Statement in response to the article "Hunderte Typo3-Webseiten gehackt" (Hundreds of TYPO3 websites hacked)
March 18, 2014
Category: Top News, Association, Press
Author: Danijela Grgic
Keywords: press release, security
According to heise Security multiple TYPO3 websites have been successfully hacked. The report states that the affected websites deliver casino spam advertising to users who reach the website over search engine, in order to use these websites as link farms.
From our point of view this news coverage is not only incomplete – and therefore confusing to users – but also factually incorrect: According to our own analysis by the TYPO3 Security Team, none of the websites named by heise Security use the the current TYPO3 Version 4.5.32, for which there are no known security holes. In addition, several of the named websites do not use TYPO3 at all.
To most securely protect your website from security breaches, the TYPO3 Association recommends using the most current TYPO3 version. This is available for download at http://typo3.org/download/ under the tab TYPO3 4.5. LTS.
Additionally, the TYPO3 team uses Security Bulletins to continually alert users to the newest patches and TYPO3 updates, both as a mailing list and at the URL http://typo3.org/teams/security/security-bulletins/. We recommend that all users subscribe to the TYPO3 newsletter to receive these bulletins per email. You can sign up for the newsletter here: http://docs.typo3.org/typo3cms/SecurityGuide/
For further questions about this topic we are at your disposal. More information about TYPO3 can be found at www.typo3.org or information about TYPO3 CMS at http://typo3.org/about/typo3-cms/
About the TYPO3 Association
The TYPO3 Association is an association according to Swiss law, founded in November 2004 by members of the TYPO3 community, among others Kasper Skårhøj. The TYPO3 Association has its registered seat in Baar ZG (Switzerland).
According to its by-laws the TYPO3 Association promotes the project of the open source software TYPO3 under the GNU General Public License. The TYPO3 Association serves the community by publicly providing free software from third parties. The TYPO3 Association enables further development by providing the necessary conditions for creating and developing open-source software. This includes events and training courses as well as support of infrastructure.
The TYPO3 Association is politically and religiously neutral.
The association consists of members whose names can be found at the website http://association.typo3.org. Sponsors support diverse activities and thereby enable the continuing existence of the TYPO3 Association.