ISP Website built with Notepad



  • Or certainly seems like it. I'm looking for a new ISP and stumbled across Naims (http://www.naims.net/). First thing that came to mind was that the website seemed a little basic considering the other ISP websites I visited. It's looks like it's 10 years old and never been updated. There doesn't seem to be much consistency around the site, the Navigation bar down the right hand side is different for each page, the links are sometimes different (or 404) even if the text is the same.  Icon images arn't even the same for different pages! 

    Plus, its the only  ISP website I've seen which has "<font><font color="#9aa7d0"><font color="#000000">Please Looking for a new mobile phone ? Click here", but if you do, you get a blank page. </font></font></font>

    The search is probably the best:

    "( site:www.naims.net OR site:www.janinasart.co.uk OR site:www.jewelsforless.co.uk OR site:www.thrumsvet.co.uk OR site:www.rsvets.co.uk )"
    I mean, WTF? If I type something into an ISPs website search engine, I don't want it to search a veterinary website too. 
    "A professional service with a personal touch"... Going by your website, I don't think so. Looks more like a reseller who threw up a website but doesn't really care.

     



  • <META content="HTML" name=GENERATOR>

    WTF. Yeah, probably notepad.



  • @Mole said:

    The search is probably the best:

    "( site:www.naims.net OR site:www.janinasart.co.uk OR site:www.jewelsforless.co.uk OR site:www.thrumsvet.co.uk OR site:www.rsvets.co.uk )"
    I mean, WTF? If I type something into an ISPs website search engine, I don't want it to search a veterinary website too. 

     

    I'm guessing that's their entire customer list.  They're not really an "ISP", they're a small webdesign and hosting firm that resells unbundled BT lines from enta.net to their customers as a convenience.  Their "network status" link goes straight to enta's noc page and TRWTF is when you click their "Dial-up" link...

    [quote user="https://www.enta.net/emb/?resellerID=2727&reseller=4bcada40dd4746d2b70e45fa078efefc&ver=1&order_type=unmetered&bypass=yes&force_bypass=yes"]

    Warning: mysql_connect() [function.mysql-connect]: Access denied for user: 'www.enta.net1@78.33.12.106' (Using password: YES) in /usr/local/www/enta.net/emb/include/mysql_encounter_select.inc.php on line 2

    Warning: mysql_select_db() [function.mysql-select-db]: Access denied for user 'root'@'localhost' (using password: NO) in /usr/local/www/enta.net/emb/index.php on line 55

    Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /usr/local/www/enta.net/emb/index.php on line 55

    Warning: mysql_query() [function.mysql-query]: Access denied for user 'root'@'localhost' (using password: NO) in /usr/local/www/enta.net/emb/index.php on line 57

    Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /usr/local/www/enta.net/emb/index.php on line 57

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /usr/local/www/enta.net/emb/index.php on line 58

    Warning: mysql_close(): no MySQL-Link resource supplied in /usr/local/www/enta.net/emb/index.php on line 62

    Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/enta.net/emb/include/mysql_encounter_select.inc.php:2) in /usr/local/www/enta.net/emb/index.php on line 84
    [/quote]  Now, how many WTFs can you see in that...?



  • Two, screwing up the password and not hiding the errors.



  •  My nmap thinks that the operating system is some version of Linux, maybe IPCop or FON. So I would bet on 'kwrite', not 'notepad'.



  • @henke37 said:

    Two, screwing up the password and not hiding the errors.

    You missed the blank root password, and having a mysql port open on the internet.



  • @Lingerance said:

    @henke37 said:
    Two, screwing up the password and not hiding the errors.

    You missed the blank root password, and having a mysql port open on the internet.

    Note that the server refused service for root without a password, so one most likely is set. An actual wtf is accessing the DBMS as root from PHP in the first place. A potential bonus wtf is that they might be running that PHP as root too.

    A second wtf is not checking whether the query actually succeeded and using the returned value anyway.



  • @Lingerance said:

    @henke37 said:
    Two, screwing up the password and not hiding the errors.

    You missed the blank root password, and having a mysql port open on the internet.

