#1 2024-11-30 01:36:39

OpenPicture
Member
2023-12-19
50

[Plugin] Community Plugin Problem

Hello,

There is a problem with the community plugin, it has been renamed to:

JohnnieBob.

The description is in Russian. Don't update to version Revision 15.a.

Last edited by OpenPicture (2024-11-30 01:44:27)

Offline

 

#2 2024-11-30 09:55:13

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13861

Re: [Plugin] Community Plugin Problem

Thank you for this report.

The zip archive of Community 15.a has not been modified. As far as I can see for now, only the title and the description. On November 28th 2024 14:59 (West Europe timezone)

Investigation in progress.

Offline

 

#3 2024-11-30 15:55:00

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13861

Re: [Plugin] Community Plugin Problem

We think we have found the problem. It is fixed. Despite many other attacks, only Community page had been successfully modified.

Offline

 

#4 2024-11-30 17:04:15

OpenPicture
Member
2023-12-19
50

Re: [Plugin] Community Plugin Problem

Hello plg,

It is my turn to thank you, because I had a real shock when I did the last update of the plugin.

Especially when I went to see in the Plugins Page  what was changed and I saw the description in Russian.

For a hacker, it is a good trick to infect a plugin, which in turn will after updates on different sites infect the respective servers.

I am more than happy that the zip archive was not infected, even if I immediately reverted with my last backup to the previous version.

So, we can do the update without worry?

Last edited by OpenPicture (2024-11-30 17:05:21)

Offline

 

#5 2024-11-30 20:24:11

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13861

Re: [Plugin] Community Plugin Problem

OpenPicture wrote:

I had a real shock when I did the last update of the plugin.

If you had a shock, you don't imagine what I had ;-) Security matters and we failed.

OpenPicture wrote:

For a hacker, it is a good trick to infect a plugin, which in turn will after updates on different sites infect the respective servers.

We're going to reinforce the integrity controls on zip archives of extensions.

OpenPicture wrote:

So, we can do the update without worry?

Yes.

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact