[pmwiki-users] Under attack
Petko Yotov
5ko at 5ko.fr
Sat Mar 9 10:52:31 CST 2013
Carlos AB writes:
> The thing which is really annoying is that I get an error messages every time
> they try to brute force my site (it is not the first time though).
> I don't use authuser so it is just one form field in the login action, to
> send the password back to the site.
> I have some recipes enabled, some are my own recipes.
>
> The error messages are like this:
>
> [01-Mar-2013 07:09:12 UTC] PHP Warning: Cannot modify header information -
> headers already sent by (output started at ../public_html/pmwiki.php:2067) in
> /home2/codexwik/public_html/scripts/author.php on line 25
> [01-Mar-2013 07:09:12 UTC] PHP Warning: Cannot modify header information -
> headers already sent by (output started at ../public_html/pmwiki.php:2067) in
> /home2/codexwik/public_html/pmwiki.php on line 1176
> [13-Nov-2012 21:02:25 UTC] PHP Warning: Cannot modify header information -
> headers already sent by (output started at ../public_html/pmwiki.php:2067) in
> /home2/codexwik/public_html/scripts/feeds.php on line 258
It doesn't really look like an attack.
These are most likely caused by some character sent by a script before the
HTTP headers. Check that pmwiki.php and all included files don't have an
ending ?> marker which is not required, but if you have even a space or a
new line, headers cannot be sent.
Also check if some file was not saved in UTF-8 with "Byte order mask (BOM)"
- this mask is 3 (invisible) bytes at the beginning of the file and may
cause the described warning messages.
Otherwise, you can include the file scripts/author.php early in config.php.
> [26-Feb-2013 16:28:32 UTC] PHP Warning: Unknown: Failed to write session
> data (files). Please verify that the current setting of session.save_path is
> correct (/tmp) in Unknown on line 0
This may appear if PHP cannot write in the directory where it is supposed to
save session data (/tmp) which may be full or forbidden. It may be possible
to change this directory to one of your own, which MUST NOT be accessible
via HTTP in a browser. See
http://php.net/session-save-path
The recipe PersistentLogin creates and uses such a custom session directory.
Contact me if you have some questions.
http://www.pmwiki.org/wiki/Cookbook/PersistentLogin
Petko
More information about the pmwiki-users
mailing list