PHP Fusion Security Breach

Security seems to be the topic of the day. With browsers rushing to release security hot fixes and CMS’s trying to keep their systems as secure as possible, the news from Web CMS PHP Fusion comes at a bad time. Yesterday, PHP Fusion announced that someone had hacked their site and changed the download link for PHP Fusion 7 to spendspace and it came as a .rar file.

While not a good scenario, the PHP 5-based (PHP 4-compatible) Web CMS developed by Nick Jones (also known as Digitanium) was quick to announce that anyone who had downloaded version 7 may have gotten a version that contained malicious files. Remember the issues Joomla! had in regards to the Harvard site being hacked? But again, transparency and quick notification can usually eliminate too much backlash from something like this.

So PHP Fusion made the announcement and let the community know. Everything seemed okay…until today. PHP Fusion’s site has now been suspended by their hosting provider. Suspicions are that it has been discontinued due to the security breach, which came as a result of a weak account that a hacker gained the password for and was allowed in as a super administrator.

What does this mean for PHP Fusion? No one is sure yet, but  it makes us wonder about other possible security holes in various versions of the PHP Fusion -- as in the case with any CMS provider who has its own site hacked to the point of getting it suspended.

There has been no news as to when (or if) the site will be available again. It’s possible that SourceForge (a supporter of PHP Fusion) will have an update in the event if PHP Fusion’s main site is still down. You can still download PHP Fusion version 7 at SourceForge. But you may want to wait until the dust settles, and it's safe to click that download link.