[dokuwiki] Re: attempt to use possible vulnerability of dokuwiki

  • From: gstat1@xxxxxx
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Wed, 06 Feb 2008 16:54:03 +0100

Sorry, I forgot to include the version information: 2007-06-26b


> -----Ursprüngliche Nachricht-----
> Von: <gstat1@xxxxxx>
> Gesendet: 06.02.08 16:41:15
> An: dokuwiki @freelists.org
> Betreff: attempt to use possible vulnerability of dokuwiki

> Dear all,
> I'm sorry to bother you, but I'm running a server and one of my clients is 
> using dokuwiki. By a routine check of logs I found strange requests to 
> doku.php and /lib/exe/fetch.php with dubious parameters.
> The relevant log entries are attached to this mail (in order to not reveal 
> the domain I used xxxx to mask the domain, when necessary).
> Since I'm not familiar with DokuWiki can you please tell me:
> 1) What are they trying to do?
> 2) Have they been succesfull?
> Those requests come from different IPs, so I cannot block by IP address.
> 3) Do you have any recommendations about server configuration?
> I don't consider URL rewriting an option because if the urls look like 
> http://example.com/dokuwiki/wiki:syntax, then the ":" will reveal that 
> Dokuwiki is used,  doesn't it?
> Can I block all urls with a parameter including http:// (i.e send Acess 
> denied) or will DokuWiki not work then?
> Do you have a list of parameters which are used by the scripts (and what they 
> are for)?
> Thanks in advance. Your help will be very much appreciated.
> Regards
> Paul

In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! 
Nur 3,99 EUR/Monat! http://www.maildomain.web.de/?mc=021114

DokuWiki mailing list - more info at

Other related posts: