Level 61
I would contact the Forge support team directly to see if they had any reports of this issue.
Jun 7, 2021
2
Level 5
Forge Security Question
Good morning,
I am looking for the correct place to raise a security breach concern on Forge servers? Over the weekend one of our servers was compromised with the following symptoms:
The Guzzle vendor folder contains modified files and all guzzle requests redirect to https://pillperclick.shop/ The spatie/geocoder vendor folder also contained modified code
On further investigation (using the modified time) we noticed that all the vendor files were touched - most of them only had an additional comment
@license https://pillperclick.shop/
Probably to generate further traffic
We follow the standard practices for our Forge server and it's crucial that we get some insight on what to improve in our environment to prevent access like this.
Also - if anyone else encountered a similar issue please respond with any additional info?
Level 5
I sent a message to them - will post any findings back here should in case it could be useful for other users.
Please or to participate in this conversation.