Persistence

@datdude I explained that I can't debug a screenshot and never heard back from them support success ;)

@wolt I was talking more about hotel reviews people moaning about a £50 a night hotel because of a hair on their bed spend a lot of time contracting. Sorry I didn't mean to unleash your inner angry dev ;) plus a shit app is a app at least someone is doing something in my opinion (if it's a 100 person company and it's shit it deserves justified abuse) or (if it's one new developer learning the ropes maybe constructive feedback is better) we all have to learn somewhere, if they leave it shit and don't take onboard the bad reviews that's their problem.

That would stress me out all those ducks looking at me, please turn them all around ;)

Reviews are a complete joke, always the dumbest people who give the one star reviews.

I always wanted to build a app called " one star wankers" and just scrape apis and pull in all the one star reviews, there are some ridiculous ones out there never got round to it tho. I think making people feel stupid is a developers best comeback.

No need for school but get a couple of decent projects under your belt your own or others just do them for free do a good job make your code look fit and get a good cv going and your of ;) also just write a bullet point list of all the million and one ridicules words you will need to know and be asked at interviews like transpilling, interpolation, immutable someone asked me what PHP stood for at once and I was stumped, all that nonsense also just make some up as well they will think your clever ;)

@penderis I am putting up the flat pack ;(

@rantymcrantface so true sometimes I literally open the browser shift some code about while watching a whole series on Netflix working remotely on my sofa with a nice fire blazing cup of coffee and still get paid the end of the day, beats waking up at 6am going to a freezing cold building site and lugging scaffold poles around seriously fuck that! Granted working remotely can sometimes be reclusive and feel like house arrest but at least it's a UK jail with all the luxuries ;)

@codeRetard haha amazing ;) and as this is devrant and I'm in a ranting mood ;) I think being a developer when you start out we are all guilty of trying stuff to test the boundaries as you learn, I'm guilty of setting up a Twitter live search api app and leaving a text base search on the tweets for gmail, Hotmail etc and having over half a million emails in two days "never done anything with them" but thought I was a genius ( which I now know I am not due to the fact I can't secure my .git folder ;( ) or the fact you can use Facebook graph api run a for loop through all the profile id's and create a collage and think you are some sort of wizard "millionaire island here we come". So at the end of the day this guy has helped me secure my system I just don't agree with asking for money for the privilege, maybe if he had worded his email better lol!

@codeRetard lol I remember once years ago I was asked to help out a guy in a call centre to build a system for him to help his sales team, I asked him how he gets all the numbers of people to call? He said I shouldn't really show you this opened a spreadsheet put one mobile number in the top record added a +1 and then dragged down a thousand lines and said there is a 1000 mobile numbers, he then had a service to ping them all checking if they are real and what network they were on then he would do those annoying "your at the end of you contract cold calling". Blows your mind sometimes how the simplest of methods still work.

@fuzzy hi the reason you cannot see the wp-config.php is because we don't store this in our git repo and the screenshot is off our git repo we have it added to our .gitignore file on our local version. It's a bit of a rookie error on our part but I am certain other people will be in the same position. @donkeyscript comment was super helpful with the html5 boilerplate suggestion. I am sure someone can write script via the shell that can ping thousands of domains checking for this exploit example.com/.git check the response code if it's not forbidden. Then if they are like the guy that contacted me they can try and blackmail then for money for a fix!

@nuts that is indeed my root and it is a legit hack please see @rycrystal comments above

@chasb96 yeah I think extortion was a little bit of a over reaction on my part . But not far off.

"the practice of obtaining something, especially money, through force or threats."
"he used bribery and extortion to build himself a huge, art-stuffed mansion"

I guess it wasn't really threatening.

@codeRetard your right ;) I'm just frustrated I would happily try and hack my website all day long to make it more secure. It's just the not knowing and the fact I have to be in some hidden restricted community to find this stuff out.

@rjcrystal AHHH I totally see now it looks like he has hacked our git account you are correct just noticed we don't even store out wp-config.php in git it's in our gitignore and after checking the screen grab again there is no wp-config.php in it so it is our root but he doesn't have access to any sensitive data, worrying tho.

@codeRetard there should be a open community supplying code and techniques people are using. So we can all keep on top of vulnerabilities. Is there anything like that about?

@rjcrystal thanks for the info I'll check that any idea or code I can run to run the same hack this guy is using? How has he gained access to my .git folder?

@rjcrystal yes please disclose it. That's the thing about hacking why isn't there a resource where people openly show the exploits or hacking techniques at least we can all run and test. The hacking community should be open unless there is a resource I am missing. I don't disagree with hacking I think it shows exploits and helps systems move forward but I want to know what methods people use to do these kind of hacks so we can test ourselves

@skonteam I have s2member and woo commerce for my multisite setups.

@Letmecode ok thanks all

@Letmecode I only ever connect to the server via ssh and a pem file with the ec2 security group locked down to my ip.

@codeRetard cheers for the advice

@Linux ahahaha ok cheers all, thanks for your advice I'll email him back and ask him to show me the contents of my wp-config.php see what he says. What a way to start a Saturday morning a crying baby, someone threatening to hack me which may or not be true and a fly kept landing on me whilst all this is happening wife telling me we need to be out the house by 2, going to be one of those days!!!

@SalocinDotTEN sorry he didn't show me the contents on the wp-config.php just the index.php here is the image he attached https://s3.amazonaws.com/clouds3me/...

@Linux no just checked I have no AssignUserID calls

@Linux so the vhosts folder is under ec2-user apache. All the domains and subdomains are also under this. Apologies for turning devrant into stackoverflow I will continue to rant shortly ;)

@Linux hhhhmmm I am not sure I haven't set anything up to make it run as a separate user. Is there a cmd I can run to check?

@Linux he has sent a screen grab of the entire root how do hackers even do this I am securing all my file I am sure that they were already secure. What would you suggest to check for exploits?

@SalocinDotTEN ok so I am running a ec2 I have ran the cmd: find /var/www -type f -exec sudo chmod 0664 {} /;

He has basically sent me a screen grab of sublime editor showing the Wordpress root folder and index.php so I am trying to validate if it's even my root

But we think your perfect for the job, we specifically picked you by searching LinkedIn. Say you want a day rate of £1000 they soon disappear and it's worth a punt ;)