Is DF website Hacked?


#1

I guess DF website is hacked or something. Please see attached.


#2

Yes it was. We have restored access and patched the issues. Certainly made for a fun few hours…said noone ever.


#3

Hi would you mind sharing , if we are running the DF community version public , how can we secure it ? what are the steps and security measures that we need to be watchful about as we are planning to use DF as one of our key integration server.

Thanks.


#4

Hi @kalmenchia,

The issue affected only the below services:

The vulnerability was in our www. domain only which came about in Drupal’s and WordPress’s code. This has now been patched.
Our wiki, blog & indeed DreamFactory service (which is installed on customer datacenters) was not affected.
The hacker was ‘Bala Sniper’ who has taken down thousands of websites across a number of web hosting providers.
We have done a security audit to ensure this won’t happen again.

Thanks,

Erik