CoderLegion charges $10/month premium while running hidden ads, faking their founding date, inflating user counts by 70%, and sending bulk emails with mail merge errors. Full technical proof. Every claim verified against public record.
TL;DR: CoderLegion charges $10/month for "premium" access to ~37 active writers on a free open-source script running on $5 shared hosting. They claim no ads (Google AdSense is in the source code). They claim to exist since 2020 (domain registered 2023). They claim 4,065 users (pagination math says ~1,200). Both their domains are blocked from renewal by GoDaddy. After this analysis was completed, the site went down — and a bulk outreach email arrived addressed to someone named "Rockman." There is no Peter Jones.
Why This Article Exists
I joined CoderLegion as a content creator.
Within days, I reached #2 on the monthly leaderboard. Not because the platform is competitive. Because barely anyone posts.
Then the founder — Mehadi Hasan — slid into my DMs with an offer:
"I'm building out some features to help developers like you get more visibility and grow faster on the platform. I'd love to give you Premium free for a month and get your feedback on whether it actually helps. No pressure at all."
I'm a developer. I look at what things are actually built on before I make decisions.
What I found is documented below. Every line of it is publicly verifiable.
Claim #1: "We've Been Around Since 2020"
Every page on CoderLegion contains this in its schema markup:
{
"dateCreated": "2020",
"publisher": "Coder Legion"
}
Public record:
$ whois coderlegion.com
Creation Date: 2023-07-21T16:50:42Z
Updated Date: 2026-04-14T05:35:38Z
Registrar: GoDaddy.com, LLC
The domain was registered July 21, 2023.
Their predecessor — the original platform they rebranded from:
$ whois kodlogs.net
Creation Date: 2021-05-08T04:28:37Z
kodlogs.net was registered May 2021. The platform they're claiming as their 2020 origin didn't exist until 2021 — and the current domain didn't exist until 2023.
Note also: the WHOIS record was updated April 14, 2026 — three days after a technical analysis of the platform was published publicly.
Domain records don't update themselves.
Verdict: The "Since 2020" claim is false by any public measure.
Claim #2: "We Don't Run Ads"
Their About page states:
"The platform is completely free to use. We don't run ads or charge authors."
Their HTML source code — press Ctrl+U on any page — states:
<script async
src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js">
</script>
<ins class="adsbygoogle"
data-ad-client="pub-1763140298030248"
data-ad-slot=""
data-ad-format="horizontal">
</ins>
Google AdSense Publisher ID: ca-pub-1763140298030248
This is not a placeholder. This is an active, configured AdSense implementation earning revenue from every page view.
The ads appear in the sidebar. At the bottom of posts. And — in a detail worth sitting with — on the Delete Profile page.
When a user is in the process of permanently deleting their account, CoderLegion serves them a Google ad.
During our analysis, a third-party survey ad also appeared:
MetroOpinion: "$5 مقابل إجابات قصيرة"
Multiple ad networks. On a platform that claims to run no ads.
Verdict: They run ads. The source code is the proof. The About page is not.
Claim #3: "Connect with 4,065 Amazing Developers"
Every visitor sees this in the login modal.
The users page has pagination. Pagination has math:
Last page accessible: /users?start=1170
Items per page: 30
Pages: 40
40 × 30 = 1,200 users
The modal claims 4,065.
The database-driven pagination reveals ~1,200.
A 70% inflation in the number displayed to potential new users.
Verdict: The user count is not accurate. The math is public.
What They're Actually Running
The source code makes the tech stack visible to anyone:
Path: /qa-theme/CoderLegion/
Path: /qa-plugin/q2a-badges-master/
Path: /qa-content/jquery-3.3.1.min.js
Cookie: qa_key ← Question2Answer session token
Cookie: PHPSESSID ← PHP backend
CoderLegion runs on Question2Answer (Q2A) — a free, open-source PHP script available at question2answer.org.
The server:
$ curl -I https://coderlegion.com
server: LiteSpeed
LiteSpeed shared hosting. Market rate: $3–5/month.
The CoderLegion Premium plan: $10/month.
Premium promises:
- "10x More Visibility"
- "Profile Boost"
- "Boosted Replies"
On a platform with ~37 active writers per month and ~1,200 total registered users.
You do the math.
The Domain Status: This Part Matters
$ whois coderlegion.com
Domain Status: clientRenewProhibited ⚠️
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registry Expiry Date: 2026-07-21
$ whois kodlogs.net
Domain Status: clientRenewProhibited ⚠️
Registry Expiry Date: 2026-05-08
clientRenewProhibited means GoDaddy has blocked the domain owner from renewing their domain.
This status is applied for reasons including outstanding payment issues, account holds, or compliance disputes.
