Hi, It would appear that our WordPress blogs at www.blender.org, as well as the open movies etc, were compromised. The known list of affected sites, which shared a common vhost, are:
- www.blender.org - apricot.blender.org - code.blender.org - cycles-renderer.org - durian.blender.org - gooseberry.blender.org - mango.blender.org - orange.blender.org - peach.blender.org It would appear that the access was rather limited; root access to the host was not observed, nor did the permissions of the web server logs allow writing. Many WordPress accounts have been disabled, where appropriate, and had their passwords randomized, as some of you may have already seen. For some of you that forgot about these accounts, it may be a shock that they still even existed! The source and release checksums were checked against their local copies, but we have no indications that anything beyond the www host was accessed at this time, and have doubts that any of the code was tampered with, but a more thorough audit would have to make such a determination. More details will of course follow as they present themselves, but in the meantime we put up a static HTML version of www and put the rest of the WordPress stuff into indefinite maintenance mode until we decide where to go from here. -- Cheers, Danny ------------------------------------------------- Danny McGrath - d...@blender.org - www.blender.org System Administrator at Blender GPG key: 0x696871CA _______________________________________________ Bf-committers mailing list Bf-committers@blender.org https://lists.blender.org/mailman/listinfo/bf-committers