Screw you MalcWhore

There is always a poor little soul that needs a little bit of attention once in a while.
He has his 5 minutes of fame, we have still the best of our lives, everybody is happy at the end.

    +4

As was suggested on MacNN, simply visit his blog and flag it.

    +7

FUCK YOU MALCWHORE!!!!!!!!!!

    -16

Why do you drag whores into this? Whores doesn’t harm anyone, they’re not worth anything less than others, so why drag them down to Malcore’s level?

(subscribed to comments)     +13

Hey Guys,

Keep your chins up! There are always a few malcontents who can’t offer anything positive so have to try to wreck the whole project for the rest of us.

As someone said, he has had his 5 minutes. Not very interesting. Next…

So, what are you reviewing this week?

    +3

Miles,

Keep up the great work. This malcor guy is a douche. He is not worth the 5 minutes that he has graciously gotten from us thus far. Look forward to more great posts.

(subscribed to comments)     +4

Hey, you know this guy sucks for doing this, but at least you also know that when your the target of attacks such as this you are at the top of your game. This is a great blog, malcore took notice.

    -1

Don’t say i didn’t warn you!

I did send an email, and said wehat he would do. Why did use not take precausions?

    -6

@Grant: They did take precautions. Did you not read the post?? I guess your warning was all they really needed to avoid being compromised? Brilliant.

Anyways nice to see you guys!

(subscribed to comments)     +0

So - Miles! You got screwed.

Your own fault really. the website is a bad idea. Your writing articles about applications? yes. good idea.

I love

    -24

Happy ending. I didn’t know about your site until yesterday. Now it’s bookmarked and subscribed to. No P.R. is bad P.R..

    +4

It’s pretty ironic, both sites that malcor “hacked” i’d never heard of before, and now both are in my RSS reader. Thanks for the heads up on the awesome sites, malcor!

    +4

Haha, all this talk of “rotten” this and “whore” that ended up landing you an Anne Coulter context-sensitive ad on your page

Awesome. Oh, and maybe everyone could just change permissions to their .htaccess file? Or am I misunderstanding the exploit?

    -1

Why are PC users so angry? This is not a Fan boy site at all… I use a PC at work and don’t mind it. There I said it… I dont hate Windows. I just enjoy working on the Mac more.

    +0

Appreciate the comments from the well wishers.

@bigsteve: Yeah I should have been a bit more clear above. By default WP wants to handle the .htaccess file dynamically so it needs to be set world writable. We tweaked this before putting the blog back online and we should be safe now. If anyone needs a hand feel free to email me (milesevans _AT_ macapper.com).

On that note I found this article is a great starting point for hardening Wordpress.

(subscribed to comments)     -1

Overall, I’d say that this was the digital equivalent to toilet-papering someone’s house. Not much harm done I’d imagine. Think of all the nasty, foul things that they could have put up on your site.

    +3

Thanks for that link on Blog Security, Miles. Gonna work on that today.

    +0

Well, I did send you guys a warning, even if it was too late :/

But anyway, I’m going to warn any of his future targets, and I suggest you do the same. Also, in order for his little self pity party to continue, he needs to publish to the web about his little pants wetting sessions, so like said by the above posters, flag his blog.

Also, go here and drop google a quick note, it doesn’t take long, just outline his violation:

http://help.blogger.com/?page=contact

If you want to be literal in your submission, just quote from their content policy, he’s violating 1 or 2 clauses:

http://www.blogger.com/content.g

    +0

You didn’t manage to snag an IP from your logs, did you? If so, you could track him down fairly accurately, assuming he wasn’t using a proxy.

    +0

I hate this kind of people who enjoy just broken because they have mental problems, bad heart or too much time to spend. It is not so difficult as people think to broke one web, even stupid people with google and some time, like this lammer, can do that. Why? Mac is not the reason, the reason is that probably this guy cannot made anything right in his real life but to spend his time doing to the others to spend them time too.
Macapper made Internet better, this guy made Internet worse.

    +0

Wow sad to hear one of my favorite blogs got defaced, but super happy to here you guys recovered so fast. Good to see Miles and crew!

    +2

This guy lives in his parents basement in Australia. He is probably 24 and a loser, a big loser.

    +0

Malcor is moron. It is not like you are ragging on windows all the time. I hope you can bust him AsAp.

    +0

I heard a rumour that malcor is regular on the apple forums and a Level 4 at that. Apparently a senior apple member of staff downgraded him for breaching the terms of sevice on the forums.

