[pmwiki-users] Security problem - PHP
John Morris
johnwmorris at peak.org
Fri Nov 24 14:55:53 CST 2006
I have had my site(s) hacked into twice now through PHP and would appreciate
knowing what are the security patches that PmWiki is able to live with.
One hack was the insertion of a redirect to a bogus citibank page.
I don't want to kill all my farm sites but do need to secure PHP better than
it is.
I am also running ApacheModSSL version 2 - repeat--- Apache appears secure
but the problem seems to be comming from PHP hacks.
I isolated the actual script used but would not be copying it here as the
less spread it has the better. It basically gives site admin privelidges,
more or less. So.... what are the current PHP security patches that Wiki
is OK with?
I am in process of upgrading to Wiki version 2.1.26 but would like to make
sure there are as few holes as possible.
Thanks everyone.
I haven't been posting as I have (previously) had no problems any my twenty
some odd farm sites are running very well and everyone is happy. Then the
Axe fell......<G>
I ran the "Analyze" program and it only reports the problem with FarmD
variables being global and vulnerable. This should fix that. (he said
with fingers crossed)
John Morris
More information about the pmwiki-users
mailing list