I’m making an imageboard from scratch and I want to know what I should include. By what to include I mean stuff that wouldn’t be obvious for people trying their hand at it for the first time (Stuff like checking for files types rather than trusting extensions). I’m not adding multiple image uploads because it looks ugly.

>>105763001 (OP)
you should add a captcha (like Hcaptcha) so you dont get flooded with child porn by glowies

>>105763001 (OP)
I think the absolute bare minimum is you must allow users to say the nigger word. Not because you personally believe in TND but because this is what truly sets us apart from the social media slop everywhere else.

>>105763001 (OP)
/cp/

Make it so that to be able to post you have to click a box that says that you condemn all the invasions, meddling, murders, genocides, etc, etc that the US and Isreal have done other the decades

>>105763019
Don’t do this OP, just manually approve pictures.

>>105763001 (OP)
Whats ur tech stack?

>>105763062
how about a box saying you support the state of Israel
that would filter the trannies, nazis, and anti-western thirdies with one move

>>105763296
Nah, man

>>105763195
>>105763019
You can use Gemma 3 to check an image in 3 seconds. It's not perfect at detecting CP but it gets 95+% of it. Set it up to scan the images when they get posted, nobody will notice 3 extra seconds of delay when they post something. Require manual approval for the images it trips on, and if the user posts too many in a short timeframe then lock them (IP or whatever you use) out until you review.

>>105763001 (OP)
cool, i do hacking for work. if you want a challenge, you could have it convert webp to jpg/png and replace the extension. it is still a challenge because i would totally try uploading php file or some other script, you can usually find out what the backend is running by checking the http headers, so it depends on your stack. if you can avoid and deactivate js you should. i would honestly not parse POST request and hand it off to shell, i think you should strip the filename super hard, e.g. only [a-zA-Z0-1_.]+ and normalize every other character to underscore or smth. you can use `file` to do a shitty filecheck, im not sure was it `binwalk` that can determine if file content matches multiple types? if you find a way to determine sus polyglot file, you should just throw it into some other folder for lolz, its probably someone trying to confuse your imagemagick webp conversion script or serverside components to exploit it

>>105763019
this

>>105763001 (OP)
i wouldn't bother, there are hundreds of altchans but most anons never hear about more than a few of them for a reason.
i'm not against doing these kind of personal projects for fun but you'll just be disheartened after getting it functional only to get a couple dozen posts in the first week before it's abandoned completely

>>105763001 (OP)
>Stuff like checking for files types rather than trusting extensions
I would do both. Reject the post if the Content-Type and extension are different, or the same but not one you support; that will filter out the majority of non-malicious files and some suspicious ones without having to spend bandwidth reading them. For the ones that pass, check the type by reading the contents and see if that matches as well.

Only read the first N bytes of user-submitted files, where N is your file size limit. Check that the Content-Length header matches the actual number of bytes read.

Store files along with their hashes (BLAKE2 is a good choice). If a submitted file's hash matches one you've already saved, the file's almost certainly a duplicate and you don't need to save it again—just link the saved file to the new post.

You'll want to cache boards and threads so you're not querying the DB every time someone requests a page. NearlyFreeSpeech.NET will do this for you if you set Cache-Control or Expires headers in your responses.

>>105764260
>Only read the first N bytes of user-submitted files, where N is your file size limit. Check that the Content-Length header matches the actual number of bytes read.
Small correction: N could be min(max_file_size, content_length). Basically, trust what the client tells you if it saves your server work; otherwise, always verify.

>>105764260
>>105763001 (OP)
Why do you even need to do all of that if you won't ever serve PDFs or other such formats? Like, if you treat the received data buffer as a JPG and try to render it as JPG, whatever will contained malicious code do? It's being completely mangled and misinterpreted.

>>105763001 (OP)
Your imageboard should debut with some topic boards, not too many to spread out discussion too much, but at least a few to actually give some structure and build communities around interests/hobbies. I've seen several altchans die very quickly or fail to take off just because having the website be one big /b/ or dedicated to a single topic makes it hard to foster discussion. Likewise, allowing users to create their own boards willy-nilly will just lead to a bunch of splintering/fracturing and also kill the site.

It will take some spare compute but if you don't want to deal with embedded image fuckery you'll have to recompress the image or just extract the visual data itself and put it into a new file without any additional embedded information (most of the time that's just something cat'd onto the end of the file).

Host it on an OpenBSD box for the most security, but unlike 4chan administration, actually update the OS (although this had little to do with how 4chan was hacked). Do other basic security practices too, like minimizing your use of the root account as much as possible. Imageboards tend to attract the type of people who will try to hack shit just because they're bored.

You probably already knew those things though.

>>105763001 (OP)
add a loli board
add a little girls board

>>105763001 (OP)
Learn PROPER minimalist html and css. Not the garbage dreck all the existing chans and google products use.

Also do you actually intend people to use this? Or is it just a pretend "for myself" hobby? Because if you want people to use it, you may as well give up now if you're still in the mindset of writing a web1.0 page that isn't distributed and ddos-protected.

>>105763621

>>105764480
very thoughtful post anon. good job!

Add janitors who actually love their unpaid thankless job and keep your shitty site clean.

>>105763001 (OP)
If people don't include an image, then take their post and feed it into SD1.5 and spit out an autogenerated image.
Would be hilarious, and encourage people to actually use more images and avoid the autogen.

>>105764362
there have been decoder exploits in the past
recently there was shit for webp

>>105765541
Nothingburger.

>>105763001 (OP)
You should include users.
Your imageboard will he a dnb.

>>105763001 (OP)
I was just reading this, hope it helps.
https://archive.is/1RpZU

>>105763296
someone do this. would use Bupkischan