Tuesday, 22 March 2011

PHP Wiki site hacked.

Original Story : The Register

The Hacking for a php wiki site on wiki.php.net has left some to believe that accounts have been compromised.  The PHP Source code has been reviewed from version 5.3.5 to the latest looking for any malicious code that might have been injected into the repository. The checking of commits from 5.3.5 leads me to believe that the hack was found quickly enough.  As stated by The Reg There are no details if the passwords stored on the site were hashed or open text.  If they were not hashed then people should check thier accounts. I believe that all accounts now require a password reset but the important thing here is that people need to also change passwords on other systems that use the same account login information. For example eMail accounts may be breached due to poor password management practices of users.

The Announcement on php.net

"The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts.

We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit."