Tonight I was getting ready to pay my monthly apartment maintenance bill so I Googled my property management company's name because I always forget the url. It's always the first result, but I noticed Google placed a little "This site may be hacked." line of text on their listing.

Seeing that before and knowing what it means, I went into the source for their index page, and to my suspicion, their WordPress installation was hacked with the standard invisible spam links.

I realize this happens to a lot of WordPress blogs, but this is an NYC property management company that is responsible for a lot of buildings and has millions of dollars in contracts. Normally I would inform them, but having dealt with them in the past I don't like them very much, but more importantly, I don't think they'd understand what I was saying because they are so technically inept. They might even think that because I found this, that I had something to do with it.

So devRant, it is up to you. What should I do?

Client:
"Ok,. so your saying that its gonna take you 63 hrs to create a simplified CRM with basic functionality and auto fill docs or automated work flow docs as an added feature?"

My response (after already under-quoting and planning on cutting some corners because he has a smaller budget than normally necessary):
"It sounds simpler than it is. There are a lot of things I need to take into account that you wouldn't even think about.

For instance:

Making sure your emails don't go to the client's spam folder. This requires the sending domain to be verified via DNS settings. I have to ensure your email content passes a spam test (link to text ratio needs to be good). I assumed you'd want an email that has your logo and looks good. This means testing the design in Outlook to make sure it's not broken.

What if the email doesn't send due to an invalid email address, or bounces back? You'll need to be notified.

What if the client list for the week contains duplicates? You need them merged or ignored.

Generating a PDF from HTML can be tricky because the conversion isn't apples to apples so there are things I need to adjust to make them as close as possible.

Making a site completely mobile friendly (the tier 3 option) can be very time consuming as well. It's not about whether or not it fits on a mobile phone, it's about whether or not it's intuitive and useful. You're essentially getting a mobile app without paying for separate development of an app.

If I took everything into consideration and built this to be 100% bullet proof, it would cost tens of thousands.

I'm doing my best to leverage your needs with the probability of running into an issue. I'm not going waste my time/your money on something that will likely never happen."

Best part about the covid19 manufactured crisis?
Liquor stores deliver. Worst part about liquor stores delivering? Needing to use their shoddy websites.

I've been using a particular store (Total Wines) since they're cheaper than the rest and have better selection; it's quite literally a large warehouse made to look like a store.

Their website tries really hard to look professional, too, but it's just not. It took me two days to order, and not just from lack of time -- though from working 14 hour days, that's a factor.

Signing up was difficult. Your username is an email address, but you can't use comments because the server 500s, making the ajax call produce a wonderfully ambiguous error message. It also fades the page out like it's waiting on something, but that fade is on top of the error modal too. Similar error with the password field, though I don't remember how I triggered it.

Signing up also requires agreeing to subscribe to their newsletter. it's technically an opt-in, but not opting-in doesn't allow you to proceed. Same with opting-in to receiving a text notification when your order is ready for pickup -- you also opt-in to reciving SMS spam.

Another issue: After signing up, you start to navigate through the paginated product list. Every page change scrolls you to the exact middle of the next page. Not deliberatly; the UI loads first, and the browser gets as close as it can to your previous position -- which was below that as the pagination is at the bottom -- and then the products populate after. But regardless of why, there is no worse place to start because now you must scroll in both directions to view the products. If it stayed at the very bottom, it would at least mean you only need to scroll upwards to look at everything on the page. Minor, but increasingly irritating.

Also, they have like 198 pages of spirits alone because each size is unique entry. A 50ml, 350ml, 500ml, 750ml, 1000ml, and 1750ml bottle of e.g. Tito's vodka isn't one product, it's six. and they're sorted seemingly randomly. I think it's by available stock, looking back.

If you fancy a product, you can click on it for a detail page. Said detail page lists the various sizes in a dropdown, but they're not sorted correctly either, and changing sizes triggers a page reload, which leads to another problem:

if you navigate to more than a few pages within a 10 or so second window, the site accuses you of using browser automation. No captcha here, just a "click me for five seconds" button. However, it (usually) also triggers the check on every other tab you have open after its next nagivation.

That product page also randomly doesn't work. I haven't narrowed it down, but it will randomly decide to start failing, and won't stop failing for hours. It renders the page just fine, then immediately replaces it with a blank page. When it's failing, the only way to interact with the page is a perfectly-timed [esc], which can (and usually does) break all other page functionality, too. Absolutely great when you need to re-add everything from a stale copy of your signed-out cart living in another tab. More on that later. And don't forget to slow down to bypass the "browser automation" check, too!

Oh, and if you're using container tabs, make sure to open new tabs in the SAME container, as any request from the same IP without the login cookie will usually trigger that "browser automation" response, too.

The site also randomly signs you out, but allows you to continue amassing your cart. You'd think this is a good thing until you choose to sign in again... which empties your cart. It's like they don't want to make a sale at all.

