li: a(href='#make-a-board') How do I make my own board?
li: a(href='#staff-and-permissions') How do staff, users and permissions work?
.table-container.flex-center.mv-5
.anchor#whats-an-imageboard
table
tr
th: a(href='#whats-an-imageboard') What is an imageboard?
tr
td
p
| An imageboard is a type of discussion board where users share images and text about various topics.
p
| The primary difference between imageboards and traditional forums is that anybody can make a post without registering
| an account or providing any personal information. This lowers the barrier to entry, protects user identities and focuses on what is said, rather than who says it.
p When posting, you can format the name field to include a name, tripcode , capcode, any combination of the three including leaving the field completely blank. Instead of a blank name, "Anonymous" is used, however this depends on board-specific configuration. The optional components are explained below.
p The name appears bold in the top left, followed by the tripcode in regular weight with a !! prefix, then the capcode in a different color, bold and with a ## prefix. The colours may vary between themes but are generally distinct from eachother
p The name is simply what name you want to be shown alongside your post. Other users can post with the same name so there is nothing preventing impersonation. This is not related to your username (for registered users).
p A tripcode is a password of sorts, which users can provide in the tripcode component of their name. This tripcode is used in conjunction with a server-known secret to generate a unique* tripcode portion of the name. Long, unique tripcodes can be used as a form of identity. It is important that you keep tripcodes secret if you use them for some form of identity. A compromised tripcode can be used for impersonation and cannot be revoked in any way.
p A capcode is a component of the name field only available to authenticated users. This includes admins, global staff, board owners and board moderators. The capcoded string will be prefixed with the users role so board staff can make an authoritative post and prove their staff status.
th: a(href='#make-a-board') How do I make my own board?
tr
td
p
a(href='/register.html') Register
| an account, then
a(href='/create.html') create a board
|. Please avoid making excessive amounts of boards, duplicate or boards similar to an existing one unless you expect that many users will migrate to the new board for whatever reason e.g. tyrannical moderation.
.table-container.flex-center.mv-5
.anchor#staff-and-permissions
table
tr
th: a(href='#staff-and-permissions') How do staff, users and permissions work?
| There are 5 levels of permissions on the site with 0 being the highest level of privilege and 4 the lowest. In this list "Regular user" refers to somebody who is either not logged in or is not owner/mod of the board. For example if a user creates their own board, they do not have the "Board owner" permissions on other boards. Each board can have one owner and multiple moderators. Ownership can be transferred.
th: a(href='#site-operation') How is the site run?
tr
td
b Who owns the site?
p An Australian guy called Tom. You can check the check the jschan repo for my discord and dig up more about me if you are curious. I also run some other projects including a large discord bot.
p Jschan stores them hashed with a secret, and a substring of this is shown in ban pages and some moderation interfaces. Clear IPs are present in Nginx logs and retained for 7 days.
p Only ports 443 and 80 are open for HTTP(s) and one other port for SSH. Key only login is enabled and root login is disabled. The software is running as an unprivileged users. MongoDB and Redis are configured to listen on local interfaces only and require authentication.
b I have an issue/found a vulnerability/need to contact you.
p Issues with the software can be posted on the #[a(href='https://github.com/fatchan/jschan/issues') issues page] or if you prefer not to use github, #[a(href='/t/index.html#postform') post on the meta board] with a detailed description of the problem. For private matters or vulnerability reports, please contact me via email tom-69420-me.