| UPDATE INFO: setelah website Yii Framework defaced... Jul 24th 2013, 00:35, by Peter Jack Kambey | | UPDATE INFO: setelah website Yii Framework defaced.. Ini pengumuman resmi via email...
Hello Peter,
Earlier today it was discovered that the entry page on the Yii website had been defaced. The website was restored in less than an hour from discovery. The defacement was made possible by a vulnerability in the separate forum software used on the site. This vulnerability has now been fixed.
For your information, here are some details about the event:
1. The website's index.php was compromised through a vulnerability in the separate forum software (IPB, not Yii).
2. Neither the website's code nor Yii framework code was involved or part of the attack in any way. Hence, the security of the Yii framework remains as secure today as it was yesterday.
3. No framework downloads were affected, as the Yii framework source code is hosted externally.
Although we're storing passwords encrypted and are salting hashes, we recommended that you change your forum password. Please also note that if you are using the same password for other services and/or websites, you should change those as well.
Thank you for your patience and understanding,
Yii framework team |
| | | So, jika ada member PHP yang websitenya pake IP Board juga http://www.invisionpower.com/apps/board/ otomatis ikut beresiko |
| | | om Peter itu denger2 anak2 JHT masuk bukan via bug app yii, tapi via jump/symlink
denger2 baru loh, g tau kepastiannya
nah kalau misal via jumping/symlink, berarti yii berada di sharehosting |
| | | ijin nyimak |
| | | mereka pake AWS... kurang ngarti juga dunia perhackingan.. hehehe |
| | | tunggu, aws amazone kah?
humm,, |
| | | iya, ip yiiframework.com : 107.20.134.47 http://www.networksolutions.com/whois/arin-details.jsp?domainTitle=yiiframework.com&ip=107.20.134.47
Hasilnya AWS. Gak mungkin lah jumping/symlink dari AWS (VPS soalnya). Saya yakin sekarang software forumnya yang bermasalah. Maaf yii sudah meragukanmu #abaikan
caranya (hipotesis), mungkin bisa upload semacam binary php file dari forumnya yii. Habis itu sama attacker diakses file-nya dari web sehingga binary ke-eksekusi. Binary-nya isinya kode2 jahat, bisa nyamar jadi file gambar ato apalah, jadi dianggap secure.
Entah IPB uploadnya udah se-secure apa, tapi biasanya kalo versi2 lama ada exploitnya yang dishare di forum underground. Ada step2nya dan tinggal pake celahnya. Kalo bisa nemu celah baru di versi baru, itu baru TOP.
OOT, website yang saya kelola pernah kena serangan kayak gitu. Upload dan akses file public-nya (foto user) masih belum secure waktu itu. Trus si attackernya generate file2 sampah dia di webserver saya lewat foto user :putnam: |
| | | woh image backdor, ane tau itu, ada kelamahan juga emang, |
| | | wah ane juga pernah diserang klo gtu niii coz ada file yg aneh gtu masuk... |
| | | izin nyimak untuk memperbaiki... |
| | | yah itu cuma hipotesis dari pengalaman saya yang baru dikit. Bisa aja pake cara lain yang lebih mind blowing. Developer idealnya tahu masalah2 security basic semacam itu (dan yang penting cara mengatasinya). | |
Tidak ada komentar:
Posting Komentar