Another hacker developer banned from XenForo (HQCoder)

Discussion in 'XenForo' started by Alfa1, Nov 9, 2017.

  1. Alfa1

    Alfa1 Administrator

    3,856
    1,702
    +2,709
    On XenForo.com a Vietnamese coder named HQCoder released very similar addons to Brivium and seems to have copied code from legitimate developers. If you are running any of the addons by HQCoder then remove these immediately because these may include security risks!

    last month he released his own version of:
    Brivium:
    https://xenforo.com/community/threads/hqcoder-limit-post-link-deleted.136545/
    https://xenforo.com/community/threads/hqcoder-limit-post-to-view-forum-deleted.136515/
    https://xenforo.com/community/threads/hqcoder-ajax-resource-name-seach-deleted.136497/
    https://xenforo.com/community/threads/advance-attachment-download-deleted.136082/
    https://xenforo.com/community/threads/hqcoder-profile-cover-deleted.136967/
    All these are also offered by the hacker collective Brivium.

    Liam/Xon:
    https://xenforo.com/community/threads/hqcoder-clone-detector-deleted.136461/
    https://xenforo.com/community/resources/alter-ego-detector.2405/

    0ptima:
    https://xenforo.com/community/resources/hqcoder-convert-threads-to-resources-xenforo-2-x.5772/
    https://xenforo.com/community/threa...eads-to-resources-xenforo-2-x-deleted.136105/

    HQCoder owns congngheaz.com which offers nulled software and advertises brivium andHQCoder software:
    https://web.archive.org/web/20160601220603/http://congngheaz.com:80/resources/

    I see the Whois traces to an email account hqcoder.pro@gmail.com
    http://whois.domaintools.com/congngheaz.com

    A quick Google for "hqcoder congngheaz" or just "plus.google.com hqcoder" gives more information:
    https://plus.google.com/116735811593760389867
    https://plus.google.com/112386995584528180728

    This was reported this to XenForo which was carefully investigated by the XF team which resulted in the coder getting banned and his addons removed.

    This is not the only developer that was reported. The XF team carefully investigates reports before taking such rigorous action. I assume that due diligence is required before removing someone from their platform.

    Please consider that addons are not reviewed on the xenforo.com marketplace and anyone can post addons there.
    This is displayed on the XenForo Marketplace:
    .png

    As a webmaster you are therefore fully responsible to review/audit the code that you are installing to see if there are any backdoors, security issues or if the code is in order.
     
    • Informative! x 14
    • Like x 12
    • Appreciation x 4
    • Winner x 2
    • Pure Genius! x 1
    • List
  2. Freelancer

    Freelancer Aspirant

    24
    8
    +43
    Many thanks to Alfa1 who got this reported to and handled by the XF team. Much appreciated initiative.
     
  3. Bionic Rooster

    Bionic Rooster Adherent

    298
    87
    +203
    Thanks Alfa1 , was there any notification on the XF site to its members? I didn't see anything posted.
     
  4. Xon

    Xon Adherent

    305
    207
    +447
    Today I learn; people are willing to pirate an open source XF1 add-on and make a quick conversion to XF2 and try to sell it.
     
    • Like Like x 1
    • Agree Agree x 1
    • Informative! Informative! x 1
    • List
  5. Alfa1

    Alfa1 Administrator

    3,856
    1,702
    +2,709
    Its not certain that sales is the main objective when it comes to hackers. A forum database is worth hundreds or thousands on the darknet markets.
    This is all very fresh and as mentioned this was not the only coder reported. Please be patient. I am sure the XF team carefully evaluates the entire situation.
     
    • Like Like x 3
    • Agree Agree x 2
    • Informative! Informative! x 1
    • List
  6. Jake

    Jake Developer

    1,058
    362
    +1,111
    Oh, there are more?
     
    • Also Wondering! Also Wondering! x 2
    • List
  7. Russ

    Russ Administrator

    1,271
    1,072
    +1,835
    Alfa's coming after you, Jake.

    Nice stuff Alfa.
     
  8. Bionic Rooster

    Bionic Rooster Adherent

    298
    87
    +203
    amedia_cache_ec0.pinimg.com_736x_d9_82_f5_d982f5df878762b9fdfee38c3ba0a4ce.jpg
     
  9. Igneous

    Igneous Participant

    64
    13
    +15
    How are they a hacker though? I don't see where that comes into it.

    Yeah they are a thief and a shady bastard but not a hacker, what did he compromise or gain unauthorized access to?
     
  10. Woffie

    Woffie Enthusiast

    107
    33
    +45
    This is one issue you will run into when using 3rd party addons. It opens you up to security risks.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.