[Ntfu2]

Serisously, so like this site who i am not going to name or give the address to, is moving their server, or something. Anyway their webroot lacks a index file. Guess what else is inside their web root.


If you guesed backups of their database you would be correct. Now every joe schmoe probably has my email address, and all other information that the vBulletin database store, and can/will use it to spam or whatever else. Top that off with they left their advertisment database there to, probably contains some CC # or other payment information. I'd imagine every visitor to their site, now has a copy of their database and all the information it contained from hidden forums, private messages..freaking everything :lol:

Sucks to be them. /rant


cliff notes:
Guys moving server -> leaves db backup in webroot -> anyone can download it and restore...

[KW802]

So be a nice guy and fire off an email.

[Ntfu2]

Tried to contact them, but no dice.


their forum came back online and i let them know it was still there, and they gave me a dipstick response telling me to go pound salt. I hope bad things are done with it now

:karma:

[Reeve of shinra]

whats the url to the backups? I'm sure some kindly citizen will alert users that thier cc info became freely available.

[Ntfu2]

Im sure they would. But i try to be a better ePerson than that

[sambah]

Originally Posted by Ntfu2

Serisously, so like this site who i am not going to name or give the address to, is moving their server, or something. Anyway their webroot lacks a index file. Guess what else is inside their web root.


If you guesed backups of their database you would be correct. Now every joe schmoe probably has my email address, and all other information that the vBulletin database store, and can/will use it to spam or whatever else. Top that off with they left their advertisment database there to, probably contains some CC # or other payment information. I'd imagine every visitor to their site, now has a copy of their database and all the information it contained from hidden forums, private messages..freaking everything :lol:

Sucks to be them. /rant


cliff notes:
Guys moving server -> leaves db backup in webroot -> anyone can download it and restore...

If any financial data has been left there you should contact the FBI or relevant authority.

[KW802]

Originally Posted by sambah

If any financial data has been left there you should contact the FBI or relevant authority.

He wouldn't know if any financial data is in the exposed backups unless he himself downloaded and reviewed them.

[sambah]

good point

view the files as text and do a find for 16 digit numbers or summit?

[Freesteyelz]

Why would you leave the CC on the same DB as your site/forum? It should be located off-site if anything.

[Ntfu2]

You'd think,

it was a seperate DB i'd assume, one was named advertise, the other dbforumbu