>>18
check http://archive.8ch.net/

He probably doesn't have the database.

>>39
the 8ch database was posted in >>>/operate/

8archive's data is all public

If they had the database they would need to know the post numbers to check if there were any matches in the modlogs tables.

>>40
That's just the source code.

>>40
Check for yourself. >>>/operate/6019 is merely the .zip repack of 8chan.7z (>>1).

Until I see a plausible .sql dump or /var/lib/mysql backup I won't believe the database was compromised. Although it's suspicious inc/config.php has empty MySQL credentials…

>>70
>Although it's suspicious inc/config.php has empty MySQL credentials…
How is that suspicious?
The credentials are in inc/secrets.php because otherwise they would be tracked and included in the open source repository.

As far as I know the inc/config.php shouldn't even be modified.
If the admin wants to change something in the $config variable, it should either be defined on inc/instance-config.php or inc/secrets.php.

>>71
I see. I'm only used to simple web forum software which only has a central config file for all the crucial settings.

This means the attacker had all the relevant pieces of information to connect to the MySQL database. As it's external to the web server (and hopefully protected by firewalls and MySQL ACLs), it all depends on whether that access was writable as well, because that means you could have dropped in a small PHP dumper script that exports the whole database, for example.

>>75
He wouldn't need a script.
mysqldump was likely available in the server which would have exported the whole database to a file.

The question is whether it would be worth doing that since 99% of the information in the dump would already been public anyway.

>>81
Depending on the vulnerability and whether PHP-FPM runs in safe mode (we don't have the php.ini), you could run it directly or do it yourself. The bottom line is, it's quite possible there's at least a partial copy of the database.

Of course, the majority of the database is public, but it contains quite sensible information too. For example, the IP obfuscation is only in the frontend, they're stored in cleartext in the modlogs and posts_* tables.

The topic was discussed here, but it's gone: https://lainchan.org/sec/res/3101.html
http://archive.is/ZEpLY
IIRC the thread was much longer.
https://archive.is/jFIRA
There are some posts on the topic on reddit: https:// www.reddit.com/r/WhereIsAssange/search?q=insurance+keys&restrict_sr=on

/pol/ logs have always been public.

Why didn't people check those to see who deleted the posts you're talking about?

https://archive.is/pMEmC
Not sure which /pol/ he's talking about but it might be what you're looking for.

Key Dump
eta numeris 392D8A3EEA2527D6AD8B1EBBAB6AD
sin topper D6C4C5CC97F9CB8849D9914E516F9
project runway 847D8D6EA4EDD8583D4A7DC3DEEAE
7FG final request 831CF9C1C534ECDAE63E2C8783EB9
fall of cassandra 2B6DAE482AEDE5BAC99B7D47ABDB3

>>428
The topic was very fringe even for most tinfoilhats, most ppl thought it was just some LARPers. Threads kept getting deleted so people went to small sites like lainchan.
It was said that if you posted the real keys you'd get XKeyscored aka your internet would be shut down and the people who claimed to have found keys in the blockchain were reluctant to post. One user claimed to have extracted a file but refused to give evidence.

Found some old threads that were not deleted however:
>>>/pol/res/34716.html
https://archive.4plebs.org/pol/thread/99307017/

>>430
>>>/pol/34716.html

>>431
Man I'm such a newfag. To top it off, have another reddit link:
https: //www.reddit.com/r/Bitcoin/comments/5dqufl/blockchain_experts_the_world_needs_your_help_the/