Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
CristCD2957yA website just came down and the story is quite the same you are telling. Maybe it's an Spanish website? A website that other people copied now that the original is down and everything is the same except the color that changed from green to red? Because I knew that site was made like garbage, but not that much.
-
Don't encrypt them. So no matter how hard they try to decrypt it, they'll fail.
-
Wait, I'm confused.
If you left after crashing the site, why are they saying that info got stolen? It's not hard to look through MySQL logs... it couldn't have been you! -
@arturgrigio I know! That's the thing, I think they just saw it was down and assumed everything was compromised, which is not a bad heuristic, but you should actually check.
-
@CristCD OK, I did some more reading, and it seems there _was_ an actual hack that stole user information which was later used to create a clone of the original site. This really weakens my story though.. :(
Anyway, it is still weird how these two events were so close in time, so I don't know what happened... -
CristCD2957y@someonewithpc There were already pages before that used this site as a backend because the security is garbage. I know because I made an app for this site scraping the html and replicating some requests.
Related Rants
I was registering for a website, and on a whim, I used this as my username:
null'); PRINT('Hello');--
And sure enough, the login system went down. The next day it was still down, so I went to Twitter to tell the people running the site that this was why, but to my surprise, I see them saying they had been hacked.
Based on the timing, I'm pretty sure they're referring to this, but they are saying user info was stolen. *facepalm*
They later said they stored passwords salted with a fixed salt and hashed with fucking md5, at which point I was glad not to have done any more business with them.
How incompetent can these fucking people be?!
undefined
sql injection
incompetent devs