Username: 
Password: 
Restrict session to IP 

hackthissite.org

1 2
Global Rank: 172
Totalscore: 115512
Posts: 166
Thanks: 164
UpVotes: 121
Registered: 16y 274d
Z`s Avatar



Last Seen: 1y 84d
The User is Offline
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
Dear wechall users
I think right now wechall has a lot of quality participating sites, but there are more good sites out there as well. For example, it will be good, if hackthissite.org would join us. Their userbase is ~350000 right now, and they have some very good challenges as well (I've found the realistic challenges very nice). I've made a post on the hackthissite forum about joining us, but it looks like not many people have replied yet (exactly 0). So if you are registered on hackthissite, have some points and you will be happy to see hackthissite on wechall, then please leave a reply for my post like "Yeah, it will be great if hackthissite coud join wechall" or something like that. Don't forget, that wechall is kinda "open source community", the more people help wechall, the better it will be.

The forum:
http://www.hackthissite.org/forums/viewtopic.php?f=9&t=1837

Thanks for your help.
Z

[Gizmore]fixed the link
Last edited by Z - Jan 18, 2009 - 11:49:25
Global Rank: 29991
Totalscore: 0
Posts: 265
Thanks: 243
UpVotes: 180
Registered: 25y 4h
Last Seen: 0s
The User is Online
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
Yes, you are right...there is still a lots of good sites including hackthissite (I'll try to say something nice).Did you contact someone from enigmagroup.org,zeroidentity.org and hackits.de?
Global Rank: 172
Totalscore: 115512
Posts: 166
Thanks: 164
UpVotes: 121
Registered: 16y 274d
Z`s Avatar



Last Seen: 1y 84d
The User is Offline
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
Axel from hackits.de told me that they plan to join us in hackits version 4, but there is no plan when will they do that. I haven't contacted the other sites yet, but if you know the admins there, please feel free to contact them and show them http://www.wechall.net/join.php as well, and notify us about their reply. Thanks in advance
Global Rank: 1678
Totalscore: 15551
Posts: 6
Thanks: 6
UpVotes: 1
Registered: 15y 318d
Last Seen: 15y 307d
The User is Offline
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
Hi: this is "comperr" from HTS.
This will be the only official reply you get from HTS on these forums.
For now on all communications from HTS will come from comperr@hackthissite.org
</end official reply>
<personal>
I had something long typed out here but I clicked on the wrong reply button.
Your user interface needs some fixing: http://www.useit.com/ --> fix it.
http://hackthissite.org admin - Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills.
Last edited by Xmen - Jan 13, 2009 - 00:42:42
Global Rank: 78
Totalscore: 204667
Posts: 16
Thanks: 18
UpVotes: 9
Registered: 16y 282d
Chaosdreamer`s Avatar






Last Seen: 4y 209d
The User is Offline
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
So does that mean HTS will not be joining WeChall??
Global Rank: 1678
Totalscore: 15551
Posts: 6
Thanks: 6
UpVotes: 1
Registered: 15y 318d
Last Seen: 15y 307d
The User is Offline
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
Still a "personal" reply:
Currently it seems that it is likely that we will join. However this has to be a unanimous decision on our part.
As a side point: is support@wechall.net the correct email address?
http://hackthissite.org admin - Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills.
Global Rank: 229
Totalscore: 93264
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 282d




Last Seen: 11h 18m
The User is Offline
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
yes, support@wechall.net is our main contact address.
I think many users here would be glad if more "quality sites" join.
Especially a well known english site is very welcome !

I am aware of some "evil buttons" shown in the bad UserInterface.
Hopefully i find the time to upload a better wechall soon.

Greetings
Gizmore
The geeks shall inherit the properties and methods of object earth.
Global Rank: 1678
Totalscore: 15551
Posts: 6
Thanks: 6
UpVotes: 1
Registered: 15y 318d
Last Seen: 15y 307d
The User is Offline
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
I sent an email
Quote from My

We would like to join - however we do have some issues that need to be worked out.
1) The API required to verify users is insecure. It can easily be used to brute force email addresses. It is likely that we will need to work out some other more secure API.
2) We do not allow users to post the answers to missions on our site or on affiliated sites. While we are aware that several sites do provide step by step answers to our missions this is not something we condone. WeChall must not allow answers to HTS missions to be posted on their forums
3) We get a lot of traffic - far more than any of the sites you presently have listed. Assuming we use the auto updating script this is something you will need to be aware of.
4) Your site must be able to deal with users whose points is greater than the max. This happens mostly when a) users get hall of fame entries, write articles, or such b) staff complete beta missions.
5) Our challenges require you to log in.
6) How are decisions made with regard to major WeChall changes?
7) (personal note) The notice you posted on our forums was (correctly) marked as spam by our mods. I happened to see it in the logs. I would suggest that you try something else to advertise ;)
http://hackthissite.org admin - Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills.
Last edited by Xmen - Jan 14, 2009 - 03:52:19
Global Rank: 229
Totalscore: 93264
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 282d




Last Seen: 11h 18m
The User is Offline
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
I am sorry for the long delay but i finally replied to the mail.
Hopefully most questions are cleared.

As question 1) might be interesting for other users as well, i will post my answer to that question here, too.

Quote from Xmen

1) The API required to verify users is insecure. It can easily be used to brute force email addresses. It is likely that we will need to work out some other more secure API.


The current API should expose no security threat.
You can not link other people accounts by guessing their email address. The linking has to be confirmed via email.
The only thing you could do is guess username/email pairs to reveal someones identity.
The validation URL is kept secret, and you can use any name for script and get vars on HTS.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 229
Totalscore: 93264
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 282d




Last Seen: 11h 18m
The User is Offline
hackthissite.org
Google/translate1Thank You!0Good Post!1Bad Post! link
In summary i have to admit that Xmen and hackthissite.org are right:

It is possibly easy to disclose private information using the validation script.

Thank you for pointing that out and harden privacy a bit Smile

We respect privacy and will introduce an authentication key to prevent abuse of the scripts.
The site administrators will be able to see their key and change URLs in the site administration page.
It is recommended to make use of the authkey or other techniques to prevent abuse.

The changes will be up around this weekend and we are sorry for any inconvinence caused.

Greetings
Gizmore
The geeks shall inherit the properties and methods of object earth.
1 2
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
2 people are watching the thread at the moment.
This thread has been viewed 9804 times.