• Nobody (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Apparently google hacked your site also

    http://www.google.com/search?q=+site:federalsuppliers.com+federalsuppliers.com&hl=en&start=30&sa=N

  • ...... (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    sounds like a scam

  • Ya-wish (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Wow. With that kind of grammar and spelling you are either a troll or lucky to have a job. Good luck with that career! ;)

  • Hacker (unregistered)

    Oh man did I hack the crap out of this sight.,

  • ReiserificK (unregistered)

    Okay everyone, its time for a family friendly activity: Google Bombing! (I'm aware its not as efective as it used to be with google, but it works just fine for other engines :p)

    So, paste this html tag everywhere and anywhere in comment sections/forums of popular websites:

    heinous scam

    Enjoy!

  • LOL (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    own fault, this is so lapse on security. it's like locking your house and hanging the key on the front door. and then claiming someone "broke" into your house.

  • Sam (unregistered) in reply to Sys

    Tell them for a couple hundred dollars you can secure the page for them.

  • Thomas (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    QQ

    Hire someone who knows PHP and MySQL. Javascript is not, and never has been, a way to "secure" a webpage. It just says alot if your too lazy create a website proper.

  • Thomas (unregistered) in reply to Thomas
    Thomas:
    QQ

    Hire someone who knows PHP and MySQL. Javascript is not, and never has been, a way to "secure" a webpage. It just says alot if your too lazy create a website proper.

    That was intended for the guy from the "company" who posted on the first page of comments.

  • Some Guy (unregistered)

    US Bank, where I formally had my mortgage, did something like this too. In order to make a payment you had to verify by entering the last 4 digits of your SSN. Sure enough in the HTML was javascript with the last 4 of my SSN in it.

    I complained about it and the response: "We don't run that site."

    I complain again, threaten to take my business elsewhere: "We'll give you a $5 credit as part of our 5 star guarantee!"

    Six month later the problem still exists and I've transfered my mortgage to a different bank (at a lower rate).

  • Squiggly (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    While I can empathize with the position you've found yourself in, anyone - ANYONE - with any kind of web development background would have been able to 'hack' your site, which - on the internet - is a hell of a lot of people. You are lucky that this situation was brought to your attention the way it was and not used against you in some way. There are people out there who could have done some serious damage to your business and would never have told you about it.

    The site is offline, you still have your clients (which you should notify as soon as possible so they at least know you're dealing with the situation) and you can have your site improved to include some ACTUAL security and not just some crap scripted dialog box. I'd say that you're in a far better position than some small businesses who actually get hacked with malicious intent. Deal with the problem at hand, and forget about pursuing a lawsuit unless you have a lot of spare cash lying around you're willing to give to lawyers, as you have absolutely no case whatsoever. You're site was not secure and you had your clients' data exposed, and as such YOU would be more liable than this guy you were trying to sell to.

    You would be well advised to correct your errors and continue to do business rather than attempt some kind of legal retaliation.

  • Smarterthanyou (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT
    FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT:
    thank you hackers for trying to destroy federal suppliers guides reputation. i have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions. sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better. not only is the company legit we actually have held a 5 year GSA contract with the federal government and one of my best clients just broke 500,000 dollars in federal sales directly related to the GSA contract we got them. i am proud to work here and help small businesses obtain government workand also help federal buyers locate qualified small businesses to do business with. if you not interested in government work or our services of helping small businesses navigate the federal market fine but please don't slander the company. its rude, your comments are not truthful we are not a scam and i hope someday you realize that all you have to do is check us out with dun & bradstreet or GSA or the florida local and state chambers of commerce to see that what we do is real and federal buyers do request both our hardcopy guides and the online directory as well.

    Because if you have a huge contract like that, you MUST be too cool to capitalize your sentences and proper nouns, use accurate spelling, or even lie convincingly. LOL you have our data. Right. Next time, try using a more secure login form. Like, you know, something that maybe is more like if(userid==5*49) {ok=true), then it'll only work it it's 245, and nobody can figure THAT out.

    BTW the CAPTCHA was "odio", which is "hatred" in Spanish. ^_^

  • Gehn (unregistered) in reply to Sys

    Somebody should tell them that changing the password will not help as long as the actual address it points to is written right there...

  • J.S (unregistered)

    Serious giggles man. Serious.

