[dokuwiki] Re: Strange attack on the wiki

  • From: "Harry Fuecks" <hfuecks@xxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Sat, 9 Sep 2006 00:35:49 +0200

OK - have updated the wiki:install page with a "Step 2" on security
(http://wiki.splitbrain.org/wiki:install) which links across to the
wiki:security (http://wiki.splitbrain.org/wiki:security) page, where
I've add a note on the bin directory.

On 9/9/06, Harry Fuecks <hfuecks@xxxxxxxxx> wrote:
Probably the quickest and safest fix is simply to delete the bin
sub-directory. The scripts in there are meant for command line use and
(as far as I know) are not used by any other part of Dokuwiki - i.e.
deleting it shouldn't break you're wiki and if you don't know what
they're for, you don't need them.

Have to take my share of blame - dwpage.php is code I wrote - had
never occurred to me that someone would place it publically under
their document root, given it's a command line script meant for
administrators only, with shell access to the server. A check at the
start, using php_sapi_name() for the CLI sapi would have prevented

On 9/8/06, Terence J. Grant <tjgrant@xxxxxxxxxxxx> wrote:
> Hi Oliver, et al... (perhaps Andi)
> I realize there is panic mode right now, so don't see this as any kind
> of immediate request...
> I am not (and I'm sure this is the case for others) horribly confident
> beyond the .htaccess fix on how exactly to change(or check) the
> register_argc_argv, and really the configuration of php safe_mode, php
> base_opendir and things of that nature.
> So if all of this is required, Oliver, if you or someone knowledgable
> could post a wiki:tip for this, it might help...
> This is just partially due to inexperience with apache as well as not
> being able to self host.
> And again I realize this is non-finalized; some things like this might
> not be necessary-- but if they are, please keep the above in mind.
> --
> --Terence J. Grant(tjgrant@xxxxxxxxxxxx)
> --
> DokuWiki mailing list - more info at
> http://wiki.splitbrain.org/wiki:mailinglist

DokuWiki mailing list - more info at

Other related posts: