Be careful when using GPBets.com

This is not just an issue if they get hacked, this is a basic security problem that can be exploited extremely easily.

I first told him about this a week ago.

These are only 2 small things that I have tested. If they neglect these basic issues, then who knows what else they have that isn't done properly. THESE ARE PHP/SQL BASICS TO FIX THIS.

I warned him that the users would be made aware, so here it is.



He passes usernames and passwords as a $_GET through the address bar, making it available for anyone to see whether it's through Zopim (Zopim tells the live chat agents what URL the user is at), your history, or someone looking over your shoulder. THIS IS CODING 101. YOU DO NOT LET THIS HAPPEN.



This is an indication that he may not encrypt the passwords, so I tested it.



Sure enough, they're not even encrypted. If they were, he wouldn't be able to list it on another page. This means that he and his developer, as well as hackers, can see your password at any time. This is not a huge problem in itself, the problem comes from the fact that most internet users use the same password among many sites. If you used the same password on GPBets.com as anywhere else, then change it.

His developer is either a complete moron for not fixing these, or he's interested in your passwords.



He was trying to silence me at first, but -Ryan wasn't having any of that bullshit.



This is not trashing, this is all backed up with proof. I will only remove it if you fix your god damn security problems and stop acting like this is nothing.

I will continue to post this on every site you advertise on if it doesn't get fixed, because at least I care about the security of your users, even if you don't.

If anyone ends up hacked on Sythe/Skype and has used this site, Astrola and his developer should be questioned first. They have EVERYONES PASSWORDS and are not fixing it.

 

Reason for this being in RaSc is because this guy has either hired a complete moron, or is trying to harvest user data that puts Sythe users at serious risk.

He should be banned until he can prove that his code is clean.

 

Bump for exposure.

 

Just so you're aware staff are looking into this, just so you know we've seen it.

 

Okay thanks Drento.

 

Any updates?

 

Astrola will be banned until he fixes the security problems as determined by a staff discussion.