Are you really that stupid? Apparently.

Ever since the MyGallery exploit was made aware to me, I’ve been checking up on my install of Mint to see what’s been going on with some of the pages here, and it’s amazing how many people (mostly those that apparently don’t understand English) are still trying to access the mygallerybrowser.php file. The amount of people googling for the issue, and the number of people that directly come to this site by copy/pasting in their “hacking” url amaze me. I even went as far as putting up goaste on the page they’re trying to access but even that didn’t deter them from trying. It’s actually really annoying, because all of my logs are infested with this crap. Searches are almost 100% “inurl:/mygallery/myfunctions/” and same for refferals, give or take a few foreign hackingforums.

Seriously, the file. is. not. there. anymore. NOTHING IS GOING TO HAPPEN! But I am half tempted to recreate those files and place a shitload of banner popup ads that’ll explode in their face when they access the page.. Actually, yes, that is exactly what I am going to do.

Edit: Let’s see if they like tubgirl.


  1. jaja peculiar image the one that you have put, and the one of the people who do not understand the English you say it by my, and alegrate that you have gained many visits, but this always happens is lammers that is wanted it to give of hackers. Greetings

  2. You’re truly an evil soul directing all these script kiddies to TubGirl… well, I take that back. Great sense of humor! 4 Stars πŸ˜‰

  3. Haha, I think you just have to wait for it to wear off until people realize you won’t upload the file again. People are stupid that way I guess. *shrugs*

  4. It’s not that they’re stupid…it’s that your url got included on a list somewhere (forum, board, whatever…) and they all keep hitting it. As soon as that list ages, disappears, or gets edited you’ll be fine.

    Someone decided to include my contact page on something like that awhile ago, even though it was never susceptible to any kind of hacking….ah well…viva la textpattern!

  5. You mentioned it on your site, so people came to see what you were talking about, so that’s pretty much where people came from.

    Unless they were doing it all along. In that case, I have no idea what I’m talking about.

  6. Walker, actually it is in fact because they’re idiots. Most of the hits are directly accessing the link PRIOR to attaching a .txt file to it (mygallerybrowser.php >> mygallerybrowser.php?, which has “YOU ARE A STUPID FUCK,” for a title, and tubgirl as a tiled background. Apparently this means that you should still try to execute a shell script. Because you know, tubgirl is totally hackable.

    John, actually, no it wasn’t because I mentioned it on my site. It’s because some forums talked about the vulnerability, told users what google terms to search for, so they could find a list of sites that they might be able to attack. It was NOT because of the post. I haven’t had any hits generate directly from google to that post.

    All hits are either from foreign hacking forums (which I can’t access) or from google search terms. Very few have just been directly accessing the mygallerybrowser.php file though not that many (and those have all been either after a 404 message was displayed, and now when the tubgirl image is displayed.)

  7. Hah, this reminds me – I get people all the time looking for old hackable WordPress files on my site … despite the fact that I don’t even use WordPress. It’s more insulting than annoying! How dare the bastards assume I’m using WP!

  8. jajaja you must be happy, you have many visits of scripkiddies, treating to learn a little defacing in your blog. Very graceful the image that you have put jajajaja.

  9. Oh jeez, tubgirl. That’s just mean. Mean, but so, so funny. I give you two thumbs up! πŸ˜€

Comments are closed.