Yii Framework Forum: Www.yiiframework.com/ Hacked? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Www.yiiframework.com/ Hacked? Rate Topic: -----

#1 User is offline   louiemiranda 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 13
  • Joined: 22-December 11

Posted 23 July 2013 - 03:39 AM

Was just visiting the yii website and saw this?

http://www.yiiframework.com/

Source:


Quote

<title>Hacked by BILIS IRENG</title>
<meta name="generator" content="Hacked by MR.SMITH, Hacked By begundalz , katonz , hacked by katonz , katon , Surabaya blackhat , Security Tester" /><meta name="author" content="Hacked By Katonz" />
<meta name="keywords" content="Hacked By MR.SMITH, hacked by katonz" /><meta name="description" content="Hacked By Katonz - Security Tester" />
<link rel='SHORTCUT ICON' type='image/x-icon' href='http://fcs-cultural-foods-wiki.wikispaces.com/file/view/indonesia-flag.gif/212845002/172x129/indonesia-flag.gif'>
<style>
body {
background: #000 url(http://i.cubeupload.com/H2cLux.jpg) no-repeat top center;
color: #ffffff;
font-family: Courier New;
font-size: 12px;
}
#black{
text-align: center;
font-size:12px;
font-weight: bold;
}
a:link, a:visited {font-weight:normal; text-decoration:none; color:#ff0000;}
a:hover {font-weight:bold; text-decoration:none; cursor:help;}
</style>
<object data="http://flash-mp3-player.net/medias/player_mp3.swf" width="0" height="0" type="application/x-shockwave-flash" __idm_id__="-1980514303">
<param value="#ffffff" name="bgcolor"><br>
<param value="mp3=http://xover2.jkt.3d.x.indowebster.com/download-vip/80/p16nfjku6i1fnr16km154kl6e4o3.MP3/%5Bwww.indowebster.com%5D-PREVIEW.MP3&loop=1&autoplay=1&volume=125" name="FlashVars"></object>
<br>
</head>
</center>
<br>
<br>
</span></font>
<body bgcolor="#000000">
<body style='-moz-user-select: true; cursor: crosshair;'>
<br>
<br>
<br>
<br>
<br>
<br>
</font></p>
<marquee direction="up" scrollamount="0.7"><left>
<br>
<br>Greetz :
<br>- UNWANTED
<br>- WAYC0DE
<br>- MJL007
<br>- KATONZ
<br>- IBOX
<br>- STAR ANGGA
<br>- PLENGEH
<br>- XEROX
<br>- And All Jember Hacker Team Member
<br>
<br>
<br><br>
</marquee> </center>
</br><br>
<p align="left"><b>
<br>
<center>
<center><font color="white" face="" size="2"></center><font color="B20202" face="" size="3"><b>BILIS <font color="white" face="" size="3">IRENG</b></a><br>
<center><font color="white" face="" size="2"></center><a href="http://www.jember-hacker.org" title="WE JUST TEST YOUR SECURITY" target="_blank"><font color="B20202" face="" size="3"><b>WWW.Jember-<font color="white" face="" size="3">Hacker.ORG</b></a><br>
<script type='text/javascript'>
function showElement(layer){var myLayer = document.getElementById(layer);if(myLayer.style.display=="none"){myLayer.style.display="block";myLayer.backgroundPosition="top";} else { myLayer.style.display="none"; }}
</script>
</body>
</html>

Attached File(s)


CakePHP dev trying Yii
0

#2 User is offline   CrazyCat 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 38
  • Joined: 30-May 13
  • Location:Paris, France

Posted 23 July 2013 - 03:40 AM

Oh damn !
0

#3 User is offline   Ankit Modi 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 866
  • Joined: 19-February 13
  • Location:India

Posted 23 July 2013 - 03:47 AM

oh... :huh: i think it's bad news or breaking news to yii team! :mellow:
Thanks,
Ankit Modi
Skype : amodi06
0

#4 User is offline   kiran sharma 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 492
  • Joined: 21-May 11
  • Location:India

Posted 23 July 2013 - 03:50 AM

Yes It Is..


But I thought the YiiFramework.com is not created using Yii framework.

Its server security issue that hacker(s) uploaded html file of index page, rather than this whole site working fine.

So, Don't worry.. Yii Framework is Secure.

Cheers..
Thanks,
Kiran Sharma.
0

#5 User is offline   Nic Anji 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 26-August 10
  • Location:Italy > Venice > Chioggia

Posted 23 July 2013 - 03:53 AM

Yes, it seems that someone has uploaded an index.html file!

http://www.yiiframework.com/index.php seems to work
0

#6 User is offline   mentorq 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 105
  • Joined: 26-June 13

Posted 23 July 2013 - 04:01 AM

Posted Image
0

#7 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,339
  • Joined: 17-January 09
  • Location:Russia

Posted 23 July 2013 - 05:05 AM

Just posted an announcement.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#8 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,339
  • Joined: 17-January 09
  • Location:Russia

Posted 23 July 2013 - 10:26 AM

Will post details soon. Overall it's nothing to worry about too much.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#9 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 24 July 2013 - 03:32 AM

Since the installation of IPB is a rather old one, dare I ask if the concerns in this discussion regarding IPB's way of hashing passwords still apply?
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#10 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,339
  • Joined: 17-January 09
  • Location:Russia

Posted 24 July 2013 - 03:47 AM

Yes. That's why emails about changing passwords were sent.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#11 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 24 July 2013 - 03:49 AM

Well, that's good to know. But you will surely see this somewhat contradicts your previous statement:

View Postsamdark, on 23 July 2013 - 10:26 AM, said:

Overall it's nothing to worry about too much.

programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#12 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 24 July 2013 - 04:26 AM

Since the post above might sound harsh, I'd like to clarify a bit: I think overall you reacted very well and in a timely fashion. Especially since some corporations took up to a week (or significantly longer) to inform their user base about security breaches involving possible or actual leaks of user data in the very recent past.

However, I feel a bit misinformed by your aforementioned statement in conjunction with the email stating "we're storing passwords encrypted and are salting hashes" if I have to find out via Google this is actually supposed to mean md5(md5($hash) . md5($password)). This very bit of information implies an entirely different sense of urgency. Given that the target audience of this forum is quite tech-savvy, I see some room for improvement.

Well, since I got this off my chest, let's all carry on now, shall we?
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
1

#13 User is offline   samilo 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 217
  • Joined: 04-October 12

Posted 25 July 2013 - 07:34 AM

It's So bad news , please from All Yii team we need to know full details about exploit and where it ?

http://www.yiiframew...deface-details/
This too short description .

We love Yii and we need to be stable .

Viva Yii :)
Yii :)
0

#14 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,339
  • Joined: 17-January 09
  • Location:Russia

Posted 25 July 2013 - 07:51 AM

samilo
What would you like to know? It was IPB forum known exploit that is now fixed.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
1

#15 User is offline   samilo 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 217
  • Joined: 04-October 12

Posted 25 July 2013 - 08:04 AM

Thank you samdark .

That mean we need to develop our own Forum , or what you think .






Yii :)
0

#16 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,339
  • Joined: 17-January 09
  • Location:Russia

Posted 25 July 2013 - 12:16 PM

Well, ideally yes but in reality it would take too much time.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#17 User is offline   rei 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 323
  • Joined: 10-November 10

Posted 26 July 2013 - 09:54 AM

This is bad. Some other sites were attacked too at the same day (and several of them are still down until now :huh: ).

Thanks for the quick fix, Yii team!
Fipick - Find and pick recommendations
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users