[pmwiki-users] Vulnerability being exploited
Ted Coombs
tedc at science.org
Sat Dec 23 11:47:03 CST 2006
I think the problem is bigger than that. Yesterday, when the site stayed
down I did a trace on the DNS, and it just didn't exist. I think someone
has highjacked the DNS. But, keep me up-to-date with the vuln.
Ted
Hsing-Foo Wang wrote:
> Something is really going wrong here.... pmwiki.org is down, is it related?
>
> -HF
>
>
> On 12/22/06, Wade Hudson <whudson at igc.org> wrote:
>
>> Dear pmwiki users:
>>
>> On my site, a vulernability is being exploited on the top-level script.
>> About ten times a day, I receive spam that includes a number as the username
>> and then has "@users.hostname.net" as the domain name.
>> My web host tells me:
>>
>>
>> The mail logs suggest that this message was indeed generated on our Web
>> server, and the web logs turn up... something that looks like the (ab)use of
>> a script on your own site, corresponding to the message time exactly:
>>
>> 193.108.252.170 - - [20/Oct/2006:14:51:12 -0700] "POST /pmwiki.php
>> HTTP/1.1" 302 16 "http://sitename/pmwiki.php" "Mozilla/5.0 (Windows; U;
>> Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523"
>>
>> You need to close the exploit one way or another. We've had to disable Web
>> scripts recently because they were being used for massive spamming and were
>> bringing our whole Web server down, so it's probably just a matter of time
>> before yours is more aggressively exploited.
>>
>> Looking more closely, the URL that's getting used is just /pmwiki.php,
>> which is the central top-level script for the site
>> I am a relative novice. A friend set this site up for me. I think I know
>> how to upload files to the site using WinSCP, which is configured to connect
>> to the website when I log in, but that's about it. I could edit a particular
>> file with precise instructions. So please be as simple and step-by-step as
>> you can with your advice.
>>
>> Also, if one of you might be available for one-on-one guidance, that might
>> be helpful, unless what I need to do is very easy.
>>
>> Thanks,
>> Wade
>>
>>
>> _______________________________________________
>> pmwiki-users mailing list
>> pmwiki-users at pmichaud.com
>> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>>
>>
>>
>>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
>
>
More information about the pmwiki-users
mailing list