GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Backov · 12-04-2002, 04:12 PM

Corvett,

I pointed out the hole in your scripts to your phone techs about a month ago. The most recent script I got from you incorporated my fix. (IP limiting)

What I REALLY want to know is how the hackers that are exploiting this hole got ahold of my private_key in the first place (and obviously lots of others) - since my box wasn't compromised, I have to assume it was compromised on your end.

Also, since this key is compromised, why is there NO WAY to change this key? I can't change it myself, and when asked your techs said they couldn't change it either.

Combine this with the fact that someone not me mailed our members list (some spamtrap adddresses, so WE got shit for it) - and I'd say you guys have got some serious employee related security holes.

Edit: I'd also like to point out that they didn't use my fix verbatim but modified it a bit, and displayed the skill level of retarded high school programmers. Stop hiring off the short bus - if that's the level of skill your programmers have, then no wonder you have security problems. Don't take this as a personal attack - this is my professional opinion, and I've been doing this almost 17 years now.

Cheers,
Backov

12-04-2002, 04:12 PM
Backov Confirmed User Join Date: Mar 2001 Location: Cat Detector Van Posts: 1,600	Corvett, I pointed out the hole in your scripts to your phone techs about a month ago. The most recent script I got from you incorporated my fix. (IP limiting) What I REALLY want to know is how the hackers that are exploiting this hole got ahold of my private_key in the first place (and obviously lots of others) - since my box wasn't compromised, I have to assume it was compromised on your end. Also, since this key is compromised, why is there NO WAY to change this key? I can't change it myself, and when asked your techs said they couldn't change it either. Combine this with the fact that someone not me mailed our members list (some spamtrap adddresses, so WE got shit for it) - and I'd say you guys have got some serious employee related security holes. Edit: I'd also like to point out that they didn't use my fix verbatim but modified it a bit, and displayed the skill level of retarded high school programmers. Stop hiring off the short bus - if that's the level of skill your programmers have, then no wonder you have security problems. Don't take this as a personal attack - this is my professional opinion, and I've been doing this almost 17 years now. Cheers, Backov __________________ <embed src="http://banners.spotbrokers.com/button.swf" FlashVars="clickURL=http://banners.spotbrokers.com" quality=high pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" width="120" height="60"></embed> Last edited by Backov; 12-04-2002 at 04:16 PM..