Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

Read Me Security Issue

Hello Coders,

Early today we suffered a software exploit which led to a hacker getting a hold of sensitive account data. I believe that I have fixed the issue but are currently taking extra precautions to ensure this doesn't happen again. I ask if all members could please reset their password for security reasons.

The exploit may have came from the XenForo provided API system which we do not use and or our compiler. Both have been permanently disabled. ~ Update: Multiple changes have been made in result to this breach. Directory indexing has also been disabled and file permissions were changed.

I am deeply sorry for my lack of expertise within this area and will do everything in my ability to ensure that this never happens again. If you have any suggestions on how to improve security I'd be more than happy to listen. I hope we can move past this and continue growing our amazing community.

The information we collect are your name/username, email and IP address. You can view our privacy policy here.

If you have any questions or concerns please feel free to contact me.
 
Last edited:
Click to expand...
Thanks for the notice. I was wondering why I was getting Password Resets and not being able to login.

I’d say that you should contact XenForo for advice on Security and maybe look for some Plugins that can help. Maybe ask other XenForo Users for help.

I am glad to be part of this Community but having my Info stolen is not something that I want to happen. So I’m sorry to say this but I will be deleting my Account in the next few days or so.

I wish the best of luck to your Future endeavours, @Malcolm and the safety of CodeForum.
 
Arvid said:
Thanks for the notice. I was wondering why I was getting Password Resets and not being able to login.

I’d say that you should contact XenForo for advice on Security and maybe look for some Plugins that can help. Maybe ask other XenForo Users for help.

I am glad to be part of this Community but having my Info stolen is not something that I want to happen. So I’m sorry to say this but I will be deleting my Account in the next few days or so.

I wish the best of luck to your Future endeavours, @Malcolm and the safety of CodeForum.
Click to expand...
I believe no matter what it is, members of a community need to be notified if their account information has been stolen.

I have already created post regarding this to XenForo and awaiting a response. I'll keep the community informed as to what is said.

I can completely understand, please contact me when ready.

You can also check out our Privacy Policy to see what information we collect.
 
Oh scary! I really appreciate the transparency on this matter.

Things like this are why it's important to use different passwords for every site (use a password manager if you have to) and to use 2FA.

@Malcolm I'm no expert but I think it would be a good idea to enable 2FA (Two Factor Authentication) enabled on Code Forum.

Nevermind I just found it!
 
Its Ok. I have looked in the site files with some software I can not announce. I sealed it from hackers getting into these files. I can see directly who is getting into the files. If I see unusual stuff I will contact the owner on time.
 
I am very sorry to hear this @Malcolm ! You should be a lot more careful! Luckily, I don't use the same password on other sites so this won't affect me as much as it would affect others. Think of this as a wake up call to all webmasters to be a lot more careful!
 
JoyFreak said:
I am very sorry to hear this @Malcolm ! You should be a lot more careful! Luckily, I don't use the same password on other sites so this won't affect me as much as it would affect others. Think of this as a wake up call to all webmasters to be a lot more careful!
Click to expand...
This is why you don't use software to makes Forums. Stuff can be more exposed that way. Instead of having a direct online panel. When having a software you got to look at the connection between the 2.
 
TwentySix said:
This is why you don't use software to makes Forums. Stuff can be more exposed that way. Instead of having a direct online panel. When having a software you got to look at the connection between the 2.
Click to expand...
What do you mean don't use software to make forums?
XenForo is pretty good
 
TwentySix said:
This is why you don't use software to makes Forums. Stuff can be more exposed that way. Instead of having a direct online panel. When having a software you got to look at the connection between the 2.
Click to expand...
We're still investigating this but I'm coming to a conclusion that this breach was actually from the compiler not XenForo.
 
Last edited:
I hope you have managed to get it sorted, its not very nice to have this done and any measures to put in place to stop these people from gaining access, if its not spam its people trying to steal data,

I hear Xenforo is pretty good just have to keep an eye on the addons you add to a site to ensure they are secure too. its good to hear you are getting to the bottom of it.
 
Alan said:
I hope you have managed to get it sorted, its not very nice to have this done and any measures to put in place to stop these people from gaining access, if its not spam its people trying to steal data,

I hear Xenforo is pretty good just have to keep an eye on the addons you add to a site to ensure they are secure too. its good to hear you are getting to the bottom of it.
Click to expand...
I never got the point of hacking it's stupid. But I'm hoping as a community we can move forward and I'll ensure it never happens again.

Yes, XenForo is actually pretty secure. And I'm most likely going to continue to use it. I'll be having a new dev look over the current compiler, perhaps apply some restrictions and host it on a different host not connected to CodeForum.
 
Malcolm said:
I never got the point of hacking it's stupid. But I'm hoping as a community we can move forward and I'll ensure it never happens again.
Click to expand...

Yeah I don't understand the purpose of hacking forums. In this case, we lucked out that they were doing it to show us where we're vulnerable here. It could have been much worse.
 
I agree 100%! As a community let’s show the world that once we get knocked down we can get back up :)
 
Sorry to hear you've had such issues @Malcolm - I'm guessing there'd likely be some indication if our accounts had been compromised? eg. Arvid previously mentioned Password Resets..

I'll reset my password regardless, but as with others I tend to use unique passwords at every site.
 
It was very unfortunate, but I’m happy we are moving past this as a community. As a precaution I had all members reset their passwords.

I too also use unique passwords for every site and including two factor login. The only information that would been compromised would be Usernames, passwords (are tough to crack due to XenForo hash methods) and emails.
 
Hahaha! It’s all good! But I’m definitely taking security more seriously now to prevent this ever happens again in the future :)
 

New Threads

Latest posts

Share this page

Buy us a coffee!

Code Academy Advertisement
DataCamp Advertisement

About Us

Code Forum is a community platform where coding enthusiasts can connect with other developers, engage in discussions, ask for help, and share their knowledge with a supportive community. It's a perfect place to improve your coding skills and to find a community of like-minded individuals who share your passion for coding.

Site links

Stay Connected

Back
Top Bottom