[Wolves] Scumbags Hack Xoops site

Luke Redpath luke at birmingham.lastfield.co.uk
Fri Oct 21 01:47:04 BST 2005


I'm with Steve on this one.

There is so much poorly written code out there that it is no wonder so 
many security flaws and bugs are found. The problem is - poorly written 
software is being deployed on a large scale. Look at things like Mambo, 
phpBB - they code is junk.

On one hand it is good that things like PHP can be picked up and used by 
amateurs - but it is not a good thing that amateurs are creating 
substandard products that are being used widely, sometimes for mission 
critical apps. The people who write these things wouldn't know what unit 
testing is if it came up and hit them in the face. These apps are hacks, 
and not very good ones at that.

I refuse to deploy an off the shelf app that I might have to offer 
support for or customise in some way if it doesn't follow at least some 
form of decent coding standard - ideally written in an object-oriented 
fashion with well written documentation (or code that is so good it 
documents itself) and even better with a comprehensive set of unit and 
functional tests.

Have you ever tried installing a mod for one of these things...its 
usually a case of:

1) Copy a bunch of files to xxx folder
2) Open xxx.php, find line 43 and insert the following code after such 
and such piece of code, remove such and such code on line 438 etc.

Just to clarify I'm only really talking about web apps here, as that is 
the domain I work in - I couldn't speak for non web-apps.

Crazy!

Cheers
Luke

Steve Parkes wrote:
> Peter Cannon wrote:
> 
>>
>> Surficed to say I think they all leave the back door open in respect 
>> of modules etc, I think we've got blase in respect of installing stuff 
>> that Joe Public has submitted. Most of the sites have disclaimers but 
>> of course when its downloaded from say Xoops subconsciously you think 
>> "Its from them it must be OK"
>>
> 
> Seriously all the *nuke php cms' are total pants under the covers with 
> the majority of code written by 14 year old kids :-)  I have been saying 
> this for years and years they suck.
> 
> If you need proof look at lists such as bugtraq and in particular at 
> what the teams behind them say when expliots are discovered.  Half the 
> time they don't even have an offical response.
> 
> They give open source and free software a bad name.
> 
> sparkes
> 
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves




More information about the Wolves mailing list