My current piwik install seems to have been cracked. I’ve just upgraded to 1.7 a few days ago. The current error page says:
Invalid argument supplied for foreach()
in '/home/mydomain3/stats.mydomain.net/piwik/core/Config.php' at the line 290
#0 Piwik_ErrorHandler(...) called at [/home/mydomain3/stats.mydomain.net/piwik/core/Config.php:290]
#1 Piwik_Config->cacheConfigArray(...) called at [/home/mydomain3/stats.mydomain.net/piwik/core/Config.php:334]
#2 Piwik_Config->__get(...) called at [/home/mydomain3/stats.mydomain.net/piwik/core/Session.php:31]
#3 Piwik_Session::isFileBasedSessions(...) called at [/home/mydomain3/stats.mydomain.net/piwik/core/FrontController.php:238]
#4 Piwik_FrontController->init(...) called at [/home/mydomain3/stats.mydomain.net/piwik/index.php:52]
Thank you for your answers. Yes indeed I had other software in the same server with the same user, and I’ve change my SSH password.
I’ve removed all the other software and reinstalled piwik. As you say the hole might be in another software. If it’s a spammer (as it looks like) than he wouldn’t left error messages on the attacked server.
Anyway, I’ve installed Piwik with other passwords (MySQL and admin) and check who has permissions. If it’s a crack the cracker will be able to crack it again.
I’ll keep you posted, and sorry if I scared some users But I practically never use the other software on the server, so…
I just opened up Piwik today and I’ve gotten the same hack. Do I need to re-install Piwik? Has somebody figured out the way this hack has been applied? How do I fix this?
From reading other blogs, it appears to affects other installations as well. The attackers are presumably exploiting multiple attack vectors, and/or weaknesses in shared hosting configurations.