The Latest in IT Security webserver hacked and backdoor added to Piwik


If you are using Piwik and you have downloaded/updated it recently, please double check your install to verify that it does not contain a backdoor. From

Important Security Announcement: webserver got compromised by an attacker on 2012 Nov 26th, this attacker added a malicious code in the Piwik 1.9.2 Zip file for a few hours.

How do I know if my Piwik server is safe?

You would be at risk only if you installed or updated to Piwik 1.9.2 on Nov 26th from 15:43 UTC to 23:59 UTC.
If you are not using 1.9.2, or if you have updated to 1.9.2 earlier than Nov 26th 15:40 UTC or from Nov 27th, you should be safe.

The attackers also added a backdoor at the end of the file Loader.php allowing them to execute any command using preg_replace(“/(.+)/e” (code eval) and $_GET[‘g’]. You can search on your logs for “g=” and see if it was used by any attacker.

In their report they say it was compromised through a vulnerability on a WordPress Plugin, but didn’t provide any details on which one caused it. We will post more details if we learn more about it.

Leave a reply


MONDAY, JULY 16, 2018



Latest Comments

Social Networks