Welcome to WebmasterWorld Guest from 3.80.60.248

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

PHP wiki hacked .concerns for security of PHP source code

French company Vupen Security alerts to hack of PHP site

     
12:17 am on Mar 22, 2011 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:7139
votes: 410


From Vupen Security via TheRegister comes the alert that a Chinese hacker exploited a vulnerability in the wiki and escalated it to gain account credentials that could allow access to the PHP repository ..the hacker also used a security flaw in linux in the attack.

Word of the attack began circulating on Friday on underground web forums monitored by researchers from France-based Vupen Security. Based on discussions that took place there, the compromise of wiki.php.net appears to have originated from a “Chinese hacker who exploited a vulnerability in the Wiki application (DokuWiki) installed on the server,”


The site has been down during investigation since Friday 18th March

“Our biggest concern is, of course, the integrity of our source code,” the maintainers wrote. “We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found.”

Story here [theregister.co.uk]
6:54 am on Mar 22, 2011 (gmt 0)

Junior Member from IN 

10+ Year Member

joined:Nov 3, 2002
posts: 91
votes: 0


Is it the main wiki website ?
9:59 pm on Mar 22, 2011 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12548
votes: 2


wiki.php.net

The story was posted on the PHP home page Saturday. The official PHP news release will be here for future reference ...
[php.net...]
10:02 pm on Mar 22, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0

10:15 pm on Mar 22, 2011 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12548
votes: 2


Flashback, Friday, December 24, 2010 ...

Its not a great feeling to have your account hacked into, but I do wonder what the intentions were.. Maybe just an credentials check, which was supposed to be followed by evil commits if noone had spotted the first one? The Chinese government trying to introduce security holes so they can break into PHP websites?
In any case. It took less then 10minutes for 3 people to catch it, that is pretty cool.


You gotta wonder if the crackers were challenged by that blog post last December from Hannes Magnusson [bjori.blogspot.com]?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members