    +1

I wouldn’t give this little turdling the satisfaction of even MENTIONING the “hack”.

    +1

I wonder how much more traffic you got due to this Maybe the hacking of your site was not that bad after all…?

    +1

Malcor is nothing but a script kiddie. He doesn’t have enough intelligence to actually do a proper hack.

When I was using XOOPS I got hacked once but all the little retard did was create a file called index.html. All I did was alter the Apache file so that PHP files were executed before HTML files and any hack after that from little brained people would have been thwarted. Clearly these idiots don’t have a proper grasp of what hacking is all about.

Incidentally Malcor still hasn’t attempted my challenge to him regarding hacking my site. I figured if he can hack a Mac and WebObjects then he is worthy of being taken seriously but clearly he only knows how to hack WordPress and thus his attacks are solely limited to sites that the developers haven’t configured properly.

As Miles stated, any further attempts to hack WordPress are thwarted by a simple permissions change. Of course .Mac accounts are different because the hacker would first have to find your machine, intercept the Kerberos encrypted password (yeah, good luck on that one), and then do some damage. Considering many .Mac pages are edited using iWeb then any hacked pages would be up for a grand total of… however long it takes to upload to .Mac. Hell, comment floods can be removed simply by clicking the comment box and hitting delete in iWeb.

Good luck everyone in keeping yourself guarded from this moron and getting this twat’s site blocked.

(subscribed to comments)     -1

I read about this “attack” on a norwegian mac-site http://mac1.no/. By reading about this, i discovered a new Mac-site. (macapper.com)
So i guess Malcor helped me finding a great website… :O)

(subscribed to comments)     +1

It’s all fake. MacApper was not hacked, it’s part of a PR-stunt! Read this..

http://digg.com/apple/Mac_hacking_only_a_PR_stunt

    +5

If what Kåre posted is true, I’ve lost a hell of a lot of respect for this site.

    +4

Funny… you get “hacked” then proceed to show photos of the so called hackers work. Umm… what?

Anyways I am posting this in retrospect, I only just learned of this today, at the same time that it was revealed that this was all staged for the upcoming MacHeist II.

    +2

You could’ve at least made up a better story, eh?

First off, the bit about your supposed 0-day XSS exploit. To even GET data to the server, it would have to be a type 2 attack. I doubt this was overlooked in the release of WordPress 2.3.1, since the primary release was for security.

Secondly, the vulnerable page would have to be a publicly accessible page, making a type 2 XSS even more rare.

Finally, why would you possibly leave your HTACCESS file world-writable, and how would this “hacker” write files back to your server using a type 2 exploit anyways? At most it could be redirected to another site.

Please explain.

    +2

http://macapper.com/rotten/

It’s 100% normal that you keep the hacked site on your server

    +3

@Chris: “Finally, why would you possibly leave your HTACCESS file world-writable, and how would this “hacker” write files back to your server using a type 2 exploit anyways? At most it could be redirected to another site.”

It’s more common than you know. This was something that needed to be done on older versions of XOOPS. It had to have at least administrator rights to access the file but the passwords etc are all plain text so it’s reasonably easy to hack a PHP based content management system and WordPress is no exception.

But what I want to know is is Glenn Wolsey in anyway tied up with MacApper or MacHeist? If not then the PR thing is bollocks.

(subscribed to comments)     -1

Glenn was one of the founders of macapper…

http://www.glennwolsey.com/2007/02/03/macapper-launches/

and was just given a new laptop from an anonymous source…

http://www.glennwolsey.com/2007/11/12/goodbye-desktop-hello-portable/

I don’t know what is worse… the fact that everybody has a price or that the price is so low.

    +1

Just to set the record straight, the rotten folder was left on the server for forensic reasons. We wanted to further study the attack, but since some people are now crying fake, and others claiming MacHeist is behind this, we’ve removed it.

    -1

yeah I posted about this earlier in the forums.

Well we kept it around because we wanted to check it out. I mean we can read HTML, and it’s obviously not harmful to keep it around in any way. We can also use it to remind us how l4m3 we are.

Conspiracy! C’mon guys - get over it.

(subscribed to comments)     +1

PRman, that is absolutely ridiculous. You believe I received a MacBook Pro in payment for the site hack? Yes, great speculation right there. Nothing at all to back it up. The laptop was sponsored by Brendan Sheehan Jnr of http://www.advertisehereforever.com

    -2

@Marvin Sum

If you wanted it for forensic usage, you save it as a web archive and keep it on your HDD, not the server. Your keeping it on the servers smells like you’re part of a PR scam and now you’re covering up your tracks.

