Yup...

LOL hacked :\

LOL hacked :\

Was probably your dodge php coding that let them in imo. They were able to come right in the back door, which is something you've always been prone to allowing. .gou2

Oddly enough the first thing I did when I saw it was laugh, and then question the use of some gay ass stock image looking pic for the page they put up. Also in the thinking that the best way to fight saudi arabia and the usa is to hack some site that nobody ever goes to.


http://video.adultswim.com/tim-and-eric-awesome-show-great-job/launch-party.html

Samans crew.

Was probably your dodge php coding that let them in imo.

It was. Remote File Inclusion. NWP was vulnerable too but Greg deleted the site.

gg 4D. *ohyea

So now Gore SE wont work either, because the update content is missing...can someone fix that?

Make a copy of Gore.exe

Rename GoreUpdate.exe to blah.exe

Rename the new copy of Gore.exe to GoreUpdate.exe

Start Gore.

Was probably your dodge php coding that let them in imo. They were able to come right in the back door, which is something you've always been prone to allowing. .gou2
When I switched the page include code from exclusion to exclusively inclusion (code that checks the file server for a list of files and only allows those to be referenced), I sent your dumb ass the code about this a year ago (see email below). I'm not the one that has been maintaining the site for the last two years or whatever - otherwise I would have just switched the entire system to use a templating engine (Smarty) to make it quicker, separate the code from the template (MVC), and give it the ability to cache. If allowed to actually maintain the site, I would have problem done a lot with it already. There is no such thing as a completely secure web site (as you have noticed with the fact that even vBulletin gets hacked from time to time) much less one that isn't maintained. PHP in particular gets targetted a lot because of it's wide usage - so code usage and techniques change all the time. If nobody is maintaining code - especially this site, which was written for PHP4 and includes a lot of code that needs to be updated and refactored - so it's sort of retarded to just let a site sit and assume that it'll always be perfectly fine. Otherwise even Grade A programs like phpBB and vBulletin wouldn't be updated so much...and they have teams of programmers and QA techs to verify every build they make is as exploit proof as possible.

Here's the email, and you subsquently removing yourself from responsibility to fix it:

Email sent to you and Acromus:


Date: Thu, Jan 15, 2009 at 1:08 PM

Idiots:

I did some solid security updates to the PHP code for the templates you use on your websites. It's very important that you implement the changes. This code will aggregate a list of PHP files in the folder and compare the $p variable (ie, index.php?p=home) to each of those and throw a graceful error in the case that the $p variable does not match.

For instance, your root folder contains "home.php", "links.php", and "leadisafaggot.php" - if someone types "index.php?p=9803408" or any request that does not match those 3 files - error.php will be included instead, which reads "Error: Unauthorized Request"

This will help prevent any code from someone elses server files executing on yours (like if someone put in "index.php?p=http://shittysite.com/hack.js") or someone with half a brain running index inside of index ("index.php?p=index") - thus creating an infinite loop which could crash your server.

DO IT.
Ur Pal Spidlz.
Email response from you:


Date: Thu, Jan 15, 2009 at 9:37 PM

Didn't see Joel CC'ed so I went ahead and forwarded it to him. Chances are he might want Paul to do something like this.
Email from you after I asked if you still maintained the site:


Date: Fri, Jan 16, 2009 at 11:26 AM

I never really maintained it at all officially.

Like I'd help on the forums, and did the Gore site and random stuff if it needed to be done and I was capable.

For more complicated things regarding PHP, or forum updates, he has a guy named Paul that helps with that. He is the guy that runs the internet service provider that Joel and his brother used to own before they sold it off to focus on developing Gore.I never heard back about any of this from then on. *ohyea
I was willing to help do it myself, too - but you guys took away my access after the site was finished, so how could I help fix things anyways. Acromus has a far more complicated set up on the site he uses this script for, and we worked quite a few hours making it work perfectly there. I would have done the same for you guys if given the OK. It's like giving you fuckers a car and getting a call years later that "my shit is broken" when you never maintained it or heeded the "recall" I sent you.

GG & GL SIR *ms

what a mess we've got here

It works again.
Joel hacked the persians and got his files back.

LOL no he didn't. Hostgator backs their shit up, unlike Joel.

hail to joel right acro?
merry christmas.
fuck you

LOL no he didn't. Hostgator backs their shit up, unlike Joel.

OH REALLY?

I found that visually the site was more streamlined and aesthetically pleasing while it was being held captive by e-iranians. I am somewhat saddened by the sudden loss of the new and shortlived design and replacement by it's former fat american web design.

Also I wasn't serious when I blamed Spyder.

What actually happened I think from what I care to remember after talking to misc assholes about it yesterday is that spyders bs was forwarded to Joel, who forwarded it to his web guy, who then did a complete noob job at attempting to fix it and basically was responsible for an entire iranian caravan of e-faggots in to delete a website that nobody goes to, yet still has a backup anyway.

Although when it was still deleted I remember joking to Joel that nothing of value was lost. .gou2