Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

...and how many people have found it and not said anything? we've all used poorly secured admins here and there, but /admin seems particularly egregious.



...and how many people have found it and not said anything?

Scary.


It was only open for an hour.


No, it was only open and public for an hour. It could have been open for months, maybe longer.


It was the result of a change today, right before it hit Hacker News (so sayeth Marco of tumblr in the #tumblrs irc channel, anyway; I believe him).


As we know, hackers regularly turn random door knobs to see which doors open. Logs i can see show more black hat attempts than white hat, so either OldGregg's friend got lucky or a few exploits might have already been made.


Ah.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: