Skip to content
loading...
Discussion
markdown guide
 

I was the ripe old age of 14 and I was teaching myself PHP (shudders). Anyways I put together a really primitive website where all you could do is make an account and see a list of users. I eagerly uploaded my new site via FTP (had never even heard of git yet) to my free account at 000webhost (shudders again). I didn't have any money so that's what I went with. Anyways I was so proud of my little website and it was now live for the world to see. I eagerly passed the link around and waited to see how many people would register. Queue the next day when I log on to the users page. I find about 5,000 or so users with names covering a very wide array of expletives. I learned a lot that day. Any innocence and faith I had in humanity was lost. After a few hours of research I learned what SQL injection was and how to prevent it. I spent a couple days patching things up and re-uploaded it. Eventually I developed it into a fully fledged online forum and I never experienced another SQL injection again. I gotta say I miss those days.

Edit: also for some reason I wasn't able to post this in Safari. I had to open up chrome.

 

Wow. This is a good #discuss topic! I wouldn't say any apps I've worked on in the past has been hacked. However, maybe "socially engineered." I had an article network I created in which I had an algorithm that helped maintain the freshness on the homepage. With that being said, users of the website figured out how to manipulate the algorithm to place their own articles at the very top of the home page.

So not hacked per say.

 

Because I build buggy software in the first place, sometimes users find a way to crash it (I don't defer panics and just let them panic for the love of Panic God). I can't call it a hack of my software though - I kinda expect crashes to happen.
I've had one "hack" because of some stupid way to define who's an admin: I didn't compare user ids (scope: Telegram bot) but logins. That mas my fastest hotfix I've ever deployed :D

 

We have a healthy community of bounty hunters who have reported several possible vulnerabilities. So we're constantly under attack of sorts and we have had a some vulnerabilities successfully reported. Thankfully it's been done for good. We have no knowledge of any successful blackhat attacks.

When I first started learning about simple web vulnerabilities years ago I was amazed how easy it was to find issues with websites by submitting different types of data in the forms.

 

Always why I prefer going with static-site generators whenever possible, especially for my personal website. Many security issues end right there.

 

SQL injection :(

I made the website when I was still very young, like 15?

 

When I was 11 in 2014, I made my first website. I programmed it in PHP (nope no more, I'll stick with my c++, Java, and NodeJS) using nothing but stack overflow, and my past experience in ROBLOX lua programming (no I don't play anymore.) for some Anti-Exploit community. I had little knowledge in SQL Injection, or how to secure a server, inputs, or anything really because of this SSH was compromised, users information was stolen (thank the lord I hashed the passwords with salt, and only held User/Pass), site was leaked, and it was well. Luckily it was very very very bad code, and no one could ever get it to work correctly.

 

One of my past jobs, I was working for this national online newspaper.
We were using a widget that was loading html from a third party website that was providing us with adverts.
That website got hacked via a vulnerable jQuery plugin. They uploaded a shell then they changed the html we were provided with a script that would redirect the main page to a porn website.
It was really cool to investigate and help them to fix it.

 

yap, some months ago, and i got some nice php files from the hacked server

 

no,but my ECS(aliyun Elastic compute service) had been hacked! The hackers hacked my server and used it as a miner 😝

Classic DEV Post from Jul 30 '19

PublishTo.Dev: Scheduling article publishing on dev.to

Bernhard Webstudio profile image