[dokuwiki] Re: attempt to use possible vulnerability of dokuwiki

Sorry, I forgot to include the version information: 2007-06-26b

regards
Paul

> -----Ursprüngliche Nachricht-----
> Von: <gstat1@xxxxxx>
> Gesendet: 06.02.08 16:41:15
> An: dokuwiki @freelists.org
> Betreff: attempt to use possible vulnerability of dokuwiki


> 
> Dear all,
> 
> I'm sorry to bother you, but I'm running a server and one of my clients is 
> using dokuwiki. By a routine check of logs I found strange requests to 
> doku.php and /lib/exe/fetch.php with dubious parameters.
> 
> The relevant log entries are attached to this mail (in order to not reveal 
> the domain I used xxxx to mask the domain, when necessary).
> 
> Since I'm not familiar with DokuWiki can you please tell me:
> 
> 1) What are they trying to do?
> 2) Have they been succesfull?
> 
> Those requests come from different IPs, so I cannot block by IP address.
> 
> 3) Do you have any recommendations about server configuration?
> 
> I don't consider URL rewriting an option because if the urls look like 
> http://example.com/dokuwiki/wiki:syntax, then the ":" will reveal that 
> Dokuwiki is used,  doesn't it?
> 
> Can I block all urls with a parameter including http:// (i.e send Acess 
> denied) or will DokuWiki not work then?
> 
> Do you have a list of parameters which are used by the scripts (and what they 
> are for)?
> 
> Thanks in advance. Your help will be very much appreciated.
> 
> Regards
> Paul


_________________________________________________________________________
In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! 
Nur 3,99 EUR/Monat! http://www.maildomain.web.de/?mc=021114

--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: