

Yii framework website defaced - babuskov
http://www.yiiframework.com/news/74/website-deface-details/

======
babuskov
Apparently site does not run on Yii, so users are as safe as they were before.
Official response sent to users:

 _Earlier today it was discovered that the entry page on the Yii website had
been defaced. The website was restored in less than an hour from discovery.
The defacement was made possible by a vulnerability in the separate forum
software used on the site. This vulnerability has now been fixed.

For your information, here are some details about the event:

1\. The website's index.php was compromised through a vulnerability in the
separate forum software (IPB, not Yii).

2\. Neither the website's code nor Yii framework code was involved or part of
the attack in any way. Hence, the security of the Yii framework remains as
secure today as it was yesterday.

3\. No framework downloads were affected, as the Yii framework source code is
hosted externally.

Although we're storing passwords encrypted and are salting hashes, we
recommended that you change your forum password. Please also note that if you
are using the same password for other services and/or websites, you should
change those as well. _

