NOTE: This post is not talking about performing illegal acts. Hey folks. I was trying to decide whether I should post this or not, but eventually decided to. My main niche has been literally flooded with competition over the past 2 years with turnkey web sites which are actually pretty feature-rich and compete nicely with my own custom-coded solutions. For one turnkey PHP product, I currently know of around 60 of these sites which are in the Alexa top 100,000 that use it, so this could have a pretty big impact if somebody else reproduced it. I obtained a much older version of this code from an old colleague and decided to dig a little bit deeper into the PHP code and see exactly what was behind this cool setup. The version I have is from 2008, while most of the sites I know are running versions from 2011-2012. The newest versions are ioncube encoded. Anyhoo, digging deep into the code of the 2008 version and what do you know, I have found 16 potential ways to authenticate as the site administrator and change anything I want within the site's infrastructure; this includes links, text, changing passwords, 301 redirects and anything else really. I have confirmed this with the latest version of this CMS which appears to be simply a reskinned version of the older stuff *sigh*. Note: I have no made any attempts to unlawfully access any networks. Now, my dilemma is that a lot of these sites use techniques for gaining their popularity that I would not approve of, mainly spam. Do I Contact the developer of this software (which is actually very expensive), Contact the site owners, or Do nothing and hope that someone else figures this out and has these (some of which are spammy) sites wiped out? A weird thread for someone who isn't that active on the forums.. but it was the best place I could think of to post something like this Thoughts?