4chan Returns, Blames Hack on Failure to Install Software Patches

Nearly two weeks after a major outage, 4chan is back online – but the site now admits it suffered a "catastrophic" hack that exposed critical data, including its source code. The popular messaging board's return marks a significant step towards recovery, but concerns remain about the site's vulnerability to future attacks.

The incident occurred on April 14, when an attacker exploited an out-of-date software package on one of 4chan's servers via a bogus PDF upload. This entry point allowed the hacker to gain access to one of 4chan's servers, including database access and access to the site's own administrative dashboard.

The breach resulted in the hacker spending several hours exfiltrating database tables and much of 4chan's source code. The site's developers have since taken steps to mitigate the damage, installing security patches on affected servers and replacing the compromised one with a new one running on the latest versions of operating systems and code.

But what led to this catastrophic breach? According to 4chan, its dire financial situation played a significant role. With advertisers and web hosts shunning the site over its controversial content, 4chan's development team struggled to keep up with software updates. "Ultimately, this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns," the site stated in a blog post.

4chan's struggles with funding have been well-documented. The site has faced numerous setbacks, including a failed attempt to deploy new servers since 2023 due to a lack of funding and a slow migration process. This ultimately led to the site going down for nearly two weeks, during which time users were left wondering if 4chan would ever return.

Despite the efforts of its developers, some users remain concerned that 4chan could suffer another attack in the future. However, the site has taken steps to address these concerns by bringing on additional volunteer developers to help keep up with the workload. "We are committed to ensuring the security and integrity of our site," the blog post stated.

However, the question remains as to who is behind the hack. 4chan merely sourced the hijacking to a UK-based IP address, but rumors have circulated that a rival message board, Soyjak.party, might have been involved. A hacker who vandalized 4chan at one point posted the words: "SOYJAK.PARTY WON," fueling speculation about a potential connection between the two sites.

As 4chan continues to rebuild and recover from this devastating breach, one thing is clear: the site's future hangs in the balance. Will its developers be able to keep up with the demands of maintaining a secure site, or will the specter of another hack loom large over the community? Only time will tell.