Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Site Hacked


Go to End
Reply

9 Posts   4152 Views

Avatar
redking

7 March 2008 at 9:52am 43 Posts

My site, which is running SS 2.2.1, was severely hacked early this morning.
All the content was changed to porn-related obscenities through the CMS. I need to find out how this happened, and was curious if there are any known security issues with SS that may have caused this. Has anyone else had this problem?

Thx

Avatar
DaveP

7 March 2008 at 5:13pm Community Member, 48 Posts

I'm surprised no one from SilverStripe has responded or acted on this - it sounds serious ?
Dave Porter

Avatar
Blackdog

7 March 2008 at 6:07pm Community Member, 156 Posts

yes.

Redking was there any word from the host as to what the entry point was?

did they simply crack his login for the cms?

Avatar
Tim

7 March 2008 at 7:34pm Core Development Team, 201 Posts

Hey guys, from the core SilverStripe teams side we've contacted redking offline earlier and are looking into this. We are taking this very seriously and will trying to identify if anything specific in the core SilverStripe code was been compromised in this attack.

Avatar
Fuzz10

8 March 2008 at 5:58am Community Member, 787 Posts

<subscribe to thread>

Sure hope this was just a matter of a weak password.. ;-)

Avatar
redking

8 March 2008 at 2:25pm (Last edited: 8 March 2008 2:27pm), 43 Posts

Hey guys,

I appreciate your concern. As Tim mentioned before, I've been contacted about this issue and it's currently being checked out.

My post was not meant to alarm or scare anyone off from using SilverStripe. Just trying to figure this thing out. In fact, feel free to remove this thread, as I do not want to create any confusion or panic. I love this CMS and the SilverStripe team is great! They do a stellar job!

Thanks!

Avatar
Sam

10 March 2008 at 2:33pm Administrator, 685 Posts

We've investigated this issue and it appears that the hack occurred without using SilverStripe - most likely the attacker gained access to the underlying MySQL database through another means, and altered the content there.

Avatar
Blackdog

10 March 2008 at 7:59pm Community Member, 156 Posts

thanks for the update.

Go to Top