    You could have mysql set up so that root uses no password but only accepts connection from 127.0.0.1 and the one with the password is the one connecting to the ip (and using a different username)



  •  Real Men write their Web sites using a plain text editor, not one of those wimpy WYSIWYG things.  Notepad sucks, however.



  • @AndyCanfield said:

     My nmap thinks that the operating system is some version of Linux, maybe IPCop or FON. So I would bet on 'kwrite', not 'notepad'.

    You're right, it uses Unix linebreaks, so probably not Notepad.

    As a bonus WTF, KrViewer uses syntax highlighting in Hex View. Looks funny, but it's not really that helpful.



  • @dtobias said:

    Real Men write their Web sites using a plain text editor
     

    Something about real men having an attractive naked woman bent over towards an upright, very large keyboard, and each of the man's firm pelvic thrusts from behind pushes the woman's head on a button, thus producing keystrokes.

    This could work.



  • @dhromed said:

    Something about real men having an attractive naked woman bent over towards an upright, very large keyboard, and each of the man's firm pelvic thrusts from behind pushes the woman's head on a button, thus producing keystrokes.

    This could work.

    Yeah but each programming session would only last 2 minutes.  You would have to code in Python.


  • @tdb said:

    An actual wtf is accessing the DBMS as root from PHP in the first place. A potential bonus wtf is that they might be running that PHP as root too.

    True, but accessing MySQL as root isn't the same as running an application as Unix root.  Since root is the only default account created by MySQL it's common for lazy and ignorant developers to simply use it rather than create less privileged accounts.  However, it's a lot harder to run apache/php as root since the default configuration is going to use a different Unix account, so I don't think it's very likely someone too lazy to create a new MySQL acct would go to the trouble of running httpd as root.



  • @tdb said:

    An actual wtf is accessing the DBMS as root from PHP in the first place. A potential bonus wtf is that they might be running that PHP as root too.

    The root MySQL acct. is the only one MySQL creates by default, so lazy/ignorant devs often just connect to the DB as root rather than set up proper accts. for their apps.  Running httpd as root is rather difficult, however, as by default it will use a separate Unix user acct.  I think it's pretty unlikely that someone who wouldn't bother creating a non-root MySQL acct. would go to the trouble of getting httpd to run as Unix root.



  • @morbiuswilters said:

    @tdb said:

    An actual wtf is accessing the DBMS as root from PHP in the first place. A potential bonus wtf is that they might be running that PHP as root too.

    True, but accessing MySQL as root isn't the same as running an application as Unix root.  Since root is the only default account created by MySQL it's common for lazy and ignorant developers to simply use it rather than create less privileged accounts.  However, it's a lot harder to run apache/php as root since the default configuration is going to use a different Unix account, so I don't think it's very likely someone too lazy to create a new MySQL acct would go to the trouble of running httpd as root.

    I'm aware of that, having used MySQL myself for a while before moving to PostgreSQL for the more advanced features. However, connecting to MySQL as root allows messing with any database on the system, including dropping them or changing the system database in such a way that no one can connect anymore ("DELETE from user" would do that IIRC). But since any sane admin of a multiuser system wouldn't allow that, I'm guessing that's not the case and they're just opening themselves up for a potential DoS or data eradication attack.



  • @tdb said:

    However, connecting to MySQL as root allows messing with any database on the system, including dropping them or changing the system database in such a way that no one can connect anymore ("DELETE from user" would do that IIRC).

    Duh?  My comment was about "running PHP as root", which I was pointing out as very unlikely.  Anyway, I tend to run more single-user MySQL servers than multi-user (in other words, all data in the DB is accessible to a single user which is an application that handles its own privileges).  Even in that case, I still use 2 MySQL users (without passwords, BTW): root for command-line interaction and a user that has every privilege of root except for Super.  MySQL reserves a single connection for any user with the Super priv, so even if the number of connections is maxed out you can still get a connection if you have Super.  This allows a "backdoor" in cases where the connections are maxed out, otherwise you would be locked out of the DB.  