(subscribed to comments)     +2

Oh come on Warbrain…

So you’re asserting we’d hack our own and a friend’s site as a PR stunt…take a step back. Do you honestly think we’re so desperate for publicity that we’d ever do that?

    -5

@Jamie Diamond

I never once said hacked. I hardly doubt that there was any hacking involved.

(subscribed to comments)     +0

By hardly, I mean “I doubt.” Brain fart.

(subscribed to comments)     -1

good for you mac bigots. hahaha… your arrogance sure got an answer!

    -3

and how pityful. hacking ur own site. wow! good job losers!

    -2

This was a PR stunt. The proof will soon come out.

    +2

LOL macapper, i really lost your respect when u take money for pretend that you have been hacked… how lame is that… have a good life scrue you all who runs this site

    -1

Wow all the good stuff gets posted when I’m sleeping! Anyways not to fan the flames of conspiracy even further but, well, here goes…

HTML is not capable of running server side scripts! It’s 100% harmless, sort of like grandma when the Price is Right is on. Keeping a copy on the server proves that we know what an HTML is. I intentionally told Marv to not delete it because I wanted to match it up to the requests I saw in the weblogs related to the injection. We’re still not clear on how the files were written to the server but this appears to be how it was done (but we’re not sure!). Also I thought it might be cool to link to /rotten in this blog post, but I ended up taking a screencap instead.

What PR are we getting out of this again? According to my logs we lost nearly a full days of posts and users, and we are actually down traffic/subscribers overall due to the hack. It was also very stressful and everyone on the interweb now thinks I am an incompetent server admin. I am also starting to suspect that my wife no longer finds me attractive.

That’s about it. Wish it was more exciting guys. If anyone with some actual *nix skillz and some knowledge of these types of hacks wants to help out, I am always available for that. If you’re more of a Columbo type then I hear these people have a really large conspiracy on their hands, but that too might be a dead end.

Seriously though…If anyone has any information on who Malcor is I would really appreciate an email.

(subscribed to comments)     +1

Hahhaa well put Miles…I think the point is that if the only evidence this unknown foreign apple site has to back its claim is the /rotten dir then you guys are really reaching imo…. Some of these posts are just silly, see for yourself: thread

    +1

I’m not sure why so many people are calling foul that we left part of the hacked page on our server. If I had a site that got hacked, I would probably keep the page around online as I tried to figure out how it happened. Some of the feedback we are getting is also very nice:

“Glenn is obviously the more civil of the two parties. The MacApper guys are just ruthless..”

I’m not sure why people are calling this a “PR Stunt” as it seems that our popularity has dropped since the hacking. Oh, and sorry about your wife Miles.

    +0

Miles, Glenn, Greg, Marvin & MacHeist:

We don’t care if you claim your popularity has dropped since the hacking. We have all understood that you guys got paid to pretend to be hacked. It’s pretty obvious - Glenn’s connection to MacApper and MacHeist - thats just more than a coincidence

You can claim that your popularity has dropped as much as you want, but soon you will face the truth. We all know that your statistics are pointing the opposite direction than down thanks to Malcor.

Too bad Mac1 spoiled all the fun..

    +0

@K
åre:

What part of “We did not do this as a PR stunt” are you too stupid to understand.

How come NOONE has heard of Mac1 until this ridiculous claim came out? Therefore I put it to you that it is Mac1 who is in search of PR by smearing the reputation of MacApper.

Man, I guess no matter how much you try to prove your innocence it all boils down to:

“No matter how much good you do it will all be destroyed by a single bad act”

In this case a bad act that MacApper had not committed.

Isn’t there laws against defamation? I know there are here in New Zealand.

(subscribed to comments)     -1

@Loweded

Good thing for you there aren’t laws against being a dipshit.

@Everyone else

Just launched a new blog called Wolsey Watch. Dedicated to exposing the stupid shit that Glenn Wolsey posts on his Macintosh masterbation blog. Check it out:

http://wolseywatch.blogspot.com

    -3

@Wolsey Watcher:

If that’s the way you want to play it then I will say the same thing I said to Malcor on his little retard blog:

You sir have an itty bitty penis that you can’t even see without an electron microscope.

You come to Mac sites spreading nothing but hatred for people that you have no idea who they are basing everything you think about them on a site that is only a specific part of their interests?

Wow, I’m sorry but the only dipshit here is you because you’re nothing but an attention whore who, even with a big flashing neon light around you, no one even cares about.