  • EpicLulz (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT
    FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT:
    thank you hackers for trying to destroy federal suppliers guides reputation. i have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions. sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better. not only is the company legit we actually have held a 5 year GSA contract with the federal government and one of my best clients just broke 500,000 dollars in federal sales directly related to the GSA contract we got them. i am proud to work here and help small businesses obtain government workand also help federal buyers locate qualified small businesses to do business with. if you not interested in government work or our services of helping small businesses navigate the federal market fine but please don't slander the company. its rude, your comments are not truthful we are not a scam and i hope someday you realize that all you have to do is check us out with dun & bradstreet or GSA or the florida local and state chambers of commerce to see that what we do is real and federal buyers do request both our hardcopy guides and the online directory as well.

    Sorry to say it buddy, but nobody "hacked" your site. You put the login and password right in a publically viewable source code. That's the same as locking the front door to your house and hanging the key on the doorknob...any bloke's gonna see the key and get into your house and the insurance company wouldn't pay a cent. If you want a secure site go learn yourself some PHP...or at least basic cryptology. Also look into what HTTPS means :).

    P.S. save yourself the embarassment and don't call anyone. Don't email anyone. They're just going to laugh manically at you. Viewing the source code for a web page is not illegal anywhere in the world and if the credentials just happens to be in there...well epic lulz to you my friend.

  • kodek (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Ha! You lost all credibility when you said you had their information.

    ...kids these days...

  • Logic Man (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    So, anyone want to play "Identify the logical fallacies"?

    1. Let's start with "i have worked here with my wife for 10 years now .... I have 4 children" this would be ... Ad Hominem - attacking the integrity of the "hackers" related to this site.
    2. Which brings us to "hackers". This would be ... Hasty Generalization? Fallacy of composition? and\or, of course, Post Hoc, Ergo Propter Hoc.
    3. "I am proud to work here and help small businesses obtain government work". This would be ... Red herring? Flat out irrelevant?
    4. "you are being reported to the appropriate authorities ... we have your information ... you chould have protected your info a little better". Classic appeal to fear.
    5. And finally (though feel free to identify more), all the quoted examples in the last 'paragraph' would fall under Fallacy of Composition, Oversimplification, appeal to ignorance (specifically knowledge of statistics and when they're meaningful), and potentially distorting the facts and Post Hoc, Ergo Propter Hoc.

    These are, of course, well know logical fallacies, easily locatable from a variety of sources. However, today's logic comes courtesy of "Critical Thinking, Reading, and Writing: A Brief Guide to Argument" Barnet, Sylvan, and Bedau Hugo. Critical Thinking, Reading, and Writing. '6th ed'. Boston: Bedford/St. Martin's, 2008.

  • Anon (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Shill. There's nothing secure about that in the slightest. Hire someone who actually knows how the web works next time you design a site.

  • lol (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    hilarious, but I seriously doubt you're really the guy that runs that scam

  • Someone (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    No hacking was ever done... this information is publicly available, since you have it in plain text in your source code. It is most definitely not secure... at all. Period. I haven't gone there and I don't have any desire to, but you really should tighten that up, if you want to have ANY credibility but after this incident I don't think you will.

  • Eric (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Dude, this isn't even close to being up to my standards. Why don't you just use the basic .htaccess file that your server provides for god's sake(looks like apache at least). Just do a search ".htaccess apache" and find some 12 year old to set it up.

  • Anonymite (unregistered)

    They didn't take it down, it seems they've just moved it to a new page: http://www.federalsuppliers.com/warning.html

  • Idiot (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    If your making such a considerable amount of money via commission for your customers then why can't you get a programmer that has even a remote sense of encryption or alternative login technologies to program a login system for you. In case you weren't notified, security is the biggest investment in companies that have any basis in technology.

  • anon (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    LMAO this is a great troll I love it!

    FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT:
    thank you hackers for trying to destroy federal suppliers guides reputation. i have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions. sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better. not only is the company legit we actually have held a 5 year GSA contract with the federal government and one of my best clients just broke 500,000 dollars in federal sales directly related to the GSA contract we got them. i am proud to work here and help small businesses obtain government workand also help federal buyers locate qualified small businesses to do business with. if you not interested in government work or our services of helping small businesses navigate the federal market fine but please don't slander the company. its rude, your comments are not truthful we are not a scam and i hope someday you realize that all you have to do is check us out with dun & bradstreet or GSA or the florida local and state chambers of commerce to see that what we do is real and federal buyers do request both our hardcopy guides and the online directory as well.
  • rt (unregistered) in reply to Sys

    or better yet, remove the location= URL

  • Matt (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Hate to break this to you, but entering in a username and password that is visible in plain sight isn't hacking. Not even close. I am sure you have reported it and I am equally sure that whoever you reported it to had a good laugh, showed it to everyone in the office, who also had a good laugh, and then chucked the complaint in the bin.

    If that is what you consider "secure", then your company is incompetent and your investors should be compensated as you are exposing them to extreme risk without cause.

    Find a new job.

  • anonymous (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT
    FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT:
    thank you hackers for trying to destroy federal suppliers guides reputation. i have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions. sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better. not only is the company legit we actually have held a 5 year GSA contract with the federal government and one of my best clients just broke 500,000 dollars in federal sales directly related to the GSA contract we got them. i am proud to work here and help small businesses obtain government workand also help federal buyers locate qualified small businesses to do business with. if you not interested in government work or our services of helping small businesses navigate the federal market fine but please don't slander the company. its rude, your comments are not truthful we are not a scam and i hope someday you realize that all you have to do is check us out with dun & bradstreet or GSA or the florida local and state chambers of commerce to see that what we do is real and federal buyers do request both our hardcopy guides and the online directory as well.

    i did it for the lulz.

  • Epic lolz (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    zomg! Clients Word > Your Word

  • Grandpa (unregistered)

    Hey FSG, I have a question for you:

    Three players enter a room and a red or blue hat is placed on each person's head. The color of each hat is determined by a coin toss, with the outcome of one coin toss having no effect on the others. Each person can see the other players' hats but not his own.

    No communication of any sort is allowed, except for an initial strategy session before the game begins. Once they have had a chance to look at the other hats, the players must simultaneously guess the color of their own hats or pass. The group shares a hypothetical $3 million prize if at least one player guesses correctly and no players guess incorrectly.

    What strategy would you use?

  • Bruce (unregistered)

    Awww, now they've taken the whole thing down:

    Not Found The requested document was not found on this server.

    Web Server at federalsuppliers.com

  • lemons (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    I hate to break it to you, but there really isn't any "hacking" at all involved in "detroying" your website. The username and password are available to anyone with a web browser.

    Although I do feel that it is a little irresponsible of the author of this article to actually post real URLS, it was only a matter of time before somebody went to view->source in their browser.

    If developing a login system is too difficult for your company at the moment, at least look into basic authentication. It is a very simple way to password protect a directory (and access to your .html file) and is easy to setup (depending on your web server, it can be just a matter of a config file).

  • Andrew (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    So what is your GSA contract number? Also, what does GSA stand for and who is your Contract Administrator?

  • chicagogreg (unregistered) in reply to Sys

    They took the target page offline. Maybe they are getting smart (er)?

    I wonder if this was one of those "Get Rich Quick on the Internet" scams you see on latenight TV?

  • schmeckelgruben (unregistered) in reply to bk

    So, I entered their poetry contest, and they said I was a WINNER and they were going to publish two of my poems in a book! And the book is only $19.95 for the first copy or $34.95 for two copies of the book with my poems in it. But when I sent the $49.95 (including shipping) they never sent me the books. But I am a poetry contest winner!

  • Hackmaster (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Yea, we so evil hackers try to ruin your scam, er, business. I'm ROFLing about all this matter. Might I interest you in a montres allison fine watch? nah, forget it, I'm sure the irony of this offer is lost in you.

  • D (unregistered) in reply to Sys

    So it looks like some 198 web sites are running on that IP address - including quite a few sex sites - one wonders what kind of legit business would be piled in on a server like that.

  • comp.risks fan (unregistered) in reply to Sys

    2008-02-29 13:44 • by FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    (Big, painfully-embarrassing, unprofessional rant deleted.)

    This is the equivalent of my walking up to someone's door and noticing that the doorframe actually looks like it could be attached to the house with duct tape and then painted over to look like a real doorframe.

    I think: "NO WAY could someone be completely dumb to build it THAT way!"

    So I pull a little on the duct tape for the heck of it - and off falls the door AND the doorframe in one huge crash.

