

So You Hacked Our Site!? - muriithi
http://thedailywtf.com/Articles/So-You-Hacked-Our-Site!.aspx

======
tlrobinson
A long time ago I came across a password protected site with a login page at
something like:

www.example.com/private/login.html

I was curious so I entered:

www.example.com/private/

Sure enough I got a standard Apache directory listing, which included the
password protected page...

------
kirse
Is there any way to use Google to search the actual source of a webpage? I
couldn't find an "insource:" or similar function.

I'm wondering how many websites use this pasuser() function and think they're
actually "securing" content.

~~~
breily
I believe you can search by language on Google Code search - so you could
choose javascript and that'd be basically the same

------
simplegeek
Strange, I think I will never be jobless.

------
Hexstream
It's weird, I somehow HOPE it's a scam. If it's "legitimate" (as in, they
actually think they're making good work) I think I'll have to shoot myself.

------
ojbyrne
Well, that made me laugh.

------
dkokelley
_sorry our site wasn't protected to your standards..._

 _-the guy from the company._

...For some reason I feel like I should respond to this, but it just doesn't
seem like it would be worth it.

~~~
brlewis
It wouldn't be worth it for two reasons.

First, that's probably not really the guy from the company. Probably neither
he nor any of his friends read the sites where this got posted.

Second, he would be right. The amount of security you use depends what you're
protecting. For ourdoings.com I SSL-protect passwords and salt+hash them on
the server side. For the set of ads described in the article, nominal
"security" of a client-side JavaScript password is probably about right. :-)

~~~
cstejerean
Seems like the guy was either posting there or following the thread. The
username and password changed several times and finally the page itself is
down.

~~~
dkokelley
Yeah I'm upset about the page. I wanted to see who fell for their special
list.

I'll be their government "agents" are happy about it. No site means they don't
have to find companies to hire. No site = No work. :)

------
mdemare
fluff!

~~~
mixmax
Yes it is - but I think it's ok with a laugh every now and then. As long as it
doesn't get out of hand.

Having a bit of fun is important.

------
aggieben
that's the funniest thing I've seen on wtf in a looong time. The dummy who
made the site apparently even posted on the wtf forum - in all caps, natch.

~~~
xirium
This response (
[http://thedailywtf.com/Comments/AddComment.aspx?ArticleId=58...](http://thedailywtf.com/Comments/AddComment.aspx?ArticleId=5855&ReplyTo=180051)
)?

~~~
aggieben
Yeah, that's the one. Obviously not in all-caps (I still don't think he helped
himself much by posting). Maybe the name submitted in the form ("FEDERAL
SUPPLIERS GUIDE CUSTOMER SUPPORT") is what created the impression in my mind
that he was shouting and somehow messed with my memory. Interesting what the
brain does behind its own back.

doh!

~~~
dkokelley
Yeah. He wrote his title in all caps, and his message in all lower case.
That's probably what threw you off.

------
Tichy
I know I shouldn't be bothered, but it really worries me that this is on top
of news.yc :-(

------
brett
Yikes. I can't say I expected the daily wtf to make the top of news.yc anytime
soon.

------
edw519
I once wrote a report for a client for managers only with a special password,
"aardvark". Every time I was there, I heard at least once, "Did anyone run the
aardvark report yet?" I wonder if anyone ever caught on.

------
kajecounterhack
that made me laugh so hard...I'm surprised he managed to not _get sued_ by the
people he put in the "guide"

If its not a scam, I'll be darned.

