XSS attack! – We are back :)

Posted by Harsh on June 10th, 2011 Filed in Announcement View Comments

Hey Guys,

As some of you may have noticed, there has been an xss attack on our site since yesterday. You may find that your profile data has been changed. We are trying to restore this. To prevent further problems we are taking the site down.

We apologize to our users for taking the site down in the middle of the contest. On a brighter note, this gives us an opportunity to make ourselves stronger.

We will be back soon.

UPDATE: We are back. We apologize for the prolonged downtime. We have tried our best to restore your data back and ensure that this does not occur again. However, we have not been able to update a few of your profiles, whom we request to update manually.

Please send a mail to feedback@codechef.com in case you still face any issues or suspect any malicious activity.

The contest will be extended to make up for the lost time.

Keep watching this space to know what actually transpired.

Regards,
Team CodeChef

Dexter

Oh Sad ! Good luck to the developers, Hope to see the site back again in action.
Fringe

Dexter is the hacker.
HIMYM

Please Give Prior warning before taking the site off-line.
I have a code written and I want to test it.
And Increase the time-limit tomorrow.
http://www.codechef.com CodeChef

It was taken off-line only to prevent the users’ data from being tampered. We are restoring back the data of as many users as we can. We will be back soon. Also the contest will be extended.
http://www.facebook.com/people/Suhash-Venkatesh/516736807 Suhash Venkatesh

Good to hear that! It would be nice if you could specify the duration by which the contest has been extended! Thanks in advance!
http://blog.codechef.com/2011/06/13/june-2011-challenge-winners/ June 2011 Challenge Winners! | Codechef

[...] The June contest saw some interesting participation in the first couple of days. In the Indian rank list we have a tie for the 5th place between 4 people and 11th place between 14 people and in the Global list we have a tie for the 14th place between 7 people. During the contest we had faced an xss attack on our site due to which we had to bring the site down for a few hours and extended the contest by a day. We are fully functional now. You can read more about the attack here. [...]
Coolravi321

you still did not tell what transpired.what happened?
CoolRavi321

I am asking because i am concerned for my security and data. is it safe to compete?
radha krishnan

Who attacked this website?
@CC admins : U find who did this XSS attack ?
Narayana

I agree to CoolRavi.I think it is dangerous, because I also connect Facebook account to Codechef. If hacker get my auth token, he can steal my facebook info and give to malicious party. If Codechef cannot explain why XSS attack happen and if it can happen once more, I don’t think it is safe for me or any other programmer. It is bad that Codechef cannot find root of such bug. Please tell me how to delete account. I try hard to find, but not find any way of deleting Codechef.
Bestwesternglendower

We understand. There’s nothing to say sorry for. Just keep it up. Thanks.

hotels st annes, lytham hotels, lytham st annes hotels, hotels in st annes, hotels in lytham
http://www.codechef.com CodeChef

There was a security loophole in the site that the hacker exploited to change the data of some users. The loophole allowed the hacker to attach Javascript code in the input fields on the profile page which when rendered was executed. It was a standard XSS attack and it is a bit of shame for us to harbor that loophole for so long on our website. We apologize for the inconvenience caused to you all. It has been fixed now and we can assure you all that your data is safe with us.
http://www.codechef.com CodeChef

We believe that revealing the identity of the person does not do any good to anyone. We figured out who it was and have contacted the person who accepted.

XSS attack! – We are back :)

Recent Posts

Categories

Recent Comments

Recent Pictures

Blogroll

Archives