Do you get beat up when you go home to mummy then lie there crying as she tries to touch you in your special place only she gets frustrated because of her complete lack of electron microscope and so she hits you more?

Actually I think we should all just ignore these twats because it’s only encouraging them.

(subscribed to comments)     -2

The reason is probebly because it is a norwegian mac forum! I totaly agree with Kåre… why do u even try to hide the truth when it is out! you guys are so lame that its a shame for the mac comunity if u ask me

    +0

Here’s my question: many of you “claim” you understand the truth, but how do you know that’s the truth.

For the record, Glenn has had zero involvement with MacApper since he sold the site early this year. He doesn’t post, he doesn’t talk to the editors. I’m sure he still reads and he does sometimes comment, but that’s it.

In fact, most of Glenn’s friends who headed up the staff here at MacApper were fired soon after the site was sold. So yes, Glenn was the founder of MacApper, but he has had zero influence and connection with the site since March.

    -1

@Loweded

Only a complete nerd would integrate an electron microscope into an insult. So instead of trying (and failing) to insult me, why don’t you go back to your little race car bed in your mommas basement and come up with something that doesn’t make you look like the dipshit you are! Thanks for comin’ out though! Better luck next time! Haha.

    -1

@Loweded

Holy shit, I just clicked through to your blog and saw your picture. I mean , I assumed you’d look like a loser, but never in my wildest dreams…WOW

You make Stephen Hawking look like Brad Pitt.

You’re so ugly, your hand probably won’t even have sex with you!

    -3

Ah Wolsey Watcher you pathetic excuse for an inhabitant of whatever planet you hail from. Chances are they kicked off for being a dilhole.

At least I’m man enough to show my face. I have nothing to hide but you, you little cretan, have everything to hide. I’d say your face is covered in pimples but I’m willing to bet it IS a pimple.

I bet you thought you had a pubic hair until you pissed out of it.

(subscribed to comments)     -2

@Loweded

My face is one big pimple? That’s the best you can do? Haha. You need to get some practice there dipshit, cause your insults are HORRIBLE.

Also you seem to have an unhealthy obsession with my penis. You aren’t perhaps typing from the closet are you? Man it must have been really hard for you as a kid. Being short is hard enough, but being gay too? I pity you.

    -2

Yawn. Yes I’m gay because you have a little penis.

The fact that your be all end all insult was I’m ugly shows that the more useless insulter is you.

The fact that you try to insult us with your mere presence thinking that anyone actually cares about you simply shows the level of intelligence that you have.

It’s been fun using stupid little insults because you’ve been biting everytime. If I really wanted to insult you I’d use proper insults but I don’t want you crying to mummy, that and the fact that I don’t need to.

Frankly the fact that you’ve been biting everytime just goes to show how childish you are. If you never bit I wouldn’t have continued.

Frankly though it’s getting quite boring goading you, it’s not challenging enough. But then when your opponent isn’t even out of kindergarten yet it’s not surprising.

Are you friends with Malcor? Actually I’m willing to be you are Malcor. You seem obsessed with Glenn so I’m really beginning to think the gay one here is you. What’s the matter, he find your love letter to him and laughed at you in front of all your friends? Did he embarass you in front of everyone?

I just checked out your site. Wow you have a lot of friends don’t you? No one has bitten your pathetic attempt at attention whoring. You’re so worthless that even advertising your site to the world has gotten no attention.

No wonder you hate Glenn, he’s much more popular than you.

And with that I bid you farewell for if no one pays attention to you you cease to exist.

(subscribed to comments)     -2

@Loweded

That was quite a lengthy response! Did I hit a nerve when I mentioned that you were short growing up? Must have been hard getting the shit beat out of you all the time. Having to go home and tell your mom the big kids beat you up. And then, 20 some years later having to make excuses like “I never backed down.” Little shits like you who say “I never backed down” are just trying to make themselves feel better about getting their asses kicked.

It’s a good mechanism though. Because while the bullies were off dating the hot girls, and partying with the popular kids, little Loweded was beating off in his room thinking about how he never backed down. You should be proud of yourself! HAhaha.

You’re neither baiting anyone now (except yourself, haha. Did you pick up on that double entendre?) nor have you ever. All you did was justify getting your ass kicked by making youself think it was your choice. Poor little Loweded. I pity you…

Try not to cry too hard lil’ buddy!

    -2

Oh that’s good. Using the short stick huh? Pity that you’re attacking someone who has no ego. Anyone who actually knows me knows I’m more than willing to make fun of myself so anything you say about me I’ve already said it about me. You’re deluded if you think making short jokes could ever hit a nerve. It just goes to show how little you know about people. As such you have no right to attack people like Glenn.

