DEV Community

Bernhard Webstudio
Bernhard Webstudio

Posted on

Tell Your Story: Has your application been hacked?

Tell Your Story: Has your application been hacked? If so, what was your mistake to let that happen, what did you learn from it, and what were the consequences?

Discussion (10)

Collapse
rmaes4 profile image
Rob Maes • Edited

I was the ripe old age of 14 and I was teaching myself PHP (shudders). Anyways I put together a really primitive website where all you could do is make an account and see a list of users. I eagerly uploaded my new site via FTP (had never even heard of git yet) to my free account at 000webhost (shudders again). I didn't have any money so that's what I went with. Anyways I was so proud of my little website and it was now live for the world to see. I eagerly passed the link around and waited to see how many people would register. Queue the next day when I log on to the users page. I find about 5,000 or so users with names covering a very wide array of expletives. I learned a lot that day. Any innocence and faith I had in humanity was lost. After a few hours of research I learned what SQL injection was and how to prevent it. I spent a couple days patching things up and re-uploaded it. Eventually I developed it into a fully fledged online forum and I never experienced another SQL injection again. I gotta say I miss those days.

Edit: also for some reason I wasn't able to post this in Safari. I had to open up chrome.

Collapse
joshualjohnson profile image
Joshua Johnson

Wow. This is a good #discuss topic! I wouldn't say any apps I've worked on in the past has been hacked. However, maybe "socially engineered." I had an article network I created in which I had an algorithm that helped maintain the freshness on the homepage. With that being said, users of the website figured out how to manipulate the algorithm to place their own articles at the very top of the home page.

So not hacked per say.

Collapse
defman profile image
Sergey Kislyakov πŸ‡·πŸ‡Ί πŸ‡ΊπŸ‡Έ

Because I build buggy software in the first place, sometimes users find a way to crash it (I don't defer panics and just let them panic for the love of Panic God). I can't call it a hack of my software though - I kinda expect crashes to happen.
I've had one "hack" because of some stupid way to define who's an admin: I didn't compare user ids (scope: Telegram bot) but logins. That mas my fastest hotfix I've ever deployed :D

Collapse
ben profile image
Ben Halpern

We have a healthy community of bounty hunters who have reported several possible vulnerabilities. So we're constantly under attack of sorts and we have had a some vulnerabilities successfully reported. Thankfully it's been done for good. We have no knowledge of any successful blackhat attacks.

When I first started learning about simple web vulnerabilities years ago I was amazed how easy it was to find issues with websites by submitting different types of data in the forms.

Collapse
maxwell_dev profile image
Max Antonucci

Always why I prefer going with static-site generators whenever possible, especially for my personal website. Many security issues end right there.

Collapse
ycmjason profile image
Jason Yu

SQL injection :(

I made the website when I was still very young, like 15?

Collapse
mwalden profile image
Matthew Walden

When I was 11 in 2014, I made my first website. I programmed it in PHP (nope no more, I'll stick with my c++, Java, and NodeJS) using nothing but stack overflow, and my past experience in ROBLOX lua programming (no I don't play anymore.) for some Anti-Exploit community. I had little knowledge in SQL Injection, or how to secure a server, inputs, or anything really because of this SSH was compromised, users information was stolen (thank the lord I hashed the passwords with salt, and only held User/Pass), site was leaked, and it was well. Luckily it was very very very bad code, and no one could ever get it to work correctly.

Collapse
vikkio88 profile image
Vincenzo

One of my past jobs, I was working for this national online newspaper.
We were using a widget that was loading html from a third party website that was providing us with adverts.
That website got hacked via a vulnerable jQuery plugin. They uploaded a shell then they changed the html we were provided with a script that would redirect the main page to a porn website.
It was really cool to investigate and help them to fix it.

Collapse
felipperegazio profile image
Felippe Regazio

yap, some months ago, and i got some nice php files from the hacked server

Collapse
yuchen16 profile image
yuchen16

no,but my ECS(aliyun Elastic compute service) had been hacked! The hackers hacked my server and used it as a miner 😝