XSS attack! – We are back :)

1 min read

Hey Guys,

As some of you may have noticed, there has been an xss attack on our site since yesterday. You may find that your profile data has been changed. We are trying to restore this. To prevent further problems we are taking the site down.

We apologize to our users for taking the site down in the middle of the contest. On a brighter note, this gives us an opportunity to make ourselves stronger. 🙂

We will be back soon.

UPDATE: We are back. We apologize for the prolonged downtime. We have tried our best to restore your data back and ensure that this does not occur again. However, we have not been able to update a few of your profiles, whom we request to update manually.

Please send a mail to feedback@codechef.com in case you still face any issues or suspect any malicious activity.

The contest will be extended to make up for the lost time.

Keep watching this space to know what actually transpired.

Team CodeChef

A new home for CodeChef!

CodeChef was started in 2009 by Bhavin and team as part of Directi, to be a platform to help programmers enhance their skills, and...
1 min read

Scaling up – new cloud-based checkers

tl;dr: We are experimenting with new cloud-based checkers for the April Cook-Off to cope with the heavy traffic. There should not be much noticeable...
2 min read

To turning 11

Submissions and Challenges, Errors and Bugs The Chef’s Kitchen is always hustling with its community and fresh serves! Another year older and another year...
1 min read

13 Replies to “XSS attack! – We are back :)”

    1. It was taken off-line only to prevent the users’ data from being tampered. We are restoring back the data of as many users as we can. We will be back soon. Also the contest will be extended.

        1. I agree to CoolRavi.I think it is dangerous, because I also connect Facebook account to Codechef. If hacker get my auth token, he can steal my facebook info and give to malicious party. If Codechef cannot explain why XSS attack happen and if it can happen once more, I don’t think it is safe for me or any other programmer. It is bad that Codechef cannot find root of such bug. Please tell me how to delete account. I try hard to find, but not find any way of deleting Codechef.

          1. There was a security loophole in the site that the hacker exploited to change the data of some users. The loophole allowed the hacker to attach Javascript code in the input fields on the profile page which when rendered was executed. It was a standard XSS attack and it is a bit of shame for us to harbor that loophole for so long on our website. We apologize for the inconvenience caused to you all. It has been fixed now and we can assure you all that your data is safe with us.

Leave a Reply