What is an imageboard?

An imageboard is a type of discussion board where users share images and text about various topics.

The primary difference between imageboards and traditional forums is that anybody can make a post without registering an account or providing any personal information. This lowers the barrier to entry, protects user identities and focuses on what is said, rather than who says it.

Name formatting

When posting, you can format the name field to include a name, tripcode , capcode, any combination of the three including leaving the field completely blank. Instead of a blank name, "Anonymous" is used, however this depends on board-specific configuration. The optional components are explained below.


Names should be input like: . Tripcode and capcode are optional components. Tripcodes and capcodes may not contain "##" and the whitespace before capcodes is significant.

Valid examples:

  1. Name
  2. Name##tripcode
  3. Name## Board Owner
  4. Name##tripcode## Board Owner
  5. ##tripcode## Board Owner
  6. ##tripcode
  7. ## Board owner

From the examples, you can see that all components can be used in combination or independently. In a post number 4 would look like:

Hello, world!

The name appears bold in the top left, followed by the tripcode in regular weight with a !! prefix, then the capcode in a different color, bold and with a ## prefix. The colours may vary between themes but are generally distinct from eachother


The name is simply what name you want to be shown alongside your post. Other users can post with the same name so there is nothing preventing impersonation. This is not related to your username (for registered users).


A tripcode is a password of sorts, which users can provide in the tripcode component of their name. This tripcode is used in conjunction with a server-known secret to generate a unique* tripcode portion of the name. Long, unique tripcodes can be used as a form of identity. It is important that you keep tripcodes secret if you use them for some form of identity. A compromised tripcode can be used for impersonation and cannot be revoked in any way.


A capcode is a component of the name field only available to authenticated users. This includes admins, global staff, board owners and board moderators. The capcoded string will be prefixed with the users role so board staff can make an authoritative post and prove their staff status.

Post styling
||spoiler text||spoiler text
``` code block ```code block
`inline monospace`inline monospace
How does moderation work?

Moderation is very simple. Moderation permissions are different between regular users, board staff (board owner or moderator) and globals (global staff or admin). By default, regular users can delete, spoiler or remove the files from their own posts, provided a matching post password is supplied. They can also report or global report posts. Board staff have near full power over posts on their board including removing posts, stickying, spoilering, etc. even for other users posts without the need for a password. They also have access to board specific management page. Global staff have full power over all posts on all boards, can access the board specific management page for any board and additionally have access to the global management page. More details on the specifics of permission levels is available here.

Local vs. Global reports

There exists the concept of "local" and "global" reports. Reporting a post locally will show the post along with reports on the report page for that particular board, and the reports may be actioned upon by the board staff. Reporting a post globally will show the post along with reports on the global manage page available only to global staff and may be actioned upon by global staff. Global reports should be used to flag posts that violate global rules such as illegal content or spam, in contrast to local reports which are for posts that abide by global rules but break board-specific rules (which may be made arbitrarily by board staff). It is also possible to be banned from a board or globally for abuse of the report system.

Batch processing of posts

Each post has a checkbox in the top left to select it for moderation actions. Multiple posts may be selected to allow batch processing e.g. reporting multiple offending posts in one request. The same is present in moderation interfaces. Some actions for example bans (which are based on IP) may also be handled in batches. Selecting multiple posts and using the ban action will apply a single ban for each unique IP of the selected posts.

Time format in moderation interfaces

Some moderation interfaces, for example the ban duration when moderating posts, or the ban duration for post filtering use a shorthand for times/length. This format supports years, months, weeks, days and hours. An input of "3m" would mean 3 months and "1y2m3w4d5h" would mean 1 year, 2 months, 3 weeks, 4 days and 5 hours. Units of time should be in descending order, so "2w1m" is invalid. However you may use "6w" for example to input 6 weeks, and are not required to use "1m2w".

How do I make my own board?

Register an account, then create a board. Please avoid making excessive amounts of boards, duplicate or boards similar to an existing one unless you expect that many users will migrate to the new board for whatever reason e.g. tyrannical moderation.

How do staff, users and permissions work?

There are 5 levels of permissions on the site with 0 being the highest level of privilege and 4 the lowest. In this list "Regular user" refers to somebody who is either not logged in or is not owner/mod of the board. For example if a user creates their own board, they do not have the "Board owner" permissions on other boards. Each board can have one owner and multiple moderators. Ownership can be transferred.

  1. Admin: All permissions
  2. Global staff: All permissions on all boards excluding account management and news updates
  3. Board owner: Permissions to board-specific settings, reports, banners and bans and some post actions
  4. Board moderator: Permissions to manage board-specific reports, bans and some post actions
  5. Regular user: Permissions to report/delete/spoiler posts
Post actions refers to reporting, deleting, stickying, etc. More details on these permissions:
  1. Admin: All actions
  2. Global staff: All below, delete files, delete-by-ip-global and global ban
  3. Board owner: Same as board moderator
  4. Board moderator: All below, move/merge, ban, delete-by-ip, sticky/sage/lock/cycle
  5. Regular user: Reports, and post spoiler/delete/unlink if the board has them enabled

How is the site run?
Who owns the site?

An Australian guy called Tom. You can check the check the jschan repo for my discord and dig up more about me if you are curious. I also run some other projects including a large discord bot.

Where is the server?

VPS in New York, USA.

Who has access to the server?

Me (Tom) only.

What OS does the server run?

Debian 9 minimal.

How are IP addresses stored?

Jschan stores them hashed with a secret, and a substring of this is shown in ban pages and some moderation interfaces. Clear IPs are present in Nginx logs and retained for 7 days.

Is the server secure?

Only ports 443 and 80 are open for HTTP(s) and one other port for SSH. Key only login is enabled and root login is disabled. The software is running as unprivileged users. MongoDB and Redis are configured to listen on local interfaces only and require authentication.

So it can never be hacked?

I am not so naive to make that promise.

I have an issue/found a vulnerability/need to contact you.

Issues with the software can be posted on the issues page or if you prefer not to use github, post on the meta board with a detailed description of the problem. For private matters or vulnerability reports, please contact me via email tom-69420-me.

- rules - faq - source code -