2014-11-16, 01:06 AM
Could we get some clarification on the nature of the GitHub hack problem?
It sounds as if the very act of logging into the AdminCP during the mentioned time span would have left one open to some sort of attack.
Is this correct?
It sounds also as if the nature of the attack is that someone could obtain a copy of the database by causing a backup to be created.
Is this correct?
Having created such a backup is it the case that such an attacker could also receive the copy of the backup. If so, by what means?
Is it clear that such a copy would necessarily be left on the server or could the attacker have deleted it?
How would the admin logs appear after such a copy was made? Would it carry the name of an administrator? Or the "0" user? Or would there even be a log entry?
In our case we were active as AdminCP during the stated hours and we made a backup copy ourselves during this time period. We see only one which matches our admin log. May we conclude we were not attacked?
If we were attacked does that mean that all data (content, passwords, etc) may have been copied?
Thanks!
It sounds as if the very act of logging into the AdminCP during the mentioned time span would have left one open to some sort of attack.
Is this correct?
It sounds also as if the nature of the attack is that someone could obtain a copy of the database by causing a backup to be created.
Is this correct?
Having created such a backup is it the case that such an attacker could also receive the copy of the backup. If so, by what means?
Is it clear that such a copy would necessarily be left on the server or could the attacker have deleted it?
How would the admin logs appear after such a copy was made? Would it carry the name of an administrator? Or the "0" user? Or would there even be a log entry?
In our case we were active as AdminCP during the stated hours and we made a backup copy ourselves during this time period. We see only one which matches our admin log. May we conclude we were not attacked?
If we were attacked does that mean that all data (content, passwords, etc) may have been copied?
Thanks!