I recently came across this debunkism.com. It's actually a clone of DEV Community. Everything is the same. It copies all our Blog posts, accounts etc.
What is it?
For further actions, you may consider blocking this person and/or reporting abuse
I recently came across this debunkism.com. It's actually a clone of DEV Community. Everything is the same. It copies all our Blog posts, accounts etc.
What is it?
For further actions, you may consider blocking this person and/or reporting abuse
Michael Tharrington -
Ben Halpern -
Sloan the DEV Moderator -
dev.to staff -
Once suspended, siddharthshyniben will not be able to comment or publish posts until their suspension is removed.
Once unsuspended, siddharthshyniben will be able to comment and publish posts again.
Once unpublished, all posts by siddharthshyniben will become hidden and only accessible to themselves.
If siddharthshyniben is not suspended, they can still re-publish their posts from their dashboard.
Once unpublished, this post will become invisible to the public and only accessible to Siddharth.
They can still re-publish the post if they are not suspended.
Thanks for keeping DEV Community safe. Here is what you can do to flag siddharthshyniben:
Unflagging siddharthshyniben will restore default visibility to their posts.
Top comments (6)
Hi all, the Forem team is aware of this issue and actively working as fast as we can to get the site taken down. Thanks for the heads up!
I believe it's actually a proxy server, not a clone. The one thing that is worrying me a bit is their login form. Username and password would go through their server and we have to assume that the credentials are logged there.
They also proxy another login security mechanism for generating a random
authenticity_tokenthat seems to be used for 3rd party sign-in. I'm not sure if it would be possible to hijack or pin user sessions by intercepting that endpoint. Sign-in protocols and flows like OAuth should make it impossible or extremely hard to pull that off, since the login service provided by GitHub or Twitter would only redirect with an authorization code response to dev.to, theoretically ruling debunkism out as a "man in the middle".Literally copied this post (down to the path): debunkism.com/siddharthshyniben/wh...
Yep. Even the comment. This one too
It's literally instantaneous
Looking at the network-dev-console, the requests are actually to dev.to. So any content appears instantly as it is from dev.to. I'm not willing to try a login though.