[pmwiki-users] Need some help with a wiki.d security breach
John Coxon
john at coxontool.com
Thu Nov 2 09:49:50 CST 2006
My site running pmwiki-2.1.23 has been invaded by an email spam
engine at http://www.coxontool.com/wiki.d/email.php.stop (.stop added
to, well, stop the spamming - 1,381 meg outgoing just this morning).
If you go to the above address you'll see a form with an unlabeled
box at the bottom right. This box will accept a long list of outgoing
addresses into a variable.
My hosting ISP is currently trying to recover from an email server
crash that may or may not be related to this invasion. They're too
busy to look now :-)
I need some help figuring out how this guy got in and how to keep him
out.
My site is password protected. If the password were somehow obtained
would that enable one to install the script in wiki.d through an
edit? Everything looks ok via ?action=diff for all pages modified
since this guy got in so I'm thinking he came in some other way. But
if so why put the script in the wiki.d directory?
Would it be helpful if I post the offending script here? Or might
that risk giving it to other spammers?
Any suggestions would be gratefully appreciated.
John
More information about the pmwiki-users
mailing list