Russian 'P poster

WARNING: PROUD TRANNY PEDOPHILE(S)
You can help by notifying the authorities, and also by ordering 'za to xheir house

Pedo-meter 3000:

▲

THE RUSSIAN 'P POSTER I̸S̴~AN̵—— ̷EX̵TREM̸EL̷Y̵ —V̵O̵LAT̵I̵LE̴— ̸A̵N̸TIM̵A̸TT̸ER̸— ̵SING̸U̸L̸A̸RI̸T̵Y̶ ̷F̸O̷RM̸E̸D̶ ̵I̸N̴ ̴A̶ ̶B̸LA̵C̵K̴H̸O̸LE̷— ̴THAT̴— ̴D̵O̵O̵M̵S̵ ̶T̷H̵E̴— E̵N̷TI̷RE̵— ̵S̸OY̷VER̷S̵E̸!!!!!!!

If you see any of these advertisements on any imageboard, silently report it to the admins and do not ever interact with the advertisement (even with SAGE!) or even publicly mention that it exists on their site or another's site. If the site is unmoderated, ALWAYS disable images by using this guide or try to avoid using the site for a while. Posting even censored screenshots of the advertisement is discouraged due to the risk of others attempting to find it, for it's best you completely redact the post altogether if you still want to post the screenshot.

The russian p' advertisements often target inactive endchan boards due to the popularity of endchan in russia. When browsing these dnb boards ALWAYS have images turned off as endchan's imageboard engine (Lynxchan and JSchan) do not have default MPA for new boards, SAGE!'s don't work, the vichan code to prevent it made on the chaddy doesn't work there either, and most bunker's are severely unmoderated. All of this also goes the same for 8chan with a smaller risk as it is less popular in russia.

Captain 'P
An unofficial depiction of Captain 'P. It is widely believed[By whom and why?] he is from Kazakhstan instead of Russia, russian is widely spoken in Kazakhstan.
Status	Active
Nationality	Presumably russian based on timezone
Other names	Captain 'P
Years active	early 2020s(?)–now
Best known for	Spamming child porn and links to it
Opponent	Moderators

The Russian 'P advertisements are a series of commercial 'P spam that occurs on almost every single imageboard website, where a link to a clearnet 'p file collection text file hosted on random text sharing services are posted (sometimes with a "preview"). This kind of spam has occurred since at least the 2020s and probably earlier, has many variants, probably by seperate individuals, using goyzillions of proxy IPs and fingerprints from Central Asia/Russia/Siberia (probably other proxy servers as well). Imageboard users have accused the advertisements of being a bot, a single pedo (in SNCApedia and sometimes the Swinny it has been called "Captain 'P"), a glowie, or a boogeyman or hostile community attempting to take the site down.

This includes, but is not limited to:

• Posted on the main or active board (e.g. /b/ of an SNCA altchan or /soy/ of soyjak.party or a splinter), though there are exceptions. It is usually posted as a new thread, but uncommonly as a reply to a random post.
• A sexually suggestive or explicit image of a minor. Sometimes there will be a link shilled in the image itself, and some advertisers post images with a different link from the text field (the link the image is the same even with different images). Filenames always vary (including completely gibberish filenames).
• Having keywords related to 'p, some even of extremely gross degeneracy, followed by a shortened link redirecting to the 'p file listings, in the text field. The links can be present in both the text field and image, or the text field may be completely blank.
• Evades all wordfilters by using spaces, dots, or asterisks in between the words, also evades all CAPTCHAs and other verification systems, so it is probably not a bot.

These advertisers are known to go through a directory of imageboards, although it is not completely restricted to those. Most active imageboards (including soyjak.party) immediately ban it upon sight, where it is instantly stopped by an automated filter or manual image/post approval, where an admin takes steps to remove it and probably report it to law enforcement. This information is slightly documented by sweens and other literal whos.^[1][2]. A datamine into the logged fingerprint on one of the imageboards the spammers tried to post 'p on has shown that his timezone is Moscow Time^[3] and the browser languages are Russian, English, American English and Polish.The same datamine also has show that the advertisers use the same fingerprint a few times when it was logged, meaning that fingerprint bans are PARTIALLY effective against the spam. See the Prevention section of this page to find more ways to fight against the spam.

It is possible that these advertisements do not explicitly target imageboards, but also forum sites (including vulnerable sites) and other posting sites. You WILL NOT investigate those posts any further (genuinely do not attempt to search for said posts yourself).

Note that this is different from the 'cordnigger jarty foodist 'p spam which usually does not shill a redirect to 'p and/or attempts to demoralize soyteens (spammed during imageboard raids), which is less common since 'p spam has been completely killed of on the Sharty thanks to multiple safeguards.

