LOL hacked :\
Yup...
.TBH. -49er btw: [nWp] owns Joo!1!...FUCK IT! [NWP4LIFE]
I'm ThaT DiamonD in teh DiRt that NevEr been FounD, i'M tEh cTf KinG bUt I never been CROWN
R
I
S
S
A
LOL hacked :\
"ill give ur mom the short end of the stick " - Destruction
Was probably your dodge php coding that let them in imo. They were able to come right in the back door, which is something you've always been prone to allowing. .gou2
Oddly enough the first thing I did when I saw it was laugh, and then question the use of some gay ass stock image looking pic for the page they put up. Also in the thinking that the best way to fight saudi arabia and the usa is to hack some site that nobody ever goes to.
http://video.adultswim.com/tim-and-e...nch-party.html
Samans crew.
When I switched the page include code from exclusion to exclusively inclusion (code that checks the file server for a list of files and only allows those to be referenced), I sent your dumb ass the code about this a year ago (see email below). I'm not the one that has been maintaining the site for the last two years or whatever - otherwise I would have just switched the entire system to use a templating engine (Smarty) to make it quicker, separate the code from the template (MVC), and give it the ability to cache. If allowed to actually maintain the site, I would have problem done a lot with it already. There is no such thing as a completely secure web site (as you have noticed with the fact that even vBulletin gets hacked from time to time) much less one that isn't maintained. PHP in particular gets targetted a lot because of it's wide usage - so code usage and techniques change all the time. If nobody is maintaining code - especially this site, which was written for PHP4 and includes a lot of code that needs to be updated and refactored - so it's sort of retarded to just let a site sit and assume that it'll always be perfectly fine. Otherwise even Grade A programs like phpBB and vBulletin wouldn't be updated so much...and they have teams of programmers and QA techs to verify every build they make is as exploit proof as possible.
Here's the email, and you subsquently removing yourself from responsibility to fix it:
Email sent to you and Acromus:
Date: Thu, Jan 15, 2009 at 1:08 PM
Idiots:
I did some solid security updates to the PHP code for the templates you use on your websites. It's very important that you implement the changes. This code will agjimate a list of PHP files in the folder and compare the $p variable (ie, index.php?p=home) to each of those and throw a graceful error in the case that the $p variable does not match.
For instance, your root folder contains "home.php", "links.php", and "leadisafaggot.php" - if someone types "index.php?p=9803408" or any request that does not match those 3 files - error.php will be included instead, which reads "Error: Unauthorized Request"
This will help prevent any code from someone elses server files executing on yours (like if someone put in "index.php?p=http://shittysite.com/hack.js") or someone with half a brain running index inside of index ("index.php?p=index") - thus creating an infinite loop which could crash your server.
DO IT.
Ur Pal Spidlz.
Email response from you:
Date: Thu, Jan 15, 2009 at 9:37 PM
Didn't see Joel CC'ed so I went ahead and forwarded it to him. Chances are he might want Paul to do something like this.
Email from you after I asked if you still maintained the site:
I never heard back about any of this from then on.Date: Fri, Jan 16, 2009 at 11:26 AM
I never really maintained it at all officially.
Like I'd help on the forums, and did the Gore site and random stuff if it needed to be done and I was capable.
For more complicated things regarding PHP, or forum updates, he has a guy named Paul that helps with that. He is the guy that runs the internet service provider that Joel and his brother used to own before they sold it off to focus on developing Gore.
I was willing to help do it myself, too - but you guys took away my access after the site was finished, so how could I help fix things anyways. Acromus has a far more complicated set up on the site he uses this script for, and we worked quite a few hours making it work perfectly there. I would have done the same for you guys if given the OK. It's like giving you fuckers a car and getting a call years later that "my shit is broken" when you never maintained it or heeded the "recall" I sent you.
GG & GL SIR
"ill give ur mom the short end of the stick " - Destruction
what a mess we've got here