Yesterday, PHP-Fusion announced that someone had hacked into their site and changed the download link for PHP-Fusion Version 7.
We had an issue a few days ago where a malicious person gained
access to our site as a super administrator via a weak account/gained
password. They apparently changed the download link of PHP-Fusion
version 7 to spendspace and it was packaged as a .rar file.
If you downloaded one of these files, please reinstall your entire site using a fresh copy from SourceForge.
While this isn't a good thing, it is a positive that PHP-Fusion disclosed the possibility that the link led to a version of PHP-Fusion that may have been maliciously changed. I can recall a number of other projects (open source and propriety) that have found their source code made vulnerable by someone intruding into their servers. What is always important to customers in these cases is disclosure and transparency. So far, PHP-Fusion seems to be doing the right thing.
However, as of this Thursday morning...it looks like PHP-Fusion's hosting company has suspended their account. At the time of this writing, there is no words given as to the reasons for the suspension. I suspect the suspension is likely to be security related. Perhaps, we'll see an announcement at SourceForge on the status of PHP-Fusion if their home site doesn't come back online soon.