24
rehman
8y

Earlier i ranted about how someone hacked our site and he had our source code.
Now finally we found how was our site code stolen, thanks to @dfox he mentioned how can we pull code from got server at that time I checked trying commamds to dowload git folder but it was secure but later we found that we had another subdomain running for pur project and its git folder was not secured

Comments
  • 3
    Git folder from server*
  • 17
    @dfox an awesome app for devs with a super responsive developer who also gives advice

    What more could we ask for?
  • 2
    It's funny you tagged this "hacker" and not "poorly configured server"

    At least you've got it resolved now.
  • 3
    @StyxOfDynamite well...it was an un authorized access so technically he was still a hacker
  • 0
    Why do you have your code on the server? Is it a PHP we site where no compiled binary?
    Sorry not a web dev that's why I'm curious to ask
  • 1
    @gitpush what dev you are?
  • 1
    @gitpush actually git is setup on live server to pull all new updates and stuff
  • 3
    @rehman I'd disagree a hacker is someone who uses a tool for a purpose other than that which it was originally intended for. Cloning a public repo via bit is not doing anything with git it wasn't purpose built for. 🙄
  • 2
    @StyxOfDynamite you can have you're opinion
  • 0
    @rehman I'm a mobile dev, I also do .net web services but I just publish docker container with service inside it to the server. We compile and publish container from a local server to our cloud server
  • 0
    @gitpush sounds cool haven't tried docker yet have just heard about it will read about it.
  • 2
    @StyxOfDynamite ehh, they saw a system flaw and exploited it. knowing that wasn't the intended use of the system is still a hack to me, even if they used a tool the way it was meant to be used.
  • 2
    I guess I'm a little more rigid in what counts as a 'hack' Using git to clone what is effectively a public repo is not using it for any purpose other than what is was designed for.
  • 1
    @StyxOfDynamite you never know, directory listing was disabled the sub domain was not anywhere public still he finds it
  • 5
    Going by the media definition, anything above a "life hack" like knowing how to shave without shaving cream is a "hack", so your undesired cyber intrusion would definitely count
  • 3
    @rehman @Devintrix thanks guys :)
Add Comment