 10:44:34.
154 posts and 22 images omitted.


Anonymous 03/21/2017 (Tue) 16:39:06 [Preview] No. 5840 del
>>5587
odill
it has been 2 months
can you add mng


odilitime Board owner 03/22/2017 (Wed) 04:12:40 [Preview] No. 5841 del
>>5840
Chrome just got support for APNG (FF and Safari already supported it), so I'd rather enable that.

I don't think any browser supports MNG but I'll add it soon.


Anonymous 03/22/2017 (Wed) 07:17:37 [Preview] No. 5842 del
>>5587
dude, you know you can trivially bypass this "file type" check, right?

i mean, if all you want is to target the server's imagemagick binaries...


Anonymous 03/22/2017 (Wed) 08:16:06 [Preview] No. 5843 del
>>5841
>so I'd rather enable that.
/cyber already uses apng banners


odilitime Board owner 03/24/2017 (Fri) 13:04:25 [Preview] No. 5858 del
>>5842
Yes, this is why I think this whole whitelist thing is retarded but you're talking to the wrong dude. Talk to StephenLynx.



PSA: Block bypass has been enabled for some IPs Balrog Board volunteer 05/17/2016 (Tue) 14:23:15 [Preview] No. 4154 [Reply]
I found where that spam full of random garbage is coming from. It doesn't have any discernable pattern so we can't use the autoban addon to remove it, but it's all coming from the same /24 range of IPs in Russia so we can just rangeban it. The problem is that Lynxchan currently only does /16 rangebans, which would result in substantial collateral damage. To counter this I'm enabling the block bypass function.

If you are rangebanned, you can use the block bypass function to solve a CAPTCHA and bypass the rangeban. This requires your browser to store a "bypass" cookie. No CAPTCHA will be required to post if your IP has not been subject to a rangeban. Block bypasses last for 24 hours or 50 posts.

I've already asked StephenLynx about adding a second, smaller rangeban level.
18 posts omitted.


odilitime 01/24/2017 (Tue) 00:50:27 [Preview] No. 5635 del
>>5634
I haven't applied the fix to EndChan yet


Anonymous 01/24/2017 (Tue) 00:53:45 [Preview] No. 5636 del
>>5635
I figured it was the same error that you get on 8ch when it says "invalid referrer". Thanks for looking into it though this is wonderful.


Anonymous 01/25/2017 (Wed) 18:12:29 [Preview] No. 5642 del
>>5630
>I don't want to copy every outside url manually to open them.
The latest Tor browser update is for you:
>Tor Browser 6.5 -- January 24 2017
> * Bug 17334: Spoof referrer when leaving a .onion domain
Allowing referrers on per-site basis is a bit harder to do. You still need to use about:config and manually set it, post somewhere and set it back when you are done.

>>5631
>Yes, that's an antispam measure, so it has benefits.
Well, it worth just as much as relying on the browser's user-agent for anti-spam. Nothing. Even the most simple spambots include referrer spoofing. And when referrers are used for "security purpose" (like at Webfaction), I become so confused: I don't know whether I should cry or laugh.


odilitime 01/28/2017 (Sat) 02:02:48 [Preview] No. 5643 del
>>5636
fix has been applied

>>5642
>it worth just as much as relying on the browser's user-agent
it's more like, if it stops one piece of spam, it's worth implementing


Czwarty 02/21/2017 (Tue) 19:34:56 [Preview] No. 5713 del
there's more spam incoming lately. I don't know if it's just some bored scamdude (only one post appearing in latest thread on my board in random time with big intervals) or shitty spambot. Leaving the post for you and the link he gave (added xxx among numbers there, if you remove it you will get actual link) - don't know if it will be of any use for you but whatever

>>/4/10531



odilitime Board owner 09/08/2016 (Thu) 05:12:04 [Preview] No. 4983 [Reply]
I had a development server breached that I had an old development copy of the Endchan database (without media).

All users are advised to change their passwords ASAP.

