Be warned.--

[Joshua]

I don't wish to put those involved names out there yet, however I will post this warning.

 

Recently there have been several people paying 50-90.00 USD to have there site secured from various new users on these forums.

The jobs being done are simply a few quick scripts copied/pasted off of MWG and placed on your site.

I've seen some of this work first hand and was absolutely amazed at how anyone could charge for the small bit of work being done.

 

Things such as the cmarket hack, forums hack, preferences hack, viewuser hack, preport hack, IP sploof, Referral Hack (On register) and countless others have worked on these so called "secured" sites.

 

So this is basically a message to all those who are paying to have there sites secured.

Please do a little bit of research here on the forums. There are countless members that are most capable of securing your site properly with a decent reputation. I'm quite sure some of them will feel obliged to post here.

 

I'd also make sure and document any/all work performed by anyone claiming they are securing your site.

Check your files, before and after the work is completed.

There should be a noticeable difference in a majority of them.

A few header/global inserts will not stop all hacking attempts.

A few free mods off mwg may be secure for those files but will not secure your site.

It's been my experience, you get what you pay for.

I believe most people who know what they are doing when it comes to securing your website charge on average 150.00 U.S.D

If you are getting it for 50-100.00 there's a good chance (not 100%) that you are getting screwed.

There are the select few that do discounts and are just looking for work, but if most charge 150.00 Be weary of those charging next to nothing to secure over 120 files.

That's a lot of work ;-)

Ciao

[Equinox]

Name and shame. Makes it easier for people to avoid these 'tards.

[Paul Evans]

*Cough* It was EQ *Cough*

Lol 150.00 USD is a minimum really i'd say if you get it for less than that expect a crap job or unless you know the person and trust them (i help out mates, but that doesn't mean i want 100 people adding me to be mates lol).

Alot of people love to make quick and easy money i'd be glad to give anyone some pointers if they PM me on here.

Name them Josh im sure that will stop the further exploitation of new members, personally i think all scammers should be named outright.

[sniko]

i agree with the above 2 posts, name them.

-sniko

[Equinox]

I heard someone named Paul Evans (claims he's a half decent programmer, even though he's a total n00b) is going around and doing these kind of jobs....

[Dominion]

I agree name them.

Some advice to anyone looking, as I have said on many occasions if in doubt post asking about them. The ones who are able to do as they claim will not care. As for the $150 maybe on here, but not if you look around. Anyway let's not get into that don't want to spam someone’s topic now do I. ;)

Edit - I know your both joking, however this is a serious topic. perhaps make it clear to the ones that are not aware your both making a joke.

[Joshua]

I've not named them as I do not believe they were set on the intention of scamming anyone.

yet.

I believe they have spent time browsing the boards and thought they may have known exactly how to stop all the exploits, or maybe understood a few of the php basics and in turn tried to turn a profit.

I do not believe the person this post was originated about had the direct intention "scamming" anyone as work was put in, and after i hacked the site in about 9 different ways he fixed the exploits "to a degree"

It's just that he assured the guy his site was secure (the first time) and I managed to staff myself.

Told them the exploits used, which were a few various ones.

Got the message today saying all has been fixed would i mind checking (from the owner not the person who secured it) and managed to hack it again using different exploits.

I've seen been going over some of the files that were supposedly secured and really do not see anything extreme to stop the majority of these hacks.

Header, Globals, authenticate haven't even been touched, (which..ok)

But cmarket, viewuser, forums, itemmarket, contacts, mailbox and several others were the stock McV2 files.

I think he added the $_GET[id] = abs() bit after I did the cmarket hack the first time, but other than that and a preg match call on preferences to stop the display picture hack "but not really" i didnt see any changes to any of the files.

There were a few mods, like Player Report ( i believe it's one MagicTallGuy made) a long while back, bug report, etc that are secure.

But they weren't "secured" they were written by someone else and installed.

[Paul Evans]

Goto rentacoder.com and look at their prices and the time it would take lol ChaChing £££ lol

Best solution is to find a good member of MWG due to their experience with MCC (im a trainee but ask around im sure many people will say i could help) but im sure you'll easily find someone and like i said i'll be happy to give advice to anyone (including newbs like EQ).

EQ yeah i heard that rumour but they said Equinox not Paul Evans ;) (tea bag ya later).

EDIT: give me the URL in PM and alert the owner and ill take a look over it also (two brains are better than one)

*throws tea bag @ EQ*

[Dominion]

OK, send me the name in a pm, and I can deal with this as a staff member. Scamming people intentionally or not still needs to be dealt with. Could you also post an example of this or send it in the pm.

[Joshua]

The owner of the site was the one that requested I take a look at it.

I've been in discussion with him and have since taken over the job (hence i've seen first hand the work that's been done) or lack there of.

Won't post a link to his site until I've secured it and he wants to, as it's his site ;-)

[Djkanna]

Kieran-R happen to be the person in question, I heard something vaguely?

[Joshua]

Well, I didnt say the name ;)

[Uridium]

I have no complaints over Paul Evans work or securing hes been round long enough with mccodes to understand its vulnerabilities and how to fix/cure them

[Paul Evans]

thanks mate (will bung you that money later muhahah)

[Uridium]

Thats okies Paul and i wont mention anything about your CRAP SECURITY mods you sold me ;)

[Dominion]

[infobox] Thread split [/infobox]

suggestion out of this Known programmers list.

example of his work [split]Sprintf argument.

split due to most of it being ignored and/or spam where it was.

[DeaTH_RideR]

lol. with the exception of MAYBE 2 or 3 other people on this site, the members that posted here in this thread(above my post) are the only people i would ever let on my server. So to any new member that might happen across this thread be warned do your homework on the people you trust to have on your server.

[Paul Evans]

yeah just never let paul, eq, djk or dom on your server they are complete newbs :P

[Djkanna]

Let my cat though she'll fix it up for you. ;)