Joshua Posted December 31, 2010 Share Posted December 31, 2010 I don't wish to put those involved names out there yet, however I will post this warning. Recently there have been several people paying 50-90.00 USD to have there site secured from various new users on these forums. The jobs being done are simply a few quick scripts copied/pasted off of MWG and placed on your site. I've seen some of this work first hand and was absolutely amazed at how anyone could charge for the small bit of work being done. Things such as the cmarket hack, forums hack, preferences hack, viewuser hack, preport hack, IP sploof, Referral Hack (On register) and countless others have worked on these so called "secured" sites. So this is basically a message to all those who are paying to have there sites secured. Please do a little bit of research here on the forums. There are countless members that are most capable of securing your site properly with a decent reputation. I'm quite sure some of them will feel obliged to post here. I'd also make sure and document any/all work performed by anyone claiming they are securing your site. Check your files, before and after the work is completed. There should be a noticeable difference in a majority of them. A few header/global inserts will not stop all hacking attempts. A few free mods off mwg may be secure for those files but will not secure your site. It's been my experience, you get what you pay for. I believe most people who know what they are doing when it comes to securing your website charge on average 150.00 U.S.D If you are getting it for 50-100.00 there's a good chance (not 100%) that you are getting screwed. There are the select few that do discounts and are just looking for work, but if most charge 150.00 Be weary of those charging next to nothing to secure over 120 files. That's a lot of work ;-) Ciao Quote Link to comment Share on other sites More sharing options...
Equinox Posted December 31, 2010 Share Posted December 31, 2010 Name and shame. Makes it easier for people to avoid these 'tards. Quote Link to comment Share on other sites More sharing options...
Paul Evans Posted December 31, 2010 Share Posted December 31, 2010 *Cough* It was EQ *Cough* Lol 150.00 USD is a minimum really i'd say if you get it for less than that expect a crap job or unless you know the person and trust them (i help out mates, but that doesn't mean i want 100 people adding me to be mates lol). Alot of people love to make quick and easy money i'd be glad to give anyone some pointers if they PM me on here. Name them Josh im sure that will stop the further exploitation of new members, personally i think all scammers should be named outright. Quote Link to comment Share on other sites More sharing options...
sniko Posted December 31, 2010 Share Posted December 31, 2010 i agree with the above 2 posts, name them. -sniko Quote Link to comment Share on other sites More sharing options...
Equinox Posted December 31, 2010 Share Posted December 31, 2010 I heard someone named Paul Evans (claims he's a half decent programmer, even though he's a total n00b) is going around and doing these kind of jobs.... Quote Link to comment Share on other sites More sharing options...
Dominion Posted December 31, 2010 Share Posted December 31, 2010 I agree name them. Some advice to anyone looking, as I have said on many occasions if in doubt post asking about them. The ones who are able to do as they claim will not care. As for the $150 maybe on here, but not if you look around. Anyway let's not get into that don't want to spam someone’s topic now do I. ;) Edit - I know your both joking, however this is a serious topic. perhaps make it clear to the ones that are not aware your both making a joke. Quote Link to comment Share on other sites More sharing options...
Joshua Posted December 31, 2010 Author Share Posted December 31, 2010 I've not named them as I do not believe they were set on the intention of scamming anyone. yet. I believe they have spent time browsing the boards and thought they may have known exactly how to stop all the exploits, or maybe understood a few of the php basics and in turn tried to turn a profit. I do not believe the person this post was originated about had the direct intention "scamming" anyone as work was put in, and after i hacked the site in about 9 different ways he fixed the exploits "to a degree" It's just that he assured the guy his site was secure (the first time) and I managed to staff myself. Told them the exploits used, which were a few various ones. Got the message today saying all has been fixed would i mind checking (from the owner not the person who secured it) and managed to hack it again using different exploits. I've seen been going over some of the files that were supposedly secured and really do not see anything extreme to stop the majority of these hacks. Header, Globals, authenticate haven't even been touched, (which..ok) But cmarket, viewuser, forums, itemmarket, contacts, mailbox and several others were the stock McV2 files. I think he added the $_GET[id] = abs() bit after I did the cmarket hack the first time, but other than that and a preg match call on preferences to stop the display picture hack "but not really" i didnt see any changes to any of the files. There were a few mods, like Player Report ( i believe it's one MagicTallGuy made) a long while back, bug report, etc that are secure. But they weren't "secured" they were written by someone else and installed. Quote Link to comment Share on other sites More sharing options...
Paul Evans Posted December 31, 2010 Share Posted December 31, 2010 Goto rentacoder.com and look at their prices and the time it would take lol ChaChing £££ lol Best solution is to find a good member of MWG due to their experience with MCC (im a trainee but ask around im sure many people will say i could help) but im sure you'll easily find someone and like i said i'll be happy to give advice to anyone (including newbs like EQ). EQ yeah i heard that rumour but they said Equinox not Paul Evans ;) (tea bag ya later). EDIT: give me the URL in PM and alert the owner and ill take a look over it also (two brains are better than one) *throws tea bag @ EQ* Quote Link to comment Share on other sites More sharing options...
Dominion Posted December 31, 2010 Share Posted December 31, 2010 OK, send me the name in a pm, and I can deal with this as a staff member. Scamming people intentionally or not still needs to be dealt with. Could you also post an example of this or send it in the pm. Quote Link to comment Share on other sites More sharing options...
Joshua Posted December 31, 2010 Author Share Posted December 31, 2010 The owner of the site was the one that requested I take a look at it. I've been in discussion with him and have since taken over the job (hence i've seen first hand the work that's been done) or lack there of. Won't post a link to his site until I've secured it and he wants to, as it's his site ;-) Quote Link to comment Share on other sites More sharing options...
Djkanna Posted December 31, 2010 Share Posted December 31, 2010 Kieran-R happen to be the person in question, I heard something vaguely? Quote Link to comment Share on other sites More sharing options...
Joshua Posted December 31, 2010 Author Share Posted December 31, 2010 Well, I didnt say the name ;) Quote Link to comment Share on other sites More sharing options...
Uridium Posted January 1, 2011 Share Posted January 1, 2011 I have no complaints over Paul Evans work or securing hes been round long enough with mccodes to understand its vulnerabilities and how to fix/cure them Quote Link to comment Share on other sites More sharing options...
Paul Evans Posted January 1, 2011 Share Posted January 1, 2011 thanks mate (will bung you that money later muhahah) Quote Link to comment Share on other sites More sharing options...
Uridium Posted January 1, 2011 Share Posted January 1, 2011 Thats okies Paul and i wont mention anything about your CRAP SECURITY mods you sold me ;) Quote Link to comment Share on other sites More sharing options...
Dominion Posted January 4, 2011 Share Posted January 4, 2011 [infobox] Thread split [/infobox] suggestion out of this Known programmers list. example of his work [split]Sprintf argument. split due to most of it being ignored and/or spam where it was. Quote Link to comment Share on other sites More sharing options...
DeaTH_RideR Posted January 6, 2011 Share Posted January 6, 2011 lol. with the exception of MAYBE 2 or 3 other people on this site, the members that posted here in this thread(above my post) are the only people i would ever let on my server. So to any new member that might happen across this thread be warned do your homework on the people you trust to have on your server. Quote Link to comment Share on other sites More sharing options...
Paul Evans Posted January 6, 2011 Share Posted January 6, 2011 yeah just never let paul, eq, djk or dom on your server they are complete newbs :P Quote Link to comment Share on other sites More sharing options...
Djkanna Posted January 6, 2011 Share Posted January 6, 2011 Let my cat though she'll fix it up for you. ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.