|
[dokuwiki]
||
[Date Prev]
[09-2006 Date Index]
[Date Next]
||
[Thread Prev]
[09-2006 Thread Index]
[Thread Next]
[dokuwiki] Re: Strange attack on the wiki
- From: "Harry Fuecks" <hfuecks@xxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Sat, 9 Sep 2006 00:06:50 +0200
Probably the quickest and safest fix is simply to delete the bin
sub-directory. The scripts in there are meant for command line use and
(as far as I know) are not used by any other part of Dokuwiki - i.e.
deleting it shouldn't break you're wiki and if you don't know what
they're for, you don't need them.
Have to take my share of blame - dwpage.php is code I wrote - had
never occurred to me that someone would place it publically under
their document root, given it's a command line script meant for
administrators only, with shell access to the server. A check at the
start, using php_sapi_name() for the CLI sapi would have prevented
this.
On 9/8/06, Terence J. Grant <tjgrant@xxxxxxxxxxxx> wrote:
Hi Oliver, et al... (perhaps Andi)
I realize there is panic mode right now, so don't see this as any kind
of immediate request...
I am not (and I'm sure this is the case for others) horribly confident
beyond the .htaccess fix on how exactly to change(or check) the
register_argc_argv, and really the configuration of php safe_mode, php
base_opendir and things of that nature.
So if all of this is required, Oliver, if you or someone knowledgable
could post a wiki:tip for this, it might help...
This is just partially due to inexperience with apache as well as not
being able to self host.
And again I realize this is non-finalized; some things like this might
not be necessary-- but if they are, please keep the above in mind.
--
--Terence J. Grant(tjgrant@xxxxxxxxxxxx)
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
|
