Attackers have used a configuration error in the Xoops content management system to access the main web server of the CentOS project. According to Ralph Angenendt, system administrator at CentOS, no data has been injected into the system or stolen from it. He also stated that the server had not been used to send spam. As a precaution though, all users of the CMS will need to get a new password for the CMS through the Xoops lost password system.
The CentOS wiki and bug tracking system were not affected by the attack, despite running on the same machine. The attack was noticed on Friday 3rd of July when the administrators stumbled over some suspicious files on the CentOS server.