Some soyjak party anon broke into 4chan after 4 years of work and dumped the source code + db with users and hashed passwords.
/ISG/ is currently talking about it.
There's a very active thread about this on kiwifarms
https://kiwifarms.st/threads/4chan.37222/page-475#post-21102680And dev on twitter is doing some analysis on the code.
https://x.com/_yushe/status/1912041750085984276https://x.com/_yushe/status/1911976973800272108https://x.com/_yushe/status/1912025058953867353https://x.com/_yushe/status/1912034013117554910https://x.com/_yushe/status/1912035368347508783Apparently 4cins is running on a 10 EOL'd FreeBSD on php 5 (amazing that it took 4 years of work to the soyjak hacker and not just 30 minutes)
Here for the archive with the source:
https://litter.catbox.moe/a8z45n.7z + zip attacment
https://wiki.soyjak.st/Great_CucksetThe Great Cuckset (also known as the Liberation of /qa/ and The 'Ack) refers to an event that started on April 14th, 2025 (or April 15 depending on your time zone, it happened at midnight for AmeriGODS), where someone who later named himself S0I1337 (also known as Captain Gem) would hack into 4cuck and reopen /qa/[1], leak the source code as well as the jannies' IPs, emails and hidden board. A thread was stickied on /soy/ regarding this event.[2]
According to S0I1337, it was done by exploiting a vulnerability on 4chan's outdated GhostScript version from 2012 by uploading a malformed PostScript file renamed to PDF to gain arbitrary code execution as 4chan didn't check if files with PDF extensions were actually PDF files, and not through social engineering, betrayal or SQL injection. It was also revealed that 4chan ran on FreeBSD 10.1, which went end-of-life in 2017[3], outdated versions of nginx, PHP and MySQL and its source code was riddled with vulnerabilities; basically it was just waiting to be exploited. The servers were physically shut down to prevent further mining of the databases after a few minutes, although it's unknown at the moment how much was successfully downloaded from 4cuck's servers.
The hacker successfully leaked:
4chan's source code, including a 10,403 line php file called imgboard.php, all of which can be found here -
https://files.catbox.moe/d56ws8.7zAll of 4chan's /j/ board here
https://files.catbox.moe/czivhs.7z , with an easy-to-access archive here
https://bvll.neocities.org/j/ .
All recent staff IPs here
https://files.catbox.moe/57t745.txt .
A list of jannies and their emails here
https://files.catbox.moe/ys4s5k.txt , along with their passwords in the form of APR1 (MD5) hashes here
https://files.catbox.moe/639lxc.txt .
The janny irc here
https://files.catbox.moe/93d0r8.rar .
The names and emails of everyone who contributed to the Yotsuba git repo here
https://files.catbox.moe/yypkoa.txt .
Every 4cuck user's clitty.
>>29070You always could.
Litterally google my man.
>>29069It won't be the same, and no one will ever trust giving emails or waiting 900 seconds to make a post just so the chink can keep collecting 4chan passes
there's no way they have a backups either or any systems in place to fix the structural issues that have been neglected for over a decade, its and it'll be dead on the water for anyone trying to bring it back.
>>29080Twitter, but it feels like Elon always has a good reason to bail on that, so it's more anomalous that twitter persists than doesn't.
It'd be funny if Truth Social ended up getting too big to moderate.
>>29087I considered applying for janitor a few times but always decided against it since it would mean having to sit in a Discord and get to know people and that all seemed cliquey and annoying. I was right haha. I wonder how many janitors will be scared off. They'll have to recruit new ones when the site comes back up.
4chan's moderation/site management is deeply flawed for both its opaqueness and its refusal to proactively improve the site. Mods and janitors weren't your fellow poster, they were an infallible invisible force. That's why janny hate was so prevalent.
>>29069It's not about the unsavory elements found within it (like all the tracking and shadowban mechanisms), but security vulnerabilities. And you don't seem to know the differences between closed and open source code when it comes to vulnerabilities.
In open source projects (like Vichan), vulnerabilities are rarer because there's more eyes on the code which means they're more likely to get spotted and fixed, oftentimes very quickly by the person who noticed it.
This sounds counterintuitive since a malicious actor can potentially spot a vulnerability before anyone else and exploit it, but in practice this rarely happens because vulnerabilities get routinely fixed at a very good rate.
Closed source (like 4chan), though, has more vulnerabilities for two reasons:
>less people looking and checking the code means they're more likely to go undetected>increased sloppiness by the coders since the code is only available to select groups that arent malicious, thus they dont see a reason to write better codeClosed source has both a high rate of vulnerability creation AND a low rate of vulnerability fixing. This mean vulnerabilities
accumulate over time. A closed source code being leaked is a disaster because now you've got the threat of malicious actors looking at it while the source code itself is riddled with orders of magnitude more vulnerabilities than open source. This makes the probability of a malicious actor discovering a vulnerability near-guaranteed (and indeed, people have already discovered various problems with 4chan's leaked code that aren't the PDF file vulnerability that the hacker used).
>>29102There's more pressure to write good code in open source because otherwise the first hacker to come around would break your ass in a day, while with proprietary stuff programmers like to think that nobody will be able to spot their slop.
Also, peer pressure.
>>29103That would be a gloriously entertaining shitshow. Please God make it happen and I'll make everyone popcorn.
>>29126The "Why" to everything pertaining to the soyjak scene is simply: It gets attention. Literally the entire point is nothing more than to annoy people and be as odious and trashy as possible.
>>29012not secure if the server is compromised, which is the subject, the rest is gigabloat
>>29019I didn't made that syntax up was just quoting, and if you know then tell
>>29047what do you mean? if you ever had to deal with this you know the question is relevant and not straightforward
>>29160>since 2014edited
it's 3rd :^)
>>29160No. This is from the 3rd-parry archive 4plebs, and they classify memeflags as "Israel" in their statistics based on the joke/meme that they're all supposed to be Jewish. It's not literally true.
Pic related is the actual number of Israeli flag posts from the search. Slightly higher than Mexico in that list but not one trillion or whatever.
https://archive.4plebs.org/pol/search/country/IL/ >>29046>Why would other anti-establishment underground anonymous factions be working against each other?As a bored refugee, I think it is kind of hilarious.
>>Are we at risk here?nobody is at risk except those that were stupid enough to give personally identifiable information to the website formally known as the asshole of the internet.
>>Are we next?I assume all chan admins are taking a look at their codebases, but it sure looks like hiro (probably misspelled, but the guy that purchased 4chan from moot), really neglected even basic web practices. Play stupid games, win stupid prizes.
Unique IPs: 56