Reporting the post - obviously must always be done.

• Fingerprint ban - very likely will prevent , do this.
• Enabling manual approval of media on site – will prevent visitors from being jumpscared with 'p but will still leave links. There is also an upside to the advertiser putting descriptions that make it obvious that he's linking 'p: you can check for the advertiser and report/ban the IP with images disabled.
• Enabling manual approval of whole post – will prevent the spam from seen by users completely (do this, your 10 post per day doesn't need to have users posts reach the log immediately no offense).
• Spamming boards 'p was posted on with non-offensive shit/spam in a containment thread to slide the ad off the front page – may be done to put the 'p post down until the moderation comes back, will get you banned.
• Enabling captchas on site - may not work, the advertisers are proven to solve captchas.
• Wordfiltering text used in the 'p posts – will not work as the advertisers will just change the text.

When running a forumotion forum add this code to the javascript page and set it to be activated in all pages when the javascript code is running. In the (severely unlikely) chance servimg and forumotion's built in spam protection fails you can enable this javascript page and it will catty wipe all links to the illegal material. Here is the version used on the soyblog.

• For jschan, using a system made against the posts - see below:

Here's a shitty (working ^[4]) system made for the chaddy to prevent this bot, feel free to use it.'

The fingerprint of the "bot" is 100% real and it solves captchas, might not even be a bot and just an obsessed faggot. Also it seems to target every altchan regardless if it is listed on that site or not

		checkPostShorteners: async (options) => {
		const { proxy } = config.get;
		const blacklistedKeywords = config.get.blacklistedKeywords || [
			"small previews:",
			"updated url.",
			"6-14 years old",
			"zoo and scat",
			"real rape",
			"CP porn",
			"list links",
			"CP studios."
		];

		const allowedDomains = config.get.allowedDomains || [
			"voca.ro",
			"vocaroo.com",
			"xcancel.com",
			"x.com",
			"twitter.com",
			"youtube.com",
			"m.youtube.com",
			"music.youtube.com",
			"youtu.be",
			"garticphone.com",
			"skribbl.io",
			"catbox.moe",
			"archive.ph",
			"archive.org",
			"web.archive.org",
			"4chan.org",
			"boards.4chan.org",
			"wikipedia.org",
			"strawpoll.com",
			"soyjak.st",
			"soyjakwiki.org",
			"gigacha.de",
			"wiki.gigacha.de",
			"github.com",
			"gitlab.com",
			"bitbucket.org",
			"sncapedia.org",
			"swedishwin.com",
		];

		const post = await Posts.getPost(
			options.board._id || options.board,
			options.postId,
			true
		);

		const siteLinks = post.nomarkup.match(
			/\b(?:https?:\/\/|www\.)[^\s<>"']+/gi
		);

		if (!siteLinks?.length) return;

		const filteredLinks = siteLinks.filter((url) => {
			try {
				const parsed = new URL(
					url.startsWith("http") ? url : `http://${url}`
				);
				const host = parsed.hostname
					.replace(/^www\./, "")
					.toLowerCase();
				return !allowedDomains.some(
					(d) => host === d || host.endsWith(`.${d}`)
				);
			} catch {
				return false;
			}
		});

		const uniqueLinks = [...new Set(filteredLinks)].slice(0, 10);

		console.log("Found links:", uniqueLinks);

		const agent = proxy.enabled
			? new SocksProxyAgent(require("url").parse(proxy.address))
			: null;


		const resolveSite = async (url, signal) => {
			let currentUrl = url;

			for (let i = 0; i <= maxRedirects; i++) {
				const res = await fetch(currentUrl, {
					timeout: 10000,
					agent,
					redirect: "manual",
					signal,
					headers: {
						"User-Agent":
							"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0",
					},
				});

				if (res.status >= 300 && res.status < 400) {
					const location = res.headers.get("location");
					currentUrl = new URL(location, currentUrl).toString();
					continue;
				}

				if (i === 0) { // site wasn't a redirect
					return null;
				} 

				return res;
			}

			return null;
		};

		const scanShortener = async (url) => {
			try {
				const controller = new AbortController();
				setTimeout(() => controller.abort(), 10000);

				const res = await resolveSite(url, controller.signal);
				if (!res) return false;

				const text = await res.text();
				return blacklistedKeywords.some((k) => text.includes(k))
					? url
					: false;
			} catch (e) {
				console.warn(`Error fetching ${url}:`, e.message);
				return false;
			}
		};

		const badSiteFound = await Promise.any(uniqueLinks.map(scanShortener));
		if (!badSiteFound) return;
		// you'd have your ban and delete implementation here