The idea
Last week I had a client that had his site hacked. The usual story – outdated Joomla version and outdated extensions… The work that I invested on that website fixing the damage that the cracker did was tough. It made me realize that I prefer to prevent possible cracker attacks, than to spend hours repairing the broken pieces left.Security is important
At Compojoom we invest a lot of time writing secure software, but we also are well aware of the fact that we don’t know everything. We want to make sure that CompojoomComment is as secure as possible, that is why we are starting this small hacking competition. pusWhen?
Starting from now till the end of August 2010.Rules
On this site http://hackme.compojoom.com You will find a standard Joomla installation with just one article and CompojoomComment installed. Try to breach into the system, try to overcome the captcha protection, try to make an SQL or XSS attack. If you succeed and can explain to us what you did and how you did it, then you are going to be rewarded.Keep in mind
Try to concentrate only on CompojoomComment. If you find a linux or apache bug, then perhaps you want to report that problems to them :). We want only to push CompojoomComment to the limit!Prizes
Right now we’ve gathered 200€. This money will be divided between all participants that have found a security problem in CompojoomComment. In the case that there is no security hole in our software (what I really hope for :)) we will donate the money to the Joomla project.
In addition to our money prize, the first 5 users to find a security hole in CompojoomComment will get a 1 year subscription to SalvusAlerting.com .(the subscription costs 197$ per year!)
Can you sponsor the competition?
Of course you can! Right now our prize fund has 200€ in it. But if you wish to motivate the participants even more you can send money to This email address is being protected from spambots. You need JavaScript enabled to view it. and we will add your donation to the prize and will list you in the sponsors below.FAQ
- Is there a guaranteed prize amount that I’m going to win?
- No there isn’t. If there are 2 security holes, then the users will divide the whole amount between them. In figures this means: 200/2 = 100€ for each bug. - How am I going to collect my prize?
- Once the contest is finished we will send the individual money awards only trough paypal. - What happens when 2 participants report the same bug?
- Only the person that has reported the bug first will get a reward.
Sponsors
Here we would like to thank our sponsors:
-
We wish to thank our main Sponsor - SalvusAlerting.com for giving away 5 one year subscriptions to their awesome security service! - Nils Ally - thank you very much for helping other users on the forum and for donating money to this competition!