[dokuwiki] Re: attempt to use possible vulnerability of dokuwiki
- From: Stephane Chazelas <stephane.chazelas@xxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 6 Feb 2008 16:27:43 +0000
2008-02-06 16:41:15 +0100, gstat1@xxxxxx:
[...]
> The relevant log entries are attached to this mail (in order to not reveal
> the domain I used xxxx to mask the domain, when necessary).
>
> Since I'm not familiar with DokuWiki can you please tell me:
>
> 1) What are they trying to do?
> 2) Have they been succesfull?
1) I don't know but 2) I don't expect it to do any harm.
> Those requests come from different IPs, so I cannot block by IP address.
>
> 3) Do you have any recommendations about server configuration?
[...]
You may want to have your Apache log the "referer". That might
give an indication about where it comes from.
Maybe the wikis are the targets of spammers and some of the
pages have been filled with spam that contain links that for
some reason dokuwiki converts to the ones you're seeing and you
logs show some search-engine robot following those links (I
know, that's a far fetched explanation).
Cheers,
Stephane
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
