• Wonko (unregistered)

    I'm only posting this to deprive some one of saying that 5 letter word

  • Zylon (cs)

    ?page=delete_all_first_posts

  • steenbergh (cs)

    Call me naive, but that's the dirtiest thing I've ever seen...

  • Drew (unregistered)

    An example! While PHP might not be a bad language, there seem to be lots of idiots writing in it.

    CAPTCHA: Nobis. More like noobis, amirite?

  • csm (unregistered)

    if derick is capable of firing up a shell and fixing it himself, what's the point of "ondra"? and who names their kid Ondra?

  • Wonko (unregistered) in reply to Zylon
    Zylon:
    ?page=delete_all_first_posts
    Guess that would have done the same job.
  • Ramses So let it be written so let it be done (unregistered)

    Hey, my name is Ondra...

    I will meet you outside in 10 minutes to kick your arse...

  • tOmcOlins (cs) in reply to csm
    csm:
    if derick is capable of firing up a shell and fixing it himself, what's the point of "ondra"? and who names their kid Ondra?

    Alex makes up fake names for these stories and sometimes he gets them mixed up.

    3rd attempt

  • Max (unregistered)

    Even if the dude did run the script and kill the site...

    ...it only proves once again to have backups.

  • DOA (cs)

    I hope he just replaced the body of the function with some appropriate message. I know I would have.

  • frits (cs)

    Shame about the crappy software. At least Kerbleckistan is number one exporter of potassium.

  • csm (unregistered) in reply to tOmcOlins
    tOmcOlins:
    csm:
    if derick is capable of firing up a shell and fixing it himself, what's the point of "ondra"? and who names their kid Ondra?

    Alex makes up fake names for these stories and sometimes he gets them mixed up.

    3rd attempt

    ...and he makes up "Ondra". weeeeird. :)

  • bored (unregistered)

    That's what he gets for outsourcing.

    Yours, Ondra

    captcha: populus

  • halcyon1234 (cs) in reply to Max
    Even if the dude did run the script and kill the site...

    ...it only proves once again to have backups.

    Yes, after hours of work, the site is back up. I'll just turn on the routers and.... hmm, where did it go?

    The only thing this proves is to do code reviews and, maybe, not outsource to the lowest bidder?

  • Anonymous Coward (unregistered)

    Our developers are not from Kerbleckistan, but I have a feeling they took their English classes there because all of these can be literally found in my inbox : "It does working on my machine," "I have missing your email," "this is first time problem" "it is good codes,"

    Another one of my favorites is the sentence "It is not like." , which can be an answer to almost any question ranging from "Please explain the problem in detail?" over "When was the last time you edited those reports?" to "Which file are you talking about?"

  • Carl (unregistered)
    // maybe I needing later
    if ($_SMS['guido'] == "delete_all_offshore"){
       echo "terminate"; 
       load("MAGAZINES"); 
       proc_term("ondra"); 
       proc_term("ravi"); 
       proc_term("kerbleckistani.*");
       ... snip ...
    }
    
  • John M (unregistered)

    I think the real wtf was the fact that the crappy developer actually led him onto find the backdoor. I would have just kept my mouth shut.

    The irony of my captcha was 'deceit'.

    Today is going to suck.

  • tofu (cs)

    so the moral of this story is to always wrap your unlink calls in eval statements broken over several lines so that grep can't find them.

    I mean, if you're going to be evil, why half-ass it?

  • pjt33 (cs)

    It's not just backups that were missing. The "developer" was pushing a snapshot to the server, and that was all. What about version control?

  • hoodaticus (cs)

    That's not just evil. That's Google Evil.

  • hoodaticus (cs) in reply to tofu
    tofu:
    so the moral of this story is to always wrap your unlink calls in eval statements broken over several lines so that grep can't find them.

    I mean, if you're going to be evil, why half-ass it?

    I've done that to get around anti-virus software when I didn't want to explain to IT why I was doing something wrong (though innocuous).

  • lImbus (unregistered) in reply to DOA

    I'd have certainly too, even if with the risk of needling him to try out a little bit of SQL injection.

  • md5sum (cs) in reply to steenbergh
    steenbergh:
    Call me naive, but that's the dirtiest thing I've ever seen...

    Naive... :D

  • Alin (unregistered)

    The guy got MORE than he bargained for... for a tenth of the price. Outsourcing rulez... NOT :))

  • lImbus (unregistered)

    another real WTF is this useless use of cat. what's wrong with the following ?

    grep unlink *.php
    or
    grep unlink -R *.php
    The fact I could instantly see the filename in question ?
  • hoodaticus (cs) in reply to Alin
    Alin:
    The guy got MORE than he bargained for... for a tenth of the price. Outsourcing rulez... NOT :))

    Indeed, by participating in the strategic weakining of the nation that secures freedom via balance of power to most of the planet, outsourcing is arguably more evil than even Google.

  • steenbergh (cs) in reply to md5sum
    md5sum:
    steenbergh:
    Call me naive, but that's the dirtiest thing I've ever seen...

    Naive... :D

    Call me naive, but I didn't see that one coming ;-)

  • Neil (unregistered) in reply to pjt33

    php, developer, version control, never thought I would hear those words in the same sentence lol

  • skywalker (unregistered) in reply to csm

    Isn't it obvious? "Ondra" is just "Ardno" backwards!

  • Monte (unregistered)

    Wouldn't it have been easier for him to have just written

    unlink("*.php")?

    I don't know. I don't know that much about PHP...

    Although yeah, I do think this is sneaky and dirty.

