/meta/ - Meta Board

I have a problem and I need it fixed RIGHT NOW

Days left: 15

JulayWorld fallback document - SAVE LOCALLY

JulayWorld onion service: bhlnasxdkbaoxf4gtpbhavref7l2j3bwooes77hqcacxztkindztzrad.onion

Max message length: 32768

Drag files to upload or
click here to select them

Maximum 5 files / Maximum size: 20.00 MB


(used to delete files and postings)

Statement about recent downtime Robi Board owner 11/30/2019 (Sat) 05:04:06 ID: 366b9c No.1547
Julay.world was down due to an imageboard software crash on 2019-10-30 between 03:30 UTC and 04:45 UTC.

What happened?
The database was filled with expired captchas. For some reason, the scheduled command to clear the expired captchas in the database was prevented from running. When Lynxchan crashed there were 1,051,459 captchas in the database.

How did this happen?
We are still investigating the cause. We're going to be monitoring the captcha counts in the database over the next couple of days to make sure that this doesn't re-occur. Currently the captcha counts are at normal levels.

Possible causes/speculation
Julay.world had to deal with an issue where MongoDB and subsequently Lynxchan would repeatedly crash due to MongoDB hogging almost all available system RAM. This could mean that the scheduled task that was meant to clear captchas may not have been triggered.
Of course it is also possible that a malicious attacker could've repeatedly requested captchas until the database was filled to the brim; however, our findings make this an unlikely case.
Lastly it is possible that an exploit exists in LynxChan to bypass limits on captcha generation.

Response to the incident
We are going to be closely monitoring the captcha expiration scheduling system to make sure it doesn't cause this sort of error again. Other than that, there doesn't seem to be any attack vector right now.

You can verify the authenticity of this message by verifying https://julay.world/.transparency/DOWNTIME-2019-11-30.txt with the key https://julay.world/.transparency/keys/robi.gpg
Key fingerprint: 5D89833AE72E802E0201DFFBB1C4E0DB8448A3EE
Open file (374.39 KB 430x437 shirtless_gorezalo2.png)
++Thanks for the update++
Open file (55.72 KB 551x408 3d9~2.jpeg)
Updated as promised in Gunstream:
Hopefully we do get an answer for this exploit.

Not to many people should hit the captcha if they aren't blockBypass.js reloading.
Open file (86.28 KB 1024x1024 1561575601847.png)
This shit happened right when cakekike killed vch and forced /tv/ to migrate, I thought you were trying to pull a fast one for a brief moment.
I'm sure it was just a (((coincidence)))
If you don't do so already you should keep up with /a/'s bunker. It's stable and they have a meta thread where updates about this usually get posted. You can also usually find out what's going on from guntstream and the #julayworld irc channel.
Open file (375.16 KB 480x480 giphy (2).gif)
>This site can’t be reached8channel.net refused to connect.
>Try: Checking the connection
Open file (32.85 KB 388x394 047.gif)
please delete this
nah not serious
i cant say its the same vector that was being used on here if this site was being attacked though. wasn't me
ill crash my own server later to see what the mem leak is
Open file (41.90 KB 250x250 9aa.png)
Whether you did it or not doesn't matter, it's an exploit. This site and the one in your video was exploited, and it needs to be patched up.
That is, IF we are going to keep lynxchan moving forward.
Btw, contracted StephenLynx just like ITT. Good Luck!
>contracted StephenLynx
sorry to hear that. nobody deserves to be a faggot shoving dildos up their ass. hopefully one day we'll find a cure
>the new faggots-only disease known as 'StephenLynx'
The sooner someone makes a good imageboard software and we can forget lynxchan ever existed, the better.

