You all know Piwik ?

You should :) It’s a good and well known alternative to Google Analytics which respects visitors privacy and lets you in control all your data.

Many websites are using this opensource script.

The problem is (there’s always a problem), that it seems that Piwik server have been breached and that 1.9.2 version has been corrupted.

Take a look at their forum:

 

When i’m writing this post, it seems that the latest.zip has been fixed.
No clue of this payload in sources.

How many people updated their Piwik installation since the release of the 1.9.2 version (the 9th november 2012) and this security issue (discovered the 26th) ?

Good question…

 

As i know, someone downloaded the http://piwik.org/latest.zip on 14th. It seems the breach is posterior to this date? If you find any clue, just let us know !

We’re investigating !

 

Btw have at least check on theses files:

  • core/Loader.php
  • core/DataTable/Filter/Megre.php

if you see any base64_decode/gzinflate or eval function, you should be like that :

 

gifwar

 

The complete solution for cleaning up your analytics installation is described on the official forum

Expect a waves of scan at your Piwik installation and expect a 1.9.3 soon #trollface

, , , ,