- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I'm only posting this to deprive some one of saying that 5 letter word
Admin
?page=delete_all_first_posts
Admin
Call me naive, but that's the dirtiest thing I've ever seen...
Admin
An example! While PHP might not be a bad language, there seem to be lots of idiots writing in it.
CAPTCHA: Nobis. More like noobis, amirite?
Admin
if derick is capable of firing up a shell and fixing it himself, what's the point of "ondra"? and who names their kid Ondra?
Admin
Admin
Hey, my name is Ondra...
I will meet you outside in 10 minutes to kick your arse...
Admin
Alex makes up fake names for these stories and sometimes he gets them mixed up.
3rd attempt
Admin
Even if the dude did run the script and kill the site...
...it only proves once again to have backups.
Admin
I hope he just replaced the body of the function with some appropriate message. I know I would have.
Admin
Shame about the crappy software. At least Kerbleckistan is number one exporter of potassium.
Admin
...and he makes up "Ondra". weeeeird. :)
Admin
That's what he gets for outsourcing.
Yours, Ondra
captcha: populus
Admin
Yes, after hours of work, the site is back up. I'll just turn on the routers and.... hmm, where did it go?
The only thing this proves is to do code reviews and, maybe, not outsource to the lowest bidder?
Admin
Our developers are not from Kerbleckistan, but I have a feeling they took their English classes there because all of these can be literally found in my inbox : "It does working on my machine," "I have missing your email," "this is first time problem" "it is good codes,"
Another one of my favorites is the sentence "It is not like." , which can be an answer to almost any question ranging from "Please explain the problem in detail?" over "When was the last time you edited those reports?" to "Which file are you talking about?"
Admin
// maybe I needing later if ($_SMS['guido'] == "delete_all_offshore"){ echo "terminate"; load("MAGAZINES"); proc_term("ondra"); proc_term("ravi"); proc_term("kerbleckistani.*"); ... snip ... }Admin
I think the real wtf was the fact that the crappy developer actually led him onto find the backdoor. I would have just kept my mouth shut.
The irony of my captcha was 'deceit'.
Today is going to suck.
Admin
so the moral of this story is to always wrap your unlink calls in eval statements broken over several lines so that grep can't find them.
I mean, if you're going to be evil, why half-ass it?
Admin
It's not just backups that were missing. The "developer" was pushing a snapshot to the server, and that was all. What about version control?
Admin
That's not just evil. That's Google Evil.
Admin
I've done that to get around anti-virus software when I didn't want to explain to IT why I was doing something wrong (though innocuous).
Admin
I'd have certainly too, even if with the risk of needling him to try out a little bit of SQL injection.
Admin
Naive... :D
Admin
The guy got MORE than he bargained for... for a tenth of the price. Outsourcing rulez... NOT :))
Admin
another real WTF is this useless use of cat. what's wrong with the following ?
orThe fact I could instantly see the filename in question ?Admin
Indeed, by participating in the strategic weakining of the nation that secures freedom via balance of power to most of the planet, outsourcing is arguably more evil than even Google.
Admin
Call me naive, but I didn't see that one coming ;-)
Admin
php, developer, version control, never thought I would hear those words in the same sentence lol
Admin
Isn't it obvious? "Ondra" is just "Ardno" backwards!
Admin
Wouldn't it have been easier for him to have just written
unlink("*.php")?
I don't know. I don't know that much about PHP...
Although yeah, I do think this is sneaky and dirty.
Admin
Funny, I took away something totally different. There are three morals to this story:
Always build yourself a backdoor in every project
The first rule of backdoor club is that we don't talk about backdoor club
If this is your first project, you have to code a backdoor
Admin
I dunno...
I did some work a couple of months ago and the person is refusing to pay and avoiding attempts to contact.
He has his DNS hosted on my nameservers, you don't know what an effort of will it's taking not to point the A records for his site at a pornsite, goatse or similar, heh
Admin
x = "Hello World" Print x If x = "Hello World" then deltree c: |y End If
Admin
Not to forget unobtainium. I wonder where the name comes from.
Admin
You could always re-route them to a site that says it is down due to non-payment.
Admin
Apple?
Admin
if ($_GET['page'] == "delete_all_files"){ echo "Go fuck yourself Boris!"; }
Admin
// maybe I needing later if ($_GET['page'] == "delete_all_files"){ echo "ALL YOUR FILES ARE BELONG TO US"; mysql_query("DROP TABLE *"); unlink("index.php"); unlink("apps.php"); unlink("resources"); ... snip all files ... }
Admin
This is horrible! Immoral! I would never do something like this!
unlink, you say? I shall file this knowledge away. Maybe I needing later.
Admin
When I was a Quality Control intern at a steel mill in the mid 90's, I heard a story of a contractor who had written an application for said steel mill in the early 80's. The agreement was that, upon implementation of the application, the contractor would be hired as a full employee. Very late in the process, the contractor discovered that the company was planning to renege on its end of the deal. He added a last-minute change to the code that wasn't in any of the documentation or back-ups; if the app didn't receive a certain input every other week, it would essentially delete itself. Implementation happened, and the company showed the contractor the door. About two weeks later, their shiny new application completely stopped working. They apparently threatened legal action against him, but never did anything because they had breached their initial agreement. I'm not sure how it was ever resolved...
Admin
Now that's what I call job security.
Admin
worthy of an un-necessary use of cat award!
Admin
Either that or a reason for the police to come knocking on your door.
Admin
If you were smart enough to do it, you'd probably be smart enough to make it right too :)
Admin
Sounds like my current boss, who has me working for him with everything else (for his multiple businesses) sent over to "Kerbleckistan" - he's up to having 6 "Kerbleckistani" developers right now, and as a consequence I have to not only work a regular day (or be on call.. getting a call this morning at 6am is bullshit) but be on at night as well to speak to the developers.
Admin
FTW!
Admin
I'd replace the contents of the if statement with an ip tracker and pull as much info about him as I can.
Admin
Perhaps it is an anagram for Hard On; that feeling you get when you know a big clean-up contract will come you way.
Admin
Brillant!
Maybe I needing later
Admin
There are two WTFs here, but the second may be less obvious. That a script running on a web host has that kind of access to the web root is pretty funky. When I configure web servers, if I have need for user uploaded content I setup a special directory just to enable write access.
That way, situations like this can't happen.