I completed the first HTML certification project, Build A Tribute Page. using CodePin. I got an error message to confirm my email in order to view in Full Page View. I did this and as I was trying to complete the CAPTCHA code, it closed out and took me straight to the log in versus allowing me to complete the captcha. Well, all of a sudden my computer is compromised.
I want to continue to the next project but I think it’ll happen again being that I have to use Codepin.
Your browser information:
User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36
Well, I suppose anything can happen but codepen is a hugely popular site used by a ton of developers and I would imagine if there was an exploit out there we would probably hear about it almost immediately. Perhaps you are the first one to discover it?
More likely, if your computer is compromised, it is probably not related to codepen. Perhaps you can give us a little more detail on what is happening to your computer that causes you to believe it has been hacked?
You can other online tools like codesandbox or replit.
You can also create your projects locally with your code editor and then deploy the site using something like github pages if you feel comfortable with that option.
If there is an issue with codepen, then there is not a whole lot freeCodeCamp can do about it.
I mean it didn’t start until I was asked to do that.
So, it’s using this circle to navigate my screen and it goes in and out while I’m also trying to navigate my screen myself. It’ll open and close certain apps and each time I go to restart the computer it’ll press something else to keep me from accessing the menu. I just powered off instead. If codepin wasn’t the issue, do you know what could have caused it?
Wow, that sounds like someone is remotely controlling your desktop. If this is the case the first thing I would do is disconnect the computer from the internet. Then I’d use a different computer to download a good anti-virus program and install it on your compromised computer and see if it finds anything. I still would not reconnect it to the internet while doing this (if possible).
I’m by no means an expert on this stuff so maybe someone else can chime in.
Remote execution exploits using nothing but the browser as the entry point and with no user interaction is extremely rare in this day and age (updated OS and browser).
What you are describing sounds like a RAT type application that is usually willingly/unwillingly installed by the user through some sort of social engineering attack, or by people just installing random crap on their systems.
I find it fairly unlikely that it happened through the process you described. Even using some clever click-jacking attack wouldn’t let you install malware/RAT software that easily. Did you run anything, did you install anything?
Anyway, as said, unplug the internet and try running an offline scan.
I know you all are trying to help lol but I didn’t pick up a computer just yesterday so I’d know if I had installed something. But it’s 6:30am the next day and codepin is down so …
I agree with this. I’ve seen plenty of videos where remote software is used, and its behavior (with the circle around the mouse specifically) is used to more or less control you computer from afar.
Experience isn’t a big factor. Your human, you could have made a mistake, or someone else made a mistake, or you’re just unlucky and got hacked by pure chance. There are too many possible factors that could end up with your machine getting compromised. I would not dismiss these scenarios of hand and blame the codepen (not codepin) just due to timing. A smart hacker with high levels of access would not do much immediately as to not raise suspicion. Waiting for you to “start coding” seems like an excellent cover to distract from whatever actual entry point they took.
The main reason why codepen probably isn’t the culprit is because codepen runs in the browser, and most of the modern web is built around the concept of security of that single piece of software. Its vastly easier to trick a human into making a mistake than breaking through all the layers of security multiple companies build into the browser.
Overall I agree with above, and disconnecting this machine from the internet is your best bet. If the hacker is using remote execution software, they could of done many things to your system, but stopping them from doing anything more would be the first step.
The next steps would be to run scans, and try to hunt down the actual remote execution software. Along with taking mitigation steps on important stuff like backing up documents, updating passwords to site you’ve used in the past, activating 2 factor authentication so even if all your passwords are compromised they can’t access your accounts without your 2-factory device.
Id compare this situation to finding out there has been a robber living in your house for an unknown amount of time. Which could range from just “messing around” and using your system, to potentially setting multiple traps to the point you can consider your entire system compromised. It could be bad, but understanding the extent is the first step in managing it, and then protecting yourself from it now and later.
