DEV Community

Bernhard Webstudio
Bernhard Webstudio

Posted on

Tell Your Story: Has your application been hacked?

Tell Your Story: Has your application been hacked? If so, what was your mistake to let that happen, what did you learn from it, and what were the consequences?

Top comments (9)

rmaes4 profile image
Rob Maes • Edited

I was the ripe old age of 14 and I was teaching myself PHP (shudders). Anyways I put together a really primitive website where all you could do is make an account and see a list of users. I eagerly uploaded my new site via FTP (had never even heard of git yet) to my free account at 000webhost (shudders again). I didn't have any money so that's what I went with. Anyways I was so proud of my little website and it was now live for the world to see. I eagerly passed the link around and waited to see how many people would register. Queue the next day when I log on to the users page. I find about 5,000 or so users with names covering a very wide array of expletives. I learned a lot that day. Any innocence and faith I had in humanity was lost. After a few hours of research I learned what SQL injection was and how to prevent it. I spent a couple days patching things up and re-uploaded it. Eventually I developed it into a fully fledged online forum and I never experienced another SQL injection again. I gotta say I miss those days.

Edit: also for some reason I wasn't able to post this in Safari. I had to open up chrome.

joshualjohnson profile image
Joshua Johnson

Wow. This is a good #discuss topic! I wouldn't say any apps I've worked on in the past has been hacked. However, maybe "socially engineered." I had an article network I created in which I had an algorithm that helped maintain the freshness on the homepage. With that being said, users of the website figured out how to manipulate the algorithm to place their own articles at the very top of the home page.

So not hacked per say.

defman profile image
Sergey Kislyakov

Because I build buggy software in the first place, sometimes users find a way to crash it (I don't defer panics and just let them panic for the love of Panic God). I can't call it a hack of my software though - I kinda expect crashes to happen.
I've had one "hack" because of some stupid way to define who's an admin: I didn't compare user ids (scope: Telegram bot) but logins. That mas my fastest hotfix I've ever deployed :D

ben profile image
Ben Halpern

We have a healthy community of bounty hunters who have reported several possible vulnerabilities. So we're constantly under attack of sorts and we have had a some vulnerabilities successfully reported. Thankfully it's been done for good. We have no knowledge of any successful blackhat attacks.

When I first started learning about simple web vulnerabilities years ago I was amazed how easy it was to find issues with websites by submitting different types of data in the forms.

maxwell_dev profile image
Max Antonucci

Always why I prefer going with static-site generators whenever possible, especially for my personal website. Many security issues end right there.

ycmjason profile image
YCM Jason

SQL injection :(

I made the website when I was still very young, like 15?

vikkio88 profile image

One of my past jobs, I was working for this national online newspaper.
We were using a widget that was loading html from a third party website that was providing us with adverts.
That website got hacked via a vulnerable jQuery plugin. They uploaded a shell then they changed the html we were provided with a script that would redirect the main page to a porn website.
It was really cool to investigate and help them to fix it.

yuchen16 profile image

no,but my ECS(aliyun Elastic compute service) had been hacked! The hackers hacked my server and used it as a miner 😝

felipperegazio profile image
Felippe Regazio

yap, some months ago, and i got some nice php files from the hacked server