Bee-Gold
Clix left the safe open
See site message
Article by
C.J
If anyone
has gone to the PTC site Bee-Gold Clix recently you might notice a
message from the admin explaining how the site has been hacked. The
problem with this one is that it apparently includes the data-base with
deleted accounts and all money taken to the hacker’s accounts. We do not
sympathise with the admin however as the choice of script to run the
site was a known security night-mare. The script in use was from
YourOwnBux.com which is run by what can only be described as an
un-professional.
We say
un-professional because it was the YourOwnBux owner who had been
releasing the scripts with a back door which he blamed on a “friend”
creating in order to go back to the sold scripts and hack into them. As
it stands YourOwnBux were deliberately releasing scripts with security
issues in order for their staff to take advantage of once purchased.
Whether this was the intention of the owner it is pure shoddy management
and begs the question “ever heard of quality control?”
It was
actually quite early on that this script was getting a bad reputation
for lack of security as almost all of the scripts sold in its first week
of service were hacked 2 weeks later. This is why we consider those who
purchase this script to be cutting corners as the price has always been
low here. Of course there are those that made the smart choice when
purchasing them to at least hire a professional coder to fix the
security issues.
To add to
the YourOwnBux scandal the owner eventually came clean that the script
was not fit for purchase and assured the public that the script had been
fixed – it hadn’t and to this day remains the worst heap of junk on the
script market with a fixed template layout and still the worst security.
Because
the admin of Bee-Gold Clix was using this script and has now been hacked
it just goes to show how sites are still cutting corners on security.
Whether the administrator likes it or not he/she was responsible for
this security and the money that was taken and we didn’t see much in the
way of preventing such an event going by the choice of script.
For this reason we strongly urge people currently
using the YourOwnBux script to change to a more acceptable script with
less security issues or at least fix the one they have and provide some
front page proof that you have done so. Along with the security back
doors are also some nasty bugs which enable people to click as many ads
as they want for as long as they want. To fix this you must go to
success.php and successp.php and implement
the following
$usere=uc($_COOKIE["usNick"]);
$adse=limpiar($_GET["ad"]);
Then add the following:
if ((ereg('[^0-9]', $adse)) or ($adse{0}=='0')) {
echo "<script>alert('Varon found you: Cheater!')</script>";
$cheat = "INSERT INTO tb_contact (name, email, topic, subject,
comments, ip) VALUES('$usere','-','CHEAT DETECTION','CHEATER','cheated
with char bug','-')";
mysql_query($cheat) or die(mysql_error());
exit;
}
This is a very small fix for a long list of issues with the script so
hiring a professional coder is essential if you wish to run this script
with enough security. As for Bee-Gold Clix the admin better make it a
priority to reimburse those who lost money on the site as it was his
responsibility. The owner says the site will be back and if that is the
case the future profits should be used for such an event just as Ubux is
to slowly make its way out of dept.
To conclude you cannot trust the un-professionals that run
YourOwnBux.com as every promise of a security fix from the Argentinean
ran site is turning out to be false and the simple fact that they let
what has happened to their scripts in the past happen serves to show us
all this is not a vendor you want to put your trust or your money in.
Bee-Gold Clix rating removed.
