homepage Welcome to WebmasterWorld Guest from 54.237.99.131
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Content Management
Forum Library, Charter, Moderators: ergophobe

Content Management Forum

    
Change your drupal.org passwords
JohnRoy

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4579252 posted 11:33 pm on May 29, 2013 (gmt 0)

Unauthorized access to account information was discovered on Drupal.org and groups.drupal.org.

From drupal.org/news/130529SecurityUpdate

What happened?

Malicious files were placed on association.drupal.org servers via a third-party application used by that site. Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability.

 

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4579252 posted 3:32 am on May 30, 2013 (gmt 0)

Thanks for the heads up - this is why I use random auto-generated passwords on most sites. If someone cracks my password, it's only for one site.

explorador

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4579252 posted 3:19 pm on May 30, 2013 (gmt 0)

Thanks, I got the email.

I understand the problem is not related to Drupal but to the accounts we might have at Drupal.org, so Drupal installs are safe as yesterday or a week ago.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4579252 posted 3:52 pm on May 30, 2013 (gmt 0)

Oh look, they're jealous of all the WordPress hacks and had to go get one for themselves!

rollinj

5+ Year Member



 
Msg#: 4579252 posted 5:54 pm on May 30, 2013 (gmt 0)

@ergophobe you and me both, buddy!

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4579252 posted 6:09 am on May 31, 2013 (gmt 0)

"Drupal installs are safe"

True, this is not news about a vulnerability in Drupal per se, but that does not imply that Drupal installs are safe or unsafe, merely that the Drupal.org website got hacked in some unknown way.

As in "Bob crashed his Ford because he was drunk, so my car is safe." Maybe, maybe not ;-)

4serendipity

10+ Year Member



 
Msg#: 4579252 posted 8:26 pm on Jun 2, 2013 (gmt 0)

I understand the problem is not related to Drupal but to the accounts we might have at Drupal.org, so Drupal installs are safe as yesterday or a week ago.


One thing that I really like about drupal is how well the security team and other members of the community communicate issues.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Content Management
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved