You Could Be My ATM With One Line Of Code

General

How Many of us have thought wouldn’t it be great to have our own cash machines sitting in our living room, well today potentially we all can. The spam all your friend  scripts still are doing the round much to my horror and so I wanted to show you just how easy it is for unscrupulous marketers or indeed developers to catch your username and password for your email account.

Your World Ruined with one line of code

Just think about it for a moment, what private details are in your account? Paypal account perhaps? hmm what about your bank details ¦

Your Email is in this day and age the effective way into your life, never give your password away even your administrators will never ask for your password as if they are indeed your email admin they already have back end access.

I really want to drive home how potentially dangerous these scripts could be, but I think Andy has done a good job with How to Screw Up Your Business a must read for all marketers thinking of using such features.

So how would a marketer or developer screw your business?


$name = $_POST['importername'];
$email = $_POST['email'];
$password = $_POST['password'];
$description = $_POST['description'];

$SQL = " INSERT INTO cashmachine ";
$SQL = $SQL . " (name, email, password) VALUES ";
$SQL = $SQL . " ('$name', '$email','$password'";
$result = mysql_db_query($db,"$SQL");

Those simple lines of code added to the friends adder script by the Marketer or even the developer will happily store your info into a db for their pleasure ¦
Are people doing this right now? Some one will be, it might not be the marketer who asked for your password though, many PHP scripts are delivered encrypted what is lurking behind there? a call to another server perhaps?

Helping you and your customers stay safe


WordPress Security Consulting Services

Power Hour Consulting

Want to get expert advice on your site's security? Whether you're dealing with a hacked site or looking to future-proof your security, Tim will provide personalised guidance and answer any questions you may have. A power hour call is an ideal starting place for a project or a way to break deadlocks in complex problems.

Learn more

Site Reviews

Want to feel confident about your site's security and performance? A website review from Tim has got you covered. Using a powerful combination of automated and manual testing to analyse your site for any potential vulnerabilities or performance issues. With a comprehensive report and, importantly, recommendations for each action required.

Learn more

Code Reviews

Is your plugin or theme code secure and performing at its best? Tim provides a comprehensive code review, that combine the power of manual and automated testing, as well as a line-by-line analysis of your code base. With actionable insights, to help you optimise your code's security and performance.

Learn more

Or let's chat about your security?

Book a FREE 20 minute call with me to see how you can improve your WordPress Security.

(No Strings Attached, honest!)