[pmwiki-users] Vulnerability being exploited

Ted Coombs tedc at science.org
Sat Dec 23 11:47:03 CST 2006


I think the problem is bigger than that. Yesterday, when the site stayed 
down I did a trace on the DNS, and it just didn't exist. I think someone 
has highjacked the DNS. But, keep me up-to-date with the vuln.

Ted

Hsing-Foo Wang wrote:
> Something is really going wrong here.... pmwiki.org is down, is it related?
>
> -HF
>
>
> On 12/22/06, Wade Hudson <whudson at igc.org> wrote:
>   
>>  Dear pmwiki users:
>>
>>  On my site, a vulernability is being exploited on the top-level script.
>> About ten times a day, I receive spam that includes a number as the username
>> and then has "@users.hostname.net" as the domain name.
>>  My web host tells me:
>>
>>
>> The mail logs suggest that this message was indeed generated on our Web
>> server, and the web logs turn up... something that looks like the (ab)use of
>> a script on your own site, corresponding to the message time exactly:
>>
>>  193.108.252.170 - - [20/Oct/2006:14:51:12 -0700] "POST /pmwiki.php
>> HTTP/1.1" 302 16 "http://sitename/pmwiki.php" "Mozilla/5.0 (Windows; U;
>> Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523"
>>
>>  You need to close the exploit one way or another. We've had to disable Web
>> scripts recently because they were being used for massive spamming and were
>> bringing our whole Web server down, so it's probably just a matter of time
>> before yours is more aggressively exploited.
>>
>>  Looking more closely, the URL that's getting used is just /pmwiki.php,
>> which is the central top-level script for the site
>>  I am a relative novice. A friend set this site up for me. I think I know
>> how to upload files to the site using WinSCP, which is configured to connect
>> to the website when I log in, but that's about it. I could edit a particular
>> file with precise instructions. So please be as simple and step-by-step as
>> you can with your advice.
>>
>>  Also, if one of you might be available for one-on-one guidance, that might
>> be helpful, unless what I need to do is very easy.
>>
>>  Thanks,
>>  Wade
>>
>>
>> _______________________________________________
>> pmwiki-users mailing list
>> pmwiki-users at pmichaud.com
>> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>>
>>
>>
>>     
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
>
>   





More information about the pmwiki-users mailing list