Development server was breached used an redis/ssh exploit. Redis was installed and usually ran as a user but recently doing some development work, I accidentally started it up as root to look something up and left it running. Redis then can write to your ssh keys and insert unwanted keys and allow root access. All files in /root and /home were removed and a note was left:

>Hi, please view here: http://pastebin.com/raw/vadfLyDS for information on how to obtain your files!

Luckily I have bandwidth logs on that box and I can see there was nothing transferred out of the box. So my guess is they just deleted the files. The nature in which they left the machine leads me to believe this was an automated attack (plenty of other meaningful data directories were left alone).

The copy of Endchan's data is left untouched on this development server. However the dump that was used to transfer the copy was still likely in the /root directory that was deleted. I will get the date of the data copy as soon as I can do some data recovery on that machine, I estimated the copy to be an early 2016 Q2 dump. This server is now offline.

At Endchan, we want to be as transparent as we possibly can and even though we do not believe anything was leaked, we cannot rule out nothing happen with 100%. And even if we could be certain that nothing was at risk, we still want to report anything of this nature to our users.

I fucked up, I'm sorry for any troubles this may and has caused any of you.

Please let us know any questions you may have.
12 posts and 4 images omitted.


Anonymous 11/29/2016 (Tue) 09:52:50 [Preview] No. 5343 del
Why is/was your development/test server accessible online? Can't keep >>4986 over this mishap. Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers?
>>4998
>crazy NSA shit transmitting the data offsite without the transmission being logged by the external monitoring equipment; not likely) than anything else.
Highly possible with state actor attacks we've seen as of late.

Leaking PizzaGate really did a number, worldwide.
>>5016
You do still have a copy of that old DB, right?


odilitime Board owner 11/29/2016 (Tue) 11:16:02 [Preview] No. 5344 del
>>5343
>Why is/was your development/test server accessible online?
because we needed public testers.

>Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers
Not sure how to figure that out, let me talk with Lynx.

>You do still have a copy of that old DB, right?
No I don't.


Anonymous 11/29/2016 (Tue) 23:46:32 [Preview] No. 5380 del
>>5344
Then make a mock test site, not a duplicate, yesh.
>No I don't.
This is bad. M8, when you can, study up on Sysadmin. Rule 37 of "After an attack" is to keep an archive of the exploit. You want to retrospect on how malicious attacks are growing, so you proactively scope those vulnerabilities.


odilitime Board owner 12/06/2016 (Tue) 01:38:31 [Preview] No. 5428 del
>>5380
>make a mock test site
That's what this was. What's the point of the test if you aren't testing real data. Very few have a budget to generate similar but different data.
But you're right in the sense that we did need every users' account on the dev server. That could have and should been cleaned out more.

>keep an archive of the exploit
generally a good rule. I have a large archive of them, however the size of this development server was too large. I did a thorough analysis and deleted it. The vulnerability was easy to figure out and very popular, so there was plenty of documentation on it. In this specific case the storage costs outweighed the value.


Anonymous 12/07/2016 (Wed) 18:30:32 [Preview] No. 5430 del
>>5428
As long as you archive and properly mock the test server from hither on, you will form a basis to document changes dependent on the master branch. Usually it is cheaper to VPN the server in a locked virtual environment, so you see a full scope of the system. Vulnerabilities are getting scarier and efficient, thanks in part to manufacturers leaving vulnerabilities in the hardware/UEFI/BIOS/firmware. Right now, the biggest threat are GPUs with DMA and their undocumentation: enormous processing power that when clustered, can replicate innumerable vulnerabilities in one machine before the next cycle hits the CPU to address the bus.



Allow Tor posters to report content Anonymous 03/24/2017 (Fri) 22:17:48 [Preview] No. 5861 [Reply]
Currently, only posters with an IP address can report content. Would you allow changes to be made so the Tor posters can report posts of dubious or malevolent nature?


Anonymous 03/24/2017 (Fri) 23:26:42 [Preview] No. 5864 del
This would be a good feature to add, especially since reports are already tied to a captcha.



Misc. Anonymous 02/23/2017 (Thu) 07:33:28 [Preview] No. 5720 [Reply]
Howdy fambinos

Any way we can increase the character limit used for flags? The current limit (16) is barely large enough for a relatively normal name like 'Michael Jordan' let alone enough to submit some of our gag flags like...

Person of Interest - NHP - Yakub the Evil Black Scientist Who Lived 6,600 Years Ago and Created the White Race Through a Selective Breeding Process Known as 'Grafting'

I don't know what the formal limit of flag files is either as it doesn't say, but I currently have close to 700 of them and they're all very dear to our community so something to keep in mind.

Also it would be nice if we could embed off site videos hosted on youtube, liveleak, dailymotion, vimeo etc. into the post itself like 8chan. Of course you can just post urls in the post's comment body itself, but embedding is a nice feature that gives the post a contextual visual to accompany it, gnomesaiyan?

https://youtube.com/watch?v=vg14HPuXLOU [Embed]
7 posts and 1 image omitted.


Anonymous 03/18/2017 (Sat) 22:59:57 [Preview] No. 5833 del
>>5832
bcuz u tch urself @nite

Calling all Endchan homies to visit >>>/4chon/ , the radicoolest board on this site


Flag character length Rajeesh 03/18/2017 (Sat) 23:35:59 [Preview] No. 5835 del
Hello Odilitime sir my name is Rajeesh please increase max flag name to 256 character thank you sir


To Odilitime Rajeesh 03/18/2017 (Sat) 23:46:43 [Preview] No. 5836 del
Please sir


odilitime Board owner 03/21/2017 (Tue) 09:40:57 [Preview] No. 5838 del
>>5828
What? send screenshot.

>>5829
Ok added to the todo list.

>>5832
>>5836
My apologies, was not aware there was client-side javascript blocking this. I've fixed this, try now.


Anonymous 03/24/2017 (Fri) 22:41:44 [Preview] No. 5863 del
Hey Odill, thoughts on adding post history?



Old posts getting logged after 404 Anonymous 03/23/2017 (Thu) 22:31:29 [Preview] No. 5852 [Reply]
Take a look at >>>/pol/35044 - what's causing this?


Anonymous 03/23/2017 (Thu) 23:57:47 [Preview] No. 5853 del
[4:10pm] OdiliComm: StephenLynx: https://endchan.xyz/operate/res/5852.html#5852
[4:10pm] OdiliComm: is your new 1.7.5 patch causing this?
[4:10pm] OdiliComm: threads not expiring
[4:11pm] StephenLynx: the post itself is gone.
[4:11pm] StephenLynx: what probably happened was a failure to delete the preview or page of the thread.
[4:12pm] StephenLynx: and if the posts are old, that might have happened for a million reasons.


Anonymous 03/23/2017 (Thu) 23:58:07 [Preview] No. 5854 del
[4:57pm] StephenLynx: none of the threads he linked are alive.
[4:57pm] StephenLynx: I`ll check tomorrow if there is an issue with the deletion of previews.


Anonymous 03/24/2017 (Fri) 00:06:44 [Preview] No. 5855 del
[5:02pm] StephenLynx: you can quote anything that is a number, if it doesn`t exist it will just quote a thread that doesn`t exist.
[5:04pm] Balrog-was-here: the confusion probably comes from vichan not linkifying quotes of posts that don't exist


Anonymous 03/24/2017 (Fri) 13:05:42 [Preview] No. 5859 del
StephenLynx: OdiliComm, OdilisLap OdiliTime Balrog-was-here I couldn't reproduce it on 1.7.5
[05:50am] OdiliComm: k
[05:55am] StephenLynx: there is also a possibility of your webserver having a cache of the file, perhaps.
[05:55am] StephenLynx: you will have to check manually if the previews are alive on the db.
[05:56am] OdiliComm: no there’s no caching on the webserver
[05:56am] OdiliComm: they are
[05:56am] StephenLynx: welp
[05:56am] StephenLynx: then you will have to see what's up on your fork.
[05:57am] OdiliComm: ok we’ll make a fix for our fork


Anonymous 03/24/2017 (Fri) 13:13:33 [Preview] No. 5860 del
StephenLynx: if I were to have a guess:
[06:06am] StephenLynx: the post files are not being attributed correctly.
[06:06am] StephenLynx: to their respective board, thread or post.
[06:06am] StephenLynx: when content is deleted, the engine looks for any file attributed to the content and deletes it.
[06:07am] StephenLynx: but if the file doesn't have the matching ownership, it won't be caught and deleted.



Anonymous 03/24/2017 (Fri) 03:31:29 [Preview] No. 5856 [Reply]
>Let us know what's up
8chan is being raided by pretend actor shill newfag normies saying shit from gamergate like "8chan is dead" it's a hostile shill takeover every fucking board is being raided silently by antitrump antifreedom of speech shills who have always hated 8chan, they are turning it into 4chan and they are saying things like "8ch.pl and endchan are DEAD" HAPPENING


Anonymous 03/24/2017 (Fri) 11:45:04 [Preview] No. 5857 del
lol take your meds


Anonymous 03/24/2017 (Fri) 22:41:00 [Preview] No. 5862 del
>antitrump antifreedom of speech shills
I was about to take your post seriously, untill I see that you're a lolbergtarian Trumpcuck, Fuck off kike.



CSS helpers Anonymous 03/22/2017 (Wed) 20:23:06 [Preview] No. 5844 [Reply]
How can I replace local flags with different images?
I tried

img.imgFlag.flag-xx{
width:17px !important;
height: 14px !important;
background: url(https://i.imgur.com/benis.png)!important;
}

It show the new flag for half of a second, then it is replaced with the standard flag.
Pls help
2 posts omitted.


Anonymous 03/22/2017 (Wed) 21:41:13 [Preview] No. 5847 del
>>5846
Replace img.imgFlag.flag-xx with img[title="xx"] with xx being a country like Poland for example.


Anonymous 03/22/2017 (Wed) 21:45:35 [Preview] No. 5848 del
In all letters so that would give you img[title="Poland"]


Anonymous 03/22/2017 (Wed) 21:48:36 [Preview] No. 5849 del
>>5848
Thanks for help, it werks, except it was without " "


Anonymous 03/22/2017 (Wed) 23:29:08 [Preview] No. 5850 del
For USA, it's img[title="United States of \'Murica"]


Anonymous 03/23/2017 (Thu) 21:16:58 [Preview] No. 5851 del
>>5850
Thanks.



Bans Anonymous 02/27/2017 (Mon) 01:12:06 [Preview] No. 5751 [Reply]
Is the ban system broken or am I just fucking retarded and don't know what to put in the duration field?
I try things like "April 1, 2017" that should work with the js mentioned in the moderation manual yet nothing happens when I try and ban a user.
5 posts and 1 image omitted.


odilitime Board owner 03/09/2017 (Thu) 01:17:47 [Preview] No. 5775 del
we have fixed the JS error. Banning should work better now.

Also confirmed that lifting a ban works for me in chrome. Let /operate/ know if any one is having any more ban problems


Anonymous 03/10/2017 (Fri) 01:35:40 [Preview] No. 5780 del
>>5775
Working better now, thanks.


Anonymous 03/18/2017 (Sat) 22:31:17 [Preview] No. 5830 del
Now I am getting
>internal server error: wrong captcha
every time I try and apply a ban.


Anonymous 03/18/2017 (Sat) 22:33:54 [Preview] No. 5831 del
(91.51 KB 585x770 bans not working.png)
note that the captcha is correct.


odilitime Board owner 03/21/2017 (Tue) 09:42:39 [Preview] No. 5839 del
>>5831
Tough one because captcha do rotate periodically. Make sure you hit that reload and do the captcha before hitting the final go button



New infrastructure ordered odilitime 03/08/2017 (Wed) 09:48:54 [Preview] No. 5773 [Reply]
After a long period researching a new host and waiting for the right inventory to become available. We have found one. We're getting the keys tomorrow. Our new set up is $100USD/mo, a little more than our old server but it's much better hardware (3 times the cpus and ram, double the disk space) and we believe this is a better arrangement moving forward.