    Now I am stunned, seeing everything in the room. Next thing I know, the houseowner is screaming at me for breaking and entering and spying on his house and now they are calling the police.

    Similarly, the lovely folks at this Federal Suppliers Guide outfit blames Alex Papadimoulis for the online equivalent of pulling on their Javascript duct tape. Wow... and they actually call THAT "hacking"? Do you Federal Suppliers guys know what hacking actually IS?

    So now they are screaming at the authorities and the folks on this website for justice. They are screaming at the wrong people. Why are they not screaming at whoever designed the security scheme for their website to START with? Who the heck IS their web developer anyway? I GOTTA know who could be either stupid or unethical enough to design a site like this for a client? What idiot charged them however many thousands of bucks for the digital equivalent of duct tape holding in a cardboard door and telling the client their website is "secure"? Amazing... just amazing.

  • Adi Oltean (unregistered)

    In fact, Google has a cached version of some of the contents of http://officers.federalsuppliers.com

    http://72.14.253.104/search?q=cache:ruy01-8JMasJ:officers.federalsuppliers.com/neb.html+inurl:federalsuppliers.com&hl=en&ct=clnk&cd=5&gl=us

  • Jeff (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Never trust a "professional" who types "should of" instead of "should have."

    So the new security is to 404 the page it leads to. I'll bet all of the federal agents who don't visit the site are disappointed to say the least!

    Of note, their site is not in Alexa's top 100k http://www.alexa.com/data/details/traffic_details/federalsuppliers.com

    but who here is surprised by that nugget of wisdom?

  • Duke (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Hacking is hardly the word I would use... More like in depth looking. You can't expect a website to stay secure when you have the login information hiding inside the HTML code.

    My point is: hire a real web programmer and stop using MS Frontpage...

  • Probes (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    By hackers you mean anyone who can read right? If I listed my username and password on a publicly viewable website or left the front door to my house open are people actually hacking or just walking in?

    FSG Customer support:"Omgz someone broke into our business officer!" Cop: "orly?" FSG Customer support: "I had the front door open and didn't expect a skilled criminal to force their way into my private property!" Cop: "But sir you had a note on the door which read "Use key under the door mat to unlock door." FSG Customer support: "But that note was for our gullible naive clients, not for anyone who walks by..."

  • Mitler (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    You guys are idiots. Only a retard would put a password in a javascript within HTML. If you actually care about your security take it a bit more seriously.

  • Anon (unregistered) in reply to Sys

    HAH. That's the best website security I've ever seen!

  • Antoine (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    It sure looks like it's not legit...

  • comp.risks fan (unregistered)

    Aw geez... I read from these postings that some outfit called cybertown-usa.com designed the site and it's excuse for security.

    So I tried to find out who those "web experts" were - and they had no website. So I go do a whois on that domain. No one was listed as owning the name.

    THEN I remembered that the site I used to check the domain name quickly attracts domain name squatters like flies on a you-know-what.

    OOOOPS... well, I guess maybe the original designer didn't want their domain back anyway...

  • Prince Kashzcam of Nigeria (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Sir... I feel your pain. Ever since I was exiled from my home in Nigeria (I am a Nigerian prince, you see) I have felt the pain of such Internets Discrimination. Perhaps we can make common cause. If you can send me $5,000 dollars to my paypal account, registered to [email protected], I will have the financial wherewithal to re-take my throne, and will thus be in a position to smite these slanderers.

  • Andrew L. (unregistered)

    Looks like the script came from http://www.2createawebsite.com/enhance/password-protect.html

    Utterly pathetic.

  • Chris (unregistered)

    I hope my personal information isn't protected like this with any other company. That is just irresponsible

  • Anonymous (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    If you guys are really dumb enough to use code like this on an internet facing website you deserve to get hacked. And furthermore have no business associating with the federal government. Why don't you take all that "legitimate sales" revenue and buy yourself a decent programmer who knows his ass from a hole in the ground. You're lucky this your website and not your CC database which I'm sure is equally secured by some 5 char password one of your 4 children can guess. I cannot believe a company with a supposed 5 year GSA contract can get away with security this weak...what a joke!

  • Juaughta Knoo (unregistered) in reply to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT

    Bwahahahahahahaha!!!! pwned.

Leave a comment on “So You Hacked Our Site!?”

Log In or post as a guest

Replying to comment #:

« Return to Article