For those who are using Rapidshot script. BEWARE!!!

I have been using this script only for 5 days. Starting with my own RS Premium account, I manage to get 2 accounts donated to the site.

Within 5 days, I managed to get 800+ visitors and got some good feedback on the site.

HOWEVER! Just a while ago, some stupid ignorant son-of-a-pig get into my site and stole ALL of the accounts.

I have contacted RS provide them with all the details proving I own the account and high probability I will get my accounts back. As for other 2 donated accounts, I guess I could never get them back.

So, my ADVISE.

If you are using Rapidshot script, make sure you edit the code and replacing ax folder with your own preferred name. Make it harder to guess.
Unfortunate for me, I'm too focused on enhancing the script with file size limitation, 1 IP per download and time-based file validity. I totaly ignore the most important thing, changing the code tree.

I hope you will NOT making the same mistake as I have done. Also, if you have some RS accounts that you dont mind to donate, I really do appreciate it.

Thank you.

 

it should have been coded in the first place so this wasnt possible.

people keep pushing out total garbage scripts here and people are more than happy to put out money for them.

am sorry you lost out but you know for next time

 

sorry man

 

Thanks for letting us know.

 

hmm, i guess I'll need to get my programmer for complete restructuring

 

thanks for this info

 

Yep, complete restructuring of the script might help.

 

Got my RS account back. Thank god I still have my paypal receipt.
So, I went into my account and see the login has been changed to:

tekken91

I checked further and saw that the IP of 212.20.78.237 (when translated found it host katro.katro.cz).
Then, after google the IP, it was shown as an IP used in Ddos attack.

So, I suggest you guys block the IP shown on the page as a precaution measure.

 

Whats the use?
they can go behind proxis also

 

If you bright, you'll want to block the IP.
Would you go outside while raining and leave your umbrella back? lol
As for the proxies, that is why I create another thread asking for DC IPs.
I'm more interested in thinking how to protect my site rather than asking why.

 

I'll if i am in a mood to get wet

 

All in all, if the code is left at the default structure.. it'll be open to any and all hack attempts.
Restructuring the base code is as good as programming the whole thing from scratch, except for the core functions.
I'd rather NOT use the script then go through the pains of restructuring the code.
Besides, storing account info as folder names, as opposed to MySQL based storage definitely has it's pros and cons

 

It's true. I am planning to ask a coder to rewrite the script to store accounts and user names into a sql database.

 

tekken91 <=== Known scammer as well, i've heard of this guy

 

Do you think a scream will make the whole world aware of it?
Lol

 

Well... the whole world does NOT use that script
So a scream should be enough to catch the attention of those who DO use it

 

Thanks for the headsup!

 

thanks for informing us for this. sometimes our relax efforts can be our misfortune, it's good you shared it out though. I better get to fix my video site. lol

 

you installed the script sloppy.
there is a index.html in the AX folder preventing the contents to be viewed. also the -htaccess prevents directory listing.
you installed it without htaccess or index.html so the contents showed up.
YOUR OWN FAULT, not the script coders....
heres the support thread for the scritp: http://ibinladen.43.43.gs/viewtopic...t.v5.rapidshare.premium.link.generator.script

 

Actually, the script is supposed to automatically create a new index.html file if one is not found in either of the folders.

Similarly, the .htaccess file is not included. It has to be created with the
Options -Indexes

command