The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,465 other followers

Delphi: disable or change your welcome page to not use the Embarcadero site (as that site has been hacked twice this weekend)

Posted by jpluimers on 2016/03/14

Initial hack

Initial hack – image via the forums server.

This weekend, the Embarcadero web site was hacked by AnonCoders. Not once (see also [WayBack] G+ link and [WayBackDelphiPraxis link and [WayBackimage) but at least twice (see also [WayBackG+ link and [WayBackimage and [WayBackDelphi Praxis link and [WayBackimage) where the initial hacked simple text “Hacked By AnonCoders ~ Cyber Caliphate” after having been reverted back to the site – hopefully by Embarcadero staff – was replaced with [WayBack] more graphical content later on.

Hack presenting itself in the IDE

Hack presenting itself in the IDE – image via the forums server.

The Welcome Page inside the Delphi IDE uses the Embarcadero web site, so the Delphi IDE Welcome Page was also affected (see also [WayBackthis G+ link).

Because the IDE uses this on-line content, potentially any code could be executed inside the IDE (apart from that page being loaded over http, so any man-in-the-middle could abuse this, but I digress). This imposes a security risk as many developers run the IDE from accounts having more rights than the average user.

Waiting for an Embarcadero statement

At least until Embarcadero responds with a statement about the hacking (when writing this, they still haven’t), it is wise to disable the Welcome page. Note and [WayBackI’m not the only one urging Embarcadero to post a statement, any statement, even “working on it” will do.

The second hack - image via Delphi Praxis

The second hack – image via Delphi Praxis

Avoid the Embarcadero servers for a while

I’ve avoided the Embarcadero servers myself for a quite long time because their TLS implementation was (and still is) so bad, so I don’t trust them with my personal information.

Now they managed to have [WayBack redirect to as well.

Not long ago, there were also issues on the community server (besides it doing login over plain http) with Japanese adverts like this (luckily [Archive.isthey are gone now) up to the point where [WayBackeven Google suspected the site to be hacked (see below) and worse: [WayBack] Google still thinks it might be.

Disabling the Delphi Welcome Page

Each Delphi version has a “Known IDE Packages” entry in the registry, for instance in [WayBackdelphi – Detailed description of “Known IDE Packages” … – Stack Overflow showing the entry for BDS 9 aka compiler 160 aka Delphi XE (don’t you love version numbers as much as they do? [WayBackDelphi Dabbler has a reference matrix for them)

[HKEY_CURRENT_USER\Software\Embarcadero\BDS\9.0\Known IDE Packages]


"$(BDS)\\Bin\\startpageide160.bpl"="Start Page IDE Package"

Add an underscore to startpageide160.bpl so it becomes _startpageide160.bpl and restart the Delphi IDE: then the Welcome Page is gone.

Thanks [WayBackUwe Raabe for reminding me of that.

Replacing the Welcome Page with a much more useful one

Last year, Daniel Wolf wrote a new Welcome Site plugin for Delphi. His article with instructions to remove the default Welcome page and install the package [WayBack1/WayBack2Meine Vorstellung einer Willkommens-Seite – IT-Consulting d.wolf is in German so might not have missed it, but the Google Translate: My idea of a welcome page is actually quite OK so it’s worth installing.

The good news: [WayBackhe released a new version today (after a small [WayBack#lovewins glitch) which you can download from:

Install steps:

  1. Recursively unpack to %Public%\Documents\Embarcadero\Studio
  2. Install them from the right Delphi (using menu Components, Install Packages..., button Add..., browse for the correct bpl file, click the Open button.

After this you can find it under menu View, wuppdi Welcome Page (for Delphi XE8, 10.0 Seattle and 10.1 Berlin) or View, Tool Windowswuppdi Welcome Page (for Delphi 10.2 Tokyo and up).

Have fun with that!


PS: the Embarcadero forums server loses messages and threads over time, hence quite a few of the links in this article are through saved links. Those links are slow, but at least are retained for much longer than the Embarcadero server does.