Who’s the bigger people Glenn and I who both have photos of ourselves on our sites or you who’s so scared of having their identity known that you hide behind cowardly websites picking on people?

Seriously man, you’re so cowardly that chickens look butch by comparison.

(subscribed to comments)     -1

“Frankly the fact that you’ve been biting everytime just goes to show how childish you are. If you never bit I wouldn’t have continued.”

“And with that I bid you farewell for if no one pays attention to you you cease to exist.”
- Loweded Wookie, before posting yet another response to me.

So tell me poor little Loweded, who is the one that got baited? Hahah. Dipshit…

    +0

You guys are acting like kids. You both need to settle down.

Calm. That’s it. You can do it.

    +2

Geez, can’t you guys like - well, not try to kill each other like that. Do you guys even know why your fighting?

(subscribed to comments)     +1

Did you guys check out his IP on his comment, or in your server logs?

    +0

Check it: New post on Wolsey Watch

http://wolseywatch.blogspot.com

    -1

Actually, that attack was some of the best free publicity that you’ve ever got. I’m getting an iMac in the next few months, and I’m looking for Mac sites. If it wasn’t for his current attack on Applematters redirecting me to his blog, I wouldn’t have found your guys link. Now I’ve got you guys bookmarked.

Besides, I doubt that it will last. He’s bound to hack a site that Steve Jobs cares about. When that happens, it’s going to hit the fan! I hope Malc whoever enjoys prison.

(subscribed to comments)     -1

Why not report it?

http://www.cybercrime.gov/reporting.htm#cc

(subscribed to comments)     +1

So according to AppleMatters it was all a PR stunt. Pathetic.

MacApper just lost a reader.

    +7

I second that Jimmni! This is just pathetic. The MacApper staff should be ashamed of themselves. Glenn Wolsey as well.

    +7

IT’S A HOAX!!!!

Well, this is MY last time here.

    +5

So, when can we expect your public apology to the makers of Wordpress?

    +4

Wow. I should have known it was a fake. First all of the Apple hate sites disband, and then John C. Dvorak goes all Mac last summer. Everybody thinks it’s cool to have a Mac now. There just aren’t any Mac haters left in the world that could pull off such a stunt.

I’m a bit disappointed, but I’m still reading the site. This was just a ad campaign limited to their own sites. It’s not like the ATHF Boston bomb scare.

(subscribed to comments)     -1

This was just a ad campaign limited to their own sites.

Except that it also implicates the hosts and the software these sites run on. Liability for this idiocy extends to Media Temple, EngineHosting, WordPress, and ExpressionEngine, all of whom were not in on the “prank”. They and all of there users being subjected to security and support scares from the blatant lies perpetrated by this “prank” cost real money, and puts everyone who was in the know at risk of civil and legal suits.

    +4

Unsubscribed from the MacApper and AppleMatters feeds as of now. It’s a bad publicity stunt that nobody will care about in 2 weeks, but I won’t be back as a reader and wouldn’t trust either site for a while.

    +4

Wow. This was how _not_ to market. I’m going to contact every single advertiser on your site about this.

    +6

Mac1 was right! MacHeist paid the “hacks”

So long MacApper and MacHeist..

    +4

Seems this stunt pissed off the folks at EE which is what started the downward-spiral?

http://expressionengine.com/forums/viewthread/65867/P0/

So just how much $$$ did they offer you? It is time to come clean or accept that you will have absolutely no credibility.

    +3

Lame. Very lame. Lost all respect. Better come out late than never.

    +2

Wow. Talk about unprofessional. Blatantly denying accusations that this was a PR stunt and attacking the integrity of your readers?

    +3

Glenn Wolsey is currently getting free hosting from Media Temple. By perpetrating this hoax he has cast a very negative light on the people who are gracious enough to host his site at no charge. Would you sign up with a host that can be hacked so easily?

If you answered no, they you should let Media Temple know that as well. Contact them at http://www.mediatemple.net/company/contact_us/ , and address your comment to Mr. Demian Sellfors, CEO.

I blogged about this at http://wolseywatch.blogspot.com . Check it out!

    +0

A: We’re launching an “investigation” into matters in light of recent news as we speak, so stand by kids.

B: Wolsey Watcher…a man once said “Credible men do not shamelessly self-promote.” You’re already in danger of being banned due to this flame war. Don’t push it.