  • Tyler (unregistered) in reply to tofu
    tofu:
    so the moral of this story is to always wrap your unlink calls in eval statements broken over several lines so that grep can't find them.

    I mean, if you're going to be evil, why half-ass it?

    Funny, I took away something totally different. There are three morals to this story:

    1. Always build yourself a backdoor in every project

    2. The first rule of backdoor club is that we don't talk about backdoor club

    3. If this is your first project, you have to code a backdoor

  • Anonymous (unregistered) in reply to Monte

    I dunno...

    I did some work a couple of months ago and the person is refusing to pay and avoiding attempts to contact.

    He has his DNS hosted on my nameservers, you don't know what an effort of will it's taking not to point the A records for his site at a pornsite, goatse or similar, heh

  • ForcedSterilizationsForAll (unregistered) in reply to Tyler
    Tyler:
    tofu:
    so the moral of this story is to always wrap your unlink calls in eval statements broken over several lines so that grep can't find them.

    I mean, if you're going to be evil, why half-ass it?

    Funny, I took away something totally different. There are three morals to this story:

    1. Always build yourself a backdoor in every project

    2. The first rule of backdoor club is that we don't talk about backdoor club

    3. If this is your first project, you have to code a backdoor

    Tyler:
    tofu:
    so the moral of this story is to always wrap your unlink calls in eval statements broken over several lines so that grep can't find them.

    I mean, if you're going to be evil, why half-ass it?

    Funny, I took away something totally different. There are three morals to this story:

    1. Always build yourself a backdoor in every project

    2. The first rule of backdoor club is that we don't talk about backdoor club

    3. If this is your first project, you have to code a backdoor

    x = "Hello World" Print x If x = "Hello World" then deltree c: |y End If

  • D (unregistered) in reply to frits

    Not to forget unobtainium. I wonder where the name comes from.

  • ForcedSterilizationsForAll (unregistered) in reply to Anonymous
    Anonymous:
    I dunno...

    I did some work a couple of months ago and the person is refusing to pay and avoiding attempts to contact.

    He has his DNS hosted on my nameservers, you don't know what an effort of will it's taking not to point the A records for his site at a pornsite, goatse or similar, heh

    You could always re-route them to a site that says it is down due to non-payment.

  • WhiskeyJack (cs) in reply to Wonko
    Wonko:
    I'm only posting this to deprive some one of saying that 5 letter word

    Apple?

  • RabiDawg (unregistered)

    if ($_GET['page'] == "delete_all_files"){ echo "Go fuck yourself Boris!"; }

  • Steve (unregistered)

    // maybe I needing later if ($_GET['page'] == "delete_all_files"){ echo "ALL YOUR FILES ARE BELONG TO US"; mysql_query("DROP TABLE *"); unlink("index.php"); unlink("apps.php"); unlink("resources"); ... snip all files ... }

  • toth (cs)

    This is horrible! Immoral! I would never do something like this!

    unlink, you say? I shall file this knowledge away. Maybe I needing later.

  • Jayman (cs)

    When I was a Quality Control intern at a steel mill in the mid 90's, I heard a story of a contractor who had written an application for said steel mill in the early 80's. The agreement was that, upon implementation of the application, the contractor would be hired as a full employee. Very late in the process, the contractor discovered that the company was planning to renege on its end of the deal. He added a last-minute change to the code that wasn't in any of the documentation or back-ups; if the app didn't receive a certain input every other week, it would essentially delete itself. Implementation happened, and the company showed the contractor the door. About two weeks later, their shiny new application completely stopped working. They apparently threatened legal action against him, but never did anything because they had breached their initial agreement. I'm not sure how it was ever resolved...

  • bob171123 (cs)

    Now that's what I call job security.

  • Jim (unregistered) in reply to lImbus

    worthy of an un-necessary use of cat award!

  • pueblonative (unregistered) in reply to bob171123

    Either that or a reason for the police to come knocking on your door.

  • Alekz (unregistered) in reply to tofu
    tofu:
    so the moral of this story is to always wrap your unlink calls in eval statements broken over several lines so that grep can't find them.

    I mean, if you're going to be evil, why half-ass it?

    If you were smart enough to do it, you'd probably be smart enough to make it right too :)

  • ObiWayneKenobi (cs)

    Sounds like my current boss, who has me working for him with everything else (for his multiple businesses) sent over to "Kerbleckistan" - he's up to having 6 "Kerbleckistani" developers right now, and as a consequence I have to not only work a regular day (or be on call.. getting a call this morning at 6am is bullshit) but be on at night as well to speak to the developers.

  • ShatteredArm (unregistered) in reply to RabiDawg
    RabiDawg:
    if ($_GET['page'] == "delete_all_files"){ echo "Go fuck yourself Boris!"; }

    FTW!

  • Shane (unregistered)

    I'd replace the contents of the if statement with an ip tracker and pull as much info about him as I can.

  • Procedural (unregistered) in reply to skywalker

    Perhaps it is an anagram for Hard On; that feeling you get when you know a big clean-up contract will come you way.

  • Yep (unregistered)

    Brillant!

    Maybe I needing later

  • grasshoppa (unregistered)

    There are two WTFs here, but the second may be less obvious. That a script running on a web host has that kind of access to the web root is pretty funky. When I configure web servers, if I have need for user uploaded content I setup a special directory just to enable write access.

    That way, situations like this can't happen.

Leave a comment on “Maybe I Needing Later”

Log In or post as a guest

Replying to comment #:

« Return to Article