[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wiki hacked?

In message <[🔎] 20050929141831.GL15930@xios> you wrote:
> Ther is stuff in the apache2 error log which looks suspicious:
> [Wed Sep 21 04:58:01 2005] [error] [client] [Wed Sep 21 04:58:01 2
> 005] view: Argument "2 %7|pwd" isn't numeric in numeric lt (<) at /var/www/twiki
> /lib/TWiki/UI/View.pm line 110.

That's the "TWiki INCLUDE function allows arbitrary shell command execution"
problem, see http://twiki.org/cgi-bin/view/Codev/TWikiSecurityAlerts

> But these errors seem to have been going on for a long time so are probably just harmless
> errors.

Not at all. Somebody has been running unauthorized commands  on  your

Best regards,

Wolfgang Denk

Software Engineering:  Embedded and Realtime Systems,  Embedded Linux
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
"More software projects have gone awry for lack of calendar time than
for all other causes combined."
                         - Fred Brooks, Jr., _The Mythical Man Month_

Reply to: