Fellas i can't believe fchan is dead
>>fb-WTCV69VL (OP) we probably just lost like 50% of the user base from Fchan going down
database was compromised had to take it down to find the hole. i hope to have it back up. as ive said in another post it feels weird having fchan down, i dont like it.
>>7TH66JWK oh huh, thought you were just ditching tbh
>>5RNMM88M no. as others noticed the instance list disappeared which was a result of the follow and following tables in the DB being deleted. i could have fixed it to where it was back to 'normal' by just adding the instances back to the database, but that would not have solved why that happened. i dont think there was some portion of the code that just happened to drop the following and follower entires. i think someone was able to my an sql injection somewhere or my servers were compromised. so i took them offline just to contain the mess. ill either move to another server or hopefully find some clues on what happend.
>>9TFZWEO1 ah, could it do with the RCE the chodomites mentioned on github?
>>IM6AOTWJ yeah it could have very well been. need to add better checks for file uploads to ensure the file uploaded is the type it is said to be. i suspect it is someone that is close to the project development because if they did have access to the DB they could have done more damage, but they choose the least damaging thing to do. kind of a playful notice that its been compromised.
>>fb-WTCV69VL (OP) So I read through this thread but I'm not 100% sure whats happening. Is devchan done or did a sql injection force them to take down fchan? I saw a new release was merged (v .015 or whatever) but it did not seem /substantial/
>>fb-8YYLP0Y8 from a different thread >if i can find what went wrong i'll have fchan back up, but i can only assume database access was gained. it feels weird having it offline. but it might be good fedi wise in distribution. >i saw a new release was merged that was to fix the instance list i believe? or just to not make it try to ping fchan.xyz
>>9TFZWEO1 A few days ago I tried passing http://nigger.net to fchan.xyz/addtoindex and it created a blank entry in the list. It's probably not related but I thought I'd report it anyway.
>>LXV6TA2C Okay, I managed to find a way to replicate what happened with fchan, 99% sure that I was responsible for fucking it up. By leaving the id parameter blank (fchan.xyz/addtoindex?id=) it is possible to insert an entry into the followers table which is missing the follower field. When the inactivity check occurs an entry with the instance field missing is created in the inactive table, then when timestamp is older than 48 hours and the inactivity check occurs it wipes out all entries in the following and follower tables.
>>UK7RAUD2 that makes a lot of sense and it sounds like the reason. thank you for breaking and revealing that. ill have a patch within the next 12 hrs.
Well i was impatient for it to happen. Only way to test if the federated principle is valid. It appear it is, since the mirrors works. Next huge step, 4channel.org down.
>>fb-0DK953T1 true, we just need the follower list to keep working when fchan is down, and uhhhh replies are fucking broken for some reason?
Indeed replies are broken on my machine as well.
Yeah replies being buggy was the layout system that was in a PR and sat in development for a while, it has some issues that needed to be fixed. It seems to only be an issue when on the thread page but replying on the main board page seems to work. Something just needs to be hooked up from the transition to stylesheets from old inline styles.
>>fb-7XWNO01T what is happening is the javascript for the reply box is setting the offset too much from the top. if you reply to the first few posts you can see the reply box, but if you reply to the latest posts it pop ups offscreen.
>>fb-7XWNO01T PR dev reporting in name some issues, i'll try and fix them up in the coming days and hopefully the reply box bug tomorrow tbh i was expecting a small oversight like this to show up eventually
i added the few fixes discussed reply box should be within view, it could be better calculated because you get different results depending on the height of your browser window fixed the empty addtoindex (havent tested, but "should" work) also there was someone (probably same anon that broke current stuff) that was able to spoof posts by just sending an valid activity object so added a check to make sure a post id actually is reachable. still not tested but should work... famous last words. ill bring fchan back up tomorrow when i add all the following and followers back to the database manually.
>>fb-5E4G7WY1 there was only a couple, basic styling. biggest is that the styles wait until the page fully loads so you see the default theme and then gruvbox shows which can be dissorenting. not sure of what the fix is for now, but if the set theme is able to happen before the page loads that would be best. you can see it on 0xchan if using gruvbox and switch between pages. all the other things is just simple style touch up like the archive title being left justified and the reply box being really small (which was just fixed) but the biggest is the theme waiting to be applied until after the page has loaded.
>>fb-WTCV69VL (OP) But OTOH it's great because it coincided with FB going down but the whole federated imageboards are still up. It's perfect demonstration why this kind of platforms must be part of the future.
>when you're a shitcoder pushing shitcode to your main branch
>>fb-MH17Q2YW based devchad >>fb-UWXYIAHX i'll fuck with this today, PR in tonight if not tomorrow the stylesheets themselves aren't even 100% complete because of how much style= was used, if i get some time to sit down and work on it a bit, i'll push changes but no promises i'd like to continue working on it, one huge thing i'd like to do is move to fasthttp. i might play with this idea on the weekend and if all goes well i'll draft an experimental PR, but again no promises
>>fb-WTCV69VL (OP) So this is the federation in action: >Instance list down >Main website linked in most places is down So much for having redundant instances!
>>fb-RY16EOG1 But yet here we are
>>fb-RY16EOG1 >main instance goes down >everyone instantly shitposts on another instance businessasusual.jpeg
>>fb-RY16EOG1 Retard alert >>fb-J0HEEQWE >>fb-54VCFR59 the system works
>>Y07KMLZJ THE SYSTEM JUST WORKS
>>fb-UWEPPM9K With that new PR the theme cookie no longer gets set on chrome because they block sameSite=none for insecure cookies. You have to also include the Secure; attribute.
How are you losers so incompetent? You talk a big game but you can't even keep a site up. Seems like all you're good for is spamming the word "nigger".
>>fb-RZTAO8Q7 >I AM A FAGGOT PLEASE RAPE MY FACE LAWL
>>fb-7ZY4VRB8 Sorry, this post was very mean and frankly it was just uncalled for on my part. Your sexuality is your own choice and nobody should be in any position to judge you for it, and I do not think being raped is funny nor should I wish for anybody to be forced into something so horrible. I have done a huge disservice for the FChannel community, and even though I know I don't deserve it, I hope that one day I can earn your forgiveness. Gomenasorry!
>>Y07KMLZJ It just works!
>>fb-66H0KGHF this asshole is flooding 0xchan and fchan with requets. guess a rate limiter is the next thing to implement. guess its good theyre thinking of fchannel enough to flood it.
>>GB77CLTV AAAAAAAAAAAAAA I FUCKING HATE WEBDEV SO FUCKING MUCH christ, i'm getting this fixed up tomorrow and maybe possibly potentially diving head first into the backend for shits and giggles
>>fb-WTCV69VL (OP) Well, that's what happens with fakers (¬‿¬ )
>>fb-OLFGLC73 → >devchan, i don't think commit 1df965e did anything i am thinking this anon is spinning up a fchannel instance that they modify the activitypub objects that get sent out. fchanni.ga is a registered domain and it has an ip address. so my assumption is they are sending the spoof post and then turning off their instance after the post id is verified. could be something else though.
>>fab-poster what the FUCK
All trademarks and copyrights on this page are owned by their respective parties.
v0.2.0-c793a28