I’ve just received an email from an agitated client who runs their own Apache server, one of the websites on there has been hacked and he thinks that Piwik (which I only installed 2 weeks ago) is responsible for the security breach. Below is the content of the email.
"This morning we were alerted by abuse contact that our website had been compromised. Upon investigation they were correct and we found a load of random named folders with phishing websites loaded into them, RAT’s and remote shell scripts. Obviously we’ve been left with no choice but to close the website down until fixed.
Looking over the logs, the first affected files were sitting in /piwik/ uploaded last night at 19:56:54. I looked up piwik and it’s a free open source software (What is Piwik? - Analytics Platform - Piwik) meaning anyone can get hold of the source code which will explain how they’ve gained access. Example being it is being targeted as per this year’s exploit (Piwik CMS Superuser Plugin Upload Exploit).
I don’t feel we should be loading free open source software on a live server as it isn’t secure. Our server contains many other websites and has the potential to cause major disruption to our clients if it goes down. We’ve not had any issues for the last 2-3 years and although not intentional, it has made whoever loaded this on look very silly that you’ve used free open source software which has led to an exploit."
I have Piwik installed on hundreds of sites and have never had a problem such as this, I always update whenever a new version is released.
I’m at a loss to understand how this happened, can anybody give me a pointer?