How to hack mintshot; the problems continue.

Posted on December 5, 2007 by Dan

Here’s another post about mintshot hacks.

I’m not sure what happened to the page I linked to the other day; it seems to be down. [Edit: Here’s the google cache of that page.]

There are a few good lessons that can be learned here:

  • If you’re going to have any sort of site with user accounts, ongoing earnings, prizes, etc. and/or anything that can convert or relate to actual monetary value, then I’d recommend not using a standard open-source platform (i.e. Joomla). If there’s money involved, then you’ll quickly attract hackers.
  • Don’t attempt to do any sort of worth-related calculations client-side, returning a response via a form POST. Any savvy geek will mess with the HTTP headers (using Charles, for example) and will get rich quick.
  • Get your site a proper security audit from an outfit like security-assessment.com. It can cost a few grand, but for the sake of an embarrassing mess, I’d say it’s money well spent.

I’m interested to see what will ensue.

This entry was posted in Coding, Commentary, Design. Bookmark the permalink.

4 Responses to How to hack mintshot; the problems continue.

  1. Pingback: Anonymous

  2. Marko Ragnos says:
    December 5, 2007 at 11:03 am

    You’ll probably find Ellis now running to his coders and asking them to build him a brand new website because of this 😉 hehe

  3. Ben Lilley says:
    December 6, 2007 at 9:02 am

    Hey Dan,

    We appreciate the feedback I just wanted to let you know that we’re aware of these issues and are working hard to fix them all. Hopefully you will notice improvements soon.

    Cheers,
    Ben
    Mintshot Team

  4. minties says:
    December 6, 2007 at 4:00 pm

    Are they still coding from overseas?

Leave a Reply

Your email address will not be published. Required fields are marked *