Saturday, April 4, 2015

Back from limbo

I'm back from school work and webpage administration! Aitsuko is now translated to 10.73% of the second chapter of the first volume.

Warning! The following post is something like a rant so proceed with caution.

The previous month have been pretty hectic, especially the week before today when I created a voting page on request of my organisation for something like an Oscar. It was fun coding with PHP and JQuery AJAX, but I had to lower the security level of the application because of user constraints, so users just logged in with their matriculation number. 

I certainly didn't expect my users to use the DOM and the console to alter the votes, since they were the ones that consented to this application.

Someone used this loophole and attacked the site using the matriculation number of the organisation head. It was not really serious until the guy struck again and again. Hours of work were put in to patch the application until I simply got sick of it and wrote "spite code" as revenge on a whim.

Voila! Instant reaction. We got an email that morning saying that the so called hacker group (actually it was just one person using the dynamic IP given by the school to cover his steps) had pressing matters to deal with and that the attack was to remind us to step up security. And he vanished just like that.

What was sad was that the person was someone from the organisation we made the page for. Even pressing was that he knew the matriculation number of the head so it was someone like the friend of the head possibly. 

For the senior who did something this childish, I salute you for writing a long letter, in which you have shown your chinese-like english writing skills and your limited coding knowledge. How could you have called my "spite code" just a counter? I spent some 5 seconds writing a while loop that would append invisible DOM elements forever and print them out when illegal input is detected just for you to watch your computer crash and burn.

Happy coding! (And don't forget the open the console when you're doing DOM manipulations!)


No comments:

Post a Comment