Warptweet

Darn. . . that really hurts =/ Does anyone know the links to download any of the contest entries, without needing the use of administrator-only archives?

Hi there! I haven't been here for a very long time -- but there used to be a PhpFreaks Contest forum. Where did all the topics go? I'm really interested in on of the mmorpg's that was entered in the contest. Any clue where I can find the entries of the MMORPG contest?

http://www.simple-upload.com I developed this entire website, bought the domain, and brought it online in a matter of hours just today. The website follows a module of simplicity in the footsteps of google. The website is so simple, it instantly gratifies anyone who simply want's to upload a file instead of grope over sign ups, low file size limits, and useless rapidshare 30-second wait limits. Also, the design loads incredibly fast with it's simple yet elegant design. Even on a slow connection, it almost always takes less than half a second to load. Please rate: Simplicity - Is the website simple enough for you? Do you understand how it works? Design - Does the design consist of logically placed parts/looks good? Would you use this website? - How often? For what purposes? Suggestions - Anything that makes it easier for the users. Even if it saves the user a millisecond, it's roughly a minute or two of my time to make my site that much better. Any suggestion is appreciated. Side Notes: Uploading an image provides you with codes to directly view the image, post it on web pages, and post it on forums for your convenience. Uploading a .flv video will give you a button on the provided 'File Homepage' link which you may click to view the video web-based, once again for the users convenients.

HAHAAHHAAH, That front page letter was AWESOME! 90% of internet users just sitting there, eyes glued to the monitor, not even know what they're looking for (or something related). You made me laugh for like ten minutes nonstop. HILARIOUS. The articles there are funny too.

Yes, my host is ace-host.net. An awesome company, support is often answered within 5 minutes. Anyways, they aren't the problem. And as you no longer get to know the direct location of a file that can be dangerous, it's of almost no risk to me. Basically everyone variable used in my site (not many, the site is as simple as possible) uses mysql escape string now.

If you guys read the earlier posts -- the hacking problem is completely gone. The site is very safe and unless it's an image -- you don't even get to know where the file is stored.

Whew! That was HILARIOUS. It was a crazy circus ride stopping the hacking. Yeah... refer to my little "hack this upload site" topic if you wanna know how he did it. You can all resume to slaving over critisizing my website. *malicious laughing*

Lol, sillies. I deleted that script and replaced it with an IP tracker. It has no effect on my site. When my site was FIRST hacked, he hid that file there. That was the origin of all the problems. I hope I'm safe... for now. Also, even if he/she does manage to upload the script again, he/she won't know the location. Nobody gets to know the location of files anymore

Nevermind. He hid a file called c992.php in one of my many many directories. It was a program that could edit anything of my website -- really clever really. I edited c992.php into a remote IP tracker. BANNED!

HYPER EMERGENCY: I wake up in the morning. Forbidden: Warptweet.com, caramea.com, uploadpoints.com, merandtroy.com, everything. All my sites, all my folder. I can't even access my files from my own highest-access cpanel. They locked down my server. I had to contact my host to fix the problem! I took uploadpoints.com offline. I made a backup and deleted all the files. For some reason, the hackers can STILL edit the index.php! I'm guessing they hid a .php file somehwere in my other directories.

I don't seem to understand what you mean in that, "back door". Almost every variable I can find is using mysql_escape_string.

It seems to be so easy for him. I made the upload form a whitelist where you can only upload files with a type that is specified. Regardless, he keeps coming.. I'm confused.

I fixed the typo Sorry, was in a rush to restore the site. Please try hacking the website. I implement mysql_escape_string to practically every variable in my PHP. Also, for direct links, it direct links to a .php file which sends the direct download. You don't actually know the directory that the file is stored in. And the chances of you guessing it is too low to be considered possible. There are 1.84710571 × 10^89 possibilities

It happened again. I have a backup of all files, so it took seconds for me to reboot the site. The new front page was actually quite funny. "CANT TOUCH DIS HACKARY. ROFL" And a video of "Can't Touch This". I actually listened to it a couple of times. I made some tight measures against the hacking..

Hmm... SQL injection attempt. However, only files were uploaded, none of my database entries were modified...