4chan DDoS Attack Defeats Sharecash's Cash for Spam Program

Following a months-long spat of constant attacks against 4chan that included spam, malicious links and disgusting child pornography, 4chan founder "Moot" unofficially called for a response against file sharing host Sharecash. 4chan users, infamous for their DDoS attacks against other prominent and powerful targets, took up the call by bringing down Sharecash's server for several hours.

For months, attackers have been crowdsourcing the task of submitting to 4chan comments containing child-pornographic imagery and links to files containing viruses. The attackers have been profiting on these files by hosting them on Sharecash, which, according to their own site, pays approximately 20-60 cents for each file a user within a "target area" (probably the United States or United Kingdom) downloads from their servers.

Details are sketchy at this point, but it seems that after months of unsuccessful attempts to ban offending IP addresses, implement word filters, and convince Sharecash to close the attackers' accounts, Moot decided to rely on the brute force of the 4chan community to solve this problem.

In a rare thread addressing 4chan users directly late Friday afternoon, Moot wrote, "There are six and a half million of you, and only so many of them. I can't believe we're losing this battle. […] The real solution is to have Sharecash suspend known spam accounts." Moot posted screenshots of an email exchange apparently between himself and Sharecash, as well emails from the attackers themselves. In them, a Sharecash employee claims no knowledge of spambots deployed on 4chan, and writes that Sharecash is not responsible for its users' actions.

In subsequent posts, Moot fielded suggestions from users to implement additional securities, user certification, community moderation and other methods to reduce spam and attacks against 4chan. All of these techniques, however, are antithetical to the spirit of 4chan, which allows anonymous posting without image verification like captchas.

Though some users made useful suggestions, it was clear Moot did not want to erect barriers to user participation, but instead wanted to directly address Sharecash, who he believed would not take action because they were profiting from the attacks. Moot wrote in several posts that "Sharecash is the root of the problem. They refuse to act because SURPRISE: they're making money too!" Later, Moot reiterated, "Again, the real solution is to have Sharecash cooperate, which they won't, because they make just as much money off of the spam as the spammers do. Sharecash enables all of this."

4chan's infamous /b/ (random) board, from which many Internet memes originated, and from which organized campaigns against the Church of Scientology, the Iranian Revolutionary Guard and AT&T started, reacted with predictable chaos: A call to arms was sounded following Moot's posts, and aDDoS attack brought down Sharecash's sever. Spam posts to 4chan ceased immediately afterwards.

Sharecash struggled overnight Friday and early into Saturday morning to implement security countermeasures, and temporarily posted a simple text notice on their front page capitulating to 4chan's demands. "Our server is currently under attack by a group of people from 4chan.org," the page read, "By their request, we will now make spamming 4chan.org against our rules. We will elaborate once the site is fully up and running again. In summary, it will be 100% against our rules to drive traffic to our downloads, even indirectly, from any *chan website."

The page then listed the IP addresses and other technical information culled from their server logs of individuals they believed were participating in the DDoS attack.

Sharecash was able to bring their server beck online at about 2:20 AM EST, although it was only serving a static page with an FAQ about the site along with an apology for their downtime. "We are sorry for the downtime, we had to fend off a large scale attack. We took the server down for a few hours to prevent damage, and thankfully everything is intact. We will provide more information tomorrow."

As of 3:20 AM EST, 4chan posted a global message to users across all boards on the site: "Sharecash has announced that spamming 4chan, and other imageboard websites, is now against their rules. Please refrain from harassing their administrators, or interfering with their website. As always, this is against the rules, and threads condoning such action will be removed. We look forward to working with Sharecash to put an end to the spam that has plagued 4chan for months, and hope they honor their word. More to come later."

Open Media Boston will continue updating this story as details become available.

UPDATE: Sharecash's website seems to be up and running again at least as early as 4:30 AM EST. It looks like it has all the information and sections it previously had except a contact phone number, which was likely removed to prevent prank calls from 4chan users.

UPDATE 2: After publication, Open Media Boston received an email from the owner of Sharecash, who identified himself as Paul, and presented a different account of this weekend's attack. The relevant parts from that email are included in two posts on the Sharecash blog, here and here.

Basically, Sharecash wrote that their server was "hardly affected" by the DDoS attacks and that it was temporarily taken down voluntarily in order to implement additional protection in anticipation of a sustained attack. That was probably a smart move since it seems not only has the DDoS attack continued, but users from other Chans have joined in. Sharecash's server appears to be unaffected.

Read the followup blog post with Sharecash and reader responses.