This includes an $85USD/mo 12 cores (24 threads) of 2.6ghz and 2x2tb HDD set up (HW RAID) in RAID 1. It has 6 bays and it is rent/lease to own, which means after 12 months we can reduce our monthly cost. It'll be a little slower than what we're on now (3.5ghz) but service levels should be more consistent.

Then the remaining $15USD/mo. is a front end caching VPS with encrypted disks (root and swap). We will use this to hide our backend server better, prevent DDoS and help put the nail in Cloudflare's coffin.

We'll be migrating to these new servers over the next week. Please hang with us and let us know any problems you may have.

We rely on your donations to stay independent and have our own hardware. This is a first major step in improving our infrastructure and having a long term plan to ensure we'll be around when needed. While we have a couple months buffer, I'd like to ask if you like what we're doing, to see if you can help kick down some bitcoin to ensure our continued existence.

https://endchan.xyz/.static/donations.html
Edited last time by odilitime on 03/08/2017 (Wed) 09:55:58.
3 posts omitted.


Anonymous 03/15/2017 (Wed) 05:49:53 [Preview] No. 5805 del
When you get mobile app support I'll be back. Idgaf about your servers. Ads always help. Cya


Anonymous 03/18/2017 (Sat) 07:10:06 [Preview] No. 5823 del
Your mobile page sucks


Anonymous 03/18/2017 (Sat) 09:04:23 [Preview] No. 5824 del
>>5823
Good. Either get the fuck off your iphone or get off the board, normie.


Anonymous 03/18/2017 (Sat) 23:16:42 [Preview] No. 5834 del
Does the ridiculously high 350 MB file size affect the server cost? There aren't any cheaper servers you can find? Can you replace all existing animated GIFs with thumbnails so they don't auto-play when people load the page to reduce a bit of unnecessary bandwidth usage?


odilitime Board owner 03/19/2017 (Sun) 10:32:32 [Preview] No. 5837 del
>>5805
We're trying to avoid ads. We have one android app currently:
https://github.com/Mishiranu/Dashchan
https://github.com/Mishiranu/Dashchan-Extensions/raw/master/update/package/DashchanEndchan.apk

>>5823
Ok, why is it bad? How can we make it better? Buttons/links too small? Zoom problems? For bonus point include some screenshots.

>>5834
>Does the ridiculously high 350 MB file size affect the server cost?
Yes and no. It does effect the cost because we have to have a 2nd disk of the same size for RAID1 and then we have to back it up. Even with 350 MB files and being online over 1 year, we've never hit 1TB nor had to run the vacuum script. 1TB drives are so cheap these days, it's hard to find anything smaller (for example the old server we're leaving has 8tb hard drives). Also we got such a great deal on our new set up, it's hard to compete with the value.

>There aren't any cheaper servers you can find?
In the short term, yes. We looked at VPSes, $35/mo for 1TB but it was with a provider that fucked us over originally, so I didn't feel confident they're not going to increase that price either. The are other providers will cheap solutions but we ran out of time to research and vet them. Plenty of shit-tier VPS providers that over ratio their boxes and have lots of problems (See troubles with NextChan, LibreChan, Kiwifarms and 8ch.pl)
In the long term, no. This lease to own option allows us to purchase the server hardware (a very nice dual hexcore box) at $20/mo more than we were paying previously for our dedicated server. In a year this will allow us to have really nice hardware and drop our costs to VPS levels.

>Can you replace all existing animated GIFs with thumbnails so they don't auto-play when people load the page to reduce a bit of unnecessary bandwidth usage

Message too long. Click here to view full text.