[pmwiki-users] Vulnerability being exploited

Hsing-Foo Wang hsingfoo at gmail.com
Sat Dec 23 04:35:20 CST 2006


Something is really going wrong here.... pmwiki.org is down, is it related?

-HF


On 12/22/06, Wade Hudson <whudson at igc.org> wrote:
>
>  Dear pmwiki users:
>
>  On my site, a vulernability is being exploited on the top-level script.
> About ten times a day, I receive spam that includes a number as the username
> and then has "@users.hostname.net" as the domain name.
>  My web host tells me:
>
>
> The mail logs suggest that this message was indeed generated on our Web
> server, and the web logs turn up... something that looks like the (ab)use of
> a script on your own site, corresponding to the message time exactly:
>
>  193.108.252.170 - - [20/Oct/2006:14:51:12 -0700] "POST /pmwiki.php
> HTTP/1.1" 302 16 "http://sitename/pmwiki.php" "Mozilla/5.0 (Windows; U;
> Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523"
>
>  You need to close the exploit one way or another. We've had to disable Web
> scripts recently because they were being used for massive spamming and were
> bringing our whole Web server down, so it's probably just a matter of time
> before yours is more aggressively exploited.
>
>  Looking more closely, the URL that's getting used is just /pmwiki.php,
> which is the central top-level script for the site
>  I am a relative novice. A friend set this site up for me. I think I know
> how to upload files to the site using WinSCP, which is configured to connect
> to the website when I log in, but that's about it. I could edit a particular
> file with precise instructions. So please be as simple and step-by-step as
> you can with your advice.
>
>  Also, if one of you might be available for one-on-one guidance, that might
> be helpful, unless what I need to do is very easy.
>
>  Thanks,
>  Wade
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
>
>




More information about the pmwiki-users mailing list