XSS attack! – We are back :)

Posted by Harsh on June 10th, 2011 Filed in Announcement 13 Comments »

Hey Guys,

As some of you may have noticed, there has been an xss attack on our site since yesterday. You may find that your profile data has been changed. We are trying to restore this. To prevent further problems we are taking the site down.

We apologize to our users for taking the site down in the middle of the contest. On a brighter note, this gives us an opportunity to make ourselves stronger. :)

We will be back soon.

UPDATE: We are back. We apologize for the prolonged downtime. We have tried our best to restore your data back and ensure that this does not occur again. However, we have not been able to update a few of your profiles, whom we request to update manually.

Please send a mail to feedback@codechef.com in case you still face any issues or suspect any malicious activity.

The contest will be extended to make up for the lost time.

Keep watching this space to know what actually transpired.

Regards,
Team CodeChef

Share
  • Dexter

    Oh Sad ! Good luck to the developers, Hope to see the site back again in action. 

    • radha krishnan

      Who attacked this website? 
      @CC admins : U find who did this XSS attack ? 

      • http://www.codechef.com CodeChef

        We believe that revealing the identity of the person does not do any good to anyone. We figured out who it was and have contacted the person who accepted.

  • Fringe

    Dexter is the hacker.

  • HIMYM

    Please Give Prior warning before taking the site off-line.
    I have a code written and I want to test it.
    And Increase the time-limit tomorrow.

    • http://www.codechef.com CodeChef

      It was taken off-line only to prevent the users’ data from being tampered. We are restoring back the data of as many users as we can. We will be back soon. Also the contest will be extended.

      • http://www.facebook.com/people/Suhash-Venkatesh/516736807 Suhash Venkatesh

         Good to hear that! It would be nice if you could specify the duration by which the contest has been extended! Thanks in advance!

      • Coolravi321

         you still did not tell what transpired.what happened?

        • Narayana

          I agree to CoolRavi.I think it is dangerous, because I also connect Facebook account to Codechef. If hacker get my auth token, he can steal my facebook info and give to malicious party. If Codechef cannot explain why XSS attack happen and if it can happen once more, I don’t think it is safe for me or any other programmer. It is bad that Codechef cannot find root of such bug. Please tell me how to delete account. I try hard to find, but not find any way of deleting Codechef.

          • http://www.codechef.com CodeChef

            There was a security loophole in the site that the hacker exploited to change the data of some users. The loophole allowed the hacker to attach Javascript code in the input fields on the profile page which when rendered was executed. It was a standard XSS attack and it is a bit of shame for us to harbor that loophole for so long on our website. We apologize for the inconvenience caused to you all. It has been fixed now and we can assure you all that your data is safe with us.

      • CoolRavi321

        I am asking because i am concerned for my security and data. is it safe to compete?

  • Pingback: June 2011 Challenge Winners! | Codechef

  • Bestwesternglendower

    We understand. There’s nothing to say sorry for. Just keep it up. Thanks.

    hotels st annes, lytham hotels, lytham st annes hotels, hotels in st annes, hotels in lytham  


Recent Posts

Categories

Recent Comments

Recent Pictures

Blogroll

Archives

Company Blogs

Careers@Directi