- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Apparently google hacked your site also
http://www.google.com/search?q=+site:federalsuppliers.com+federalsuppliers.com&hl=en&start=30&sa=N
Admin
sounds like a scam
Admin
Wow. With that kind of grammar and spelling you are either a troll or lucky to have a job. Good luck with that career! ;)
Admin
Oh man did I hack the crap out of this sight.,
Admin
Okay everyone, its time for a family friendly activity: Google Bombing! (I'm aware its not as efective as it used to be with google, but it works just fine for other engines :p)
So, paste this html tag everywhere and anywhere in comment sections/forums of popular websites:
heinous scam
Enjoy!
Admin
own fault, this is so lapse on security. it's like locking your house and hanging the key on the front door. and then claiming someone "broke" into your house.
Admin
Tell them for a couple hundred dollars you can secure the page for them.
Admin
QQ
Hire someone who knows PHP and MySQL. Javascript is not, and never has been, a way to "secure" a webpage. It just says alot if your too lazy create a website proper.
Admin
That was intended for the guy from the "company" who posted on the first page of comments.
Admin
US Bank, where I formally had my mortgage, did something like this too. In order to make a payment you had to verify by entering the last 4 digits of your SSN. Sure enough in the HTML was javascript with the last 4 of my SSN in it.
I complained about it and the response: "We don't run that site."
I complain again, threaten to take my business elsewhere: "We'll give you a $5 credit as part of our 5 star guarantee!"
Six month later the problem still exists and I've transfered my mortgage to a different bank (at a lower rate).
Admin
While I can empathize with the position you've found yourself in, anyone - ANYONE - with any kind of web development background would have been able to 'hack' your site, which - on the internet - is a hell of a lot of people. You are lucky that this situation was brought to your attention the way it was and not used against you in some way. There are people out there who could have done some serious damage to your business and would never have told you about it.
The site is offline, you still have your clients (which you should notify as soon as possible so they at least know you're dealing with the situation) and you can have your site improved to include some ACTUAL security and not just some crap scripted dialog box. I'd say that you're in a far better position than some small businesses who actually get hacked with malicious intent. Deal with the problem at hand, and forget about pursuing a lawsuit unless you have a lot of spare cash lying around you're willing to give to lawyers, as you have absolutely no case whatsoever. You're site was not secure and you had your clients' data exposed, and as such YOU would be more liable than this guy you were trying to sell to.
You would be well advised to correct your errors and continue to do business rather than attempt some kind of legal retaliation.
Admin
Because if you have a huge contract like that, you MUST be too cool to capitalize your sentences and proper nouns, use accurate spelling, or even lie convincingly. LOL you have our data. Right. Next time, try using a more secure login form. Like, you know, something that maybe is more like if(userid==5*49) {ok=true), then it'll only work it it's 245, and nobody can figure THAT out.
BTW the CAPTCHA was "odio", which is "hatred" in Spanish. ^_^
Admin
Somebody should tell them that changing the password will not help as long as the actual address it points to is written right there...
Admin
Serious giggles man. Serious.
Admin
Sorry to say it buddy, but nobody "hacked" your site. You put the login and password right in a publically viewable source code. That's the same as locking the front door to your house and hanging the key on the doorknob...any bloke's gonna see the key and get into your house and the insurance company wouldn't pay a cent. If you want a secure site go learn yourself some PHP...or at least basic cryptology. Also look into what HTTPS means :).
P.S. save yourself the embarassment and don't call anyone. Don't email anyone. They're just going to laugh manically at you. Viewing the source code for a web page is not illegal anywhere in the world and if the credentials just happens to be in there...well epic lulz to you my friend.
Admin
Ha! You lost all credibility when you said you had their information.
...kids these days...
Admin
So, anyone want to play "Identify the logical fallacies"?
These are, of course, well know logical fallacies, easily locatable from a variety of sources. However, today's logic comes courtesy of "Critical Thinking, Reading, and Writing: A Brief Guide to Argument" Barnet, Sylvan, and Bedau Hugo. Critical Thinking, Reading, and Writing. '6th ed'. Boston: Bedford/St. Martin's, 2008.
