[pmwiki-users] Security problem - PHP
Patrick R. Michaud
pmichaud at pobox.com
Fri Nov 24 18:42:23 CST 2006
On Fri, Nov 24, 2006 at 12:55:53PM -0800, John Morris wrote:
> I have had my site(s) hacked into twice now through PHP and would appreciate
> knowing what are the security patches that PmWiki is able to live with.
> ...
> I ran the "Analyze" program and it only reports the problem with FarmD
> variables being global and vulnerable. This should fix that. (he said
> with fingers crossed)
If the Site.Analyzer script said that your site was subject to the
$FarmD vulnerability, then that's almost certainly how the attackers
managed to hit the site. That particular vulnerability is known to
have been exploited in the wild -- indeed, that's why I put the
Site.Analyzer script together so quickly when it occurred.
Pm
More information about the pmwiki-users
mailing list