30 comments

[ 3.3 ms ] story [ 57.9 ms ] thread
Hit 30 times, no flag but 404 each time. Am I just lucky or are they showing them only to certain IP ranges (I'd guess Russian, but then why the English text)?

Edit: Now over 60 times with the same result. And yes, I have confirmed that it is making the request each time.

I refreshed once and saw it. By the odds, you should see it by now, so something else may be at play like a cache engine somewhere.
- It might just be random, but at 60 tries it's unlikely. Fun experiment: check the reviews of any game that uses RNG output. Drink when you see a 1 star complaining that the RNG is clearly broken with anecdotal evidence. (With 100k players playing 10 rounds a day, you're going to see a one-in-a-million event daily. (Afaik most devs make such games "more random" in response by increasing bias towards the mean.) That's probabilities on the order of flipping a coin and it coming up heads 20 times in a row (0.5^20==1/1e6 if I'm doing this 2am math right). Scaling that up to a 1 in 5 ratio, there's only a 1 in ~0.5M chance that you didn't see it after 60 tries. Of course, I have zero insight into what Imageshack is actually doing here, perhaps it excludes you for some reason (maybe it excludes the Bay area not to tip off the executives or their friends... for all we know).

- Perhaps I'm just wrong about 1 in 5 since my sample size was low.

- Confirmed from a German, Dutch, Argentine, and Belgian IP before posting this, all residential. I was indeed wondering if the person who initially mentioned this to me was detected to be in Russia or something since I didn't see it at first, but we all got it with varying numbers of retries; the Belgian on the first try.

(comment deleted)
Here is a rule of thumb for this type of thing:

If something has a 1/N chance of happening, then after N tries = 65% chance of it happening at least once. 2N = 85%, 3N = 95% and 4N = 99%.

I tried it and it worked after around 6 or 7 tries
The math checks out ;)

I got it on my 6th

I got it in about fifteen tries. Pure-D American IP here.
Showed in three tries, US IP.
I got it on my second try in the EU.
3 attempts to get a hit for me, in NZ
17x for me, US West Coast
Took about 10 tries, got the flag. Canada here.
2nd try for me on the west coast USA
It took one refresh for me. I refreshed again, and it was gone. Tried ~20 more times, no flag.
I finally saw it --- but only after I changed User-Agent header to a more common one. It seems like some thought was put into this to make it show only for "normal" users, and not unknown/crawler/etc. (I hit Cloudflare CAPTCHAs all the time.)

In case you're curious, many years ago when Imageshack started restricting images based on Referer and other things, I had a proxy rule created to bypass that --- appropriately named ImagesHack --- and one of the things it did was change the UA too.

Were they hacked?
I personally do not assume that a non-employee is the cause of this behavior, usually those have different patterns, but it's hard to rule out as an outsider of course.
There must be more details to this than what is explained on the page. Why Imageshack? Why old images? Who was behind this? What does it achieve to have old images show the flag? Is there a target audience?
I though imageshack images had a 1:1 chance of showing an error that the image no longer exists.

Not like imgur/reddit are any better. Every day I scroll through my feed, click on something, and the image or video file has disappeared.

Seems to happen the most with video or images of someone caught doing something embarrassing. My guess is that a reputation management company spits out a bunch of fake faxed-in DMCA takedown notices.

I read this as imagemagick at first, and got very confused.
For context Imageshack at one point hosted a large majority of the images on SomethingAwful.
When I operated a small Cloud platform I discovered a small Malaysian company was using my servers to host their videos in lieu of securing their own, paid, hosting provider.

I tried to contact the operators of the sites that were embedding the content, as it was a clear violation of the TOS.

They never replied and I never took the videos down, partly because I was flattered and partly because of the work they had put into getting the videos up. It was probably a couple hundred GB worth of video. It took weeks for them to setup and dozens of accounts. Either they automated the process or they had some poor guy just uploading videos all day. I never found out.

My point is, I could easily have simply redirected that traffic to a page informing the visitor what was going on. I suspect that is probably what's going on here.

I noticed this days ago on my forum. It’s only on old images that would typically not display the image anymore anyway as the poster did not upgrade their imageshack when they changed things some years ago.