The site also randomly forgets your name, replacing it with "null." My screen currently says "Hello, null". Hello, cruft!

It took me two days to order.
Mostly from lack of time, as i've been pulling 14 hour shifts lately trying to get everything done. but the sheer number of bugs certainly wasted most of what little time i had left. Now I definitely need a drink.

But maybe putting up with all of this is worthwhile because of their loyalty program? Apparently if you spend $500, you can take $5 off your next purchase! Yay! 1%! And your points expire! There are three levels; maybe it gets better. Level zero is for everyone; $0 requirement. There are also levels at $500 and $2500. That last one is seriously 5x more than the first paid level. and what does it earn you? A 'free' magazine subscription, 'free' classes (they're usually like $20-$50 iirc), and a 'free' grab bag (a $2.99 value!) twice per month. All for spending $2500. What a steal. It reminds me of Candy Crush's 3-star system where the first two stars are trivial, and the third is usually a difficult stretch goal. But here it's just thinly-veiled manipulation with no benefit.

I can tell they're employing some "smarketing" people with big ideas (read: stolen mistakes), but it's just such a fail.

The whole thing is a fail.

When I'm in the zone and a spam text interupts me... Fuck you!

if that site if malware free, then my ass is purple and none of my code needs to be refactored.

So some asshole keeps sending phishing emails to every student and prof in our university and the IT department is too pathetic to block it. They all come from the same email and contain the same text yet they cant filter it and just send warnings not to click it.

Im getting sick of recieving 5 of these a day, i scanned and viewed the page and its just a simple form copying the outlook login page with a redirect to the actual page after submission.

Whats the easiest way to write a script that will spam them with thousands of fake accounts? How can i fuck with these guys?

We hired someone to make the new front site because I was too busy.
The guy had a plain text password system to show, mispronounced "FontAwesome", and used WordPress.
He was not an instructor but was supposed to be the "senior option" for when I couldn't do something for any reason.
I later asked him for some opinion on how to translate the site, and he disabled the Captcha plugin. I. Don't. Know. Why. I figured because of all the spam I got suspiciously after he "took a look" at the admin panel.
Luckily I could get him out of the contacts and now we are looking for more devs.

!dev
I hate being a dick as much as the next guy, but damnit I hate spam even more!

And I can't think of a worse kind of spam than religious propaganda sent by your own family members when they already know you ain't religious, heck they even tried to kick me out of the house when I lived with them.

"...send this to 8 more people you wish a day full of blessings"
"YouTube - 10 ways to meditate with Jesus"
"How Stephen Hawkins proves God"

I've had enough, WhatsApp isn't for people to evangelize or send 3000+ characters of copy pasted, mass produced, soul-less "good wishes"; that's why from now on I'm bringing the fight to them, for every spammy text/video/image I get I'll double down and send 10 opposing spam videos or messages.

I just replied a "The most beautiful thoughts, talking to God" video with the monologue of George Carlin on religion and God.

Am I being a dick? kinda
Could I just ask them to stop? I find this more amusing and spares me the "you don't want me to 'talk' to you" shit

Can we PLEASE once and for all redesign email and texting to be whitelist only?

Seriously, blacklisting doesn't work. We still have assholes that just because they know a line of text or a phone number can harass you forever. It IS harassment and needs to stop. We can always have the option of throw away blacklist addresses, but lets make primary email and phone numbers whitelist only as a standard feature. The business of SPAM would be dead overnight.

Does sending spam text messages really bring results? Omg, I bought a domain name once without paying for privacy and oh how I regret it. I can't imagine anybody ever being like, "Oh wow, thank you for reaching out to me with that product pitch, that's exactly what I was looking for, please, take my money!"

This one is on me I'm not gonna lie. So makin a simple web timer right. Yknow just polishing JavaScript and I was working on the actual looks of the timer. I made some buttons with CSS and when I spam them it highlights all text on the timer and its posting me off and the "fixes" I've seen and tried havent been working or I havent been doing it right. I just needed to get that out of the way. It's a small not even a huge problem just something that bothers the hell out of me.

My current task involves processing the commoncrawl web archive, and it's like a box of junk you buy at a flea market. You find so much useless stuff, broken stuff, stuff that makes you question people...

My latest find makes me wonder what lies out there if what I found was in plain sight. I found tens of thousands of websites that look like someone used markov chains to generate pron ads. Those websites exist in 10+ languages, use the same url-scheme, read like a dyslexic camgirl reading alphabet soup and are hosted on the same three ip-adresses. There is no javascript involved and some pages link to a variety of twitter accounts.

I queried a few commoncrawl files and amassed 4GB of this spam. Every time I look at it it gets weirder. There is an italian article about malware in there too.

Here's a text sample:
"Not from her bedroom, she her stream view and meet new experience. In hd india, because swimsuit still laws exist no interaction or frigthened and."