Hari ini bertanggal 23 Juli 2013, website yii framework, framework yang lagi naik daun dari semua framework di deface oleh orang Indonesia dari jemberhacker.
Mungkin kalian ada yang belum mengerti apa yang disebut dengan deface:
Deface adalah kegiatan untuk mengganti ataupun merubah tampilan halaman depan sebuah situs. Tentu saja prosesnya dilakukan dengan memanfaatkan sisi kelemahan dari situs tersebut sendiri.
Bayangkan saja framework open source yang dikatakan aman koq bisa dideface, tapi menurut infonya saya lihat hackernya hanya mengdeface hanya sisi di depannya saja buka dalamnya, ya menurut saya sendiri namanya batu sekuat apapun dikasih air terus menurus ia akan pecah juga, jadi tidak ada system yang aman. Sebenernya hacker memang seperti itu, tujuannya hanya menunjukin eksistensi bukan untuk mau ngerusak, paling tidak komunitas yii didunia bisa lebih memperhatikan lagi mengenai web security. dan kita juga harus sadar untuk memperhatikan keamanan pada web kita.
Inilah info dari website yii framework :
____________________________________________________________________________
____________________________________________________________________________
"Website deface"
Earlier today it was discovered that the entry page on the Yii website had been defaced. The website was restored in less than an hour from discovery of this event, and we are currently investigating the cause of it.
At this point we do not expect any of the Yii framework source code to have been affected, as the source code for the framework is hosted on external systems (GitHub and Google Code) which to our knowledge has not been affected.
As an extra precaution we do however recommend that if you downloaded a copy of the framework via the main website (www.yiiframework.com) earlier today, you delete that copy and download it again. The purpose of this is to be certain that the copy is really downloaded from Google Code and/or GitHub, even though there are no signs of downloads or source code having been affected by the defacement.
We will continue our investigation and take appropriate action once we have more information.
[http://www.yiiframework.com/news/73/website-deface/]
"Website deface details"
It was recently announced that the Yii website was defaced, but until recently we were still investigating. Here are some details about what happened and what was affected:
The website's index.php was compromised through a vulnerability in the separate forum software (IPB, not Yii).
Neither the website's code nor Yii framework code was involved or part of the attack in any way. Hence, the security of the Yii framework remains as secure today as it was yesterday.
No framework downloads were affected, as the Yii framework source code is hosted externally.
Although we're storing passwords encrypted and are salting hashes, we may request you to change your forum account password soon.
___________________________________________________________________
It was recently announced that the Yii website was defaced, but until recently we were still investigating. Here are some details about what happened and what was affected:
The website's index.php was compromised through a vulnerability in the separate forum software (IPB, not Yii).
Neither the website's code nor Yii framework code was involved or part of the attack in any way. Hence, the security of the Yii framework remains as secure today as it was yesterday.
No framework downloads were affected, as the Yii framework source code is hosted externally.
Although we're storing passwords encrypted and are salting hashes, we may request you to change your forum account password soon.
http://www.yiiframework.com/news/74/website-deface-details/
Sekian dulu ya cerita dari Website Yii Framework Kena Deface. Semoga cerita dari saya bisa menjadi inspirasi buat teman" :)))
Tidak ada komentar:
Posting Komentar