It’s not been the greatest summer for Flippa.
Firstly, they had to contend with the endless ‘my sites aren’t selling’ drama when the entire starter site (no traffic no revenue) market collapsed.
I believe in marketplace responsibility but I also believe people gave Flippa a hard time unnecessarily and blamed everything from poor quality traffic through to the selling fees as a way of disguising the fact they were failing to sell because what they we’re selling was no longer in demand.
The fun was far from over when the forums and blogs lit up with disgruntled users, many of whom had been the victim of fraud and non paying bidders. Some people blamed it on a rise in poor quality traffic from India and Indonesia according to Alexa (nb. This is not my opinion!) but again, most just blamed Flippa’s management and policies.
Bad luck seems to come in threes as this week, ‘ethical hacker’ IH-Adam claimed to hack into Flippa’s admin panel, taking a video as evidence.
Flippa Hacked – Admin Panel Screenshot
Flippa we’re apparently notified of the issue, but it seems it didn’t go down all too well
I don’t know the full situation, other than what I’ve read on Adam’s blog and personally, don’t have enough money to be sued, so I wont risk expressing an opinion….but I certainly hope Flippa manage to resolve their issues soon, so we (Flippa included) can all get back to what we came here to do in the first place…sell sites and make a profit!
Update – July 20th 2010 – The ‘incredible disappearing’ explanation from Flippa has surfaced in Google’s Web Cache – Thanks to Clinton @ Experienced People Forums for this one
Popularity: 14% [?]
Loading ...
{ 17 comments }
Justin:
You beat me on this story…lol. I took the past few days off and when I “went back to work” this evening there was a Google Alert about this story sitting in my inbox so I just posted about it. I thought I would check to see if any other bloggers in our niche had anything to say about this story and I see you beat me to the punch. Good scoop:)
Are you taking this story seriously or do you think it’s much to do about nothing? I’ve changed my passwords just to be safe.
Travis
Travis´s last [type] ..Flippa Was Hacked So Now What – Is Your Personal Information At Risk
Hey Travis,
What the sitepoint guys know about security makes what I know about security seem to fit on the back of a postage stamp.
But then again, what some hackers know about security makes what sitepoint know about security seem to fit on the back of the same postage stamp
I’m changing it just to be safe!
Well spotted, Justin, and thanks for publishing this post.
Also, nice to see you posting after a long gap. I want more posts, I want more posts!
Anyway, as I posted in my forum thread on this subject (http://experienced-people.net/forums/showthread.php/1154), Flippa did actually put together a blog post saying that there was a breach of security and it was all fixed. They explained what was breached and how it was done.
But that post has disappeared. They may have decided that it was too much sharing…or that the problem isn’t completely fixed yet. Anyway, I saved a copy of that post and published some extracts.
Clinton´s last [type] ..Hi and thanks for your time
Hey Clinton,
I got sidetracked on another project for a short while but I’m back!
If anyone would have a cached copy of the post – it would be you! I did at first wonder if it was a hoax, but seeing that ‘mystery disappearing post’ made it all real. I’ll update the article with a link, in the interest of ‘unbiased reporting’.
Thanks
Ouch! Just took another look at the admin screenshot. It appears that admins are allowed to log in to users’ accounts and read their PMs.
Clinton´s last [type] ..Is Flippa violating your privacy and reading your PMs
It gets worse.
In my latest blog post I point out why it seems that admins at Flippa have access to users’ private message.
If admins have access, hackers likely had access too.
Did you ever send anyone a PM with a login to your GA account, your stats, FTP or anything else? Panic now.
Clinton´s last [type] ..Is Flippa violating your privacy and reading your PMs
Sorry for the delayed approval on this one – it seems Akismet didnt like your IP and put you in the spam folder ?!?!
It is a little worrying, but I dont think Australia are in recession like the rest of us, so we should be safe with Luke and Dave knowing our information for now
In my opinion admins need to have access to PMs especially when we charge them with the responsibility of creating a secure environment.
Otherwise it’s a little like telling the police they’re unable to search a house or check a phone when they suspect someone of wrong doing.
I do not understand what the big deal is – websites, and webservers get hacked – its just a fact of life on the internet.
When webhosting talk was hacked, and about 6 months of forum post were lost, there was barely a mention of it. It was like no big deal, websites get hacked all the time. But for some reason this flippa stuff is really making the rounds through the webmaster forums and blogs.
Flippa was hacked, so what, lets find something better to talk about.
Kevin´s last [type] ..Camping on the Angelina river
Hey Kevin,
Thanks for dropping by.
I agree in some part and websites do get hacked everyday, but this is highly relevant to THIS industry and part of a series of unfortunate events for Flippa. As this blog is relevant to buying and selling websites it seems relevant to blog about it.
Cool niche you’re in btw. It’s great to see someone who can actually get out and create content rather than just autoblogging or borrowing ideas! (and dont say it – my posts usually are original – this one’s just an exception
)
Kevin,
In addition to what justin said, some people don’t see in this saga that the hacking itself is the biggest news
Clinton´s last [type] ..How Flippa Was Hacked – Video
We’ve now been able to post about this on our blog:
http://flippa.com/blog/news/flippa-security-vulnerability-reported-and-fixed/
Essentially, the issue was completely resolved within hours, and no passwords or financial information were compromised.
Hey Dave,
Thanks for the update.
I hope you’re well
J
>>>Essentially, the issue was completely resolved within hours
The issue of hackers being able to log on as admin has been resolved. The issue concerning all the possible leaked data from PMs has not been resolved – or even acknowledged.
Also, the remaining issue of admin currently being able to log on as any Flippa user and sneak a peek at their private messages has not been resolved. Or acknowledged to even exist.
Paul´s last [type] ..Flippa Slip Up
Hi Paul,
Thanks for stopping by.
Do you not feel that admins would need to be able to view PMs in order to do their job of enforcing both security and their terms?
Justin, are these the same admins who buy and sell sites themselves and could derive commercial benefit from listening in to conversations between buyers and sellers?
If they are, strange how they never mentioned this access in their terms or their privacy policy, isn’t it? Not only do they want to snoop on user PMs, they wanted to do it without users ever knowing they had this access.
One thing in their privacy policy is true: “That’s right – this little site is more complicated than it looks!”
Clinton´s last [type] ..Hello to All From- HopeInSite
hi, also suggest http://www.websaledomain.com , a good alternative to Flippa without success fees
{ 1 trackback }