Re: Unauthorised Access

Even though they logged into your Piwik install are you sure they got into your system through Piwik? You sure your permissions and ownership of your files are correctly setup? What OS, web server, mysql versions are you running? Have you verified they are not in your system in other places? Such as they got in through another means and were able to get your Piwik information by escalating to root on your box? Verified the files in your install as all being the correct ones? To really say though would take some deep digging and posting more information, or get your box audited properly to find out the when, what, how and why of the intrusion. Have you changed all passwords? Verified there are not new users that you did not create? Do you allow anonymous visitors on your Piwik install? Are you using the Hide URL proxy script? Did you use the security check thing inside Piwik that verifies no files have been modified? Have you changed your box's login passwords as well, such as root and your users? Also you mysql password, basically every one shoudl be redone.



I honestly wish Piwik would post an md5sum/PGP signature of the packages, any kind of verification for the enduser something at all, since they already have had an issue with someone putting a malicious package in their download section. [piwik.org] Hopefully this is not the beginning of another one of those. Though I still think it is bad practice on Piwik's part to not disclose the "plug-in" that allowed the breach to help protect other end users that could be on a similar setup. I just dont think the check that is done once its installed is enough, its a great start but we need to verify the tarball/zip file is not modified before its even installed.