Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » Site Hacked

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1 2
Go to End
Author Topic: 4111 Views
  • redking
    Avatar
    43 Posts

    Site Hacked Link to this post

    My site, which is running SS 2.2.1, was severely hacked early this morning.
    All the content was changed to porn-related obscenities through the CMS. I need to find out how this happened, and was curious if there are any known security issues with SS that may have caused this. Has anyone else had this problem?

    Thx

  • DaveP
    Avatar
    Community Member
    48 Posts

    Re: Site Hacked Link to this post

    I'm surprised no one from SilverStripe has responded or acted on this - it sounds serious ?
    Dave Porter

  • Blackdog
    Avatar
    Community Member
    156 Posts

    Re: Site Hacked Link to this post

    yes.

    Redking was there any word from the host as to what the entry point was?

    did they simply crack his login for the cms?

  • Tim
    Avatar
    Core Development Team
    201 Posts

    Re: Site Hacked Link to this post

    Hey guys, from the core SilverStripe teams side we've contacted redking offline earlier and are looking into this. We are taking this very seriously and will trying to identify if anything specific in the core SilverStripe code was been compromised in this attack.

  • Fuzz10
    Avatar
    Community Member
    787 Posts

    Re: Site Hacked Link to this post

    <subscribe to thread>

    Sure hope this was just a matter of a weak password.. ;-)

  • redking
    Avatar
    43 Posts

    Re: Site Hacked Link to this post

    Hey guys,

    I appreciate your concern. As Tim mentioned before, I've been contacted about this issue and it's currently being checked out.

    My post was not meant to alarm or scare anyone off from using SilverStripe. Just trying to figure this thing out. In fact, feel free to remove this thread, as I do not want to create any confusion or panic. I love this CMS and the SilverStripe team is great! They do a stellar job!

    Thanks!

  • Sam
    Avatar
    Administrator
    679 Posts

    Re: Site Hacked Link to this post

    We've investigated this issue and it appears that the hack occurred without using SilverStripe - most likely the attacker gained access to the underlying MySQL database through another means, and altered the content there.

  • Blackdog
    Avatar
    Community Member
    156 Posts

    Re: Site Hacked Link to this post

    thanks for the update.

    4111 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.