Both domains carry this flag.
kodlogs.net — the predecessor platform — expired within days of this analysis being conducted.
coderlegion.com expires July 21, 2026.
If you have published content on CoderLegion:
Export it. Now. Before July.
The Security Infrastructure
Any developer who looks at what's actually running on the server behind a platform that collects payment information will find services with no business being publicly accessible.
The database — port 3306, MariaDB — is observable from the public internet.
I'll leave it at that.
If you're a developer, you know exactly what that means for user payment data.
If you're not: a properly secured server keeps its database accessible only to itself. Not to the public internet.
How it should be:
Database → localhost only ✅
What a developer paying attention might notice:
Database → publicly observable 🌍
The information is verifiable by anyone with standard tooling.
If you have entered payment information on CoderLegion, you should be aware of this.
The Authentication
The "Forgot Password" flow does not send a verification email.
It accepts a new password directly — without confirming ownership of the account through email verification.
The "Delete Account" page accepts any non-empty string in the password field. It does not validate against your actual account password.
Both were discovered during normal usage of my own account.
The Full Picture
┌─────────────────────────────────────────────┐
│ CoderLegion: Claimed vs. Real │
├─────────────────────┬───────────────────────┤
│ Founded │ 2020 → 2023 actual │
│ Users │ 4,065 → ~1,200 actual │
│ Active writers/mo │ Unstated → ~37 actual │
│ Ads │ "None" → AdSense active │
│ Platform │ Custom → Free Q2A script│
│ Hosting cost │ Unstated → ~$5/month │
│ Premium price │ $10/month │
│ Domain renewal │ clientRenewProhibited ⚠️│
│ Predecessor domain │ kodlogs.net → expired │
│ DB security │ Unstated → publicly │
│ │ observable │
└─────────────────────┴───────────────────────┘
"There Is No Peter Jones"
Before this analysis, I received an email from
Peter Jones <peter.jones@legioncoder.com>:
"Your recent post 'You Don't Need Chaos Monkey' on Hashnode really caught my attention... I'd love to feature you as a guest author on CoderLegion.com."
The email addressed me as "Rockman."
My name is FreeRave.
Others across the internet have reported receiving identical outreach emails — same wording, different sender names: "Ross," "Peter Jones," and others. All from @legioncoder.com addresses. All with the same template. Some with different names in the greeting.
This is a bulk outreach operation with mail merge errors.
There is no Peter Jones.
There is no editorial team reading your Hashnode posts.
There is a template, a mailing list, and occasionally the wrong name in the salutation.
UPDATE — May 3, 2026: The Site Went Down
Shortly after this analysis was completed:
ERR_CONNECTION_TIMED_OUT
coderlegion.com took too long to respond.
The site remained accessible from mobile networks — confirming a targeted IP block, not a server failure.
Mobile access continued showing ads, including the MetroOpinion survey ad.
And then — while blocked — I received the weekly CoderLegion newsletter:
"Hi FreeRave, Your profile is ready to grow!"
Account status: Deleted ✅
IP status: Blocked ✅
Newsletter: Still arriving 📧
Points: 835 — gone
Email list: Apparently permanent
What You Should Do Right Now
Free account:
Export all your content immediately. Go to your posts and copy everything. The domain situation makes July continuity uncertain.
Premium account:
You paid $10/month for increased visibility among ~37 active writers on a platform with uncertain domain continuity. If you believe the service was misrepresented, contact your card provider.
Considering joining:
You now have the information. The decision is yours.
How Any Developer Can Verify This
Every finding here came from publicly available information:
# Domain age, status, and expiry
$ whois coderlegion.com
$ whois kodlogs.net
# Server software
$ curl -I https://coderlegion.com
# Source code — press Ctrl+U in any browser
# Search for: adsbygoogle, qa-theme, dateCreated
# User count math
# Visit /users, find the last page number
# Multiply by 30
Before paying for any platform, spend 10 minutes on these checks.
Conclusion
Building a developer community from scratch is genuinely hard.
One person doing it alone deserves credit for trying.
But none of that justifies:
- Claiming a founding date 3 years before the domain existed
- Running Google AdSense while explicitly stating you don't run ads
- Displaying user counts 70% higher than the database supports
- Charging $10/month for access to ~37 active writers
- Operating with both domains blocked from renewal
- Running bulk outreach campaigns with mail merge errors
- Blocking IPs rather than responding to documented findings
Developers deserve accurate information about the platforms they invest their time, content, and money in.
This article exists because they weren't getting it.
All findings are based exclusively on public record data: WHOIS lookups, HTML source code, HTTP headers, pagination mathematics, and normal account usage. No unauthorized access was performed or implied.
Have you received an email from "Peter Jones"? What name did they use? Share below.
Related:
Top comments (0)