Even Google thought the community site could be hacked - image by myself

Even Google thought the community site could be hacked – image by myself

PPS: I posted these comments at G+ earlier before finding my note “[WayBack (the replacement of the forums server which like the original is down a lot of the time) which for a long time defaulted to http login at (hopefully it doesn’t do that any more)”:

I’m not surprised. Neither the IT team nor the development team at Embarcadero seem very security aware. QC for instance cannot even use HTTPS to connect to the SOAP server which means your credentials are always sent over the wire in plaintext. The SSL configuration of both their web and mail servers are vulnerable to various attacks. Some of their web sites use plain HTTP for login. The development products only check local things, but not information obtained over the network. App Tethering doesn’t use any form of connection level security (but passwords are salted and hashed). But don’t place anything DLL like in the Delphi bin directory or tamper with anything executable there: it’s either a “quit Delphi now” or “license issue” you will get.
I understand their wish to protect against unlicensed Delphi usage, but wish they cared as much for the security of their customers (and recursive customers of their customers) as they cared about the revenue stream.


You have to go through their hacked infrastructure to download/install/register their products.

Until I see a statement detailing which parts of their infrastructure are safe (including grade B or better TLS), I won’t install their products.

It’s not hard to put a proper TLS in front of internal http. [Archive.is does that. Even though it makes little sense, you can even do it for external links: [WayBack was nothing but a shell around [WayBack] as an experiment if it would word (as the paid cheaply fails to put the proper domain information [WayBack]

The certificate issue (which has been known and unresolved for more than a year) is:

This server could not prove that it is; its security certificate is from* This may be caused by a misconfiguration or an attacker intercepting your connection.

Note that because of the bad certificate issue, you could not have Apache2 redirect to as you get an error in the log like below, which means that HTTPS certificate checking works (yes I still need to work on the Hint: SSLProxyEngine issue):

[Mon Mar 14 17:21:37.607104 2016] [proxy:debug] [pid 1658] mod_proxy.c(1160): [client] AH01143: Running scheme https handler (attempt 0)
[Mon Mar 14 17:21:37.607123 2016] [proxy:debug] [pid 1658] proxy_util.c(2160): AH00942: HTTPS: has acquired connection for (
[Mon Mar 14 17:21:37.607139 2016] [proxy:debug] [pid 1658] proxy_util.c(2213): [client] AH00944: connecting to
[Mon Mar 14 17:21:37.613334 2016] [proxy:debug] [pid 1658] proxy_util.c(2422): [client] AH00947: connected / to
[Mon Mar 14 17:21:37.616892 2016] [proxy:debug] [pid 1658] proxy_util.c(2799): AH02824: HTTPS: connection established with (
[Mon Mar 14 17:21:37.616912 2016] [ssl:error] [pid 1658] [remote] AH01961: SSL Proxy requested for but not enabled [Hint: SSLProxyEngine]
[Mon Mar 14 17:21:37.616919 2016] [proxy:error] [pid 1658] AH00961: HTTPS: failed to enable ssl support for (
[Mon Mar 14 17:21:37.616926 2016] [proxy:debug] [pid 1658] proxy_util.c(2175): AH00943: HTTPS: has released connection for (

In the mean time, has switched to LetsEncrypt ([WayBack] HTTPS Everywhere: Encryption for All Sites — The Blog), so the above WordPress issues have been resolved.

13 Responses to “Delphi: disable or change your welcome page to not use the Embarcadero site (as that site has been hacked twice this weekend)”

  1. […] XE8 and below versions are a security risk as tkey directly fetsh information from the embarcadero web-site (wich got hacked a few times in the past). […]

  2. […] jpluimers on Delphi: disable or change your… […]

  3. Gordon Niessen said

    I commented out the Online banner load in the default.htm page in the C:\Program Files (x86)\Embarcadero\Studio\16.0\Welcomepage folder. It shows I am offline, but I still get to see the recent and favorite projects.

  4. Michal said

    “$(BDS)\Bin\startpageide160.bpl”=”_Start Page IDE Package”

    • jpluimers said

      Didn’t try that one yet. Does it work as well?

      • IL said

        Certainly disabling the IDE package the easiest way, especially with D10Distiller. There are many other IDE packages that you might want to disable.
        My personal D10 disable list includes:

  5. IL said

    Links to the Daniel Wolf’s blog posts on Welcome Page:

  6. Over the weekend hackers attacked the Embarcadero web site. The hack was confined to the Website CMS front end, which also serves the start page banner. The network was not accessed, and NO customer or internal data was exposed or compromised. The issue was identified and fixed.

  7. IL said

    Thanks for noting nice Welcome Page by Daniel Wolf.
    Btw, for those who are not registered on would be easier to get it at here

Leave a Reply to Steven Kamradt Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: