[pmwiki-users] Wiki vandalism via chgrp?
Ben Stallings
ben at interdependentweb.com
Tue Aug 14 07:50:13 CDT 2007
I just had a site vandalized via a new method I hadn't seen before, and
the hosting service was incredulous of.
The entire site's group ownership (this being a UNIX system) was changed
to "igsvirt". Then all of the wiki.d files (which are group writable)
were overwritten with identical HTML code. Of course PmWiki didn't
display the HTML, so the site now appears to be a blank template.
It may be relevant that the HTML contains links to a domain name
registered in Turkey, and the volunteer who had been working on the site
has an ex-husband in Turkey, and it's possible that the password on the
account hasn't been changed since the breakup. She doesn't have the FTP
password (not being the account owner), but he might for all I know.
I'll check into that. But if he has the password, then why bother to
change the group ownership, and only change the files that are group
writable?
Is it conceivable that another user on the same system (this being a
shared host) could have used the chgrp command to gain access to the
files? Or is chgrp pretty well locked down? Ideas welcome. Thanks!
--Ben S
More information about the pmwiki-users
mailing list