I looked into it the other day while trying to set up an imageboard with the goal of heavily modifying it, and holy shit that thing is a disaster. Like what the shit was I even looking at, I don't know if that kind of architecture is normal in webdev world but just what the fuck man. In the end I decided that it'll be easier and less painful to learn to make an engine from scratch.
It's the most promising project, but needs more time and testing. I think the developer is in college or something too, who knows if he continues the project long-term.
I think he just graduated actually.
The problem has to do with your onion address. LynxChan doesn't ratelimit localhost.
Admin, for a possible solution, see: https://8channel.net/lynxchan/res/1.html#140
The fuck is happening? This place is getting shutters every waking moment now.
Possible ddos from Cakejew and/or Bonegoblin.
nah that's unnecessary, admin here can deal with anything (((they))) throw at him
Nanotranny.net too
Edited last time by Chobitsu on 12/04/2019 (Wed) 15:09:08.
fuck off nano
Julay.world was down due to administrator incompetence on 2019-11-30 between 14:30 UTC and 16:00 UTC.

What happened?
I had just pulled an all-nighter shitposting when the captcha exploit thing happened. In a desperate attempt to figure out the cause of the error I made it so that every single output to the console would be accompanied by a full stack trace and also added about 10 console.log commands to Lynxchan's source code. The result was full stack traces being pushed to the syslog for over 8 hours which promptly made the server run out of disk space.

How did this happen?

Possible causes/speculation

Response to the incident
Next time maybe I shouldn't try to debug an exploit after being up for 26 hours.

You can verify the authenticity of this message by verifying https://julay.world/.transparency/DOWNTIME-2019-11-30-2.txt with the key https://julay.world/.transparency/keys/robi.gpg
Key fingerprint: 5D89833AE72E802E0201DFFBB1C4E0DB8448A3EE
May go to 8glow as well fag
Open file (37.17 KB 600x600 sweat.jpg)
>name one good, full-featured imageboard software
Open file (4.66 KB 225x225 index.jpg)
Open file (13.58 KB 400x400 ClipboardImage.png)
You'll never get your maid outfit back, Nathaniel.
Did you release the jewtext addon yet?
Open file (58.38 KB 480x480 Vordrak.jpg)
Hey there Joshua. I hear you still have means to make money somehow. It would be a crying shame if it were to, you know, disappear!
Open file (897.41 KB 245x245 124.gif)
>I made it so that every single output to the console would be accompanied by a full stack trace
I'm amazed this went through your head unquestioned.
It's still good to be proactively paranoid and have one place if the worst happens (ie: some fag shoots up a federal building and frames the board)
After 26 hours of staying up people can end up short on common sense. He was in a state of impaired judgment, so to say. (Being sleep-deprived can actually be more dangerous than being drunk.)
that's true enough, that's the purpose of the webring - to do away with centralized structure. So I guess do have bunkers there.
Lynxchan does not output any information about where the error happened. All I saw on the console was the BSONObject error printed from somewhere in a 50KLoC codebase. It was the sensible thing to do in dire circumstances but I should've removed it afterwards.
ROBAY, address the /tv/ issues
>>1588 (checked)
Try short stack traces instead, if the system behind LynxChan can do them. Just the innermost frame from another module, or where the function that encountered the error was itself called from.

