Following the tradition of Hot or Not and other sites that ask the Internet masses to rank and rate various things, a United Kingdom-based hacker and web developer “s0lar” has launched RankMyHack.com.
Conceived as the world’s first “elite hacker ranking system,” RankMyHack gives “Ranking Points” to registered users who have submitted proof a Website they attacked, according to a post on the Website. According to the site’s Twitter feed, it was launched July 22, and had 316 registered users on Aug. 1.
“The bigger the site, the bigger the points,” RankMyHack.com promised.
More than 1,100 sites have been hacked and listed on the site as of Aug. 15, and the list includes prominent names, such as Huffington Post, Stackoverflow, Mapquest, Monster, and even Chinese search giant Baidu. On the handy leaderboard which displays the rankings, the Huffington Post breach has amassed the most points and is ranked first.
While there’s no way to tell that everything on the site is real, there’s a good chance many of them are legitimate hacks since the site claims to perform a validation and some of the sites are already known to be vulnerable, Tal Be’ery, a Web research team leader at Imperva’s Application Defense Center, wrote on the company’s Data Security blog. The site validation is pretty straight-forward, as RankMyHack scans the allegedly hacked site for a pre-determined words that the attacker had to embed somewhere in the page. Once found, the hack is assigned a score based on the site’s popularity.
Cross-site scripting attacks are awarded lower points, but racist or educational, military and government sites get a bonus. RankMyHack posts these point bounties to “focus” talented hackers against political and government forces.
“This site isn’t the next Anonymous or the next Lulzsec,” s0lar wrote, adding that bounties just provide a “politically constructive target” for its members.
The site also allows hackers to “duel” with each other to challenge their abilities and reputation, the site said. Members can compete with others on breaking into as many sites as possible in a specified timeframe.
“Up until now, when you met another hacker on an IRC or forum, there was no way to indicate if that hacker had any skills what so ever,” s0lar explained on the site. It also allows a hacker to list their “achievements” under their alias so that others could “quickly establish the calibre of hacker they are talking to,” according to s0lar.