TechEcho

15 comments

mikeykalmost 12 years ago

Mike from Instagram here. We've now locked it down more (the actual admin contents were always properly protected).<p>We're also part of Facebook's bug bounty whitehat program (<a href="https://www.facebook.com/whitehat/bounty/" rel="nofollow">https://www.facebook.com/whitehat/bounty/</a>), if anyone comes across something in the future, we welcome responsible disclosure and pay out bounties through the program as well.

评论 #5874593 未加载

zalewalmost 12 years ago

it may be a honeypot. I sometimes set up a bogus form under /admin/ which logs attempts. adrian holovaty on the other hand, redirects /admin/ to django docs <a href="http://www.holovaty.com/writing/admin-easter-egg/" rel="nofollow">http://www.holovaty.com/writing/admin-easter-egg/</a><p>//edit: oh, now I see somebody thought of my idea too <a href="https://github.com/dmpayton/django-admin-honeypot" rel="nofollow">https://github.com/dmpayton/django-admin-honeypot</a>

评论 #5873845 未加载

donbronsonalmost 12 years ago

Pinterest and Instagram are both using Django. Then again, when you are scale like these sites, you start to build new architecture around existing stuff. Reference: <a href="http://highscalability.com/blog/2013/4/15/scaling-pinterest-from-0-to-10s-of-billions-of-page-views-a.html" rel="nofollow">http://highscalability.com/blog/2013/4/15/scaling-pinterest-...</a>

评论 #5873960 未加载

评论 #5874903 未加载

pjanalmost 12 years ago

And they're not alone: mixpanel Django site admin: <a href="https://mixpanel.com/admin/" rel="nofollow">https://mixpanel.com/admin/</a>

pacifi30almost 12 years ago

How do you mask your admin portal when you are small enough that you dont have an intranet. Someone on hacker news pointed out to me about my admin portal being open but I never understood how to mask it. <a href="http://www.truffle.io/admin/" rel="nofollow">http://www.truffle.io/admin/</a> Any suggestions?

评论 #5874059 未加载

评论 #5874930 未加载

workhere-ioalmost 12 years ago

I'm not sure what the point in linking to this is. If you regard it as security hole, alert Instagram. If you just want to let people know that Instagram uses Django... well, that information is already on <a href="https://www.djangoproject.com" rel="nofollow">https://www.djangoproject.com</a>.

评论 #5874292 未加载

gregorkasalmost 12 years ago

Although it's been a while since I've done anything in Django, seeing this still gives me a warm feeling.

the_cat_kittlesalmost 12 years ago

I changed the top bar color from that blue green to a red on the production deployment of my app- helps avoid forgetting which deployment you are messing with.

评论 #5874303 未加载

dlsymalmost 12 years ago

admin:admin doesn't work.

评论 #5873897 未加载

评论 #5873969 未加载

spdyalmost 12 years ago

Would love to see the inside. If they use special dashboards etc.<p>Maybe someone can give some insight.

评论 #5874497 未加载

lukashedalmost 12 years ago

BlackJet Django admin: <a href="https://www.blackjet.com/admin/" rel="nofollow">https://www.blackjet.com/admin/</a>

jchungalmost 12 years ago

Did you inform Instagram first before posting it to HN?

wrboycealmost 12 years ago

It seems to have (just) changed to a non-standard (different to the rest of Instagram's) 404 page.

techaddict009almost 12 years ago

Has anyone taken the snapshot of it ? As instagram has fixed it and i have missed a chance to see it.

评论 #5874805 未加载

rajbalaalmost 12 years ago

They removed the link to the admin page.

15 comments

mikeykalmost 12 years ago

评论 #5874593 未加载

zalewalmost 12 years ago

评论 #5873845 未加载

donbronsonalmost 12 years ago

评论 #5873960 未加载

评论 #5874903 未加载

pjanalmost 12 years ago

And they're not alone: mixpanel Django site admin: <a href="https://mixpanel.com/admin/" rel="nofollow">https://mixpanel.com/admin/</a>

pacifi30almost 12 years ago

评论 #5874059 未加载

评论 #5874930 未加载

workhere-ioalmost 12 years ago

评论 #5874292 未加载

gregorkasalmost 12 years ago

Although it's been a while since I've done anything in Django, seeing this still gives me a warm feeling.

the_cat_kittlesalmost 12 years ago

I changed the top bar color from that blue green to a red on the production deployment of my app- helps avoid forgetting which deployment you are messing with.

评论 #5874303 未加载

dlsymalmost 12 years ago

admin:admin doesn't work.

评论 #5873897 未加载

评论 #5873969 未加载

spdyalmost 12 years ago

Would love to see the inside. If they use special dashboards etc.<p>Maybe someone can give some insight.

评论 #5874497 未加载

lukashedalmost 12 years ago

BlackJet Django admin: <a href="https://www.blackjet.com/admin/" rel="nofollow">https://www.blackjet.com/admin/</a>

jchungalmost 12 years ago

Did you inform Instagram first before posting it to HN?

wrboycealmost 12 years ago

It seems to have (just) changed to a non-standard (different to the rest of Instagram's) 404 page.

techaddict009almost 12 years ago

Has anyone taken the snapshot of it ? As instagram has fixed it and i have missed a chance to see it.

评论 #5874805 未加载

rajbalaalmost 12 years ago

They removed the link to the admin page.

Instagram Django site admin

15 comments

Instagram Django site admin

15 comments