not sure if any sites ahve been hacked yet, butit seems the RAFS main website was. i got this email today:
Subject: Don't use Project-RAFS. It's not secure at all.
From: "Template.Project-RAFS.com Admin" <noreply@Template.Project-RAFS.com>
Date: Fri, 17 Mar 2006 17:59:58 -0500
Does this look secure to you? It took me less than one minute to gain
access to this site. I can gain full access to ANY site using
Project-RAFs.
Pay someone to make a script that isn't filled with holes; don't use
RAFs.
i had signed up at the forums several days ago just to check it out. of course it says the admin has to activate each account and the douche never activated mine still. but, seeing as how i never had my account activated there was no way anyone on the forum could have seen my email address. so it was definitely hacked.
Full Version: RAFS hacked
Wow... guess you shouldn't use that... HAHAHAHAHA
Yeah, RAFS and FSRS are horrible. I found an FSRS exploit in under 5 minutes from the first time I looked at its code. I have the RAFS code but have never taken the chance to try to hack it but I'm sure it's easy enough.
Freebie site owners should check out Projekt IRS. From the code I have seen it is quite secure.
Freebie site owners should check out Projekt IRS. From the code I have seen it is quite secure.
What sites are using RAFS?
QUOTE (batman129 @ Mar 17 2006, 09:05 PM) 
What sites are using RAFS?
Lots of sites. Almost every site uses RAFS/FSRS.
QUOTE (midfielder100 @ Mar 17 2006, 09:10 PM)
Lots of sites. Almost every site uses RAFS/FSRS.
TRAINN? Gift Fiesta? Free4Me? FREEPAY or OC?
QUOTE (batman129 @ Mar 18 2006, 12:37 AM)
TRAINN? Gift Fiesta? Free4Me? FREEPAY or OC?
None of those.
Only the people looking to create a free site quickly or without a lot of extra effort use RAFS.
123StuffforFree is an example.
Anygift? 4FreeIpod****?
AnyGift is FSRS.
LOL! they all sound/look the same..
Is there a way you can tell which script the site is running?
Looking at it..don't sites look different? and some sites look the same..
I'm in the process of making new software, never fear 
phpRewards has yet to be hacked.
FSRS sites say they're FSRS at the bottom, eg FreeComputerAddons. RAFS sites are like the OrderIt4Free sites and the other sites that FCA recently obtained.
the funny thing is, right on the RAFS homepage it says:
riiight...
-edit-
my bad, OrderIt4Free uses FSRS too.
the funny thing is, right on the RAFS homepage it says:
QUOTE
Running a referral based incentive site is an online business, so there is a security risk. Project RAFS uses methods to make it extremely secure and prevent exploitation of the script. Other scripts have been known to have been exploitable, allowing hackers to give themselves and others offer credit and damage the database of users and information. Project RAFS has never had this problem and it is not foreseen that it ever will in the future. You are in safe hands with Project RAFS!
riiight...
-edit-
my bad, OrderIt4Free uses FSRS too.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.