Website deface details

Jul 23, 2013

It was recently announced that the Yii website was defaced, but until recently we were still investigating. Here are some details about what happened and what was affected:

  1. The website's index.php was compromised through a vulnerability in the separate forum software (IPB, not Yii).
  2. Neither the website's code nor Yii framework code was involved or part of the attack in any way. Hence, the security of the Yii framework remains as secure today as it was yesterday.
  3. No framework downloads were affected, as the Yii framework source code is hosted externally.

Although we're storing passwords encrypted and are salting hashes, we may request you to change your forum account password soon.