Slashdot Mirror

← Back to Stories (view on slashdot.org)

Imgur Exploited To Channel Botnet Attacks At 4chan

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: Imgur has been compromised by attackers looking for an opportunity to direct large volumes of traffic to 4chan. A Reddit thread explains that "when an Imgur image is loaded from /r/4chan [...] imgur loads a bunch of images from 8chan, which causes a DDoS to those sites." Meaning that if a user clicks an Imgur link on /r/4chan, it automatically makes around "500 requests" for one image from imageboard 4chan.org/8chan.

4 of 73 comments (clear)

  1. Do over please by Anonymous Coward · · Score: 5, Insightful

    Can we get a cleanup on this summary please, from someone who actually passed high school English class?

    The short version: someone served up malicious javascript on 8chan by hosting it on imgur as images, revealing that imgur does not actually check to make sure its images are images. Some Flash on 8chan loads the javascript from the localstorage object, breaking same-origin. Once again the DOM is proven to be a horrible house of cards.

    1. Re:Do over please by Anonymous Coward · · Score: 5, Informative

      4chan users actually know how to write, at least better than slashdot "editors". It's just that they add the "faggot" and "nigger" every 3 sentences.

    2. Re:Do over please by jest3r · · Score: 4, Insightful

      I think I read that Imgur was inlining images with data urls when viewing the raw image.

      So if you visited www.imgur.com/image.jpg the source code would look like:
      img src="data:image/jpg;base64,R0lGODlhEALMAAOazToeHh0tLS/7LZv/0jvb2 ...... etc.

      When uploading an image to Imgur someone figured out how to append code to the end of the raw data to break out of the data url data and append some Javascript to it.

      The Javascript pulled down images from 8chan among other things.

  2. Old news? by BlckAdder · · Score: 5, Informative

    This was patched yesterday.