We’ve been hit again by this: http://www.linuxmint.com/blog/?p=235
The good news this time is that we’ll be faster to get rid of it (we’ve got really up to date backups), the bad news is that we’re still obviously vulnerable despite the measures we took the last time. I’ll ask Michael (our sysadmin) to look into this and to find out how this could have happened.
I’ll keep you posted.. I just found out about it a few minutes ago.
Update #1: A backdoor virus was found so it’s possible we got re-infected from the inside. I’m currently re-applying updates to clean the website first.
Update #2: The Wiki, forums, blog, software portal and main website are now clean.
Update #3: I’ll be upgrading the forums to the latest version of phpBb today so they might be offline or disabled for a while.
Update #4: The forums were upgraded to the latest version of phpBB. We’re missing the global announcements and there’s a little problem with the theme but overall they’re back online and they should be working fine.
Update #5: The blog was upgraded to the latest version of WordPress.
Update #6: The wiki was upgraded to the latest version of MediaWiki. We also know more about the problem now.. the first attack left a virus called PHP.RSTBackdoor.
Update #7: The planet was upgraded to the latest version of Gregarius.
Update #8: All the cleanup is done. All our tools were upgraded to their latest versions and we made new backups. Michael identified malware uploaded via mintUpload. We’re discussing the possibility to restrict, secure or even discontinue the free part of this service.