Www.yiiframework.com/ Hacked?

Was just visiting the yii website and saw this?



Oh damn !

oh… :huh: i think it’s bad news or breaking news to yii team! :mellow:

Yes It Is…

But I thought the YiiFramework.com is not created using Yii framework.

Its server security issue that hacker(s) uploaded html file of index page, rather than this whole site working fine.

So, Don’t worry… Yii Framework is Secure.


Yes, it seems that someone has uploaded an index.html file!

http://www.yiiframework.com/index.php seems to work

Just posted an announcement.

Will post details soon. Overall it’s nothing to worry about too much.

Since the installation of IPB is a rather old one, dare I ask if the concerns in this discussion regarding IPB’s way of hashing passwords still apply?

Yes. That’s why emails about changing passwords were sent.

Well, that’s good to know. But you will surely see this somewhat contradicts your previous statement:

Since the post above might sound harsh, I’d like to clarify a bit: I think overall you reacted very well and in a timely fashion. Especially since some corporations took up to a week (or significantly longer) to inform their user base about security breaches involving possible or actual leaks of user data in the very recent past.

However, I feel a bit misinformed by your aforementioned statement in conjunction with the email stating “we’re storing passwords encrypted and are salting hashes” if I have to find out via Google this is actually supposed to mean [font=“Courier New”]md5(md5($hash) . md5($password))[/font]. This very bit of information implies an entirely different sense of urgency. Given that the target audience of this forum is quite tech-savvy, I see some room for improvement.

Well, since I got this off my chest, let’s all carry on now, shall we?

It’s So bad news , please from All Yii team we need to know full details about exploit and where it ?


This too short description .

We love Yii and we need to be stable .

Viva Yii :)


What would you like to know? It was IPB forum known exploit that is now fixed.

Thank you samdark .

That mean we need to develop our own Forum , or what you think .



Well, ideally yes but in reality it would take too much time.

This is bad. Some other sites were attacked too at the same day (and several of them are still down until now :huh: ).

Thanks for the quick fix, Yii team!