DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Siddharth
Siddharth

Posted on

What is debunkism.com ?

I recently came across this debunkism.com. It's actually a clone of DEV Community. Everything is the same. It copies all our Blog posts, accounts etc.

What is it?

Top comments (6)

Collapse
 
molly profile image
Molly Struve (she/her)

Hi all, the Forem team is aware of this issue and actively working as fast as we can to get the site taken down. Thanks for the heads up!

Collapse
 
tiguchi profile image
Thomas Iguchi

I believe it's actually a proxy server, not a clone. The one thing that is worrying me a bit is their login form. Username and password would go through their server and we have to assume that the credentials are logged there.

They also proxy another login security mechanism for generating a random authenticity_token that seems to be used for 3rd party sign-in. I'm not sure if it would be possible to hijack or pin user sessions by intercepting that endpoint. Sign-in protocols and flows like OAuth should make it impossible or extremely hard to pull that off, since the login service provided by GitHub or Twitter would only redirect with an authorization code response to dev.to, theoretically ruling debunkism out as a "man in the middle".

Collapse
 
kallmanation profile image
Nathan Kallman

Literally copied this post (down to the path): debunkism.com/siddharthshyniben/wh...

Collapse
 
siddharthshyniben profile image
Siddharth

Yep. Even the comment. This one too

Collapse
 
siddharthshyniben profile image
Siddharth

It's literally instantaneous

Thread Thread
 
ryencode profile image
Ryan Brown

Looking at the network-dev-console, the requests are actually to dev.to. So any content appears instantly as it is from dev.to. I'm not willing to try a login though.

Hey 😍

Want to help the DEV Community feel more like a community?

Head over to the Welcome Thread and greet some new community members!

It only takes a minute of your time, and goes a long way!