Hackers force MangaDex to shut down
mangadex.orgThe letter on their site is dumb. It's the complete wrong approach to security. They have an implicit assumption that v5 will be perfect and totally not going to be exploited right out the gate.
They would be better off focusing on securing their existing site. Log EVERYTHING, make sure you don't have any ways to inject SQL, make sure that if anyone can break out server side they can't get to anything useful. Just basic stuff.
That said, they don't owe anyone anything. It's all volunteer, but if you are going to do it do it well.
The hacker leaked their source code onto github and said that only 2 out of 3 of the CVEs he was using was patched: https://github.com/holo-gfx/mangadex/issues
Other people who are now looking at their code said there are numerous other vulnerabilities. I guess that's why they decided to burn it to the ground and rewrite instead of trying to fix everything.
I know. It's just the fallacy that "Oh my last code base was flaming dog shit! Surely rewriting it will fix everything!". It never does. Sure, things might improve. But probably not unless something is really different about how they are doing v5 vs v3. Nothing they have said indicates that.
I'm probably being overly cynical.