DEV Community

loading...

What is debunkism.com ?

Siddharth
13. Coding for a hobby
・1 min read

I recently came across this debunkism.com. It's actually a clone of DEV Community. Everything is the same. It copies all our Blog posts, accounts etc.

What is it?

Discussion (6)

Collapse
molly profile image
Molly Struve (she/her)

Hi all, the Forem team is aware of this issue and actively working as fast as we can to get the site taken down. Thanks for the heads up!

Collapse
tiguchi profile image
Thomas Iguchi

I believe it's actually a proxy server, not a clone. The one thing that is worrying me a bit is their login form. Username and password would go through their server and we have to assume that the credentials are logged there.

They also proxy another login security mechanism for generating a random authenticity_token that seems to be used for 3rd party sign-in. I'm not sure if it would be possible to hijack or pin user sessions by intercepting that endpoint. Sign-in protocols and flows like OAuth should make it impossible or extremely hard to pull that off, since the login service provided by GitHub or Twitter would only redirect with an authorization code response to dev.to, theoretically ruling debunkism out as a "man in the middle".

Collapse
kallmanation profile image
Nathan Kallman

Literally copied this post (down to the path): debunkism.com/siddharthshyniben/wh...

Collapse
siddharthshyniben profile image
Siddharth Author

Yep. Even the comment. This one too

Collapse
siddharthshyniben profile image
Siddharth Author

It's literally instantaneous

Thread Thread
ryencode profile image
Ryan Brown

Looking at the network-dev-console, the requests are actually to dev.to. So any content appears instantly as it is from dev.to. I'm not willing to try a login though.

Forem Open with the Forem app