...+8 .... MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
...+.......M...M.................M8 . MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
..+M . M.. M... . ..........? ...MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
...+MN MMM.. M . ..........+ ...MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
...+ . . ....M.................+....MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
... ..... +MMMM .......MMMM ...... ...MMMMMMMMMMMM..MMMMMMMMMMMMMMMMMMMMMMMMMMMM
.... MM ...+MM....MM....MM.....MM.....MMMM .. ,MMM..M . MMM..... MMM. M .. DM
....MMMM....M ..,MMMM....M....MMMM ...MM ..MMM.. M...MMM..?M...NMM ..MM.. MM?..M
....MMMM....M......... . M....MMMM ...MN..MMMMM MM..MMMM...MMMMMMM ..MM..MMMM...
....MMMM....M .. MMMMMM MM... MMMM....M...MMMMMMMM..MMMM...MM....8$..MM. MMMM...
.... ,...MMM... NM7 .. MZ.... .....MM..MMMMM M..MMMM.. M..MMMM,..MM. MMMM...
... . MMMMM. .... .,MMMM......,...MMM.. ....MM..MMMM...M.. ..... MM. MMMM...
First Jim was accused of stealing 2ch from Hiroyuki Nishimura (http://fgts.jp/qa/thread/183913/#q192022). Because it is a totally normal industry practice for a hosting provider to seize your domain name, web site and other intellectual property when you fail to pay a bill.
Then he was suspected to have DDoSed 8chan and got it kicked off hosting providers.
Then Jim LARPed being a white knight by offering old as fuck dual core i5 shit boxes for hosting in exchange for a majority equity stake in 8chan. (http://www.8ch.net/who.html - http://archive.is/Bq2M4)
Then the DDoSes mysteriously stopped even though 2ch's & 8chan's real IPs can be found via ARIN records because Jim is a retard who can't into INFOSEC. But this was only a coincidence amirite?
Jim's ARIN Info
https://whois.arin.net/rest/poc/TW488-ARIN.html - http://archive.is/w4gJ7
N.T. Technology's ARIN Info
https://whois.arin.net/rest/org/NTTECH-1.html - http://archive.is/kZxtM
Netblock NET-204-63-0-0-1 (Hosts 2ch.net) Info
https://whois.arin.net/rest/net/NET-204-63-0-0-1.html - http://archive.is/egA4x
Netblock NET-206-223-144-0-1 (Hosts 8ch.net) Info
https://whois.arin.net/rest/net/NET-206-223-144-0-1.html - http://archive.is/0QtI9
184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124
126.96.36.199 188.8.131.52 184.108.40.206
220.127.116.11 18.104.22.168 22.214.171.124
There are other IPs such as 126.96.36.199 but they dont serve webpages and are probably things like the SQL server.
Archived links proving these IPs host 2ch.net and 8ch.net:
http://188.8.131.52/ - http://archive.is/voJFt
http://184.108.40.206/ - http://archive.is/LMAMd
http://220.127.116.11/ - http://archive.is/efa9i
http://18.104.22.168/ - http://archive.is/ME0wb
http://22.214.171.124/ - http://archive.is/KEYT5
http://126.96.36.199/ - http://archive.is/IJyBz
http://188.8.131.52/ - http://archive.is/3TvTN
http://184.108.40.206/ - http://archive.is/GtZjs
http://220.127.116.11/ - http://archive.is/QBSl2
http://18.104.22.168/ - http://archive.is/y06XS
Jim will probably change these IPs at some point. They can be found again by looking up all organizations on ARIN which specify him or his organizations as a contact, and then scanning their netblocks with nmap:
nmap -Pn -p 80 -sV --open 22.214.171.124/20
8chan servers will response with output similar to the following indicating they're running nginx. The vast majority (>90%) the servers in Jim's netblocks are running Apache so its easy to find the needle in the haystack.
Starting Nmap 7.12 ( https://nmap.org )
Nmap scan report for 126.96.36.199
Host is up (0.067s latency).
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.8.0
This can be protected against with a firewall so it may not work in the future. There are other far more effective ways to find the needle in the haystack as well but i'll omit how, because his engineers are clearly incompetent and i'm sure can't think of it if they couldn't be bothered to configure a firewall.
Please also take note than 8chan is running nginx version 1.8.0, not 1.8.1. This version does have multiple security vulnerabilities according to the change log. Because why would you ever want to install security updates?
*) Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process (CVE-2016-0742).
*) Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact (CVE-2016-0746).
*) Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747).
Jim is also violating the license agreement he has with Font Spring for use of their fonts (Koch Geometric) for use on his soft serve ad site.
http://softserve.8ch.net/account/login/ - http://archive.is/uLXeK
Which references file http://softserve.8ch.net/static/css/ultraman.css which clearly states this font is owned by Font Spring and subject to the following license terms:
2. Requirements and Restrictions
Licensee agrees to abide by the following requirements and restrictions:
a. Licensee must use the Webfont provided by Fontspring under this EULA. Licensee may not link to the full, CFF OpenType or TrueType font designed for desktop installation.
But he makes the TrueType fonts available below in violation of his license agreement
3 Reading and page views
Every page view on 8ch.net is kept in a log for 24 hours…
When a post is made to 8ch.net, the posting user’s IP (Internet Protocol) address is stored in the database, along with the parameters of their post (post body, subject, and name)… This information is retained in the database until one of the following happens:
• the post is deleted by the owner of a board or one of his volunteers;
• the post expires, or falls off the last page of the board due to new posts being made;
• the post is deleted by the user himself if the board allows user post deletion.
But this isn’t true as there are a number of publicly available IP logs, some going back to 2014, including one which is almost exclusively posters to the /cuteboys/ fag board:
http://8ch.net/lorenzolog.txt - http://archive.is/9gL9M
http://8ch.net/index.html.1 - http://pastebin.com/WP7k38gA - archive.is doesn’t work
http://8ch.net/ips_ron_3232.txt - http://archive.is/6QXAW
http://8ch.net/bui.txt - http://archive.is/wJWDB
http://8ch.net/int.sql - http://pastebin.com/w1xCeC6g - archive.is doesn’t work
Because Jim is a greedy Jew, he wants to kill off Tor access so he can serve targeted ads. But he LARPs that it is due to "problem" users. Of course Tor has no legitimate uses such as on /pol/ for people in countries where hate speech is banned.
HW posted months ago that he is not support that TOR stuff anymore.
If anything we will probably make it tougher for TOR users. Most of the problems on 8chan originate from TOR users. They are a small minority of the users, but have caused the most problems… I am sure most of the users understand that is to help the majority enjoy the site.
When the mainstream pervs and culprits move to TOR. Time to leave TOR.
One feature of 8chan is the possibility to have hidden boards which aren’t publicly listed. This however does no good when you post a SQL dump (circa December 2015 for pages.sql) of all the boards on the server. archive.is doesn’t support SQL files, and due to pastebin’s size limitations it was split in to 4 files with “split -b 480k pages.sql”. Concatenate the files to restore them. If I get bored i’ll go through boards.json and figure out which ones in these dumps aren’t publicly listed.
Part 1 - http://pastebin.com/b2xHjhKr
Part 2 - http://pastebin.com/D1AwKqgS
Part 3 - http://pastebin.com/9bfpRF2J
Part 4 - http://pastebin.com/femcRKJh
http://8ch.net/.git/COMMIT_EDITMSG - http://pastebin.com/JnE6JPzS
http://8ch.net/maxes.txt - http://archive.is/xIq52
http://8ch.net/dirsizes.txt - http://archive.is/nmLQx
And there are plenty of other files too if you go through the previously mentioned COMMIT_EDITMSG file:
http://8ch.net/.bash_history - http://pastebin.com/2S6Kg8F8
http://8ch.net/inc/.nfs0000000004d8002400000001 - http://pastebin.com/QuRnXwK8
http://8ch.net/working.ser - http://pastebin.com/C2yYCCCY
http://8ch.net/rip.txt - http://archive.is/xXh39
http://8ch.net/rip2.txt - http://archive.is/p3x0D
http://8ch.net/ku_klux_kuchera.txt - http://archive.is/7wqs7
http://8ch.net/reddit-admins-are-cucks.txt - http://archive.is/NcC9W
http://8ch.net/reddit-admins-are-cucks-part-2.txt - http://archive.is/J66tj
Because it was totally a good idea to not block accessibility to unneeded files. This is surely a sign of a competent server administrator, just like calling old as fuck i5 shitboxes “servers”.
Because Jim is only offering old shitboxes and doesn't offer 10GbE ports on NT Technologies hosting and colo page, he likely doesn't have his own private cage at 200 Paul in San Francisco and is likely renting rack space from a real company. A trace route to 2ch's IPs shows that NT's routers are 188.8.131.52 and 184.108.40.206, and they are connected to 220.127.116.11 which belongs to Centauri Communications which does offer colocation services at 200 Paul and who Jim is likely renting rack space from. If you were to file abuse complaints with someone, Centauri would be the company to send them to.
Please send hate mail to: email@example.com
If 8chan should go down, this is your daily reminder that the bunker site is http://8ch.pl/ which isn't ran by a greedy race mixing jew like Jim (((Watkins))).
Eat a dick Jim. Stop posting pictures of your dog and fix the CAPTCHA you fat fuck.