We The Pizza website resurfaces with login page now missing!

zeniththezealot | 13 points | Nov 21 2016 01:17:06

http://www.cometpingpong.com/protected/

This is a weird one. My girlfriend was doing some research and typed in "comet ping pong predophules" by accident. With the correct spelling Google filters this page out but with the incorrect you get ONE search result and that is the link ive provided above... Looks like an employee portal of some kind.

TheRickest_Rick | 5 points | Nov 21 2016 01:34:56

This looks important

outlassn | 2 points | Nov 21 2016 02:17:59

The discord has looked into it, Typical brute-force came with no results, anybody willing to take a look?

whatiswalnutsauce | 6 points | Nov 20 2016 23:40:21

I actually saw that login page as well. Thought it was odd that they even kept the /login page at all, I'd expect they would just take the page down entirely.

tridentgum | 4 points | Nov 20 2016 23:40:11

http://wethepizza.com/admin/login

illBoopYaHead | 4 points | Nov 20 2016 23:41:16

Yes I've noticed that one still exists. My guess is that logs you into the admin tool/backend they used to build the website. If you could break in you could see everything but that requires knowing their E-mail.

a-SynKronus | 3 points | Nov 20 2016 23:47:10

Correct. https://smb.webpop.com/projects/we-the-pizza/login

webpop.com is the service they used to build the website :)

Which makes you wonder what the other login page was for [although we have a guess on that]

EDIT: example [https://smb.webpop.com/projects/artiqulet/login]

artiqulet.net

illBoopYaHead | 4 points | Nov 20 2016 23:48:57

Exactly, it is very shady for a website like this to have a login page. Most websites for restaurants are glorified billboards.

coulditbe223 | 2 points | Nov 21 2016 00:03:06

That's weird as fuck. What purpose would a regular login serve?

illBoopYaHead | 3 points | Nov 21 2016 00:04:17

Assuming the fact they've covered it up now, probably something illegal.

coulditbe223 | 1 points | Nov 21 2016 00:05:42

Well lets assume for a second the claims are untrue. What purpose would a login serve then? I can only think to myself that maybe it like, saves orders or credit card numbers or something?

What do you think?

illBoopYaHead | 2 points | Nov 21 2016 00:10:58

Well it is not a login for the admin to login and look at the backend because that's been found here http://wethepizza.com/admin/login It wouldn't make sense to have a separate login area.

sheik_yerbouti_jr | 2 points | Nov 21 2016 01:24:51

Editing the menu, for example.

mambomentality | 2 points | Nov 20 2016 23:45:38

Has anybody searched this proprietor's name on Wikileaks to see if an email comes out?

the_boar45 | 1 points | Nov 21 2016 07:52:23

could they be stupid enough to use the contact us email?

http://wethepizza.com/contact

neverNotFlexing | 2 points | Nov 20 2016 23:45:05

if it's SQL based, injection might be pretty easy. you dont need to know a valid user/pass. i wouldnt attack a site but im sure some grey sec guys would be up for it.

illBoopYaHead | 4 points | Nov 20 2016 23:54:12

Here's a list of their vulnerabilities: https://www.ssllabs.com/ssltest/analyze.html?d=www.wethepizza.com

mitzhatzmakoph | 1 points | Nov 20 2016 23:45:43

true.

tridentgum | 1 points | Nov 20 2016 23:48:19

it goes here: https://smb.webpop.com/projects/we-the-pizza/login?domain=wethepizza.com

so i doubt they would just have it sitting open like that.

neverNotFlexing | 2 points | Nov 20 2016 23:50:30

with sql injection you can get through almost any /login page if user input isnt properly sanitized/escaped

tridentgum | 2 points | Nov 20 2016 23:52:45

i'm aware, just saying a cloud based CMS company probably knows enough to not be retarded like that

straterc | 1 points | Nov 20 2016 23:47:12

It keeps refreshing

AnonIDIOTA | 3 points | Nov 21 2016 00:39:58

You guys think this might be a fall place? To move the focus from Comet and its connections?

LazeyJ | 2 points | Nov 21 2016 00:05:10

Maybe use the email within this guys post? https://www.reddit.com/r/pizzagate/comments/5e0nlv/whois_for_goodstuffeaterycom/?st=IVRB5V82&sh=38ef5e1d

Mamendel@hotmail.com

illBoopYaHead | 2 points | Nov 21 2016 00:13:24

That's the address for Spike Mendelsohn's sister https://www.linkedin.com/in/micheline-mendelsohn-789615108

mitchmass10 | 2 points | Nov 21 2016 02:09:15

@goodstuffeatery and @wethepizza on instagram are deleting my comments that say "#pizzagate"

funfuwa | 9 points | Nov 21 2016 03:08:17

why would you do that?

asdfgg1337 | 1 points | Nov 21 2016 07:51:49

Because he/she thinks its all fun

pizzathrowaway777 | 1 points | Nov 20 2016 23:47:15

UPDATE

The level of incompetence in this "hack" is extremely concerning. I am not sure what the original OP was trying to accomplish, but without the private key this is useless.

Please provide all of the data/files/html as evidence to MULTIPLE PDs (local or otherwise including the NYPD) before posting on the internet. You need to protect yourself, and establish a chain of evidence. Contacting an attorney is also very critical. If you do not have an attorney, get one asap.

If you do provide "evidence" on the web do it in an encrypted dump in bittorrent, all users should be careful and protect themselves, this could be a honeypot

No one cry wolf without validating OP's "evidence". Bringing false leads to the authorities is a surefire way to lose all credibility for this sub.

edit: Other users have pointed out, with good reason that local PD alone may be complicit and may not be the course of action. Simply linking on the internet is not how you bust these people though. You need to get as many eyes on the evidence as possible and make sure they understand you want to establish a chain of evidence and that your life is in danger.

edit2: added request for encrypted bittorrent dump, and piece about false reporting to authorities

edit3: contact attorney

whatshouldidowithmyl | 1 points | Nov 21 2016 16:19:27

Have you ran a spider against the site to see if the page was maybe just moved?