[dokuwiki] Re: Strange attack on the wiki

OK - have updated the wiki:install page with a "Step 2" on security
(http://wiki.splitbrain.org/wiki:install) which links across to the
wiki:security (http://wiki.splitbrain.org/wiki:security) page, where
I've add a note on the bin directory.

On 9/9/06, Harry Fuecks <hfuecks@xxxxxxxxx> wrote:
Probably the quickest and safest fix is simply to delete the bin
sub-directory. The scripts in there are meant for command line use and
(as far as I know) are not used by any other part of Dokuwiki - i.e.
deleting it shouldn't break you're wiki and if you don't know what
they're for, you don't need them.

Have to take my share of blame - dwpage.php is code I wrote - had
never occurred to me that someone would place it publically under
their document root, given it's a command line script meant for
administrators only, with shell access to the server. A check at the
start, using php_sapi_name() for the CLI sapi would have prevented
this.

On 9/8/06, Terence J. Grant <tjgrant@xxxxxxxxxxxx> wrote:
> Hi Oliver, et al... (perhaps Andi)
>
> I realize there is panic mode right now, so don't see this as any kind
> of immediate request...
>
> I am not (and I'm sure this is the case for others) horribly confident
> beyond the .htaccess fix on how exactly to change(or check) the
> register_argc_argv, and really the configuration of php safe_mode, php
> base_opendir and things of that nature.
>
> So if all of this is required, Oliver, if you or someone knowledgable
> could post a wiki:tip for this, it might help...
>
> This is just partially due to inexperience with apache as well as not
> being able to self host.
>
> And again I realize this is non-finalized; some things like this might
> not be necessary-- but if they are, please keep the above in mind.
>
> --
> --Terence J. Grant(tjgrant@xxxxxxxxxxxx)
> --
> DokuWiki mailing list - more info at
> http://wiki.splitbrain.org/wiki:mailinglist
>

--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: