Passwords are almost a million users of the service have been dumped Drupal.org administration, after hackers managed to gain unauthorized access to private user data. Drupal.org - this is the official website of popular open source content management system. Burglary was the result of an attack carried out in respect of an unnamed third-party application that works with Drupal, and not by the CMS system as such, said Holly Ross, Executive Director of the Drupal Association's blog .
During the attack user names, email addresses, information about the country and cryptographically secure passwords. However, while the analysis is not complete, and some additional data could also be in the hands of the organizers of the attack.
"Malicious files were placed on the server association.drupal.org through independent application that is used by the server. Once the files have been identified during the audit, we disable the appropriate servers and checked the rest of the car. Drupal Security Team Team began an investigation and assessment of the incident and found the leak user data "- says Ross.
Drupal has said that hackers could not modify the source code itself CMS-system, which is under development, and not have access to financial data. Drupal has also reported that on most servers deployed system grsecurity, and tightened the settings in the configuration files of Apache.
There is also a standard security settings have been added anti-virus scanning and other procedures. account owner can change the password at https://drupal.org/user/password Drupal has not provided specific technical data on sales in their address attack. Recall that just Last week antivirus companies warned of a malicious code Linux / Cdorked, compromising Linux-servers running on the basis of nginx and Lighttpd.
During the attack user names, email addresses, information about the country and cryptographically secure passwords. However, while the analysis is not complete, and some additional data could also be in the hands of the organizers of the attack.
"Malicious files were placed on the server association.drupal.org through independent application that is used by the server. Once the files have been identified during the audit, we disable the appropriate servers and checked the rest of the car. Drupal Security Team Team began an investigation and assessment of the incident and found the leak user data "- says Ross.
Drupal has said that hackers could not modify the source code itself CMS-system, which is under development, and not have access to financial data. Drupal has also reported that on most servers deployed system grsecurity, and tightened the settings in the configuration files of Apache.
There is also a standard security settings have been added anti-virus scanning and other procedures. account owner can change the password at https://drupal.org/user/password Drupal has not provided specific technical data on sales in their address attack. Recall that just Last week antivirus companies warned of a malicious code Linux / Cdorked, compromising Linux-servers running on the basis of nginx and Lighttpd.
.jpg)
