MangaDex: Manga scanlation giant MangaDex has been temporarily shut down after suffering a cyberattack and having its source code stolen. MangaDex is one of the largest manga scanlation (scanned translations) sites where visitors can read manga comics online for free. According to SimilarWeb, MangaDex is the 179th most frequently visited site on the web, with over 76 million visitors per month.
MangaDex is a platform for free and ad-free fan-translations of manga, manhwa and manhua, where submitted content is never compressed nor altered, for the best possible quality of reading. The scale at which she operates creates some interesting technical challenges.
MangaDex was created in January 2018 by the former admin and sole developer, Hologfx. Since then, MangaDex has been steadily growing, approaching 14 million unique visitors per month. The site is currently ran by 21+ unpaid volunteers. The fastest way to contact us is on our Discord server.
Is MangaDex safe?
MangaDex: The python package mangadex-downloader was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use.
What is the alternative to MangaDex?
MangaDex: org's top competitor in March 2023 is mangakakalot.com with 48.9M visits. mangadex.org 2nd most similar site is mangaupdates.com, with 6.0M visits in March 2023, and closing off the top 3 is manganato.com with 123.3M. rawkuma.com ranks as the 4th most similar website to mangadex.org and mangabuddy.com ranks fifth.
Is MangaDex free?
MangaDex: Read manga online for free on MangaDex with no ads, high quality images and support scanlation groups! Additionally, all MangaDex Orange subscribers get a unique badge on their profile, proving as much their importance as the genuineness of their account.
Can you download a chapter in MangaDex?
MangaDex: Download chapters from any manga on MangaDex as a PDF. This uses MangaDex's API to retrieve the image URL for every page in a chapter, and then downloads the pages and converts them into a PDF that you can save to Files or share to another app or service.
MangaDex Features
MangaDex: Here we listed some of features of MangaDex.
- Dark Mode - MangaDex supports dark mode for comfortable usage in low light conditions.
- Ad-free - MangaDex doesn't contain any form of external advertising.
- Lightweight - MangaDex consumes less device resources compared to similar apps.
MangaDex information
MangaDex: Here we listed some of information of MangaDex.
- Licensing - Proprietary and Free product
- Rating - Average rating of 5
- Alternatives - 7 alternatives listed
- Supported Languages - English
How to Download or use MangaDex?
MangaDex: First of all, click on the Download APK Now button to download the latest MangaDex for android.
After that, you have to Wait for 15 seconds on the download page, then your apk will download automatically.
Cyper Attack on MangaDex
MangaDex: After suffering a series of outages since March 17th, MangaDex revealed yesterday that a threat actor had gained access to an admin and developer account, as well as the source code to the site.
According to an announcement now showing on Mangadex.org, a threat actor gained access to the site after stealing an admin user's session token through a website vulnerability.
"Three days ago (2021-03-17), we correctly identified and reported that a malicious actor had managed to gain access to an admin account through the reuse of a session token found in an old database leak through faulty configuration of session management."
"Following that event, we moved to identify the vulnerable section of code and worked to patch it up, also clearing session data globally to thwart further attempts at exploitation through the same method," MangaDex disclosed on their website.
Using this token, the hacker was able to gain full access to the website and download the site's source code. The attacker then published the site's source code on GitHub using the alias 'holo-gfx.'
While the site audited their code and fixed vulnerabilities, the attacker would taunt the site's developers with comments when a vulnerability was fixed.
When asked what type of vulnerabilities were fixed, the threat actor stated the first was a "File type confusion" bug, and the second they were keeping secret.
After MangaDex learned that the threat actor still had access to their environment, they announced that they were temporarily shutting down the site while they worked on and launched a more secure 'v5' version of the site.
"Due to a recent hacking incident, MangaDex will be down until further notice.
Instead of keeping up a likely vulnerable website and wasting our time and efforts playing cat-and-mouse with constant attacks from DDoS to hacking, we have decided to take this opportunity to refocus and expedite our planned rewrite of the site, called v5. Contrary to our original plans, however, we will be launching this v5 as soon as the minimum essential features are ready.
As developing and maintaining MangaDex is nobody's actual job, it is difficult to give an accurate estimate as to when we'll be back up and running. It should go without saying that every one of us wants it to happen as soon as safely possible.
That said, if everything goes as smoothly as we dare to hope, we could be looking at a downtime of just a week or two. Or three." - MangaDex.
However, the threat actor remains undaunted, stating that there are further RCE vulnerabilities and web shells in place that MagaDev's code rewrite would protect against. Whether this is true is unknown.
The threat also states that they have dumped the MangaDex database but have not published it anywhere. Due to the largely unfettered access the threat actor appeared to have on the site, MangaDex stated that all users should assume that their data has been exposed.
"Moving forward however, it is in both our users’ interest and ourselves that we will consider the database breached," MangaDex warned. With this in mind, it is advised that all users change their passwords at any other site using the same passwords as MangaDex.
If the database is eventually published, users should be on the lookout for phishing scams conducted by the other threat actors.
0 Comments