Admin
Shill. There's nothing secure about that in the slightest. Hire someone who actually knows how the web works next time you design a site.
Admin
hilarious, but I seriously doubt you're really the guy that runs that scam
Admin
No hacking was ever done... this information is publicly available, since you have it in plain text in your source code. It is most definitely not secure... at all. Period. I haven't gone there and I don't have any desire to, but you really should tighten that up, if you want to have ANY credibility but after this incident I don't think you will.
Admin
Dude, this isn't even close to being up to my standards. Why don't you just use the basic .htaccess file that your server provides for god's sake(looks like apache at least). Just do a search ".htaccess apache" and find some 12 year old to set it up.
Admin
They didn't take it down, it seems they've just moved it to a new page: http://www.federalsuppliers.com/warning.html
Admin
If your making such a considerable amount of money via commission for your customers then why can't you get a programmer that has even a remote sense of encryption or alternative login technologies to program a login system for you. In case you weren't notified, security is the biggest investment in companies that have any basis in technology.
Admin
LMAO this is a great troll I love it!
Admin
or better yet, remove the location= URL
Admin
Hate to break this to you, but entering in a username and password that is visible in plain sight isn't hacking. Not even close. I am sure you have reported it and I am equally sure that whoever you reported it to had a good laugh, showed it to everyone in the office, who also had a good laugh, and then chucked the complaint in the bin.
If that is what you consider "secure", then your company is incompetent and your investors should be compensated as you are exposing them to extreme risk without cause.
Find a new job.
Admin
i did it for the lulz.
Admin
zomg! Clients Word > Your Word
Admin
Hey FSG, I have a question for you:
Three players enter a room and a red or blue hat is placed on each person's head. The color of each hat is determined by a coin toss, with the outcome of one coin toss having no effect on the others. Each person can see the other players' hats but not his own.
No communication of any sort is allowed, except for an initial strategy session before the game begins. Once they have had a chance to look at the other hats, the players must simultaneously guess the color of their own hats or pass. The group shares a hypothetical $3 million prize if at least one player guesses correctly and no players guess incorrectly.
What strategy would you use?
Admin
Awww, now they've taken the whole thing down:
Not Found The requested document was not found on this server.
Web Server at federalsuppliers.com
Admin
I hate to break it to you, but there really isn't any "hacking" at all involved in "detroying" your website. The username and password are available to anyone with a web browser.
Although I do feel that it is a little irresponsible of the author of this article to actually post real URLS, it was only a matter of time before somebody went to view->source in their browser.
If developing a login system is too difficult for your company at the moment, at least look into basic authentication. It is a very simple way to password protect a directory (and access to your .html file) and is easy to setup (depending on your web server, it can be just a matter of a config file).
Admin
So what is your GSA contract number? Also, what does GSA stand for and who is your Contract Administrator?
Admin
They took the target page offline. Maybe they are getting smart (er)?
I wonder if this was one of those "Get Rich Quick on the Internet" scams you see on latenight TV?
Admin
So, I entered their poetry contest, and they said I was a WINNER and they were going to publish two of my poems in a book! And the book is only $19.95 for the first copy or $34.95 for two copies of the book with my poems in it. But when I sent the $49.95 (including shipping) they never sent me the books. But I am a poetry contest winner!
Admin
Yea, we so evil hackers try to ruin your scam, er, business. I'm ROFLing about all this matter. Might I interest you in a montres allison fine watch? nah, forget it, I'm sure the irony of this offer is lost in you.
Admin
So it looks like some 198 web sites are running on that IP address - including quite a few sex sites - one wonders what kind of legit business would be piled in on a server like that.
Admin
2008-02-29 13:44 • by FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT
(Big, painfully-embarrassing, unprofessional rant deleted.)
This is the equivalent of my walking up to someone's door and noticing that the doorframe actually looks like it could be attached to the house with duct tape and then painted over to look like a real doorframe.
