Yesterday, PHP-Fusion announced that someone had hacked into their site and changed the download link for PHP-Fusion Version 7.
Hello all,
We had an issue a few days ago where a malicious person gained
access to our site as a super administrator via a weak account/gained
password. They apparently changed the download link of PHP-Fusion
version 7 to spendspace and it was packaged as a .rar file.If you downloaded one of these files, please reinstall your entire site using a fresh copy from SourceForge.
While this isn't a good thing, it is a positive that PHP-Fusion disclosed the possibility that the link led to a version of PHP-Fusion that may have been maliciously changed. I can recall a number of other projects (open source and propriety) that have found their source code made vulnerable by someone intruding into their servers. What is always important to customers in these cases is disclosure and transparency. So far, PHP-Fusion seems to be doing the right thing.
However, as of this Thursday morning...it looks like PHP-Fusion's hosting company has suspended their account. At the time of this writing, there is no words given as to the reasons for the suspension. I suspect the suspension is likely to be security related. Perhaps, we'll see an announcement at SourceForge on the status of PHP-Fusion if their home site doesn't come back online soon.
Update: 355 PM CST: Still no word available on what is happening with the PHP-Fusion Site. Even the folks behind the PHP-Fusion Mod Site are in the dark.
Main support site is currently experiencing some downtime at the
moment, we do not how time this will take but we are working on it as I
write this. We will fill you in as soon as we know anything more, so
please bear with us, we are doing our best.
Update Dec 20: The official PHP-Fusion site is backup up with an update. Looks like the wanted to give the site a thorough scrubbing to make get rid of any unwanted maliciousness.
We suspended it ourselves until we were entirely in control of the
situation. We could easily correct those downloads, but firstly, we
needed to find the vulnerability - and subsequently, when it comes to
our attention that an official support site is compromised, we need to
ensure that it is clean before we reopen it to public, as I guess that
our members would not feel very comfortable with trojan horses either?