PiratChat Exploit
Recently, one of our services, PiratChat, was exploited. This incident did not impact Piraterna's internal systems, but it was clearly aimed at Piraterna as a whole, and more specifically at its founder.
Walkthrough of the Attack
It started when a member of Piraterna received a strange message from another user. The message was vague and inappropriate, referencing explicit content in a way that at first seemed like trolling.
When asked to explain, the sender replied with "check PiratChat" and then sent a link to an image hosted on our platform:
https://chat.piraterna.org/uploads/******.jpg
After viewing the image, it was obvious the content was explicit and had been uploaded by abusing a vulnerability in PiratChat.
Our Immediate Response
As soon as this was discovered, we launched an internal investigation. We checked access logs from nginx, compared image sizes, reviewed raw HTTP requests, and inspected request contents.
We shut down PiratChat to stop the exploit from being used further. Immediately after that, the attacker switched tactics and began sending a large number of spam requests with a User-Agent string containing a racial slurs:
"Kevin is a n****r who enjoys n****r porn" (slurs censored)
This made it clear that the attack was personally directed at Kevin, the founder of Piraterna.
Root Cause
The vulnerability came from PiratChat’s file upload script. It was written in PHP and lacked proper authentication checks. This allowed anyone to upload files by sending simple HTTP requests directly to the script, even without being logged into PiratChat.
In short, the upload endpoint was not verifying user sessions or permissions. This was a technical oversight on our part, and we take full responsibility for the mistake.
Resolution and Status
After identifying the issue, we contacted the user who originally sent the strange message. Since that point, the attacker has stopped their activity.
PiratChat remains offline and inactive while the vulnerable upload script has been permanently disabled. No further development or fixes are underway at this time.
On the Attacker and Motive
At this time, we still do not know the full motive behind this attack. It is unclear whether it was random harassment, a targeted grudge, or something else entirely.
We also do not know who carried out the attack. While we have some suspicions, the attacker was smart and took several steps to stay anonymous. During our investigation, we analyzed all IP addresses that accessed the upload script during the time of the attack.
However, all meaningful requests were either coming from TOR exit nodes or were indistinguishable from normal user traffic. The attacker was clearly proxying their traffic through TOR, making it effectively impossible to trace them directly.
We are continuing to review all related logs and evidence, but as of now, we have no definitive way to identify the person behind the attack.
Going Forward
This was a serious breach of trust and responsibility. While no internal damage occurred, the impact on our team and community was real. We are taking strong action to make sure this doesn't happen again.
Once PiratChat is fully secured, reviewed, and tested, we plan to bring it back online.
We will continue to share updates as our work progresses. Thank you to everyone who supports Piraterna — we won't let this event define us.
References
