To whoever hacked into my Database

Νίκος Αλεξόπουλος nikos.gr33k at gmail.com
Mon Nov 11 10:36:40 CET 2013


Στις 6/11/2013 5:25 μμ, ο/η Νίκος Γκρ33κ έγραψε:
> Okey let the hacker try again to mess with my database!!!
>
> He is done it twice, lets see if he will make it again!
>
> I'am waiting!

I can't believe your ignorance. You're actually telling a huge group of 
developers from all over the globe that your site is impenetrable. Do 
you know how ridiculous you sound? Have you stopped and thought that 
maybe people have better things to do than try to hack your stupid circa 
1990 website? My three year old could have modified your database. It 
doesn't take a pro to take down your 'security'. Have you not read up on 
anything these people have suggested? Cross Site Scripting? SQL 
Injection? Digital Piracy? Private User Information? No.. you haven't. 
That's why your code is starting to look like this:
if not '..' in page and not page == '/etc/passwd' and 
os.path.isfile(page) and os.path.exists('/cgi-bin' + page) and cookieID 
== 'some_secret' and host == 'superhost.gr' and 
hacker_is_not_being_mean_today:
    load_site()
 
load_private_user_phone_numbers_and_then_post_a_screenshot_for_everyone_to_see()
else:
    play_pre_millenium_music_and_load_lots_of_gifs()
wait___go_back_and_load_pirated_music_and_gifs_from_1995_anyway(extra_sauce=True)
You can't sue me for posting the code to your site, there was no copyright.
I guess my whole point is, if someone really cared I'm sure they could 
get into your site. They could get into a lot of sites that were created 
by people way smarter than you. Ever heard of apache exploits? cpanel 
exploits? for that matter..python exploits? Some of this is beyond your 
control. Actually, all of this is beyond your personal control, you lack 
the capability. What I meant to say is that you could not possibly fix 
all of this even if you were a better python programmer. Be glad 'she' 
wasn't mean.

======================================

Somebody this morning sent me an email as nikos.sucks at gmail.com sayign 
the above.
My code is not like you provided you ignorant.

# is it a python file or an html template?
if page and page in os.listdir( cgi_path ):
     pyvalid = True
elif os.path.isfile( file ):
     page = file.replace( path, '' )
     htmlvalid = True
else:
     file = 'forbidden'
....
....
if 'forbidden' in file:
     print( '''<h2><font color=red>Δεν επιτρέπεται η απευθείας πρόσβαση 
στο script παρά μόνον μέσω της αρχικής σελίδας!    Ανακατεύθυνση σε 
5...''' )
     print( '''<meta http-equiv="REFRESH" 
content="5;URL=http://superhost.gr">''' )
     sys.exit(0)
....
....
if cookieID != 'wont_say' and ( htmlvalid or pyvalid ) and re.search( 
r'(amazon|google|proxy|cloud|reverse|fetch|msn|who|spider|crawl|ping)', 
host ) is None:
     # do database insertion here


Tell the mighty female hacker to polish her nails, do her hair and fix a 
good meal.

She is incompetent just like yourself.

These all is just an excuse of not being able to mess with my script 
again, because is she could she would.



More information about the Python-list mailing list