Be careful when using GPBets.com

This is not just an issue if they get hacked, this is a basic security problem that can be exploited extremely easily.

I first told him about this a week ago.

These are only 2 small things that I have tested. If they neglect these basic issues, then who knows what else they have that isn't done properly. THESE ARE PHP/SQL BASICS TO FIX THIS.

I warned him that the users would be made aware, so here it is.



He passes usernames and passwords as a $_GET through the address bar, making it available for anyone to see whether it's through Zopim (Zopim tells the live chat agents what URL the user is at), your history, or someone looking over your shoulder. THIS IS CODING 101. YOU DO NOT LET THIS HAPPEN.



This is an indication that he may not encrypt the passwords, so I tested it.



Sure enough, they're not even encrypted. If they were, he wouldn't be able to list it on another page. This means that he and his developer, as well as hackers, can see your password at any time. This is not a huge problem in itself, the problem comes from the fact that most internet users use the same password among many sites. If you used the same password on GPBets.com as anywhere else, then change it.

His developer is either a complete moron for not fixing these, or he's interested in your passwords.



He was trying to silence me at first, but -Ryan wasn't having any of that bullshit.



This is not trashing, this is all backed up with proof. I will only remove it if you fix your god damn security problems and stop acting like this is nothing.

I will continue to post this on every site you advertise on if it doesn't get fixed, because at least I care about the security of your users, even if you don't.

If anyone ends up hacked on Sythe/Skype and has used this site, Astrola and his developer should be questioned first. They have EVERYONES PASSWORDS and are not fixing it.

 

It's pretty funny how he's crying defamation..

 

When someone notices your plan to steal passwords, it's best to not admit it and try to get their accusations deleted.

 

#exposed

 

All threads = locked

 

Oh god... 0.0 im happy of the password I used lol. I always use different passwords on forums and new websites. This should be fixed ASAP tho... Its certainly not a good thing..

 

Glad i used different passwords.Hope he gets this fixed

 

astrola has made a series of betting sites in which he has people donate money all just to cancel the site a few weeks later.

 

I'm impressed Dia, good work.

I personally never even used GPBets, Astrola and his minions spam my skype 3+ times daily asking me to play or join some giveaway or something.

 

what if dial works for da fbeyes and is spying on betting sites to go and shut dem down?

 

Good looking out

 

Fucking faggot

 

No one overlooks password security that much. Simple password hashing is one thing, but plaintext as well as keeping it in the address bar is horrible. No one can be that ignorant.

I feel like they'd still plaintext passwords even when they fix the issue, or do a simple MD5 or SHA1 or something really easy to crack.

 

Any proof? Sounds like scamming.

 

I am thinking the same thing

 

Sounds like he has a bad history too. Not like he's helping the community, just abusing it.

 

well he did get banned already in the past for "getting hacked" and he fucked over everyone on his site by closing it down after taking a bunch of buy ins/amounts off of people buying chips or maybe something similar, thats what I remember at least, cbf to gravedig

 

brb haxing every1

 

Nono dont take my glod

Also FireZ, you know what to do.

 

I hope he reads my password. I half expected something like this to happen.