Since Rentboy isn't likely to come back...

[Paddy]

I know I'm not the only dude to figure this out, but you could very easily view the password protected photos of any advertiser on that or their sister massage site - sans-password - by changing "admin=false" to "admin=true" in the URL They tried to obscure it but it was just a really shittily-programmed site. For years and years. Even after the site was redesigned. Not a huge scandal or anything but thought it was a fun fact.

[+ nycman]

NOW he tells us?

[Nvr2Thick]

I know I'm not the only dude to figure this out, but you could very easily view the password protected photos of any advertiser on that or their sister massage site - sans-password - by changing "admin=false" to "admin=true" in the URL They tried to obscure it but it was just a really shittily-programmed site. For years and years. Even after the site was redesigned. Not a huge scandal or anything but thought it was a fun fact.

 

I had noticed that too. Sometimes having an IT background or just having a mind for word or math puzzles helps you to figure these things out. They had included the logic of their code in the URL. I told a couple people about it via PM. I didn't want to expose this flaw on the forum because I was afraid it might get back to Rentboy, and they'd fix it and ruin my fun.

 

Back in the early 2000's there was an escort site that had their user/password file exposed. If you ran the right search for escort names and search terms you'd get this strange hit. If you understood what you were looking at you had access to view escorts ads and the personal information supporting the ads. I never tried, but I'm sure you could update an escort's ad. Not all fields were filled out for all escorts, so there was an incomplete list including real names, addresses, contact phone numbers, secondary e-mail addresses. There are better standards now for web development. Back then it was the wild west. Even now though you find a lot of websites that don't conceal some content well.

 

Knowing what I know I'd have some fear if I were an escort. By setting up an escort ad you're putting some personal information in the hands of somewhat amateur organizations. They're not technology companies. Based on the bits of information I have been able to pull from most escort sites I'm sure that none of them has hired an IT security professional to test their sites for exposure.

[Paddy]

I was always surprised how bad that site ran for being the biggest one on the web. It seemed to go down a lot and given how much money they had coming in one would think they could have hired a decent developer or two. Don't even get me started on their horrible review system either on a completely separate site with a different design - so very useless. I hadn't heard about the email / password list thing but that isn't surprising in context.

 

Rentmen redid their interface so it at least works okay on mobile devices (it used to not work at all) with some annoying usability issues here and there (like their search). It is definitely a much more professionally built site from what I can tell.

[MikeyGMin]

You're right, the search function on RM is pathetic!

[jawjateck]

Now now boys.....RB (rip) bashing will get yall in trouble with nostalgic souls whose memory of these things is skewed.

[Rudynate]

They tried to obscure it but it was just a really shittily-programmed site. For years and years. Even after the site was redesigned.

 

I could never understand why the site never worked any better than it did. They updated it a couple of times that I can remember, but the functionality never improved. I guess they didn't want to face the necessity of starting fresh with a new developer and building it right.

[+ saminseattle]

Now now boys.....RB (rip) bashing will get yall in trouble with nostalgic souls whose memory of these things is skewed.

 

To be fair, I think it’s safe to say that most of the nostalgia is not so much about RB’s customer service or brilliant website design. Rather, it’s for the people who used to be there and are now missing, whether escort or client. http://www.companyofmen.org/threads/do-you-know-anybody-who-left-escorting-after-the-bust-or-rentboy-com.108884/

[Guest]

At least for RentMen the passwords are hashed and salted.

 

http://www.quickmeme.com/img/41/41cd4fbfe6929cffa81a3da951193b435e93ac8f5d00bb0b4d3f7b95538496c2.jpg

 

http://www.peacehost.net/ASaltedPeanut.jpg