  • @dtobias said:

     Real Men write their Web sites using a plain text editor, not one of those wimpy WYSIWYG things.  Notepad sucks, however.

     

    Notepad sucks but it is still better than those WYSIWYG and their non-standards compliant markup.



  • @bob171123 said:

    @dtobias said:

     Real Men write their Web sites using a plain text editor, not one of those wimpy WYSIWYG things.  Notepad sucks, however.

     

    Notepad sucks but it is still better than those WYSIWYG and their non-standards compliant markup.

    You must be new here.  You should probably back out the way you came before the assault starts.


  • @bstorer said:

    @bob171123 said:

    @dtobias said:

     Real Men write their Web sites using a plain text editor, not one of those wimpy WYSIWYG things.  Notepad sucks, however.

     

    Notepad sucks but it is still better than those WYSIWYG and their non-standards compliant markup.

    You must be new here.  You should probably back out the way you came before the assault starts.
    Indeed, the only complaint about WYSIWYG html editors that is permitted around here is FUCKING HELL WHY DOES IT DELETE TWO CHARACTERS WHEN I HIT BACKSPACE ONCE?



  • @DaveK said:

    @bstorer said:
    @bob171123 said:
    @dtobias said:
    Real Men write their Web sites using a plain text editor, not one of those wimpy WYSIWYG things.  Notepad sucks, however.
    Notepad sucks but it is still better than those WYSIWYG and their non-standards compliant markup.
    You must be new here.  You should probably back out the way you came before the assault starts.
    Indeed, the only complaint about WYSIWYG html editors that is permitted around here is FUCKING HELL WHY DOES IT DELETE TWO CHARACTERS WHEN I HIT BACKSPACE ONCE?

    What? You mean I've been doing it wrong the whole time? I thought it was FUCKING HELL WHY DOES IT DELETE ONE CHARACTER WHEN I HIT BACKSPACE TWICE?



  • @derula said:

    @DaveK said:
    @bstorer said:
    @bob171123 said:
    @dtobias said:
    Real Men write their Web sites using a plain text editor, not one of those wimpy WYSIWYG things.  Notepad sucks, however.
    Notepad sucks but it is still better than those WYSIWYG and their non-standards compliant markup.
    You must be new here.  You should probably back out the way you came before the assault starts.
    Indeed, the only complaint about WYSIWYG html editors that is permitted around here is FUCKING HELL WHY DOES IT DELETE TWO CHARACTERS WHEN I HIT BACKSPACE ONCE?

    What? You mean I've been doing it wrong the whole time? I thought it was FUCKING HELL WHY DOES IT DELETE ONE CHARACTER WHEN I HIT BACKSPACE TWICE?

    Wait, what does any of this have to do with the inability of the Atlantic Ocean to stop curses?



  • I've never had any problems with Adobe Dreamweaver CS4, but then again, I've only ever typed html and php code into it. Never liked it when it decided to paste code in for you, and the prewritten php code blows goats. It's only useful for people with no experience of PHP whatsoever who want to throw together some website and downloaded the program from some warez group because they didn't want to buy it. If you do buy it however, it locks itself to the regional settings on your PC via the license key to ensure you buy it in the country you intend to use it. 



  • @derula said:

    @DaveK said:
    @bstorer said:
    @bob171123 said:
    @dtobias said:
    Real Men write their Web sites using a plain text editor, not one of those wimpy WYSIWYG things.  Notepad sucks, however.
    Notepad sucks but it is still better than those WYSIWYG and their non-standards compliant markup.
    You must be new here.  You should probably back out the way you came before the assault starts.
    Indeed, the only complaint about WYSIWYG html editors that is permitted around here is FUCKING HELL WHY DOES IT DELETE TWO CHARACTERS WHEN I HIT BACKSPACE ONCE?

    What? You mean I've been doing it wrong the whole time? I thought it was FUCKING HELL WHY DOES IT DELETE ONE CHARACTER WHEN I HIT BACKSPACE TWICE?

    And here I've been doing FUCKING HELL WHY DOES IT DELETE ONE CHARACTER WHEN I HIT BACKSPACE ONCE?...


Log in to reply