Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Yeah no
Product dev: We need a new volume slider for ou...
Dev: Say no more!
I'm doing a migration where I have to move like 200+ old-old websites. Stuff was never touched for ages and we kinda moved it 'into the cloud' now.
So after a few sites I check graylog (where all the logs are stored) and I saw this gem:
stderr: PHP message: PHP Warning: file_get_contents(http://tinyurl.com/api-create.php/... Online Viagra/): failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request
And I was like, wtf? Is this site hacked?
Ok the sadness starts now. Behold the following:
function getTinyUrl($url) {
$tinyurl = file_get_contents("http://tinyurl.com/api-create.php/...);
return $tinyurl;
}
This function gets executed for the current link AND every dynamic href on the page.. EVERY pageload.
I was not even mad.
undefined
api
not even mad
fail
php
dos