TL;DR: 8kun (8chan) will not load unless clients pass CloudFlare's firewalls.
When Jim Watkins and son proudly claimed to the world and their users that they were going to be replacing CloudFlare's multimillion dollar network just for their 8chan website, I was skeptical. Many of their users, however, believed it; after all, they had not the necessary experience to realize what was being promised.
Since then, they've dropped the «8chan» name, instead preferring to be called «8kun». I see no logical reason to begin doing so—the software is the same, the owners are the same, and the rules are the same. Some, such as Ron Watkins to the Wall Street Journal, would say that a lack of /pol/ makes 8chan no longer 8chan. That seems dubious at best to me. As can be seen in this archive, among other places, and on 8chan itself when it is up, board creation was and is as of this writing still very much on the table; as the rules have hardly changed, to expect that a /pol/ or /pol/-like board will not reappear as soon as the world stops paying attention is a dubious proposition, and one I do not accept.
Let's however analyze the network. How are they doing it, these intrepid entrepreneurs, out-competing CloudFlare, which jettisoned them? In which datacenters have they bought servers, which networking cables have they installed, which satellites have they launched?
Let's stop kidding ourselves, Nick Lim has done none of that. After being kicked from network after network, and then registrar after registrar, rather impressively, they have for now found an ISP that will allow their crusty ship to drop anchor and use its port. But they worry, oh you see. CloudFlare was so convenient! It had an excellent firewall, and stopped many attacks. If only they could find a way to use its network on the sly!
They've found a way. Observe:
We don't need to worry so much about this; it's pretty much irrelevant. It's a small roadblock in the way of would be miscreants. Perhaps it can even stop a few who don't care enough to drive around it, and instead turn around. What's really interesting is the URL https://vanwatech.com/aes.js, which computes the AES needed to get 8kun to load.
Oh, computer! Tell me about VANWATECH.COM.
[[email protected] ~]$ whois vanwatech.com #? Domain Name: VANWATECH.COM Registry Domain ID: 2396981845_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.google.com Registrar URL: http://domains.google Updated Date: 2019-05-31T05:40:51Z Creation Date: 2019-05-31T04:01:37Z Registry Expiry Date: 2020-05-31T04:01:37Z Registrar: Google LLC Registrar IANA ID: 895 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.8772376466 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: LISA.NS.CLOUDFLARE.COM Name Server: MARK.NS.CLOUDFLARE.COM DNSSEC: unsigned
CloudFlare nameservers? Well, perhaps he's just using their free DNS, let's not jump to concl—
[[email protected] ~]$ dig A vanwatech.com +noall +answer # dig, you really doth protest too much vanwatech.com. 299 IN A 220.127.116.11 vanwatech.com. 299 IN A 18.104.22.168
And of course 22.214.171.124/12 is CLOUDFLARENET, meaning, CloudFlare owns these IPs.
So what does it all mean? Well, to load 8kun your computer needs to pass an AES challenge. That challenge can only be passed if your computer knows where to get the script which says how to compute it,
aes.js is hosted on VANWATECH.COM. VANWATECH.COM is hosted on CloudFlare. In sum, CloudFlare is defending 8chan today, 18th November 2019.
I call on CloudFlare to kick them off. They sent a strong message when they kicked 8chan off, and hopefully they won't allow them back in through this backdoor. VanwaTech's anti-DDoS service is nothing but some open source nginx module and CloudFlare's firewall.