Another hacker developer banned from XenForo (HQCoder)

  • Thread starter
  • Admin
  • #1

Alfa1

Administrator
Joined
May 28, 2007
Messages
3,928
On XenForo.com a Vietnamese coder named HQCoder released very similar addons to Brivium and seems to have copied code from legitimate developers. If you are running any of the addons by HQCoder then remove these immediately because these may include security risks!

last month he released his own version of:
Brivium:
https://xenforo.com/community/threads/hqcoder-limit-post-link-deleted.136545/
https://xenforo.com/community/threads/hqcoder-limit-post-to-view-forum-deleted.136515/
https://xenforo.com/community/threads/hqcoder-ajax-resource-name-seach-deleted.136497/
https://xenforo.com/community/threads/advance-attachment-download-deleted.136082/
https://xenforo.com/community/threads/hqcoder-profile-cover-deleted.136967/
All these are also offered by the hacker collective Brivium.

Liam/Xon:
https://xenforo.com/community/threads/hqcoder-clone-detector-deleted.136461/
https://xenforo.com/community/resources/alter-ego-detector.2405/

0ptima:
https://xenforo.com/community/resources/hqcoder-convert-threads-to-resources-xenforo-2-x.5772/
https://xenforo.com/community/threa...eads-to-resources-xenforo-2-x-deleted.136105/

HQCoder owns congngheaz.com which offers nulled software and advertises brivium andHQCoder software:
https://web.archive.org/web/20160601220603/http://congngheaz.com:80/resources/

I see the Whois traces to an email account hqcoder.pro@gmail.com
http://whois.domaintools.com/congngheaz.com
http://whois.domaintools.com/congngheaz.com
A quick Google for "hqcoder congngheaz" or just "plus.google.com hqcoder" gives more information:
https://plus.google.com/116735811593760389867
https://plus.google.com/112386995584528180728

This was reported this to XenForo which was carefully investigated by the XF team which resulted in the coder getting banned and his addons removed.

This is not the only developer that was reported. The XF team carefully investigates reports before taking such rigorous action. I assume that due diligence is required before removing someone from their platform.

Please consider that addons are not reviewed on the xenforo.com marketplace and anyone can post addons there.
This is displayed on the XenForo Marketplace:
.png

As a webmaster you are therefore fully responsible to review/audit the code that you are installing to see if there are any backdoors, security issues or if the code is in order.
 

Freelancer

Aspirant
Joined
May 9, 2016
Messages
24
Many thanks to Alfa1 who got this reported to and handled by the XF team. Much appreciated initiative.
 

Xon

Adherent
Joined
Feb 15, 2015
Messages
307
Today I learn; people are willing to pirate an open source XF1 add-on and make a quick conversion to XF2 and try to sell it.
 
  • Thread starter
  • Admin
  • #5

Alfa1

Administrator
Joined
May 28, 2007
Messages
3,928
Today I learn; people are willing to pirate an open source XF1 add-on and make a quick conversion to XF2 and try to sell it.
Its not certain that sales is the main objective when it comes to hackers. A forum database is worth hundreds or thousands on the darknet markets.
Thanks Alfa1 , was there any notification on the XF site to its members? I didn't see anything posted.
This is all very fresh and as mentioned this was not the only coder reported. Please be patient. I am sure the XF team carefully evaluates the entire situation.
 

Jake

Developer
Joined
Jan 19, 2013
Messages
1,058
This is all very fresh and as mentioned this was not the only coder reported. Please be patient. I am sure the XF team carefully evaluates the entire situation.
Oh, there are more?
 

Igneous

Participant
Joined
Dec 4, 2016
Messages
64
How are they a hacker though? I don't see where that comes into it.

Yeah they are a thief and a shady bastard but not a hacker, what did he compromise or gain unauthorized access to?
 

Woffie

Enthusiast
Joined
Dec 30, 2008
Messages
107
This is one issue you will run into when using 3rd party addons. It opens you up to security risks.
 
Top