F
14

That $500 'just add SQL' advice from a forum guy that broke our entire database

I mean, I was on a random IT consulting forum last spring and some guy named 'TechGuru42' told me to just run a quick SQL command to fix a slow query. Sounded easy enough so I did it on a Wednesday afternoon while eating lunch. Turns out that command dropped a key table and the whole client CRM went down for 4 hours. The client was a real estate firm in Phoenix and they lost like 12 property listings that got corrupted. I spent the next two days restoring from backups and explaining to my boss why I listened to a stranger on the internet. Has anyone else ever followed advice from a forum and had it totally backfire?
3 comments

Log in to join the discussion

Log In
3 Comments
alext52
alext522d ago
Oh man, did you hear about my buddy Dave from our old IT meetup group? He tried the exact same thing with a forum post about merging customer databases. Some guy said to use a "simple LEFT JOIN" and Dave copy-pasted it straight into production. Turns out it joined on the wrong column and merged like 2,000 customer addresses with the wrong people. His company had to mail apology letters to everyone and offer free credit monitoring for a year. The worst part was his boss made him sit through a mandatory "don't trust strangers on the internet" training video for the whole department. Dave still gets teased about it at company parties and I guess he's never touching SQL again without a senior dev looking over his shoulder.
6
dianawilson
Oh wow, that Dave story is brutal. Reminds me of this guy Mark from a forum I used to be on who tried to fix a PHP script by copying a code snippet from some random blog. He was trying to patch a login bug and the snippet had a hidden backdoor in it. Next thing you know, his whole site got hijacked and started sending spam to everyone on his mailing list. He spent like three weekends rebuilding the whole thing from scratch and his hosting provider locked his account for about a week. Now he's super paranoid and won't even look at a code snippet without running it past three people first.
4
emma_jones
Oh that's funny you mention @dianawilson because I think I actually saw that same blog post back in the day. It was one of those "fix your login fast" tutorials and the comments were all glowing until someone finally noticed the hidden eval() call in the middle of the base64 decode. What gets me is how many of those snippets are just copy pasted from Stack Overflow with no one checking the actual code. Mark's lucky he only lost a week of weekends. I heard of a guy who had his whole server wiped because he ran a "performance optimization script" that was actually a rm -rf / in disguise.
3