I think: "NO WAY could someone be completely dumb to build it THAT way!"
So I pull a little on the duct tape for the heck of it - and off falls the door AND the doorframe in one huge crash.
Now I am stunned, seeing everything in the room. Next thing I know, the houseowner is screaming at me for breaking and entering and spying on his house and now they are calling the police.
Similarly, the lovely folks at this Federal Suppliers Guide outfit blames Alex Papadimoulis for the online equivalent of pulling on their Javascript duct tape. Wow... and they actually call THAT "hacking"? Do you Federal Suppliers guys know what hacking actually IS?
So now they are screaming at the authorities and the folks on this website for justice. They are screaming at the wrong people. Why are they not screaming at whoever designed the security scheme for their website to START with? Who the heck IS their web developer anyway? I GOTTA know who could be either stupid or unethical enough to design a site like this for a client? What idiot charged them however many thousands of bucks for the digital equivalent of duct tape holding in a cardboard door and telling the client their website is "secure"? Amazing... just amazing.
Admin
In fact, Google has a cached version of some of the contents of http://officers.federalsuppliers.com
http://72.14.253.104/search?q=cache:ruy01-8JMasJ:officers.federalsuppliers.com/neb.html+inurl:federalsuppliers.com&hl=en&ct=clnk&cd=5&gl=us
Admin
Never trust a "professional" who types "should of" instead of "should have."
So the new security is to 404 the page it leads to. I'll bet all of the federal agents who don't visit the site are disappointed to say the least!
Of note, their site is not in Alexa's top 100k http://www.alexa.com/data/details/traffic_details/federalsuppliers.com
but who here is surprised by that nugget of wisdom?
Admin
Hacking is hardly the word I would use... More like in depth looking. You can't expect a website to stay secure when you have the login information hiding inside the HTML code.
My point is: hire a real web programmer and stop using MS Frontpage...
Admin
By hackers you mean anyone who can read right? If I listed my username and password on a publicly viewable website or left the front door to my house open are people actually hacking or just walking in?
FSG Customer support:"Omgz someone broke into our business officer!" Cop: "orly?" FSG Customer support: "I had the front door open and didn't expect a skilled criminal to force their way into my private property!" Cop: "But sir you had a note on the door which read "Use key under the door mat to unlock door." FSG Customer support: "But that note was for our gullible naive clients, not for anyone who walks by..."
Admin
You guys are idiots. Only a retard would put a password in a javascript within HTML. If you actually care about your security take it a bit more seriously.
Admin
HAH. That's the best website security I've ever seen!
Admin
It sure looks like it's not legit...
Admin
Aw geez... I read from these postings that some outfit called cybertown-usa.com designed the site and it's excuse for security.
So I tried to find out who those "web experts" were - and they had no website. So I go do a whois on that domain. No one was listed as owning the name.
THEN I remembered that the site I used to check the domain name quickly attracts domain name squatters like flies on a you-know-what.
OOOOPS... well, I guess maybe the original designer didn't want their domain back anyway...
Admin
Sir... I feel your pain. Ever since I was exiled from my home in Nigeria (I am a Nigerian prince, you see) I have felt the pain of such Internets Discrimination. Perhaps we can make common cause. If you can send me $5,000 dollars to my paypal account, registered to [email protected], I will have the financial wherewithal to re-take my throne, and will thus be in a position to smite these slanderers.
Admin
Looks like the script came from http://www.2createawebsite.com/enhance/password-protect.html
Utterly pathetic.
Admin
I hope my personal information isn't protected like this with any other company. That is just irresponsible
Admin
If you guys are really dumb enough to use code like this on an internet facing website you deserve to get hacked. And furthermore have no business associating with the federal government. Why don't you take all that "legitimate sales" revenue and buy yourself a decent programmer who knows his ass from a hole in the ground. You're lucky this your website and not your CC database which I'm sure is equally secured by some 5 char password one of your 4 children can guess. I cannot believe a company with a supposed 5 year GSA contract can get away with security this weak...what a joke!
Admin
Bwahahahahahahaha!!!! pwned.