Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[phoenix-epic-dev] EPIC Security Breach 
All,
After investigating both the code and the database Karl and I have been unable to find any direct evidence of the malicious code.
I downloaded the EPIC home page when this was reported so I have a copy of the code that was being generated, and it seems to be connected to our Google Ads. Where the Google Ad html and logo appear in current downloads of the restored website is where the malicious code was manifesting itself. 

We are taking the following steps
1) EPIC is being moved off of the Eclipse.org cluster and onto our build machine. 2) EPIC will remain offline until Nathan and I are able to remove the Google ads and verify that the code is clean and complete.
If after all this EPIC is again hacked/cracked or abused we plan to shut EPIC down until it's backend code has been rebuilt and moved away from phpNuke. 

Matt.

--

Eclipse WebMaster - webmaster@xxxxxxxxxxx
Questions? Consult the WebMaster FAQ at http://wiki.eclipse.org/index.php/Webmaster_FAQ
View my status at http://wiki.eclipse.org/index.php/WebMaster

Back to the top