[dokuwiki] Re: attempt to use possible vulnerability of dokuwiki

  • From: "Todd Augsburger" <todd@xxxxxxxxxxxxxxxx>
  • To: <dokuwiki@xxxxxxxxxxxxx>
  • Date: Mon, 11 Feb 2008 15:43:06 -0500

Interesting stuff! (Although only marginally about DokuWiki)

Googling "namogofer" or its md5('f') response gets hundreds of hits, so I 
assume there are a significant number of compromised hosts. Any idea what 
the target app was?

Todd Augsburger
todd@xxxxxxxxxxxxxxxx
Roller Organs
www.rollerorgans.com


--------------------------------------------------
From: "Jonathan Dill" <jonathan@xxxxxxxxx>
Sent: Monday, February 11, 2008 1:54 PM
To: <dokuwiki@xxxxxxxxxxxxx>
Subject: [dokuwiki] Re: attempt to use possible vulnerability of dokuwiki

Someone with whom I have been discussing this just_a_test set up a
honeypot to find out what else happens with this infection:

http://web.dtbaker.com.au/post/catching_echo_md5_just_a_test_exploit_attempts.html

Seems to drop a file called namogofer.php in all of the directories in
the web tree.

Jonathan
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist 

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: