/lynxchan/ - LynxChan

The best engine you will ever shitpost with.

Keep threads on-topic.
Installation video tutorial
Vichan migration script

New Thread:

Max Message Length: 4096
Don't show location
Make sure I have a block bypass
Spoiler Max File Size: 1.00 MB
File Limit Per Post: 3
Remember to follow the rules .

2.2 breaking api changes Stephen Lynx Board owner 12/07/2018 (Fri) 22:26:24 Id: 1101c6 Pinned No. 647 [Reply]
Open file ( 10.65 KB 215x212 logo.png )
On 2.2 the json api features were merged into the form api and removed afterwards.
So not only the json input was removed, bu also the json output of the form api was remade. The refactoring is finished and penumbra has been adapted.

2.2 is scheduled to be released on march of 2019.
Edited last time by StephenLynx on 12/07/2018 (Fri) 22:27:58.

Cat Board owner 01/03/2016 (Sun) 12:07:51 Id: 9ca3a6 Locked Pinned Bumplocked No. 219 [Reply]
Open file ( 3.93 MB 640x480 1451822329331.webm )

2.2 Lou Skunt 03/16/2019 (Sat) 01:58:25 Id: c34afd No. 745 [Reply]
Open file ( 65.25 KB 250x146 1.png )
Will lynxchan ver 2.2 render penumbra useless?

Cat 03/16/2019 (Sat) 11:54:37 Id: 9ef27c No. 746
Much on the contrary, 2.2 will install penumbra as the default front-end from the setup script.

Why do you ask?

Cat 03/17/2019 (Sun) 19:05:00 Id: aa79c9 No. 750
I asked because penumbra looks like shit on mobile phones. People use browsers from mobile phones. I was hoping that someone would make a decent front end. Thousands of people go to stupid php boards on mobile phones each hour like 4chan. But hey, let's fucking ignore the world trend of people using mobile to browse.
Oah, and your efforts to block people are so fucking stupid. Hey, dipshit. It is impossible to block people from a forum. Your time would be better spent learning some manners or making lynxchan moblile capable. Fucking douchebag.

Cat 03/17/2019 (Sun) 19:09:07 Id: aa79c9 No. 751

Oah, and use ssl on this shitty site. Who would trust code from a jackass who is too fucking stupid to use a basic security measure like ssl. You OBVIOUSLY have no respect for other people's security. Fucking faggot douchebag.

Cat 03/17/2019 (Sun) 20:33:46 Id: 6f7772 No. 752
If you want to submit patches to make penumbra work better on mobile, you are welcome.

This site is not meant to be heavily used. Feel free to stop posting here and instead use some other means of communication, like irc or e-mail.

Cat 03/04/2019 (Mon) 19:20:19 Id: a1051e No. 742 [Reply]
>[477] #lynxchan, You need to login to services to join or speak in that channel.
But no surprise there

Cat 03/05/2019 (Tue) 01:51:16 Id: 9060d1 No. 744
It was to prevent spammers before they pick up for good again.

ssl Cat 02/07/2019 (Thu) 07:48:51 Id: 7bebf6 No. 711 [Reply]
So I got a ssl cert from godaddy. I put the two .ssl files in the src/be directory. I enabled ssl via admin panel and it is set to "1" in the general json I get the following error when starting lynxchan and ssl does not work. Is there another step or something im missing?

>>>Failed to listen to HTTPS.
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Object.createSecureContext (_tls_common.js:113:17)
at Server (_tls_wrap.js:870:27)
at new Server (https.js:62:14)
at Object.createServer (https.js:85:10)
at startSSL (/root/LynxChan/src/be/workerBoot.js:91:35)
at startListening (/root/LynxChan/src/be/workerBoot.js:148:5)
at dbBooted (/root/LynxChan/src/be/workerBoot.js:213:7)
at preIndexSet (/root/LynxChan/src/be/db.js:826:5)
at initBoardIndexedCollections (/root/LynxChan/src/be/db.js:842:3)
at initGlobalIndexedCollections (/root/LynxChan/src/be/db.js:858:3)
Worker 2 booted at Thu, 07 Feb 2019 07:41:23 GMT
Failed to listen to HTTPS.
Message too long. Click here to view full text.
5 posts omitted.

