Learn More
Resend Email
2
retoor
7d

Do you guys remember a few days ago that I was looking for someone with certain email address because he didn't receive his email because HE had an insecure mail server? I was sad, because I love new members. While my site has everything public, even api urls to api services without any auth, email confirmation off, hardcoded links to internal servers like retoor42 in repositories, still someone managed to think he hacked me: https://retoor.molodetz.nl/hi/.... That guy! Ironically I went even looking for him to give him credentials! Listing all members of my site is even possible because I have literally right under in my site a link to the most advanced api ever where you can list everything the site contains THAT I ALLOW YOU TOO. That hacker says "magic". I have the url to that "magic" literally on every page Einstein.

Don't let that guy found out what you can do with api.molodetz.nl without any protection..

Dear lord. It's probably the most public site with no secrets ever.

Also, the server runs with a small password and it's a pwned password. Ssh is on port 22. No security measurements are taken.

I can assure you, I know security and worked on cloud shit for three years at one of Dutch biggest cloud provides, kinda aws.

You won't be able to do anything I don't want you to with causing big damage.

Dear lord.

random

hacker

cute

security

public

irony
Favorite
Ranter
Comments
  • 1
    7d
    I also don't use a password manager. Everything is in my head. There is no security like that. Having a password manager is convenient but having a file with all your Auth including the urls stored at the default location of a password manager isn't safe. Remember the days we made fun of people writing down the password of their pc on a note stitched on their screen? Half here is too young but that was more secure than anything we're doing these days. We became retarted.

    I don't judge you for using a password manager, I do too for certain stuff I don't care about for convenience. only if you do that and think you are security aware you're special.
  • 1
    7d
    Ah, the page gives 404 (he made it hidden). Well, what am i complaining, he had good intentions.

    This was the message he gave to me (for some reason he excluded some members in the list, I have seven members and very proud of :) ):

    Just wanted to let ya know that your registration button was on, might wanna configure Gitea to not do that! Thats all. Bye.

    If this is meant to be public, thats fine, you can delete my account, just here to warn you! Thanks, bye. Also, what's "retoor42"

    And as another note, there are 4 other users than you and me. If you need their usernames to remove them, here ya go:

    12bitfloat

    Nigel

    dr

    katya

    If you're wondering how I got those, it's some api magic, all I'll say is it can't be done through vanilla Gitea. Anyway, if this is meant to be private, I suggest immediately removing these accounts. And mine if you want, I'm just here to give you a readme.md warning. Anyway, bye!
  • 0
    6d
    Huh... for some reason I was expecting a mention of:

    'I hacked your service; I'll give the info on how I did that for 1 BTC'

    /jk
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment