Afternoon,
After rebuilding the entire site from SVN
and removing the offending code. This site is back online. Please let me
know if you are still experiencing any issues with the site.
How it happened – As mentioned
before one of the admin accounts was compromised. The attacker then created a
new Block into the website. Blocks allow content to be inserted into the
theme template files. The block contained an iframe that took the user
offsite.
I believe that this problem has been
remedied. I will be monitoring the site closely for the next week to
ensure that this issue is fixed.
Thanks for your patience with this matter
while I was out of office.
From: phoenix-epic-dev-bounces@xxxxxxxxxxx
[mailto:phoenix-epic-dev-bounces@xxxxxxxxxxx] On
Behalf Of Ian Skerrett
Sent: Thursday, August 02, 2007
10:33 PM
To: 'The EPIC component of Phoenix'
Cc: matt@xxxxxxxxxxx;
'Lynn Gayowski'
Subject: [phoenix-epic-dev] EPIC
Security Breach
All,
Just so everyone knows we have taken EPIC offline. We
have discovered that an intruder has injected malware into the site and is
potentially infecting IE users. Matt is in the processes of scanning the
site looking for malicious code. He will bring the site up only after he
is convinced the problem has been erased.
FYI, we believe the intruder gained access by to EPIC using
the username and password of an admin account. Once they were
logged on they were able to inject the code and also send spam messages to
registered users.
We have sent an e-mail to all registered users and we will
put a notice on EPIC.
Fyi, Nathan is out this week on vacation. Matt is
helping out with the technical side. I am actually leaving tomorrow
morning for vacation. Please include Matt, Nathan and Denis on any
communications.
Ian
Ian Skerrett
Director of Marketing
Eclipse Foundation
613-224-9461 ext. 227
blog: ianskerrett.wordpress.com