Lynxchan is gay Cat 02/10/2019 (Sun) 03:00:30 Id: 1306d9 No. 718
Open file ( 37.69 KB 530x325 cc.jpg )
>>716 You ALWAYS have an excuse or rude comment for everything that you do wrong but are too stupid to fix. There is a reason that lynxchan did not amount to anything... mostly because you are a fucking idiot. Lynxchan is not secure, has a shitty front end that no one uses, and all the lynxchan boards have no
real website or users. MEWCH was the only good lynxchan board and that failed because of the horrible security flaws. Lynxchan is a joke made to fool stupid people who are not aware of security.

Mega Milk 02/10/2019 (Sun) 04:47:02 Id: a1b069 No. 719
Mewch didn't fail due to security flaws. It didn't fail whatsoever. Any rumor you hear about mewch is simply untrue.

Cat 02/10/2019 (Sun) 13:51:08 Id: 5a7f3f No. 720
ok dude

Cat 02/11/2019 (Mon) 19:58:38 Id: c27a94 No. 721
bad anime girl, bad

Cat 03/04/2019 (Mon) 19:23:50 Id: dca8b8 No. 743
>It didn't fail whatsoever
Is that why it doesn't exist anymore? Lol

A GUI proposition Николай Кучумов 02/13/2019 (Wed) 17:45:42 Id: f0f324 No. 722 [Reply]
Open file ( 84.97 KB 811x647 cccp.jpg )
I noticed you're developing a "fast" backend for an imageboard.
I'm a developer of a general-purpose GUI for an abstract imageboard.
Have a look at 4chan.org integration:
The project is hosted on GitHub:
If you're interested I could add support for `lynxchan` in that GUI.
6 posts and 2 images omitted.

SUCK MY DICK Cat 02/24/2019 (Sun) 18:38:14 Id: 16f5b1 No. 737

Cat 02/24/2019 (Sun) 18:39:30 Id: 16f5b1 No. 738
Lynchan maker is a rude egotistical faggot who is too stupid to use ssl on lynxhub.com which puts everyone at risk of malicious injections. ON TOP of that is the fact that node.je is extremely unsafe in general, as is the mongo db. It is a honeypot and full of major security issues. Go ahead and work with the lynxchan maker... good luck with that. You will find out that he is a total faggot moron.

Николай Кучумов 02/25/2019 (Mon) 09:32:08 Id: f0f324 No. 739
If you want security I suggest you leave for sshchan

Cat Board owner 02/25/2019 (Mon) 17:21:55 Id: 78204b No. 740
Open file ( 306.14 KB 593x540 798.png )
>11 commits
>no mention of why lynxchan is not secure
Cute. I won't even delete it.

Cat 02/27/2019 (Wed) 12:42:50 Id: 5ff398 No. 741
>>740 Says the faggot who is too stupid to use ssl on lynxhub.com which puts every single visitor to that site at risk of malicious code injections. Fucking faggot.

LYNXCHAN IS UNSAFE Cat 02/17/2019 (Sun) 13:07:39 Id: 456c94 No. 724 [Reply]
Prevent XSS ! Context Based Encoding
Cross Site Scripting (XSS) is one of the most common but ignored types of attacks. Since Node.js is implemented with JavaScript, there is high-risk of developers introducing XSS vulnerabilities in the code. Output encoding is one of the best ways to prevent XSS attacks. Most view engines such as Jade provides built-in encoding mechanisms. But most important thing is that you should use appropriate encoding to based on the context. Following are some situations that you should use context specific encoding.

URL encode parameters which are appended as url parameters. URL encoding can be done using encodeURI() and encodeURIComponent()javascript built-in methods.
HTML encode parameters which are displayed in HTML. HTML encoding is provided by view engines such as jade as well as frontend frameworks like Angularjs. You also can explicitly do it from server side using htmlencode npm module.
CSS encode parameters which are used in element styles

sTEPHEN C LYNX Cat 02/17/2019 (Sun) 13:09:19 Id: 456c94 No. 725
LYNXCHAN IS UNSAFE Prevent CSRF (Cross Site Request Forgery) with Anti-Forgery Tokens
Cross Site Request Forgery (CSRF) allows an attacker to execute a certain function on the web application on behalf of yourself. To prevent these kinds of attacks, we can implement Anti-CSRF tokens so that the server can validate whether the request is coming from intended sender. Anti-CSRF tokens are one time tokens which are sent along with the user’s request and used by the server to validate the authenticity of the request. Please refer to my previous blog post about what Anti-CSRF tokens are.

Express.js framework is a web framework for Node.js which has in-built support for CSRF prevention. Following example shows how to initialize CSRF protection with Express.js and Node.js. When this protection is added, express.js creates a secure token which is sent to the server via both request body and cookies. These two tokens are validated by the server for forgery. If server fails to validate these two tokens, server returns a 403 Forbiddenresponse to the client.

This mechanism prevents an attacker sending requests to the server on behalf of yourself since attacker has no access to the cookie for the domain in your browser. Even if he collects one token, he cannot replay it again since the token is one time.

Cat Board owner 02/17/2019 (Sun) 14:04:36 Id: ddc83d No. 727
If you find a vulnerability related to that, just let me know.

Cat 02/17/2019 (Sun) 14:32:37 Id: a1d8b2 No. 728
Open file ( 49.99 KB 800x800 6.jpg )
>>727 Fuck off, faggot. You use an UN-SECURE node.js base, an UN-SECURE mongo db and then you pretend you do not know anything about the tons of vulnerabilities that are inherent to such shit code. To prove my point, lynxhub.com will get a little surprise soon. We are anonymous. Stephen Lynx is a faggot. We are legion. We do not forget. We do not forgive. Expect us.

Cat 02/17/2019 (Sun) 21:23:24 Id: 03898f No. 730
I found several vulns in lynxchan…. it looks like they were coded in on purpose. That poster is right

Cat 02/18/2019 (Mon) 18:22:27 Id: 931cf5 No. 731
>To prove my point, lynxhub.com will get a little surprise soon.
I'll be waiting.

Cat 02/05/2019 (Tue) 02:53:16 Id: 165e20 No. 709 [Reply]
What theme should I install?

Cat 02/05/2019 (Tue) 21:33:01 Id: 7b02e9 No. 710
whatever you like.

Cat 01/24/2019 (Thu) 16:44:26 Id: 11834c No. 695 [Reply]
Open file ( 72.81 KB 600x752 5.gif )
I like this placeholder fe- it is fast, looks nice, and is awesome. It just needs youtube support. Is there any way possible to have a youtube video show in a post? Even if i had to hard code it...that would be fine. It would be nice to be able to show a youtube video in a post. Thanks.

Cat 01/24/2019 (Thu) 20:34:10 Id: 1b3439 No. 698
never mind, thanks

Cat 01/24/2019 (Thu) 20:35:13 Id: 1b3439 No. 699
oah shit wait disregard the never mind, I forgot this question was about the default front end

Cat 01/24/2019 (Thu) 22:33:49 Id: ea55e8 No. 700
Yeah, you could implement it, but the default FE has been discontinued.

Cat 02/02/2019 (Sat) 10:08:35 Id: 4bc26b No. 707

Cat 02/02/2019 (Sat) 10:09:03 Id: 4bc26b No. 708

Delete only files
Delete media (Actually removes the saved files from the server, standard file deletion only removes the reference to the selected posts)

Captcha(Used only for reporting): No cookies?

[ 12345 ]