While the phpBB folk will probably snicker at this a little, it is no laughing matter. Hackers have compromised the download server for the open source PostNuke content management system, redirecting users to malicious code in place of the .zip download of the PostNuke program. The hacked code was distributed for more than 32 hours before PostNuke site maintainers addressed the security breach.
PostNuke users who installed a zip archive downloaded between 11:50 pm Sunday night and 8:30 a.m. today face a serious threat. All data submitted during the installation - including the server name, database credentials, admin name and password - were likely sent to the hackers. In addition, "in one file there was code allowing a malicious user to execute any shell command on the web server."
The PostNuke team is advising users who may have installed the compromised files to reinstall the code, and immediately change their database details, including username, password and the name of the database if possible.
VIA: Netcraft
No comments:
Post a Comment