Do Son 
On April 14, one of 4chan’s servers fell victim to an attack exploiting a vulnerability in outdated software. According to an official blog post, the perpetrator, operating from a UK-based IP address, uploaded a malicious PDF file, thereby gaining access to the server’s databases and administrative panel.
The hacker spent several hours within the compromised server, copying database tables and a significant portion of 4chan’s source code. After completing the data extraction, the attacker began vandalizing the site, which alerted the moderators. In response, the servers were swiftly shut down to prevent further damage.
Following an internal investigation, the development team described the impact of the attack as catastrophic. Although not all servers were compromised, one critical server was breached. The root cause, they admitted, was a failure to timely update operating systems and software—a consequence of chronic shortages of qualified personnel and long-standing financial constraints. These difficulties were exacerbated by the refusal of advertisers, payment processors, and service providers to work with 4chan under external pressure campaigns.
Efforts to modernize the server infrastructure had commenced in late 2023. Until then, as representatives confirmed, the site had been operating on servers purchased by the project’s former owner, known by the pseudonym moot, shortly before his departure. Due to financial hardships, it took nearly a decade to gather sufficient funds for new hardware.
By April 2024, the technical specifications for the new servers had been finalized, with procurement completed by June. The equipment was deployed in July, and over the subsequent months, a gradual migration of functionality was underway. However, key services continued to run on the aging infrastructure, which ultimately contributed to the success of the attack. The administration acknowledged that every stage of the upgrade process took far longer than originally planned.
During the nearly two-week outage, the compromised server was replaced, and both the operating system and software stack were updated to current versions. A temporary suspension of PDF uploads was implemented across boards supporting the format, with restoration planned in the future. Concurrently, the administration decided to permanently close the /f/ board—dedicated to Flash content—due to the inherent security risks associated with .swf files.
To accelerate the project’s recovery and development, 4chan is now recruiting additional volunteer developers. The volunteer team of moderators and janitors continues its work, despite some members facing breaches of their personal privacy during the attack.
In conclusion, the site’s representatives emphasized that 4chan would persist, affirming that “no other site can replace this community.”
