Toard - Anonymous Text Only Bulletin Board - We are back

Remember Toard - A text only Bulletin Board ?

After a while, I’ve fix some stuff.
Never thought that my old project is still a live till today lolz

Note to mods: Feel free to delete this thread if needed


It’s interesting how you’ve managed to create a bulletin board that looks somewhat old-school with the monospaceish but also manage to make it mobile friendly and usable at the same time :slight_smile:


New website design these days are good, but also heavy on device and just a waste of a time, is also the reason why i create a project that looks like oldschool.

The fact is that, I still coding on mobile till these days. And i glad that it’s mobile friendly :slight_smile:

1 Like

Well, some small CSS to make it beautiful won’t make it slower… :relieved:

  • Inter font
  • More padding, less borders
  • Less underlines, more buttons
1 Like

Fork & Pull is welcome :slight_smile:

1 Like

Bump. I guess you could use Toard without worrying about spams now.

Pretty much things has been changed, Which includes two layer antirobot protection.

The great wall has approached.

Now you do not need to worry about some kind of attack especially when you host at Glitch.

 - Now uses SQL (We use better-sqlite3 for the client)
 - Fix monospace on WebKit browser.
 - Fix creating thread after verification results 404
 - Fix searching resulting error
   Reported-By: Dwiky Rizky Ananditya <>
 - Increased limit on first wall.
 - Move layout create <div> to bottom after reply <div>
 - Change tab title when received new replies
 - Post elements is no longer adjacent to replies.

Signed-off-by: Yonle <>

Feel free to Remix and build your own Text Bulletin Board :slight_smile:

Source code: GitHub - Yonle/Toard: Text only Bulletin board
Glitch Project: Glitch :・゚✧

1 Like

The first protection (anti spam) is there, Which when it detects multiple POST request from same IP address for more than 5 times in under 30 seconds, It will dong the IP address. If the attacker still attempts to continue, The attacker IP address is permanently DONG-ed.

Additionaly, You could enable the 2 layers captcha system if the attack still continues in different IP addresses.

This captcha system is not enabled by default, but could be enabled by inserting the following column into config table at config.db database:

sqlite3> INSERT INTO config VALUES ("captcha", "yes");

Once enabled, You do not need to restart Toard server. If it saw captcha column, It already does what you wish for.

Anyways, there we go, the captcha screenshots (also works without JS).

Better than suffering in Cloudflare “Just in a second…” page, eh?

The antispam systems that i implement in my own here, I call it as “The Greatest DONG Protection Layers”

1 Like

Like the captcha idea, finally, one AI can’t solve yet!

Looking into its code to see how it works.

1 Like

The captcha steps / How it works

Uses verify_sess cookie to work.

  1. It generates string
  2. Uses figlet to generate ascii from the generated string
  3. Generated ascii string splitted into arrays (split(""))
  4. Then distort the ascii string with map(i => (Math.floor(Math.random() * 12) > 9) ? i : ".")
  5. Restructure the ascii string back after putting random dots with join("")
  6. Inserting column into temporary database for this verify_sess where answer is a generated string, while the question is the ascii string. The verification session only last for 3 minutes.

Verification steps

Look up at database for this verify_sess, If unavailable, Reject.

  1. Sees for matching answer. Whenever the answer match to the expected answer, Switch stage as stage 2.
  2. Repeat the same process again, Except that generated string is now math question, with the answer as the exact answer.
  3. If correct, Insert post into database, then redirect user to the assigned path.
1 Like

What if an web app has no borders


The screenshot above is now a thing

1 Like

I honestly find this really funny, there were similar examples of chatgpt also failing at drawing ascii art and recognizing shapes as well. Guess they didn’t think of this case yet, but maybe gpt 4 could do better.

1 Like

Tried with GPT4 (with a simpler ASCII, only one char: W) and it also doesn’t recognize:


An funny update here.

If IP ban is not enough,
Do an ISP ban.

Open up terminal, then type ./modtools/ Ovh or similiar ISP name.

Have a good day.

1 Like

Since many peoples do not know yet, Time to share some experience when this project was getting somewhat popular that then i do not realize that there is an attack going on (due to ratelimit).

When the rate limit is gone, I witnessed this:

The actual attack actually making atleast 4K of new blank threads.

Fortunately it was a easy to bulk remove these spams tho :slight_smile:

And because of this, I created a relatively simple spam-per-IP detection system into the backend, and then deployed right when the attack is still on action.

The system did the job, that then automatically block the IP address.

So how is the container doing?
Pretty well.

When the attacker noticed about the attack, he managed to talk with me. And so i did.

Refs: &

And finally, The captcha system implemented.

1 Like

So you think it ends here?

A week later, Same attacker is back but this time going to my Tird server at, being offtopic and spamming same images on every single thread.

At the same time i created modtools that could do stuffs regarding this situation including “Nuking a thread”. So, The same attacker waves at me again, But at bad timing.

Really bad timing actually

Second take from him?

Ah yes, Say hi again to “The Agenda”

Alright. Second thread nuked again.

Another takes? Yes he did. He change his IP again after i banned him.

Which then i banned the entire Cloudflare Warp IPv6 Subnets.

So what next?
He tries to spam my third Toard server again.

Then what? Of course. Bulk Delete then IP ban.

Few days later, I decided to implement ISP ban that could also done by whois-ing client IP address, which then making it easier to ban certain ISPs including Cloud Hosting Providers.

So then i decided to ban every single known Cloud Hosting Providers.

And the end.
That is how modtools born and the moderation gets somewhat tighten and damn strict.


This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.