...And maybe it was another site, but I seem to remember a LynxChan instance that put a CAPTCHA on every page loaded.
>>1590 (derp!)
Oh right... the "Report/Ban" box at the bottom of the page has a CAPTCHA in it...
>>1591 (more)
... and it seems stable across simple reloads but not when posting. Could an increase in ordinary traffic have caused a spike in CAPTCHAs?
Oh ok thanks
>having more bunkers is unecessary
Retards with your mentality are why so many niche boards and their communities are lost forever.
If you have any interest in preserving your own board don't listen to this imbecile.
>torfag sperg
go back to cuckchan
Glownigger, pls. Terry can still run you down you know.
>trying this hard to fit in
go back
You fedcunts will never stop IB culture, you cock-slobbering faggots. The people will win.
Open file (23.59 KB 200x220 346578977765432.png)
>Lynxchan is the code equivalent of indian food shat into a rusty bucket.
I mean just look at the coomer who developed it. No big surprised it managed to find such a retarded and fantastical way to catch on fire.
Well, atleast admin had the spine to admit that he dun fucked up. Unlike certain mobility impaired living(?) morbid curiosity or a pastry-consuming member of a certain semitic tribe.
>no don't create more bunkers
>I want you to be in one easily controlled spot
>fuck having a fallback option being scattered to the wind after an oy vey is the best!
kill yourself retard
there is literally no good reason to not have backups in place
go back to herding dumbfucks on discord into crossdressing and shooting up malls
So did Vaush debate sargoy last night or did Carl stand him up like he did venti?
Picochan is a good imageboard software. Doesn't require or use any JS at all. It's designed for tor boards though so will require the addition of a ban system etc. for clearnet usage.
Example/testing instance:
>there's an index now
Nice. I understood why nanochan didn't want to implement an index, but I have no idea how people use imageboards using the catalog only.
Admin of another webring site here. Somebody tried attacking my captcha page too.
The IP whois'd to an MIT IP.
OrgName: Massachusetts Institute of Technology
OrgId: MIT-2
Address: Room W92-167
Address: 77 Massachusetts Avenue
City: Cambridge
StateProv: MA
PostalCode: 02139-4307
Country: US
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/MIT-2

This is most likely caused by spamming the https://julay.world/noCookieCaptcha.js page. They can generate unlimited captchas on a single IP and there is no ratelimit whatsoever.
Probably the reason lynx has no ratelimit is because it assumes multiple people could be hitting the nocookiecaptcha page on TOR from the same relay/exit node and the ratelimit would count multiple users. In practice, that would be rare and just leaves a huge security hole where spamming enough can fill up the disk or crash mongodb.

Hope this helps.
see your torrc and you'll know the reason
>It's unthrottled if you are accessing it through an onion service.
He is dumb as bricks.
Some educational institutions have exit nodes, cant check right now just assuming. Didnt think so at first because usually they add some notes to their whois saying so.

Still robi should check what was said about the nocookiecaptcha page
well theres your problem, lmao
I've had this glitch happen to me during bad connections where I'd hit the Reply button several times and the captcha would come up, except instead of just one box to fill out several would come up, each with its own "send" option. Next time it happens, I'll be showing it to you. Might be one thing that is causing this many problems.
Open file (381.49 KB 1200x1200 ohreallycatwtf.jpg)
<10 Click on Reply to post
<20 You need block bypass to post
<30 Enter the captcha
<40 Captcha entered
<50 Click submit
<60 Your Captcha has expired!
<65 WTF?
<70 Refresh to get new captcha
<80 GOTO 20
>Shit finally breaks.
>People surprised.

Only by ignoring the captcha after about the 4th time and hitting cancel instead allowed the post to go through anyway.
It's literally easier to just have a captcha for every post. At least that way I don't need to enable cookies and javascript.
Why are we blue now and what happened to the buttons in the top right?
>502 Bad Gateway
oh fuck what now
looks like lynxchan is pretty buggy
Open file (45.74 KB 640x480 gondola_rome_burning.png)
>kikes take down 8ch to distract from the fact twitter, twitch had the stream up for hours
>other kikes pull the plug on vch
>8kun is a piece of shit
>julay just fucking dies
Why does this keep happening?
It's just giving you a taste of what will happen to society soon.
>implying we're that lucky
recent posts don't show as "5 minutes ago" etc but just show the overall date like old posts.
>other kikes pull the plug on vch
Someone's planning to blame /cow/ for the captcha.js bug Rodent exposed ITT.
I think he just self deleted his post >>2177
For Julay's info:
If you know the password of post, and it happens to be a thread, while loading another page as a file uploads, you can ghost delete the thread and post with any IP:
IoW: you can pretend to care about a topic, engage it with astroturfing, and whoops delete it.

Seems others maybe targeted because of this other lynxchan bug. Stephen Lynx would just say "working as intended, fork off"
Forgot to mention: it doesn't show up in the logs.js
That's the bug: ghost activity

Report/Delete/Moderation Forms

Captcha (required for reports and bans by board staff)

no cookies?