[pmwiki-users] Security problem - PHP

John Morris johnwmorris at peak.org
Fri Nov 24 14:55:53 CST 2006


I have had my site(s) hacked into twice now through PHP and would appreciate
knowing what are the security patches that PmWiki is able to live with.

One hack was the insertion of a redirect to a bogus citibank page.

I don't want to kill all my farm sites but do need to secure PHP better than
it is.

I am also running ApacheModSSL version 2 - repeat--- Apache appears secure 
but the problem seems to be comming from PHP hacks.

I isolated the actual script used but would not be copying it here as the 
less spread it has the better.  It basically gives site admin privelidges, 
more or less.   So.... what are the current PHP security patches that Wiki 
is OK with?

I am in process of upgrading to Wiki version 2.1.26 but would like to make
sure there are as few holes as possible.

Thanks everyone.

I haven't been posting as I have (previously) had no problems any my twenty
some odd farm sites are running very well and everyone is happy.    Then the
Axe fell......<G>

I ran the "Analyze" program and it only reports the problem with FarmD
variables  being global and vulnerable.  This should fix that.  (he said
with fingers crossed)

John Morris 





More information about the pmwiki-users mailing list