[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wiki hacked?

+++ Wolfgang Denk [05-09-29 17:11 +0200]:
> In message <[🔎] 20050929141831.GL15930@xios> you wrote:
> >
> > Ther is stuff in the apache2 error log which looks suspicious:
> > [Wed Sep 21 04:58:01 2005] [error] [client 217.116.136.9] [Wed Sep 21 04:58:01 2
> > 005] view: Argument "2 %7|pwd" isn't numeric in numeric lt (<) at /var/www/twiki
> > /lib/TWiki/UI/View.pm line 110.
> 
> That's the "TWiki INCLUDE function allows arbitrary shell command execution"
> problem, see http://twiki.org/cgi-bin/view/Codev/TWikiSecurityAlerts
> 
> > But these errors seem to have been going on for a long time so are probably just harmless
> > errors.
> 
> Not at all. Somebody has been running unauthorized commands  on  your
> server.

I see. Thanx for the explanation.

And the reason there is no debian update for it is that the debian twiki
package is not installed. Looks like whoever installed twiki put their own
tarball in instead of the debian package. 

That was a mistake - leaves you exposed to security flaws down the line...

I'll change over to the debian one ASAP. If anyone knows how to do that
without losing the current content then do feel free to stick your oar in.

Wookey
-- 
Aleph One Ltd, Bottisham, CAMBRIDGE, CB5 9BA, UK  Tel +44 (0) 1223 811679
work: http://www.aleph1.co.uk/     play: http://www.chaos.org.uk/~wookey/
Reply to: